Barry West, the Department of Homeland Security’s senior accountable official for risk management, believes that federal agencies may pursue outsourced cyber security services from contractors more frequently, due to the ongoing global shortage of and competition for cyber talent.
Government Could Shift to Security-as-a-Service, DHS’s West Says
Fedscoop | By Carten Cordell
With cyber talent in high demand, Barry West said Thursday that the government may soon to lean more heavily on the private sector for cyber security help.
West, the Department of Homeland Security’s senior accountable official for risk management, said that an ongoing global shortage of cyber talent could soon push agencies to more frequently pursue outsourced cyber security services from contractors rather than try to compete with the private sector.
“When I look at a visionary view of cyber, I think this is really where we are headed,” he said at ATARC’s Federal CISO Summit. “This would have been far-fetched probably five years ago, saying you were going to have a private sector company perform your security.”
West pointed to research from Gartner that predicted that there would be a global cyber shortfall of 1.8 million by 2022 — with the federal government struggling to compete with the private sector for talent, it may be more beneficial for agencies to contract for it, he said.
“This isn’t to say that there’s not going to be government oversight; there’s still not going to be a [chief information security officer] in charge,” he said, “but I really think we are headed for a model where we are going to see security-as-a-service and you are going to see [security operations center, or SOCs] as a service.”
West added that DHS is already in talks to consolidate 12 to 13 “disparate SOCs” — which help monitor cyber security posture from across the agency’s networks — saying that it is a key priority for Secretary of Homeland Security Kirstjen Nielsen.
“She really wants to see that happen,” he said. “It really shows when you have a major incident — when we had the WannaCry incident last year, it became real clear some of the disorganization we had around reporting.”
Consolidation would precede SOC-as-a-service, West said, with DHS beginning to merge SOC operations in the National Capital Region.
“I think it’s the way we’re headed. I think you will hear more of the SOC consolidation at DHS next year. That’s going to be a big focus for us,” he said.
After that, West said, DHS would likely craft some prototypes to test the SOC-as-a-service model over the next three to four years.
“I think we have to start thinking about it now and planning, but I think it’s the way of the future,” he said.