The Cybersecurity and Infrastructure Security Agency at the Department of Homeland Security says all civilian agencies should start vulnerability disclosure programs. But asking the public to identify weak points could bring up more vulnerabilities than agencies are ready to respond to.
- Katie Moussouris, Founder and Chief Executive Officer of Luta Security, said civilian agencies should immediately start assessing maturity and capabilities, find gaps in people, processes and technology and ask Congress for more resources.
- Major resources the government needs are the right cyber workforce trained with the appropriate technology and the correct way to respond to vulnerability reports, according to Moussouris.
- Moussouris said necessary skillsets include not only cybersecurity and engineering skills, but also process and people skills and a willingness to learn about defensive technology.