Bridging the Cybersecurity Gap Between the Public and Private Sector

MAY NOT BE REPRODUCED WITHOUT PERMISSION


Table of Contents

  • Introduction
  • The Joint Cyber Defense Collaborative by CISA
    • Cybersecurity Roundtables & Classified Briefings
    • Shared Intelligence
    • Joint Operations
  • How Public-Private Partnerships Extend Beyond the Federal Government
    • Cybersecurity Collaboration at the State and Local Level
  • Collective Defense as a Collaborative Cybersecurity Strategy
  • Conclusion

Bridging the Cybersecurity Gap Between the Public and Private Sector

The statistics are well known:

  • Cyber threats are escalating at a record pace.1
  • Cyber-attacks grew 31% in 2021.2
  • The cost of a data breach now averages more than $4.2 million.3
  • There is a critical shortage in cybersecurity professionals of nearly 3 million globally.4

Supply chains, critical infrastructure, and government institutions have become common targets from nation-states and cybercriminals. In 2022, the Cybersecurity and Infrastructure Security Agency (CISA) expects increased activity from Russian-state sponsored threat actors to recoup escalating costs from its invasion of Ukraine.5

Improving the nation’s cybersecurity has become a national priority. 157 pieces of legislation about cybersecurity were introduced in Congress and President Biden signed an executive order (EO) directing government agencies to improve security efforts.6 The EO directed agencies to work with the private sector.

“Protecting our Nation from malicious cyber actors requires the Federal Government to partner with the private sector. The private sector must adapt to the continuously changing threat environment, ensure its products are built and operate securely, and partner with the Federal Government to foster a more secure cyberspace.”Executive Order on Improving the Nation’s Cybersecurity6

Public-private partnerships have become foundational elements in the fight against cybercrime. It’s a matter of national security.

How the Government and Private Security Companies Work Together to Combat Threats

For too long, security has been a solo pursuit. Organizations and government agencies have worked independently to combat growing threats. Yet, security is a shared responsibility among multiple stakeholders. Connections to third parties, cloud service providers (CSPs), and SaaS providers put organizations in government and the private sector at risk.

Recognizing this, government entities and private companies are now beginning to collaborate at a higher level.

The Joint Cyber Defense Collaborative by CISA

CISA established the Joint Cyber Defense Collaborative (JCDC) in late 2021 to attempt to unify defensive actions against cyber threats.7 It features a cybersecurity collaboration between the public and private sectors based on the concept of collective defense.

Federal agencies, state-level governments, and private sector companies work together on:

  • Joint cyber planning—including deliberate and crisis action plans
  • Integrated and institutionalized testing and assessments
  • Common situational awareness, information fusion, and analysis
  • Integrated cyber defense operations
  • Unified and adaptive plans for cyber defense operations
  • Flexible collaboration and coordinated development of timely, actionable cybersecurity guidance
  • Multi-channel, multi-source delivery of information products and integrated cyber capabilities
  • Training and education.

Cybersecurity Roundtables & Classified Briefings

Public-private partnerships also include convening multiple roundtables to discuss issues with critical infrastructure. One critical takeaway is that private sector companies have access to information due to their relationships with customers that the government cannot obtain with a warrant. Private-sector companies therefore typically spot malicious activity first.

There have also been classified briefings, bringing together public and private sector groups. More than 100 companies participated in a recent briefing on critical infrastructures, such as energy, finance, transportation, and pipelines.8

Shared Intelligence

Government agencies and private companies are often seeing the same groups of cybercriminals and threat actors, using similar methods, to stage attacks. Shared intelligence in real-time allows an early warning system. Regardless of where the attack is discovered, sharing anonymized information across a collective defense infrastructure allows action to be taken sooner.9

By sharing intelligence, threats can be identified at any level by any member of the collective defense infrastructure. This provides an earlier warning and a more rapid response. Partners can prioritize and escalate threats based on patterns or behaviors that others have seen and take the appropriate action.

Bryan Ware, former Assistant Director of the Cybersecurity Division at CISA, says shared intelligence is essential to protecting government assets and private companies.

