Having a strong “collective defense” – whether that’s a public-private partnership or an international alliance – is critical to defending against cyber adversaries and keeping all entities safe, according to Ann Dunkin, chief information officer (CIO) at the Department of Energy.
Dunkin explained that the cyber community used to have a survival of the fittest mindset, but recently, organizations have realized the importance of information sharing to build a stronger “collective defense.”
“We really are looking across not only United States’ critical infrastructure – say with our electric utilities or our gas providers or our water companies – but also our international partners like Ukraine,” Dunkin said at the Billington Cybersecurity Summit on Sept. 9. “You look at the NATO model, we all defend each other. Now we’re saying in cyberspace, we’re all going to work together to defend each other.”
What this means, Dunkin said, is that allies can work together to share indicators of compromise and training programs. In fact, she said DoE has a specific international cybersecurity training program.
“All of that sharing we do together is what’s going to make us all safer, not this idea of letting me take care of myself and you take care of yourself,” Dunkin said.
David Mussington, the executive assistant director for the Infrastructure Security Division at the Cybersecurity and Infrastructure Security Agency (CISA), agreed with Dunkin and stressed that information sharing “allows a much faster learning curve against [the] threat.”
“I think that Ann’s right that NATO and Five Eyes and other international collaborative groups have come into their own in the last six months and seven months in ways that many of us hoped would work, but weren’t sure would work,” Mussington said.
“I think that we’re doing surprisingly well, given the challenge that we confront,” he added. “And I think that that speaks well of public-private partnerships, and of the way, at least the democratic West has come together to defend principles.”