4 Priorities for Improving Cybersecurity in the US

State and local governments need better risk management processes for disasters, including cyberattacks, according to Andy Purdy, acting director of the National Cyber Security Division during the George W. Bush administration. Governments at all levels need be more proactive to prevent infiltration, Purdy said.

Purdy, now the chief cybersecurity strategist at Computer Sciences Corp., said that federal, state, local and private groups need more preventive planning to safeguard their data. Purdy is a former member of both the U.S. Department of Homeland Security and the White House team that drafted the National Strategy to Secure Cyberspace. State and local decision-makers should ask questions that lead to assessments, Purdy said. “They need to have some idea of — and this deals with physical and cyber — what’s the risk profile. What do they need to do about it?” he said.

Comprehensive risk management was one of four strategic national priorities that Purdy outlined for improved national cybersecurity. All involve public-private collaboration:

1. Assess risk and prioritize measures to mitigate risks to government systems.
2. Create cyber-preparedness protocols and situational awareness for critical infrastructure.
3. Delineate response actions.
4. Continue research and development to ensure that everyone involved has the best actionable intelligence.