Closer working partnerships between Federal cybersecurity authorities and the private sector hold the key to improving the U.S.’s ability to fend off and recover from the increasing wave of cyberattacks against U.S. targets including those from nation-states like Russia and China.
That was the main takeaway from a discussion of the current cybersecurity picture by Rep. John Katko (R-N.Y.), the ranking Republican leader of the House Committee on Homeland Security, who spoke during a Washington Post Live event on September 14.
The congressman talked about the extent to which the current level of interaction between Federal cybersecurity agencies like the Cybersecurity and Infrastructure Security Agency (CISA) and the private sector help to stem attacks – but also the long way left to go in improving those interactions including through increased sharing of information about attacks.
While CISA is already engaged with the private sector – especially with critical infrastructure sectors – to help them improve security, sharing of information from the private sector to the government is still sorely lacking, he said.
“CISA gets maybe one percent of the details of the cyberattacks in this country,” he said, making it “very hard for them to understand the playing field.”
“We have to get the private sector to interact on a more routine basis” about attacks that they face, Rep. Katko said.
Rep. Katko is active on the cybersecurity legislative front, including on pending legislation in the House that would establish a mandatory cyber incident reporting framework covering critical infrastructure sectors.
Asked today what it will take to increase the exchange of cyber threat and attack data between the government and the private sector, the congressman said that could be accomplished through legislation or regulatory action. But he also stressed that lawmakers and regulators have to find a way to streamline that process so that it “doesn’t hinder [the private sector’s] ability to do their jobs.”
An end result of those efforts, he said, should focus on helping the private sector to prevent attacks on the front end of the process, rather than report the devastating impact of attacks to the government on the tail end.
“We need to have an ‘A Team’ of entities in government that are going to help the private sector” to become more secure, “because it is a partnership,” he said. Rep. Katko said that team would include CISA, National Cyber Director Chris Inglis, the Defense Department, and the intelligence community.
“It’s going to cost money, more well-defined roles, and a team approach going forward,” the congressman said. He added that the private sector needs to invest more in security, and “can’t just hope and pray that they are not the next victim.”