A top Trump administration information security official said the White House hopes to have a national strategy for cybersecurity completed in the next two months, with a view toward having it implemented within two years.
The new administration has circulated a draft of an executive order related to cybersecurity, but hasn’t said much more publicly about its views on the topic. On Monday, Jeannette Manfra, acting deputy undersecretary for cybersecurity in the National Protection and Programs Directorate at the Department of Homeland Security, said she hopes to have a full strategy defined relatively soon.
“I would like to have a strategy done in the next couple of months and a plan to implement it in the next two years,” Manfra said during a speech at the Cybersecurity for a New America event in Washington Monday. “Between us and the private sector, we have the tools to do it. The complication is that in government you have to be able to scale pretty massively. I think we can do it.”
“Work force is a huge challenge for us, as it is for most organizations.”
Manfra said there a number of challenges ahead for designing and implementing a national strategy, including the size of the government’s infrastructure.
“We have cabinet heads where they understand this is their risk to manage,” she said. “There’s a lot of critical systems in government and we need to focus our resources.”
Another key obstacle is the talent shortage. Manfra said the government, like many private companies, has a difficult time finding enough security professionals to fill its ranks.
“Work force is a huge challenge for us, as it is for most organizations. When you spend two years training a forensic analyst, they’re very qualified and they’re often spirited away to the private sector,” she said.
Although the Trump administration has had a rough go of it with technology companies and the Silicon Valley community since taking over in January, Manfra said she hasn’t seen any noticeable effect from that on hiring.