At a glance.
- The importance of public-private cooperation in the US National Cyber Strategy.
- Top DoD information security executive says collaboration is key.
- US HHS CIO highlights importance of cyber coordination in health sector.
The importance of public-private cooperation in the US National Cyber Strategy.
This past March the US government released its much-anticipated National Cybersecurity Strategy, and one of the document's main messages is that the country’s cybersecurity cannot be left to just a few to solve, but must be a cooperative effort. In an article in the Federal Times, Zscaler’s vice president and chief compliance officer Stephen Kovac emphasizes the need for this collaborative approach and underscores the roles that the government and private industry must play in order to strengthen the US’s cyber defenses. Kovac notes, “The NCS acknowledges that our cybersecurity posture and supply chain are too complex and important to be left to any single business, government agency, person, or organization. It is intended to disrupt threat actors and their methods – such as ransomware, a borderless cyber crime requiring international cooperation to combat.”
Kovac calls on the federal government to support and invest in the private sector in researching and developing new tech to detect and address cybersecurity threats. And the private sector should work to improve supply chain security by adhering to government guidelines, incorporating a secure-by-design approach, and hiring and training employees with cybersecurity knowledge. As well, they should devote resources to advanced security measures like zero trust and share best practices and new developments with the government so they can be passed on to other organizations. Of course, these efforts will require additional resources. While government funding from the Technology Modernization Fund (TMF) and State and Local Cybersecurity Grant Program is on its way, in the interim companies should prepare by identifying their security needs, applying zero-trust best practices, and making the most of free resources made available by the Cybersecurity and Infrastructure Security Agency.
Top DoD information security executive says collaboration is key.
Staying in the US, the Department of Defense (DoD) reports that Principal Deputy Chief Information Officer Leslie A. Beavers spoke at a recent FedTalks speaker series, and she, too, emphasized the importance of collaboration across government and industry in achieving America’s cybersecurity goals. She said that the inherent dangers of the current digital landscape present a "whole of government, almost whole of society threat," one that “requires everyone to be a part of the solution.” She went on to note that the DoD is already involved in several initiatives focused on cybersecurity, including the implementation of a zero-trust framework. Last year the DoD released a cyber strategy plan that incorporated cultural adoption, security and defense of DoD information systems, technology acceleration, and zero trust enablement, and Beavers also highlighted the need for retaining top-notch cybersecurity personnel. Beavers added, "The Department of Defense, as large as it is, is heavily reliant on civilian infrastructure and companies as well as other government organizations. It's a journey that we have to go on together."
We heard from Ted Miracco, CEO of Approov Mobile Security, who in an email welcomed the emphasis on cooperation. “State-sponsored cyberattacks from adversaries like China and Russia are a major component of the emerging threats facing the US defense industry and government. Countering these threats requires even greater information sharing and collaboration between the US government and private sector cybersecurity companies. The initiatives underway at DOD are an important piece of confronting this complex challenge as it isn't just a defense problem, it can impact both national security and the economy. It's encouraging to see cybersecurity leaders like Beavers emphasize the role everyone must play in this effort.”
Jason Keirstead, VP of Collective Threat Defense at Cyware, also wrote to praise the emphasis on collaboration. “I'm glad to see the DoD's focus on collaboration. It's arguably one of the most important areas that can produce tangible cybersecurity improvements. When we consider the expansive and complex nature of the Defense Industrial Base (DIB), the most basic and effective countermeasure that we can deploy against the adversary is to more rapidly develop and deploy our response. Collective defense enables trusted collaboration inside and outside organizations, allowing the DoD and the DIB to work together to accelerate these initiatives, reducing the attack surface an adversary has to work with.”
US HHS CIO highlights importance of cyber coordination in health sector.
At the Billington Cybersecurity Summit held in Washington last week, chief information officer for the US Department of Health and Human Services (HHS) Karl Mathias spoke about how the HHS’s Health Sector Cybersecurity Coordination Center, or HC3, has bolstered information sharing. He stated, “We cannot be scared of sharing the data we have. We can’t let fear of the security issue prevent us from solving the problem.” Created in 2018, HC3 was the response to Congress’s concerns that HHS needed to improve its collaboration efforts with healthcare and public health sector partners, Nextgov.com explains. Matthias says the HHS is now driven by the motto, “Share as much as you can, recognize when you should and apply the cybersecurity principles to that data.”