As technology's role in society grows, cybersecurity will become an increasingly daunting task. Governments and the private sector share an interest and obligation in jointly confronting that threat.
FREMONT, CA: The recent attack on network management company SolarWinds, which enabled bad actors to infiltrate several US government agencies and significant enterprises, exposed an alarming reality—because business and government are interconnected and rely on the same network of software vendors, they are exposed to substantial cyber-risks. That is why the strategy response must be more collaborative. Put, addressing the issue of cyberattacks alone is too large a task for either government or business.
Cybersecurity complaints to the US Federal Bureau of Investigation more than tripled last year. At the same time, the average payment made by ransomware victims increased 43 percent year over year in the first quarter of 2021. Attacks on the software supply chain are growing at a breakneck pace, and the emerging Internet of Things (IoT) and 5G wireless technologies provide further vulnerabilities.
Governments have a comprehensive view of potential dangers through law enforcement and intelligence capabilities, but they frequently approach matters through a national security lens rather than a business risk focus. While businesses have firm- and sector-specific risk information and often have easier access to cybersecurity skills, they cannot take an economy-wide picture and maybe overwhelmed by state-sponsored attacks.
Coordinate threat intelligence sharing
Governments and businesses obtain information, insight, and intelligence from various sources. We can develop a more complete and current picture of cyberthreats by aggregating them promptly. Several transactions have already occurred. The National Cyber Security Centre of the United Kingdom collaborates with the industry through a Cyber Security Information Sharing Partnership. In contrast, CISA collaborates with critical infrastructure operators in the United States through similar partnerships.
While these measures are beneficial, information exchange is not yet uniform or timely. Corporate leaders frequently believe they provide necessary data, but their government colleagues are not reciprocating. Intelligence services often avoid disclosing prospective threats for fear of overwhelming businesses with risks or disclosing tradecraft secrets. Some companies may be concerned that revealing cyber-related occurrences will expose their controls or cyber-risk management to unwelcome scrutiny, onerous legislation, or penalties.
Both parties can strengthen their cooperation by establishing trust. The newly-announced collaboration between the Nationwide Cybersecurity Center and Google to give cyber training to state legislators and their staff in the United States is an example of the endeavor we need to see more of.
Align cybersecurity education with industry requirements
Governments, businesses, and other institutions worldwide face a shortage of more than 3 million cybersecurity professionals—nearly as many as the estimated 3.5 million people already employed in the area. Arguably, there is labor capacity available here. The problem is increasing interest in cybersecurity retraining and ensuring that courses enable students and trainees to keep up with rapidly changing threats.
The National Initiative for Cybersecurity Education of the United States recently revamped its framework for talent development, allowing schools to deliver more relevant education and employers to ensure graduates possess the requisite competencies.
