Congressional Cybersecurity Training Resolution will mandate training for elected officials.
Cybersecurity risk management is about understanding why you are a target, how you will be attacked, and the fallout if an attack is successful.
Protecting the government supply chain is a big deal. Under DFARS 252.204-7012, anyone at a company that handles government Controlled Unclassified Information must take annual infosec training, and has been since 2017.
Government employees will tell you that information security training has been an annual requirement for years, long before private companies made it mandatory for their employees.
But elected officials have no infosec training requirement? Huh.
The Congressional Cybersecurity Training Resolution of 2019, submitted by Rep. Kathleen Rice (D-NY) and Rep. John Katko (R-NY) would (FINALLY) require House members, officers, and employees to take annual training on information security. Interestingly, last year the Senate began working to re-instate mandatory training for EMPLOYEES, but it’s unclear on the specifics for senators themselves.
When you think about it, these officials are the ones making decisions on technology, privacy, and policy that will impact us all for years to come. Having seen some pretty embarrassing question and answer sessions when elected officials quiz technology execs, clearly there is a lot of work to be done.
Just to make sure our duly elected representatives get the most out of this training, here is Sera-Brynn’s recommended starting curriculum:
- How the Internet Works (The Internet is Not a Bubble Cloud)
- What is the Cloud (Am I in Heaven?)
- What is the IoT (“Alexa, should we trust you?”)
- Social Media Awareness (Nothing ever goes away once it’s on the Internet)
- What is the Dark Web (Not On Your Government-issued Computer)
- Device Management – (Don’t Enter Your Password on TV)
- Insider Threat (We Need Mandatory Insider Threat Training)
- Supply Chain Risk Management (What Adversaries Do With Stolen Data, Supply Chain Hackers, and Just How Bad It Is)
- Privacy Basics – (Balancing Consumer Data with Big Business, or When You Are Getting Something For Free On The Internet You Are Not The Customer You Are The Product.)
- Compliance and Regulated Industries (HIPAA, GDPR, DFARS, and everyone is wondering Where is the Cybersecurity FAR?)
When training parents on family safety and cybersecurity, I often use the analogy that we are digital immigrants. Our kids are digital natives. We have to work harder to grasp the languages, customs, and rules. Our kids inherently understand and move with ease in a digital world. We remember landlines as the only form of phone communication. It’s safe to say a whole lot of elected officials are digital immigrants.
Rep. Kathleen Rice and Rep. John Katko have the right idea.
Heather Engel is Chief Strategy Officer of Sera-Brynn. She has nineteen years of experience in cyber security, with an emphasis on cyber risk management including regulatory compliance, incident response, crisis communications, Continuity of Operations (COOP) planning, development and exercise execution; policy development, and computer network operations.
Sera-Brynn is internationally ranked as a top-tier cybersecurity firm. Sera-Brynn is a Payment Card Industry (PCI) Qualified Security Assessor (QSA) and a certified FedRAMP assessor. To speak to a team member, contact us at firstname.lastname@example.org or via www.sera-brynn.com.