By Vitaliy Panych, State Chief Information Security Officer
December 15, 2021 — Aggressive cyber hackers are not unique to any nation, state, or industry. In fact, these nationally sponsored teams and criminal gangs are indiscriminate in their attacks.
Recently, I was invited to a meeting with Homeland Security Secretary Alejandro Mayorkas, Infrastructure Security Agency Director Jen Easterly, National Cyber Director Chris Inglis and other related U.S. officials to address this issue. We met in Silicon Valley with major technology and cybersecurity companies to broaden the base of private sector allies to bolster security nationwide.
Here are some of my observations from the meeting:
- Leaders of tech companies and government leaders more committed to cybersecurity than I’ve ever seen. They are taking immediate steps working to drive collaboration between government and industry and, I believe, they have assembled the right team of security ‘rock stars’ to make it work.
- Our threat landscape is increasing. We are hitting new records for Zero Days, computer software or hardware vulnerabilities in the supply chain, and are seeing augmented attacks from predatory nation states. We need to get ahead of this by lowing the barrier for information sharing regardless of public/private organizational boundaries.
- The national Joint Collaborative Defense Collaborative (https://www.cisa.gov/jcdc) is aiming for collaboration that results in measurable risk reduction – not just increased information sharing, but the real integration of our efforts to collectively prevent and respond to attacks in the most streamlined manner.
- One of the goals is to build a National Transportation Safety Board-like structure for to act as a Cybersecurity Review Board where victims are not shamed, but lessons learned and shared to elevate security for the greater good. This includes smaller private companies that need our support to improve and enable products to be built with embedded security and privacy.
- Security talent remains a huge challenge for all of us, no matter what industry or company size. We need to get better at attracting, educating, and hiring talent.
The federal administration and private sector will analyze the success of this information-bonding effort by how well they work together to combat new threats. It’s a first step to get national and state security professionals on the same page—and I believe it’s a very good first step.