This year, federal cyber security challenges have taken center stage with the unprecedented Office of Personnel Management breach that exposed the deeply personal records of more than 21.5 million federal workers and continued conversations around information sharing between the public and private sectors. In an interview with ITbestofbreed.com, Paul Kurtz drew on his personal experiences as former White House cyber security advisor and director of counterterrorism for the National Security Council to discuss the challenges facing the federal government in cyber security today.

Take a look at what he had to say, and how his new startup TruSTAR Technology might be able to help the problem.

I've been hearing a lot about the tensions between the government and the security industry around information sharing – how do you look at that?

There still does remain tension. I think the private sector would very much like more information from government. I will say that I think DHS is trying to do better in the wake of some of the hacks that have happened in the last couple of years. The President has put a lot of pressure on the department to succeed. However, much of the data that government might have comes from capabilities and services where many of them are classified...Often government is reluctant to share information in a timely way because either they are trying to protect sources or they have an ongoing investigation...We're doing much better [with information sharing] for counterterrorism...The President has proposed doing the same thing for cyber with the Cyber Threat Intelligence Integration Center. That will do a lot to solve the government problem.

But, still at the end of the day it goes the other way. You might want stuff from government, but what is [companies'] willingness to share with government? You fear retaliation and you fear civil and criminal penalty so you hang back...Those are huge challenges for government.

So it sounds like we're a long way from a final solution.

We have a long way to go. My thesis is if we can truly enable private-to-private sharing and collaboration, especially here in the United States, we will make the private sector a lot more secure than they are today and, in fact, the burden would potentially go down for government because the government then can focus on the hard problems out there: the nation-state oriented attacks, the big criminal organizations. Now, they're seeing so much that they're getting overwhelmed. I've had conversations with lots of folks in government and they, just like the guys in the private sector, are overwhelmed.

Does the OPM breach tie into this at all? Does the government lose some credibility in the cybersecurity space?

It does. If we talk about government cyber security, there are some systemic issues that exist. One of them is procurement is very difficult in government to be agile and to make change. The second is, they have a hard time getting good people in government and getting rid of bad people in government. That's a problem. The third area is the jurisdictional problems on Capital Hill...In the case of OPM in particular, there was a variety of reports that said there were problems and those go back a couple of years at least. It was well documented that they had a multi-factor authentication issue and that wasn't addressed. OPM deserves some real grief on that.

I will say that OPM is not necessarily different from what we've seen in the private sector in terms of senior-level executive awareness of IT risk. It's always been the CIO's job, the geeks, to fix all that. Now, with what happened with the retail hacks, JP Morgan, the Sony hack, Anthem, boards of directors and senior executives are all saying that they have to understand their exposure and their risk. Just like you don't want to make bad investments at a place that could potentially take you under, you have to understand your IT risk. I think if there's good news, it's that people are more serious about that. People are also understanding...anybody can be hacked.