Click on the question to view submissions in the Cybersecurty Innovation Initiative project site.
1. Addressing Cyber Fundamentals
How do we move from inconsistent security/privacy protection control approaches to solid fundamentals that address most basic risks faced by agencies?
2. Business Initiated Vulnerabilities
How can agencies sharpen focus on vulnerabilities created by (or exposed by) uninformed business/program users and the array of technology solutions embedded in service delivery that does not account for cyber?.
3. Breach-to-Response Acceleration
How can agencies effectively address current time lags with detection of and response to vulnerabilities and threats that will significantly compress breach-to-detection-to-response times?
4. Adopting a Threat-Aware Proactive Defense
How should the government expand beyond its emphasis on perimeter defense and even defense-in-depth, and instead put more relative resources toward combining actionable threat intelligence with robust response and resiliency strategies and architectures that account for the adversary’s point of view?...
5. Sharing of Threat Intelligence
How can agencies and industry implement and sustain threat data sharing and create a robust, timely and systemic sharing environment (more than just incidents) that can allow agencies to operate collectively government-wide and with industry and in real time rather than independently with little peripheral view of threats and responses?
6. Solving the Talent Search
How can government tackle the cybersecurity talent search in a way that strengthens skills, experience, and knowledge both within government CISO/CIO and partner organizations and externally from contracted services?
7. Executive Leadership-led Risk Management
How can we sustain executive-level attention to this critical issue, and institutionalize cyber as an on-going component of agency risk management practices, not just a side-bar activity?
8. Building Effective Security into Acquisitions
With the continued and growing dependence of the government on commercially provided IT services, what changes are needed to government acquisition policies and practices to ensure that contractors provide adequate security and privacy protections to government data and information?