Executive Order on Cybersecurity

It looks like the Federal Government is getting serious about IT security. “Now our enemies are also seeking the ability to sabotage our power grid, our financial institutions, and our air traffic control systems,” Mr. Obama said in his State of the Union address. See “Obama Order Gives Firms Cyberthreat Information” by the New York Times.

My understanding is that the order targets improvements in information sharing and developing a risk framework and best practices, called the Cybersecurity Framework. Many of NopSec’s customers are financial institutions and, although we don’t call it a “Cybersecurity Framework”, we help them put a process in place to address security vulnerabilities, get secure and stay secure. We aim to automate this process with our software, Unified VRM.

Another implication of the cybersecurity order may be more budget being allocated to IT Security teams. On a recent conference call, analysts described a rise in budgets for IT Security over the past year. However, they suggested that spending is not happening in the right places and for the right tools. In most cases, companies are spending money to keep existing investments up and running versus using technologies that can help them be more efficient.