October 7, 2020
Assistant Director of Cybersecurity Division, The Cybersecurity and Infrastructure Security Agency (CISA)
Chief Government Affairs and Public Policy Officer, Blackberry
The federal government's response to cybersecurity differs from its previous defensive approaches. In past decades, most of the threats to the United States were through espionage and planned attacks. Now, our adversaries are targeting us online — and they aren't just targeting the United States government for attacks, but the private sector as well.
With the U.S. having been under multiple cybersecurity attacks in recent years, the Cybersecurity and Infrastructure Security Agency (CISA) is making an effort to work with the private sector. Because these attacks target both sectors, a partnership benefits both parties, as having more information and resources creates a stronger defense.
Creating Strong Cyber Defense Starts by Identifying the Risks
A partnership like this starts by evaluating the risks and deficiencies in both the public and private sectors. As the CISA has advocated for more transparency between the federal government and businesses, they've been working to see where those deficiencies lie in both sectors.
“None of that would have been possible without the work that CISA did for the last few years in identifying risks and paralyzing risks throughout the economy, and looking at different sectors and where that risk lies,” said Christopher Roberti, SVP of Cyber, Intelligence, and Supply Chain Security Policy at the U.S. Chamber of Commerce. “That's the groundwork that you need to do…[It] allows you to come up with plans to figure out how you're going to address those vulnerabilities and take care of the gaps.”
Transparency Is Essential to Keeping Everyone Safe
In the past, CISA would talk to private sectors to understand the most important parts of infrastructure, said Bryan Ware, former Assistant Director of the Cybersecurity Division at CISA.
“Not only [to] analyze that and try to identify those critical elements, but we have legal authorities that allow us to bring those companies together to share information with them,” he explained.
Now, we must collaborate to better understand our risks and how we might mitigate them.
“Let's not keep one set of data on the government side and other data in various companies,” Ware continued. “What could we see if we saw it all together? As we are able to analyze, could we find behavioral anomalies and trends that allow us to defend against adversaries more successfully and share information, not as passing reports back and forth, but really analyzing and collaborating together?”
“We are building the technical capability to do that,” he added. “We have long-established legal authorities to do that. It's just a natural outgrowth of the voluntary model.”
From the Series