By Gregory Hale
With attack campaigns going against critical infrastructure networks, and also going after safety systems, no one entity can protect against these types of assaults.
That is where a partnership between the government and private sector can reap benefits to protect against all kinds of attacks.
“We have to work with private sector,” said Richard Driggers, deputy assistant secretary for cybersecurity and communications at U.S. Department of Homeland Security during his keynote address Tuesday at the ICSJWG 2018 Fall Meeting in Cincinnati, OH. “There is a culture of security across the physical landscape, but that same culture doesn’t occur across cybersecurity.”
Driggers talk, entitled “Partnering for Critical Infrastructure Security and Resilience,” touched on Russian activity in the critical infrastructure and about an attack on a safety system that was “looking to do some harm which could possibly impact some lives.”
But what he really tried to hammer home was how the government and private sector really need to work together to ward off any types of attacks.
“We have seen a 70 percent increase in cyber attacking in small to medium businesses,” he said. “The adversary is going after smaller businesses, which are a part of larger companies’ eco system.”
Larger companies need to be aware of that information, he said, because they have to think, “If they (small businesses) are vulnerable, we are as well.”
To help companies work to fending off attacks, Driggers talked about DHS’ five pillars of security strategy, which have goals attached to them.
The five pillars are:
1. Risk Identification
Goal: Assess evolving cybersecurity risks. Understand the evolving national cybersecurity risk posture to inform and prioritize risk management activities.
2. Vulnerability Reduction
Goal: Protect federal government information systems. Reduce vulnerabilities of federal agencies to ensure they achieve an adequate level of cybersecurity.
Goal: Protect critical infrastructure. Partner with key stakeholders to ensure national cybersecurity risks are adequately managed.
3. Threat Reduction
Goal: Prevent and disrupt criminal use of cyberspace. Reduce cyber threats by countering transnational criminal organizations and sophisticated cyber criminals.
4. Consequence Mitigation
Goal: Respond effectively to cyber incidents. Minimize consequences from potentially significant cyber incidents through coordinated community-wide response efforts.
5. Enable Cybersecurity Outcomes
Goal: Strengthen the security and reliability of the cyber ecosystem. Support policies and activities that enable improved global cybersecurity risk management.
Goal: Improve Management of DHS cybersecurity activities. We will execute our departmental cybersecurity efforts in an integrated and prioritized way.
As Driggers mentioned, the federal government will not be able to fix all the issues, that is where a solid partnership working with the private sector comes into play.
“We want to fill a cybersecurity pipeline to become a national asset,” he said.
One of the ways is to fill the massive amount of job openings with qualified workers. But to get those workers, they have to create new types of programs. “How do we go after kids not going to college that are smart and willing to learn cybersecurity?” Driggers asked.
One more thing the government did was establish a risk management center earlier this summer to break down the silos that exist in the government.
“We are not doing anything different with the sector,” Driggers said. “We have been doing this for 10 years. What is different is how we are doing it. We are strengthening partnerships and you get that be forming trust. We are sharing indicators out to the community, but we would like to get more information back.”