Trish Rimo, who leads RH Strategic’s cybersecurity practice, has a storied career at the intersection of public relations, government affairs and cybersecurity. We recently chatted with Trish, who has represented clients like McAfee, Intel and SAIC, to assess what is top of mind among policymakers in Washington DC.
What are lawmakers in DC most concerned about right now as it relates to cybersecurity?
The focus is currently on election security and thwarting Russian interference in the midterm elections. Companies like McAfee and others have offered free technology to states to bolster their cyber defenses. Industry, government and public interest groups will be watching this election cycle closely to see if they can prevent some of the problems that occurred in 2016.
What could Congress possibly do to improve cybersecurity in the near term?
Data privacy is rightfully a hot topic, and a U.S. privacy law is more likely than it ever has been. Policymakers should work security into the conversation. I co-authored a piece with an Intel thought leader called, “It takes data to protect data,” describing how security and privacy are intertwined. This doesn’t mean that security should pre-empt privacy in an organization’s thought process. They first need to discover what private information they actually have about people – harder than it appears without automation – and then decide how to secure it.
Congress is often hard on government agencies for their cybersecurity preparedness. Is this warranted?
Yes and no. Federal agencies are very focused on cybersecurity and have often procured the latest tools to combat threats. The trouble is, much of that software is still sitting on shelves. Federal agencies need personnel who are trained in the latest cybersecurity practices – just as they would be trained on the latest weapons. There’s funding for weapons training but not for cybersecurity. As the battlefield moves to cyber, this is going to be even more essential.
What surprises you most as you reflect on your own experiences in cybersecurity?
We’re still talking about information sharing! When I started in cybersecurity, I represented a firm owned by SAIC — Global Integrity. They stood up the first information sharing and analysis center (ISAC) in the financial services sector, and I took them around the Hill touting the benefits of information sharing. That was pre-9/11 and we’re still talking about it. Fortunately, one of my clients is heading a working group that will set standards for sharing threat information – not between humans but machines, at machine speed. This is what we need – that and the ability to remediate those threats immediately based on the information learned.
Congress has held several hearings on cybersecurity workforce development. Do you see anything happening as a result, or is it just more talk?
Legislators like Reps. Will Hurd (R-TX), Robin Kelly (D-IL) and others are serious about the issue, as they should be. The cybersecurity field needs not only more trained specialists but also a more diverse pool of candidates. Solving cybersecurity problems requires more than just technical expertise; it requires curiosity, creative thinking, and the ability to imagine what a cyber enemy might be plotting. To borrow one of my client’s expressions, the image of the ethical hacker has to expand beyond the stereotype of a white guy in a hoodie.
***
RH Strategic is a Seattle and D.C.-based communications firm providing strategic public relations for innovators in the technology, public sector and healthcare markets. Learn more about our cybersecurity practice.