Cybersecurity insights

Cybersecurity Climate Change

Katie Arrington is the former CISO for A&S (acquisition and sustainment) for the United States Department of Defense. She was appointed in 2019 to head the rollout of cybersecurity maturity model certification, CMMC, a program designed to revamp cybersecurity protocols among defense industry partners of the DOD. Widely acknowledged as the ‘mother of CMMC,’ Arrington spent two years integrating the CMMC program into DOD contractor requirements for compliance with NIST SP 800-171, resulting in a compliance ecosystem affecting 300,000 firms

Prior to the DOD, Arrington worked as a legislator and senior cyber executive. She has been South Carolina State Representative for two terms and was a candidate for the South Carolina U.S. House of Representatives in 2018. She has extensive experience in cyber strategy, policy, enablement and implementation across a wide range of domains, including DOD, federal, healthcare and state.Katie

One of the things that we lack, that we have in the deep state, is not a bunch of politicians and business owners sitting in the bottom of a basement. What it really is, is bureaucrats that are in the federal government that are risk averse, because the system is set up to be "take no risk" and the innovation, the capability that we need here just can’t exist in that environment. There's risk involved, which our adversaries clearly understand. They'll throw a thousand - and this is just an analogy - a thousand missiles at a wall in hopes that one detonates, while we, on the other hand, won't throw any unless we're 100% guaranteed that they'll detonate - and that's the difference.

In this episode of Cybersecurity Insights, Arrington discusses:

  • Background on the DOD;
  • Her view on cybersecurity education and training and the existing gap;
  • How doable some of the mandates in strategy are and how it’s becoming more dangerous.