Flash Talk: Greg Touhill on the State of Cybersecurity

The State of Cybersecurity in 2021: Americas’ first federal CISO talks us in the wake of yet another FBI/CISA alert on impending cyber threats.
General Greg Touhill on the state of cybersecurity

Table of Contents

After another alert from the FBI in conjunction with CISA on impending cyberattacks, we were lucky enough to sit down with one of cybersecurity’s most renowned trailblazers. General Touhill was kind enough to discuss why the old ways aren’t good enough and where the state of cybersecurity is headed. 

Brigadier General (Retired) Gregory J. Touhill spent over 30 years with the U.S. armed forces where he was a pioneer in the field that would come to be known as ‘cybersecurity’. He rose up the ranks to be appointed by President Obama as the United States’ first Federal Chief Information Security Officer, served as the president of Appgate Federal Group, and currently, Gen. Touhill serves as Director at CERT Division at the Software Engineering Institute based at Carnegie Mellon University. What follows are a few paraphrased responses from the entire conversation, which can be found here.

The State of Cybersecurity

Ricardo Villadiego (RV): What’s your assessment of the current ‘state of cybersecurity’?

Gregory Touhill (GT): The state of Cybersecurity right now is unsettled. The cyber-ecosystem continues to be ravaged by nation-state actors, cybercriminal groups, and many companies—particularly healthcare providers and SMBs—are plagued by ransomware. We have an increasingly important amount of critical infrastructure that is heavily reliant on information technology.

An increasing amount of data is at risk, which endangers not only organizations, but individuals and their civil rights, civil liberties, and privacy.

Advice for Small and Medium-sized Businesses

RV: If an SMB doesn’t know where to start with cybersecurity, what should they focus on first?

GT: One of the things we’re seeing with our research at Carnegie-Mellon University is that many organizations don’t have a good handle on what kind of data they have, where it is, and what its value is. When an SMB wants to take a look at their cybersecurity posture, step one has to be to create an inventory of your data. 

Many of the best practices in cybersecurity—zero trust is an increasingly important example—rely on those data inventories. It’s also important to bear in mind that not all data is equal and deserving of the same protection.

Advice for Large Enterprises

RV: What if a big company with a big cybersecurity stack is struggling with alert fatigue?

It’s very easy for large organizations with network enterprises to drown in alerts. Once again, data is the key. The best practice for a SOC is to categorize, prioritize and be very aware of the sensitivity of data. Then you can organize your alerting so that you can understand what’s important and tier your alert and warning systems.

As a professional military officer, you can’t be successful in the physical world without prioritizing, segmenting, and segregating. The same principles come to play in the cyber world. You need to be able to discern what is really important and what can wait.

White House Statements

RV: There have been a number of statements coming from the White House. Have you seen some cybersecurity challenges being addressed?

Absolutely. I was very heartened by the cybersecurity executive order. However, we as a cybersecurity community at large have tried to keep cybersecurity an apolitical issue. The Biden administration E.O. built on the lessons learned in the Trump Administration, Obama Administration, Bush Administration, Clinton Administration, and so forth.

I was pleased to see the implementation of initiatives that we had been promoting when I was still in federal service, such as zero trust and setting up a cybersecurity review board—so that we could take a disciplined approach to looking into significant cybersecurity incidents like we would with an airplane disaster. The joint cyberdefense collaborative initiative allows for greater sharing of information. 

We’re building common playbooks for cyberdefense responses, but also to inform our cyber exercises, which makes us more proactive than reactive. There are many more examples in that executive order, but I’m very enthused by the progress we’ve been making in the last couple of years.

The Next 5 Years

RV: What will be the most relevant topics in cybersecurity 5 years from now?

We’re going to see questions around privacy, civil rights and civil liberties percolate to the top of the agenda. We’re already seeing some hints at that with Apple announcing their new program where they will begin assessing the apple cloud for any evidence of child pornography. While child pornography is absolutely abhorrent and should not be tolerated at all, this opens up an overdue conversation around privacy, civil rights, and civil liberties. That same technology could be used to look into your private data.

We’ll see artificial intelligence and remote process automation doing work that has traditionally been done manually and being inserted into business processes.

Third, there will be greater discussion about business continuity with regards to critical infrastructure, industrial control systems, SCADA, IoT, and non-IT connected devices. In critical manufacturing, for example, most of the manufacturing devices are automated devices and they’re increasingly connected to internal systems and ultimately to the bracer internet. Looking at that interconnected world and risk exposure will drive boardroom conversations tomorrow and well into the next 5 years.

We’d like to thank Brigadier General Touhill for joining us for this Flash Talk as well as his many years of service. Watch the entire 30-min state of cybersecurity conversation with more questions for the General.

Subscribe to Our Blog

Get the latest cybersecurity articles and insights straight from the experts.

Share this post


Lumu Defender

Lumu Defender: Automating Threat Defense

Reading Time: 3 mins Lumu Defender lets you feed Lumu’s confirmed compromise instances into your existing cybersecurity stack for an automated response to cyber threats.