Aggressive cyber hackers are not unique to any nation, state or industry. In fact, these nationally sponsored teams and criminal gangs are indiscriminate in their attacks.
Recently, I was invited to a meeting with Homeland Security Secretary Alejandro Mayorkas, Infrastructure Security Agency Director Jen Easterly, National Cyber Director Chris Inglis and other related U.S. officials to address this issue. We met in Silicon Valley with major technology and cybersecurity companies to broaden the base of private-sector allies to bolster security nationwide.
Leaders of tech companies and government leaders are more committed to cybersecurity than I’ve ever seen. They are taking immediate steps, working to drive collaboration between government and industry, and I believe they have assembled the right team of security “rock stars” to make it work.
Our threat landscape is increasing. We are hitting new records for zero days, computer software or hardware vulnerabilities in the supply chain, and are seeing augmented attacks from predatory nation-states. We need to get ahead of this by lowering the barrier for information sharing regardless of public/private organizational boundaries.
The national Joint Cyber Defense Collaborative is aiming for collaboration that results in measurable risk reduction – not just increased information sharing, but the real integration of our efforts to collectively prevent and respond to attacks in the most streamlined manner.
One of the goals is to build a National Transportation Safety Board-like structure to act as a Cybersecurity Review Board where victims are not shamed, but lessons learned and shared to elevate security for the greater good. This includes smaller private companies that need our support to improve and enable products to be built with embedded security and privacy.
Security talent remains a huge challenge for all of us, no matter what industry or company size. We need to get better at attracting, educating and hiring talent.
The federal administration and private sector will analyze the success of this information-bonding effort by how well they work together to combat new threats. It’s a first step to get national and state security professionals on the same page — and I believe it’s a very good first step.