USTelecom is advising Congress and the new administration to reform how it structures cybersecurity cooperation between the government and the private sector.
The post paints a dire current reality, characterized by asymmetry in which bad actors can quickly and with relatively little investment mount serious and potentially disabling attacks upon their victims, while, on the other side, defenders must guard against “an overwhelming array of challenges” and do so while complying with regulatory and compliance burdens that “often siphon time and resources away from the fight.”
The USTelecom cybersecurity post, which identifies the People’s Republic of China, Russia, and North Korea as adversaries, points to five suggested realignments and evolutions: breaking down silos, promoting prioritization, reframing public-private partnerships, allocating risk-based resources and advancing long-term strategic planning.
Silos should be broken down because they slow communication and decision-making during critical events. This, the post says, allows adversaries to exploit gaps in defenses.
Prioritization focuses on not diverting those on the front lines from operational responsibility to work on projects “that lack clear objectives and early engagement with industry.”
Enhanced public-private collaboration would lead to a fluid mix. The government would provide strategic and operational intelligence, national defense resources and policy oversight. The private sector would be responsible for operational expertise, technological advancements and real-time insights.
The prioritization of risk-based resource allocation is a framework in which resources are allocated to the most pressing needs.
Long-term strategies should be developed, the USTelecom cybersecurity post says, with input from the government and the private sector.
“[W]e must embrace a new ‘whole-of-society’ paradigm rooted in active defense, collaboration, and innovation,” the unsigned post says. “It is only by focusing intensely on
five fundamental pillars — breaking down silos, promoting prioritization, reframing public-private partnerships, allocating risk-based resources and advancing long-term strategic planning — that we can construct the cybersecurity scaffolding that will withstand the cyber storms ahead.” In October, S&P Global released a research report stating that organizations that are not good at cyber vulnerability management are more at risk for other cybersecurity challenges.
