National cyber resilience requires closer integration of public and private efforts
We live in a world where we are united in fear against digital enemies who threaten our very subsistence: our food and water supply, the electric grid, even the delivery of essential healthcare.
Cyberattacks have disrupted commercial organizations, exposed our data and put our national security at risk. And although we can clearly see the escalation of this very clear and present threat, we still struggle to overcome the hurdles that stand between our public and private organizations and true collaborative efforts to strengthen our nation’s cybersecurity and resilience.
There are many reasons for this. Private companies have historically been reticent to share information with government stakeholders, and vice versa. We have also lacked clear processes to share data at scale or to allow government assistance in our efforts to protect privately-owned infrastructure. This isn’t the fault of any past administrations, and we have made progress in each of these areas, but what we have achieved simply does not match the enormity of the challenge at hand.
We cannot wait any longer. We must achieve a tighter and stronger unity of effort, or otherwise risk watching our divided defenses crumble against the new technologies and threats. The threats we face are only increasing and growing in complexity. We need to strike a balance between instituting industrial policy on the one extreme and achieving appropriate, operationalized integration on the other. We use the word “integration” instead of “collaboration” because we believe what we need moving forward is the government and private sector working alongside each other real time — physically and virtually — to address the cybersecurity challenges we face.
It is clear the current administration recognizes this. This week, Department of Homeland Security Secretary Alejandro Mayorkas and National Cybersecurity Director Chris Inglis and other top administration officials made their first joint visit to Silicon Valley. Around a table in Palo Alto, Calif., Secretary Mayorkas, Director Chris Inglis, Director of DHS’s Cybersecurity and Infrastructure Security Agency Jen Easterly and DHS Undersecretary for Policy, Rob Silvers, met with influential leaders in technology to discuss turning the rhetoric around public private partnership into action for the betterment of our nation.
At this meeting, CISA Director Easterly and her deputies expanded upon her vision for the Joint Cyber Defense Collaborative (JCDC), which is intended to be a platform for joint collaboration between federal interagency, private sector, and state, local and other stakeholders to unify defense strategies and mitigate risk. The establishment of JCDC acknowledges and addresses the need for our community to have a better way of sharing data that can help all entities prevent and mitigate cyber attacks. “Better” means the threat intelligence is high-quality, enriched with government data, and leverages artificial intelligence and machine learning to gain real-time insights and then take action against risk.
Beyond intelligence sharing, the government and industry must vastly improve its sharing of best practices, and help each other implement these playbooks, especially for entities that support national critical functions.
Having such methodologies for sharing and operationalizing intelligence will only become more important as we move towards future domains, including space, social media, Web 3.0, AI and automation and more. We know our adversaries want this same complex, advanced technology and are already putting their tentacles into U.S. innovation through legal and illegal means. We must also involve the investment community in this new model for collaboration to ensure that there is shared understanding of government needs, clear funding paths and a clear path to market for emerging technology.
Director Inglis had a great description of JCDC at the event, saying, “This is not a club, it’s an engine.” It was awesome that so many stakeholders from the cybersecurity ecosystem showed up in Palo Alto this week. But more than showing up, we all need to be “JCDC Boosters” to support CISA’s mission and contribute in the ways each of us can towards true integration of efforts.
Now is the time to tear down the administrative barriers that have rendered U.S. cyber response disjointed and slow for too long. Divided defenses will crumble against the persistent, pervasive and indiscriminate threats we see today and forevermore. If we can sustain the efforts discussed by stakeholders at the meeting this week, we stand a chance of resetting the imbalance between offense and defense and finally gaining the upper hand.
Dave DeWalt is the founder and managing director at NightDragon.
Adm. Mike Rogers is the former director of the National Security Agency and commander of U.S. Cyber Command.
