Understanding Today’s Cyber Issues
AFCEA’s Cyber Committee ensures industry and government have opportunities to exchange ideas.
With the recent emergence of zero-trust architecture and the pivot to work from home because of the COVID-19 pandemic, cybersecurity has been top-of-mind for everyone in government and industry. Cyberspace must be protected; it must be kept open to all; and it must be able to address change as it occurs.
Enter AFCEA’s Cyber Committee, a volunteer group of public and private sector information technology professionals that oversees AFCEA's outreach and helps ensure open lines of communication between the government and industry.
Chaired by John Gilligan, CEO of Center for Internet Security, the committee provides an active focal point within AFCEA for encouraging the exchange of ideas and coordinating AFCEA’s cyber-related activities.
“The intent of the group is to serve as a forum for discussing cybersecurity-related topics that are germane to the government and industry bodies,” says Gilligan. “One of our purposes is to keep AFCEA members up-to-speed on what is happening in government and industry with regard to cybersecurity, so we have monthly meetings, often with a government guest speaker, where we will become apprised of something new that’s happening,” he explains.
Other times a guest speaker will be from industry and will discuss a newer technology related to cybersecurity, Gilligan adds.
The committee also seeks to promote better understanding of cyber issues both in industry and in government. The most common product the committee uses to do this is a white paper.
“We develop white papers based on the identification of something that we think is an important topic of interest to government and industry. Sometimes the intent of the white paper is to summarize the key issues so that someone can pick it up from AFCEA, and they don’t have to worry about somebody marketing them. They are going to get the straight scoop,” says Gilligan.
In some cases, the committee explores an area of significance and comes up with recommendations. Sometimes the recommendations are for what it thinks government should do, and other times they are more general recommendations on what the committee thinks are best practices in a particular area.
Members of the government have also occasionally requested the Cyber Committee come up with recommendations on a particular topic or a particular issue. “For example, about 3-4 years ago we had a member of the White House National Security Council say, ‘Hey we are looking at some issues on a national cyber strategy, we’d like your thoughts on what we ought to do,’” Gilligan notes. “We took it as a special topic and we produced a set of recommendations.”
The committee welcomes all opportunities to engage with various government people. A lot of them are just looking for sounding board advice, says Gilligan. “Sometimes speakers come in and just want feedback on their ideas because of the diversity of membership. Many of our industry members, probably half, have had government experience, often at a senior level, and then we have a pretty rich set of industry experts as well. You’re hard pressed to find other groups that have as much experience and talent in and out of government,” he exclaims.
Webinars and conferences are other avenues for the committee’s exchange of information. Until this year, it put on an annual classified conference with government and industry to address a particular topic of interest. The most recent one was on cyber and artificial intelligence—both from an offensive and defensive standpoint. “We asked what are the key issues in AI as a benefit to cyber defense and as a benefit to cyber offensive teams?” says Gilligan.
“These are not huge groups, maybe 150-200 max,” he says. “The intent is interaction within the group; it’s not a series of briefings; it’s an exchange,” Gilligan explains. Afterward, the committee usually produces an unclassified paper as a result of the discussion so everyone has access to the information.
Other ongoing topics the committee is tackling include the cyber workforce, national strategies with regard to cybersecurity, zero trust, and identity and access control.
“We continue to have a subgroup that looks at a variety of workforce issues. We are a contributor to the planning of CERTS [The Cyber Education, Research and Training Symposium] and help develop some of the topical ideas,” says Gilligan.
The committee has had discussions about SolarWinds and what it may be able to offer in the wake of the hack. What is practical advice for organizations?
Most recently, there’s been talk of establishing a federal digital service academy. “It turns out we have a number of academy grads from different services in the committee so they put that together,” Gilligan explains.
The committee is looking at rural bandwidth, not necessarily the security of it but what are some of the initiatives and recommendations for the government. “We are looking at Chinese hybrid warfare and really examining the national strategy of the Chinese and how that impacts our cyber activities and our national strategy,” adds Gilligan.
Gilligan has been enormously impressed the longer he has been on the committee. “These aren’t just a bunch of know-it-alls having informal discussions. We are actually making a real difference,” he says. “Most people participate because they are interested in the topic but also see it as an opportunity to both give back and help move forward some important issues in cybersecurity. That’s been the real pleasant surprise; that’s what’s kept me involved with the committee. I learn something every meeting,“ he says.
View more of AFCEA’s Cyber Committee white papers at https://news.afcea.org/AFCEAResources