Apr 06 2017 Intersector Briefing: Cybersecurity

In 2016, it seemed that cybersecurity, privacy, and hacking were constantly in the news, from the heated discussion of election-related hacking to the revelation in December that in 2013, Yahoo had been attacked, compromising the personal information of hundreds of millions of consumers. The vulnerability of private information to cyber threats is an issue that spans across the private and public sectors, affecting not only our federal, state, and local governments, but also small businesses and large multinational enterprises, and individuals across the country.

Cybersecurity is a complex issue that not only affects cross-sector stakeholders, but also must involve cross-sector collaboration to make the United States less vulnerable to cyber attacks. In this month’s Intersector Briefing, we look at public-private collaboration for cybersecurity, from improving communication and information between sectors at all levels of government to stop attacks, to building partnerships to improve cybersecurity education.

Lawmakers receive lukewarm assessment of cyber cooperation between feds, private sector
This piece from The Hill discusses the current level of coordination between the public and private sectors around cybersecurity, after a congressional hearing earlier this month. The overall message of industry experts was that the Department of Homeland Security (DHS) needs to share more information more quickly with private organizations around cyber threats. “Our collective ability to combat these threats, with government and the private sector working together, will be one of the defining public policy challenges of our generation,” said Rep. John Ratcliffe (R-Texas), chair of the Homeland Security Committee’s Cybersecurity Subcommittee, in opening testimony. The hearing precedes the release of President Trump’s executive order on cybersecurity, with industry leaders taking the hearing as an opportunity to share their thoughts on what they’d like to see happen, namely the new administration “improving the implementation of partnerships between the DHS and private companies.”

Amazon partners with state for new cybersecurity education pipeline
While collaboration between the public and private sectors to address direct cyber threats is important, there are other ways that cross-sector collaboration can help strengthen cybersecurity in the United States. For instance, there is a “critical cybersecurity expert shortage,” explains cybersecurity expert Algirde Pipikaite in an opinion piece in The Hill. Much like other workforce development or STEM education programs, there is a role to play for both public and private sectors in solving this problem. In one attempt to improve cybersecurity education, Amazon Web Services is teaming up with Virginia Cyber Range, a Commonwealth of Virginia initiative with a mission to enhance cybersecurity education in the state’s high schools, colleges, and universities. “In Virginia and across the country, businesses, governments, and private individuals are impacted by the growing threat of cyber-attacks,” explained Virginia Governor Terry McAuliffe. “We need a capable workforce that understands these swiftly changing threats and is ready to mount an agile defense against them.”

Cybersecurity Partnerships: A New Era of Public-Private Collaboration
This 2014 report from the Center on Law and Security at the NYU School of Law acknowledges the need for public-private collaboration for cybersecurity, but recognizes its complexities. “Legal, strategic, and pragmatic obstacles often impede effective public-private sector cooperation, which are compounded by regulatory and civil liability risks. Different government agencies have competing roles and interests, with the government serving dual roles as both partner and enforcer, influencing how companies facing cyberthreats view public authority,” the author writes. The report goes on to look at why public-private collaboration is uniquely valuable to addressing cybersecurity challenges, the barriers that impede this kind of collaboration, the best methods of cross-sector collaboration for these efforts, and more.

Challenges ahead for new White House cybersecurity advisor
President Trump is poised to select Rob Joyce, currently Chief of the National Security Agency’s Tailored Access Operations, as his cybersecurity czar, said a Forbes article in March. Since Edward Snowden’s reveal of the “insidious inner-workings and questionable ethics of the NSA, there has been lingering concerns over privacy and trust between that organization and private industry and citizens,” Tony Bradley reports, noting the potential for that distrust to reverberate through this administration’s cybersecurity work, with Joyce at the helm. This could be detrimental at a time when the cybersecurity sector needs increased collaboration between the sectors. “The U.S. Cyber Czar’s role is more important now than ever before,” says Fleming Shi, SVP of Advanced Engineering at Barracuda. “It’s a big responsibility — but critical to our national security to create a true partnership between private industry and the government. Not just consulting and regulating, but real collaboration.”

San Diego cybersecurity chief shares 3 ways to shield cities from attacks
In an interview with State Scoop, San Diego’s Chief Information Security Officer Gary Hayslip shares strategies for improving cybersecurity at a city level. After working in the Defense Department, Hayslip had to adjust to the realities of working in a city, realizing that “the City is really a $4 billion business with 1.3 million customers and many departments. … It requires a different approach.” He notes the importance of partnerships between City departments and the private sector, with one end result of his work in San Diego being increased coordination between the City’s cybersecurity teams and startups to “share the same vision for a cybersecurity roadmap that protects citizen data.”

DHS private sector cooperation necessary for success of nation’s cybersecurity efforts
From Homeland Preparedness News comes this recap of testimony from private stakeholders at a House Homeland Security subcommittee hearing in early March, which largely focused on increased information-sharing programs and proper responses to cyberattacks. Scott Montgomery, Vice President and Chief Technical Strategist of the Intel Security Group at Intel Corp., was quick to give DHS credit for managing “a thriving number of public-private partnerships that serve the national interest,” but noted that “at the same time, real time information sharing needs to be implemented on a grand scale, IT procurement rules should be updated, DHS partnerships need to be benchmarked against other successful ones on a regular basis, and additional incentives should be put in place to help grow the information sharing eco-system.”