Fresh calls have come for federal agencies to form stronger partnerships with private and public sector entities to more effectively combat the ever-growing cyber-threat, a panel of experts has agreed.
In a debate hosted by Auburn University’s McCrary Institute for Cyber and Critical Infrastructure Security, the institute’s Director, Frank Cilluffo described the panellists as the “Mount Rushmore” of cybersecurity experts.
Representatives from the White House, NSA, the FBI and the CISA said that companies and federal agencies need to go beyond information-sharing to create a joint operational approach.
“In the past, we focused on collecting various pieces of evidence to try to connect the dots and identify a potential threat,” said Chris Inglis, the White House National Cyber Director.
“But today the challenge is how to collaborate to discover a threat that none of us could have discovered alone.
”The private sector is now on the frontlines, as it builds, maintains and defends critical parts of our infrastructure. The government needs to shift to a more supportive role, bringing its resources to help secure the private sector. We need a structure where a transgressor in cyber space would need to beat all of us to beat any of us,” Mr Inglis continued.
While the federal government is tasked with leading the fight, more than 85 percent of critical infrastructure in the US, including cyber networks, remains in private hands, enhancing the national security threat. Federal initiatives will have little impact if they are not built into private sector security operations, the participants noted.
“What we’re undertaking now on the cyber side is a form of terrorism that holds companies unable to function. This requires an elevated level of collaboration like we’ve never seen before in the private sector,” said FBI Deputy Director Paul Abbate.
“Companies handle proprietary and sensitive information all the time,” NSA Director of Cyber Security Rob Joyce said.
“What I’ve seen in NSA in the last several months is we’ve been able to take that sensitive information, get it down to that unclassified level where it’s operational and work with companies in the defence industrial base. For years, we’ve had things go up, over, around and down. Frankly, that’s too slow and often misinterpreted. Those are the kinds of things we’ve got to get to right,” Mr Joyce continued.
To best protect private cyber infrastructure, panellists suggested becoming a more difficult cyber target through collaboration, trust, resilient cyber networks and building a strong, cyber-educated workforce beginning at an early age.
“Cyber security is a team sport,” Department of Homeland Security CISA Director Jen Easterly said.
“It really matters to have those trusted relationships. This is all about the future of partnerships, which is operational collaboration. The federal government is really just a co-equal partner with the private sector and state and local colleagues. It truly is about a collective defence, in particular given that we live in a highly digitized, highly connected and highly complex threatened environment which is evolving every day,” Jen Easterly continued.
“If a company can’t afford to protect itself, it probably can’t afford to be in business,” said Berkshire Hathaway Energy CEO William J. Fehrman.
“I know some companies share a significant concern about data being provided to the government. Will it be used for the purposes of national defence and critical infrastructure protection? Or will it be used for regulatory and legal reasons that could come back and hurt the companies? Moving this forward, there must be a confidence built across companies that when the collaboration is occurring, it’s occurring for the purposes of national defence and defensive critical infrastructure,” Mr Fehrman added.
McCrary Institute Director Frank Cilluffo observed: “Sometimes we have a ‘plandemic’ of plans. Plans have no value unless we are ready to work together and act on them. I have grappled with the challenge of collaboration for decades, but I believe we finally have the team in place to get this done.