(We just added the video so you can watch in its entirety this significant speech looking back and forward on US government cybersecurity policy. Watch the video now. FAIR Institute membership and LINK community site registration -- both free-- required to view the video.)
Rep. Jim Langevin (D-RI), the leading voice on cybersecurity in the US House of Representatives, gave an address to the opening session of the 2019 FAIR Conference that wrapped up the recent history of government involvement with cybersecurity risk management – and concluded with a remarkable statement of encouragement for the FAIR community.
Langevin said that he is often asked by businesspeople in his state to recommend the best techniques for cybersecurity. “I answer the best thing to do in cybersecurity is to think of it as a risk to be managed.”
He continued that “My hope here is that the risk quantification frameworks like the FAIR model will help answer that question…The metrics used as inputs to the model are still in their infancy with respect to validation…But I look around the room today knowing that the work you are engaged in continues to evolve.”
And that gives him hope – “an emotion I don’t get to feel very often today…Collectively, you are definitely moving the country to a better place.”
Langevin chairs the House Armed Services Committee’s Subcommittee on Intelligence and Emerging Threats and Capabilities that oversees Defense Department policy and programs for cybersecurity, and sits on the House Committee on Homeland Security’s Subcommittee on Intelligence and Counterterrorism. He co-founded the bipartisan Congressional Cybersecurity Caucus in 2008.
He has a long involvement with development of the NIST Cybersecurity Framework which, he said, drove awareness of cybersecurity in government and business but ultimately not action that resulted in better defenses. NIST recently added FAIR to the CSF list of recommended best practices. Langevin said he is also actively involved in determining the government role in protecting critical infrastructure – decisions, he said, that wouldn’t be possible without risk quantification.