Kemba Walden, principal deputy national cyber director in the Office of the National Cyber Director (ONCD), today laid out what to expect from her office over time as it puts into place a national cybersecurity plan, what ONCD expects of the private sector, and what both can expect from each other.
Keynoting at MeriTalk’s Cyber Central – Secure by Design conference today in Washington, D.C., Walden said that “it takes all of us to be defensible” in cyberspace, and emphasized the ONCD’s commitment to driving real public-private collaboration.
“We have to do better than just expecting you to give us information,” Walden said at the conference, referencing private sector entities.
“You can expect from us better intelligence sharing, you can expect from us improvement in these sorts of collaborations, and you can expect from us that we have now – some of us are late to the game – we now understand that we are the support team,” she said.
“We are here to serve our community, our industry, nonprofits, education, etc. We’re the support team agency,” Walden said.
As for what ONCD expects from the private sector, Walden said that based on the recently approved Cyber Incident Reporting for Critical Infrastructure Act, her agency expects “baseline cybersecurity requirements.”
The new law was approved as part of the Fiscal Year 2022 omnibus spending bill signed into law by President Biden in March. It obligates critical infrastructure owners and operators to report certain cyber incidents to the Cybersecurity and Infrastructure Security Agency (CISA) within 72 hours, and to report ransomware payments they made to attackers within 24 hours.
In addition to the private sector meeting those baseline cybersecurity requirements, she also said ONCD expects “more visibility [and] more transparency” from the private sector’s actions.
But what does ONCD expect from both the private sector and the public sector? Walden said it’s a professionalism that lends to opportunities to share insights, along with measurable outcomes. In order to build a robust, resilient cyberspace, she also said her agency expects “operational collaboration from both of us.”
“We view a robust cyber community that involves academia, nonprofits, private sector, education, etc. We just expect that – it takes all of us to defend each of us,” Walden said. “We expect that we are going to be able to do that for each other.”
“We also expect and we hope to see in the future, a diverse, highly-skilled workforce to enable that collective defense and to enable the strategic investments that we expect,” she added. “So with that, I just want to say I’m in this 100 percent, I hope that you’re all in this with me too.”