“Let’s not keep one set of data on the government side and other data in various companies.”10
Bryan Ware, former Assistant Director of the Cybersecurity Division at CISA

By creating real-time, shared intelligence, everyone benefits.

“What could we see if we saw it all together?” he asked. “As we are able to analyze, could we find behavioral anomalies and trends that allow us to defend against adversaries more successfully and share information, not as passing reports back and forth, but really analyzing and collaborating together?”9

Joint Operations

Besides defensive actions, the public-private partnership is also extended to disrupt malicious cyber actors. The National Defense Authorization Act for FY 2022 includes a pilot program “to discover and disrupt use by malicious cyber actors of the platforms, systems, services, and infrastructure of such companies.”11

One such public-private partnership involved the FBI to disrupt a Russian military intelligence unit known as Sandstorm. Known for causing more than $1 billion in losses in the NotPetya attack in 2017, according to the Department of Justice (DOJ), Sandstorm is just one state actor demonstrating increased activity.12 In this case, a private sector company was engaged to analyze hacked devices to identify and eradicate a malicious bot.8

How Public-Private Partnerships Extend Beyond the Federal Government

Public-private partnerships extend beyond the federal government as well. Many states are realizing that to secure infrastructure across the state, they need to bring centralization to management rather than leaving it up to different agencies or entities.

This is now beginning to filter down to the local level, which often lacks the resources or playbook to provide the protection needed. As such, states are starting to take a “whole-of-state” approach to include municipals, schools, and other public institutions in cybersecurity efforts.

Cybersecurity Collaboration at the State and Local Level

Cybersecurity collaboration at the state and local levels is bringing together public and private sector resources. For example, IronNet is working with the nation’s largest state power organization, the New York Power Authority (NYPA) to secure the state’s public energy system.13 Not only does this protect NYPA assets, but it also provides protection for municipal utilities and partners served by NYPA.

“Given the rise of sophisticated cyber-attacks, we need to help our municipal utilities implement a strong security program that can detect and mitigate attacks in real-time.”
Victor Costanza, Deputy Chief Information Security Officer at the New York Power Authority.13

This type of collaboration is essential to protect critical infrastructure throughout states, including smaller municipalities that may not have the resources themselves to adequately monitor and defend against attacks.

Organizations are realizing that it takes a holistic approach including all levels of government. Private organizations are required for cybersecurity collaboration to strengthen the cyber posture of all involved.

Collective Defense as a Collaborative Cybersecurity Strategy

Whether it’s the federal government, states and municipalities, or private companies, protecting assets and infrastructure is crucial. Collective defense bridges the gap between the public and private sectors when it comes to cybersecurity.

The idea of collective defense isn’t new. A good example of that right now is the North Atlantic Treaty Organization (NATO), a group of 30 counties from North America and Europe that have pledged mutual support.

“An attack against one Ally is considered an attack against all Allies.”
NATO14

This same principle applies to cyber security. As threats rise from nation-states, cybercriminals, and other threat actors, a collective defense to protect public and private entities becomes more essential. Cyber threats today are sophisticated, coordinated, and evolve constantly. Public-private partnerships using a collective defense strategy are better positioned to identify, alert, and eliminate threats more quickly.15

Sharing threat intelligence allows organizations to:

  • Gain real-time visibility and detection across the entire threat landscape, including emerging behaviors and signatures.
  • Improve the effectiveness of your existing cybersecurity investments by helping prioritize threats.
  • Reduce the impact of cyber-attacks with help from the collective community by sharing real-time detections, threat indicators, and triage outcomes.

Read more about how Collective Defense provides a radar-like view of cyber threats and acts as an early warning system.

Conclusion

Public-private partnerships are essential to identify and mitigate growing cyber threats. By working together, entities can get an earlier warning regardless of where attacks appear.  Whether a threat action begins at the federal government level, state or local municipality, or anywhere on the supply chain in the private sector, collective defense provides real-time alerts for everyone to take action.

SOURCES