Enable breadcrumbs token at /includes/pageheader.html.twig

A More Aggressive Approach to Cybersecurity

An industry official urges the Department of Defense to become more proactive rather than reactive when it comes to protecting networks and data.

Mark Montgomery (far l) moderates, as panelists (l-r) Travis Rosiek, Ram Shetty, Henry Sienkiewicz and Jim Smid discussCybersecurity and Data Management - Resilient Cybersecurity Architectures on the second day of TechNet Emergence 2025 in Reston, Virginia.

Mark Montgomery (far l) moderates, as panelists (l-r) Travis Rosiek, Ram Shetty, Henry Sienkiewicz and Jim Smid discuss resilient cybersecurity architectures on the second day of TechNet Emergence 2025 in Reston, Virginia.

One private sector executive is requesting that Department of Defense (DOD) leaders start shifting toward a more proactive approach to cybersecurity. One way federal officials can begin to make this transition is by enforcing additional cybersecurity requirements.

Most notably, DOD leaders should follow in the footsteps of local and state governments and commercial companies by requiring their teams to secure cybersecurity insurance for their networks, according to Travis Rosiek, public sector chief technology officer at Rubrik. The absence of cybersecurity insurance is the main reason why state and local governments are almost as cyber resilient as the federal government, including the DOD, Rosiek claims.

“In my life, I would never say that many state and local governments are more cyber resilient than the United States government or the DOD,” Rosiek said during a panel at TechNet Emergence 2025 in Reston, Virginia. “If you were to ask me five to 10 years ago, I would have said it was crazy, but I would say I’m leaning more [into] that that’s the case today, which is incredibly surprising.”

Additionally, commercial companies have several more protections in place, such as touch cyber resiliency, cyber recovery, immutability and backups. And for the most part, the federal government does not have these defense methods in place, according to Rosiek. He added that the federal government has not inserted these guardrails that can help officials keep up with threat actors and cyber risks.

Another panelist added that this hesitancy is super hazardous.

“[The federal government] is actually assuming a lot of risk with its unwillingness to embrace this kind of recovery technology,” Mark Montgomery, senior director at the Center on Cyber and Technology Innovation, Foundation for Defense of Democracies, and executive director at Cyberspace Solarium Commission 2.0, said. “I think we’re going to be in a lot of trouble. They’re not being forced to because they don’t have to have insurance, and because they don’t have to meet these other requirements, and because they are not being attacked. But we know the likely attacker of the military is a nation-state who’s not going to launch that attack until they are ready to kick your butt.”

TechNet Emergence is organized by AFCEA and supported by the U.S. Department of Defense, The MITRE Corporation and the National Science Foundation. SIGNAL Media is the official media of AFCEA International.