Achieving Public-Private Coordination and Collaboration on a National Scale
I recently commented on two ways I believe the cybersecurity community can measure the new administration’s success in cybersecurity. Getting more talent into the workforce and closing the skills gap is something I will champion until the end of time! But I also recognize there are other goals and challenges for this administration to address.
Another area of focus that comes to mind is damage done to the relationship between the public and private sectors of InfoSec. As an example, the fallout from the recent SolarWinds breach—which happened right at the end of the last administration—has made clear that both public and private entities have been significantly impacted. Anyone doing business with the government has a target on their back – it’s past time that public and private entities work together to improve the country’s overall security posture.
To support the nation’s overall cybersecurity posture and credibility, I believe an apolitical, independent body that can remain consistent from administration to administration is necessary. However, that is a pretty lofty goal… So, until something like that becomes a reality, achieving effective cybersecurity as a nation will require public-private coordination and collaboration.
As I see it, there are three pillars that will contribute to successful cybersecurity:
1. Rebuild executive leadership. So far, first steps from the new administration have been positive. They’ve hired a lot of really smart people with experience in both the public and private sectors. They need to continue filling roles that have been vacant and empower these individuals to do their jobs effectively. This kind of “model behavior” will go a long way.
2. Restore the people’s confidence. Just like re-entering the Paris Climate Accord works to re-establish the United States’ commitment to combating climate change, the new administration needs to re-establish trust in cyber both nationally and globally. Effective cybersecurity will not be accomplished on an individualistic basis – collaboration is the super power we have, and everyone needs to do their part.
3. Bridge the gap between the public and private sectors. Public and private entities need to work together to establish comprehensive information sharing practices so they may collaborate on threat data pertaining to the “how” of breaches, rather than the “what”—a step in threat intelligence that is necessary but uncommon outside of Information Sharing and Analysis Centers (ISACs). This is going to require a significant cultural shift, but we’re already seeing it happen on a smaller scale. As an example, when the FBI works to do takedowns, they’re typically working with Google or Microsoft or another private entity, especially now that a great majority of the information that’s out there and subject to a potential breach is sitting in public clouds.
On top of managing a global pandemic and economic crisis, the new administration must prioritize building back (playing off Biden’s campaign mantra) an image of strength and general trust between the public and private sectors—truly from the ground up. As a community and as citizens, we need to do our part to contribute to the broader effort and champion policies in our own organizations that facilitate trust amongst industry groups, public-private partnerships, and holding elected leaders accountable for their commitments to information security.
*** This is a Security Bloggers Network syndicated blog from Swimlane (en-US) authored by Nick Tausek. Read the original post at: https://swimlane.com/blog/achieving-public-private-coordination-and-collaboration-on-a-national-scale/