NSI News

Collaboration will bring cybersecurity solutions

Last year I had the opportunity to hear the Director of the US National Security Agency speak at three separate conferences and each time he repeated the need for an enhanced public-private partnership to confront cyber threats. In fact, this has become a mantra by government and military officials who understand how highly dependent Federal, State and Local governments are on critical information and communications technology infrastructures that are owned and operated by the private sector. However, the challenges to building an effective and trusting partnership are daunting. The USG has all too often sought the private sector’s knowledge and experience without providing any financial incentives to such an exchange, or effective means to safeguard corporate proprietary information and mitigating reputational risk.

How can government and the private sector jump start collaborative initiatives and new partnerships? Let me offer a few thoughts on effective strategies and success stories. Underlying the power of collaboration is the principal of subsidiarity or empowering and funding organizations, groups and associations at the state and local level whenever possible. Rather than waiting for direction and initiatives to come out of Washington, where a national cybersecurity strategy is still evolving, players at the local level are coming together to educate each other on cyber threats and risk mitigation strategies, and building new synergies.

In one West coast chapter of InfraGard, the FBI public-private partnership between local FBI offices, State and Local governments, businesses and academic institutions to enhance critical infrastructure protection, members have launched an innovative threat awareness project. They are bringing together corporate and academic cyber experts to train local CEOs on cyber threats. Further north in Canada, researchers at the University Toronto involved in the public-private venture Information Warfare Monitor published this week a must-read report on the “Shadow” cyber espionage network linked to operatives in China. Of note is that their ground-breaking public research was funded by a grant from the MacArthur Foundation. Washington has much to learn from these small-scale initiatives.

A key strategy for building public-private collaboration is one that I have long advocated and practiced, and this is deconstructing complex cybersecurity issues into concepts, ideas and actionable information that “digital immigrants” and non-specialists can grasp. I was delighted to read this week that Melissa Hathaway, former Acting Senior Director for Cyberspace for the National Security Council, advocated the need, “tell simple stories [about cybersecurity] so everyone can talk about them at the water cooler and dinner table, and relate to them."

But in order to tell stories government, industry and academia need to begin weaving cyber narratives that capture peoples’ imaginations and that are based on reality and not hyped threats (let’s hope that MTV’s former star, Spencer Pratt, will find good advisors and realistic story-lines for his next initiative, a TV series called “Cyber Spies” ). And the key to being able to build popular awareness of cyber threats, and in turn enhance public-private partnerships, will be exposing the malicious human faces behind cyber attacks, thefts and exploits. Indeed, to most of us the digital signature of a “zero-day exploit” is meaningless – but knowing the identity and personality of the face behind the tool, and understanding his actual capabilities and intentions – now that’s a real story.

 

###

For more information, please contact Heather Sabharwal at hsabharwal@kglobal.com or 202-349-7016.