The Biden Administration has been working with private companies to address the increasing threats in the cybersecurity realm. Cyber threats extend beyond the companies and can impact millions of innocent people. For example, a password breach in a private company, like Colonial Pipeline, can end up taking down sections of critical infrastructure. Initiatives like the National Cybersecurity Strategy are bringing private-sector security vendors to collaborate with the government in sharing threat information or providing solutions and tools that are beyond the government’s scope.
While building collaborations between the government agencies and private vendors is crucial, building credibility is tough with the private sector’s inherent distrust of the government. According to Mick Baccio, global security advisor with Splunk, thanks to a push by the current administration, the continuity that cybersecurity and public-private partnership needed is finally in place.
Executive orders with guidelines to facilitate improved security can be canceled the moment a new president takes office, which hampers security efforts. However, the Cybersecurity and Infrastructure Security Agency (CISA) is one of the government agencies trying to bake public-private cybersecurity efforts into its mission. CISA is responsible for securing critical infrastructure in cooperation with companies.
Some agencies that are uniquely set up to focus on collaboration with the private sector include CISA, responsible for securing critical infrastructure in cooperation with companies, and the FBI, which has worked closely with public and private entities for years. Because many critical infrastructure areas are owned and operated by corporations, the Department of Energy also needs to build partnerships to keep the infrastructure safe and prevent disinformation and misinformation that could cause a national panic.
The Cybersecurity Collaboration Center (CCC) signifies a shift in how the government works with private-sector vendors to share information and expertise to scale mitigations. According to the center’s chief, Morgan Adamski, CCC will share threat analytics with cybersecurity companies that have the broadest outreach, which could provide protection for billions of customers. Some argue that making the research collaborations more inclusive would increase the diversity of threat intelligence sources and apply more human expert intelligence to the problems.
Innovation and agility come from small companies, which file more patents in the US than larger businesses and universities do. Government and large enterprises rely on strategic partnerships with smaller security vendors to build out their cybersecurity programs. States, counties, and municipalities have a limited budget to manage cybersecurity needs and require the private sector’s outreach to help address cybersecurity concerns.
One of the most vital pieces of information comes from victimized organizations during a ransomware attack. The FBI works closely with private vendors to identify and defend against ransomware crime rings and nation-state actors. When there is an incident, the victimized organizations become partners with government agencies, sharing details about the attack and what they see happening in their networks. The government agencies gather that information and help the companies put the threats into context.
In conclusion, the government agencies and private vendors already see the value in building partnerships with each other. The need to collaborate is critical, and it is about time that efforts are being made to facilitate such a partnership. With the initiatives taken by the Biden Administration, along with new departments within federal agencies, the government seems committed to collaborating with companies to address emerging cyber threats.