WASHINGTON - Leadership, building teams, and the Army’s Risk Management Framework 2.0 under the Army Unified Network Plan: These were just some of the topics touched on by Nancy Kreidler, the director of cybersecurity integration and synchronization for the Army G-6, in a presentation to the Cyber Mission Summit.
The event was hosted by the Washington, D.C. chapter of the Armed Forces Communications and Electronics Association, or AFCEA, on April 20 at the Omni-Shoreham Hotel in Washington.
The focus of Kriedler’s talk was the U.S. Army’s new RMF 2.0 for cybersecurity. Kreidler said it has proved to be a “big game-changer,” not just in terms of managing risk, but also in reinforcing the cybersecurity community.
“Under the Army Unified Network Plan we have operationalized the RMF”, she said. “We brought together a group of cybersecurity subject matter experts and tailored the RMF control set to be more threat-driven and brought in tools to drive automation.”
Kreidler explained that RMF 2.0 shifts resources away from bureaucracy and manual processes, enabling the Army to focus on risk management rather than simple compliance. She explained, “We have set up a continuous monitoring maturity framework to begin to allow systems to continue to operate on the network as we now look to assess risk on a frequent basis instead of relooking our cybersecurity every three years.”
As part of these reforms, the Army is planning to
set up the Risk Management Council to look at high- and very high-risk issues collectively instead of one authorizing official making that determination. The council brings in all stakeholders to conduct mission analysis, operational risk, and cybersecurity assessments.
“I am proud and thankful to all who have made this effort successful,” Kreidler said. “This is not something we’re planning to do. This is in execution -- we are changing Big Army.”
Leading From the Front
Leading and engaging the cyber community at every level and building trust are also at the top of Kreidler’s list of must-do’s.
“You really need to take care of your people especially in the cybersecurity field,” she said. “Because they’re going to go to industry, they’re going to make a lot more money.”
With that in mind, Kreidler and her team have built an Army-wide community of cybersecurity practitioners who meet every two weeks virtually to “just talk about cybersecurity.” “We usually have between 200 and 250 people show up just because they want to,” Kreidler said. “We don’t always have an agenda. We just talk about cybersecurity. In so doing, we have created a cybersecurity community within the Army. Now what I see is a forum where people are asking questions and getting answers, every day, all day long. It’s amazing.”
A passionate leader and team builder, Kreidler stresses that leaders at all levels must build a community within their teams. Kreidler says investing in people is Job One.
One way she does this is regular check-ins with her team. “It takes all of 15 minutes,” Kreidler said, “and it’s the best investment I can make.” She added, “I don’t think people – because they don’t see a return on investment right away – I don’t think they really see the value of it. And it’s the magical formula, and it costs nothing. It’s really time with your people. And it’s the way you build trust, which is consistency over time.”