Private-public collaboration in cybersecurity is absolutely necessary, panelists said Wednesday at the Cybersecurity Conference for a New America in Washington, D.C.
“We need to be operating with the speed at which our adversaries are operating,” said Suzanne Spaulding, Under Secretary for the National Protection and Programs Directorate at the Department of Homeland Security. She emphasized the need to have a “network of networks” that could alert private and public organizations when one or another detected a cyberthreat.
“This is a battle that you need to remain vigilant in, you need to be aggressive,” agreed Deputy Secretary of Commerce Bruce Andrews.
Spaulding said that while her department and others have been working with parts of the private sector for some time, there were still many gaps to fill in their cybersecurity practices. She used the electricity sector as an example of a private group that had been very collaborative.
“They take this very seriously,” she said. “They are a major target.”
Her sentiments were mirrored in an earlier panel by Tom Fanning, the chairman, chief executive officer and president of the Southern Company, a regional energy provider. “The more connected you are, the more interdependent you are, the more exposed you are,” he said.
Both Fanning and Spaulding brought up the Ukraine electrical grid hack, which occurred in December. The hack cut power to thousands of customers, with over 100 cities completely blacked out.
“I’ve been amazed on how little attention that’s gotten,” Spaulding said.
Hacks on areas like energy are particularly significant to private-public partnership, as a cyberattack can pose real, physical dangers to a country’s citizens.
“We’re beginning to get some traction in getting CEO attention,” Spaulding said. “It’s never enough; there’s always more we can be doing.”
New organizations and programs like the National Cybersecurity Center of Excellence are being implemented to facilitate collaboration and innovation between the government and private businesses. However, both Andrews and Spaulding expressed the need for private businesses to work with Federal agencies more often when it comes to cybersecurity.