20 March 2020

Ways government, industry can overcome a perpetual challenge

Andrew Eversden
A congressional report recommended that the federal government takes several measures to improve its intelligence sharing relationship with industry through policy reviews and joint collaboration platforms.

The report, created by the Cyberspace Solarium Commission (made up of government and nongovernment cyber experts), presented 75 cyber policy recommendations, including the recognition that information sharing is a perpetual challenge both between feds and private industry and agencies within the federal government.

The report suggests that Congress direct the executive branch to undergo a six-month review of intelligence policies, procedures and resources to identify pieces that inhibit the intelligence community to effectively share information.

“It needs to be done better in terms of higher level of collaboration [at] more senior levels between and among the government and private sector,” said Tom Gann, chief public policy officer at McAfee.


To start, the report calls on the federal government to create a “systemically important critical infrastructure” designation that would allow operators of that infrastructure to receive special assistance from the government to secure their systems.

The information sharing relationship between the government and industry needs to include more contextualized information, Gann said, which provides greater insight into the overall threat environment. Industry doesn’t need to know just that there’s new malware and who sent it, but also what organizations and senior leaders of actors might be involved, as well as motivations.

“It’s building as complete of a picture as you can of a threat environment on a day-to-day basis ... which is so important,” Gann said.

There are some efforts within the federal government focusing on improving intelligence sharing with private industry. The Cybersecurity and Infrastructure Security Agency at the Department of Homeland Security works with private and public sector partners to protect critical infrastructure. Another effort at the NSA’s Cybersecurity Directorate is focusing on intelligence sharing with the Defense Industrial Base.

To further those efforts, the report also suggests Congress fund the creation of a “Joint Collaborative Environment,” which would host both classified and unclassified cyberthreat information, malware forensics and network data. The platform would share information with other federal agencies and owners of “important” critical infrastructure, and eventually expanding to intelligence sharing and analysis centers, and a larger swath of critical infrastructure operators. The commission also proposed a Joint Cyber Planning Cell to coordinate cybersecurity planning efforts with the private sector.

The report also recognizes that U.S. government doesn’t know how to best serve the private sector with intelligence collection. In order to mitigate that, the report recommends that the Congress mandate a “formal process to solicit and compile private-sector input to inform national intelligence priorities, collection requirements, and more focused U.S intelligence support to private-sector cybersecurity operations.”

The private sector was a critical piece of the commission’s three-pronged, layered deterrence strategy it recommended. Strengthening the feds’ relationship with the critical infrastructure operators was a key aspect of the report, as demonstrated by the participation of Tom Fanning, CEO of Southern Company, a utility company.

To further that relationship, the federal government and different cybersecurity providers, such as telecom and end-point security companies, may want to explore what it would look like to partner with the federal government and allow it to actively block malicious activity, said Michael Daly, chief technology officer for cybersecurity and special missions at Raytheon.

“I think there would be a benefit to us at least investigating that as an option — how could we use public-private partnerships to do more active blocking?” Daly said.

Daly added, “If we know that’s a malicious site, let’s not let our citizens go to it.”

No comments: