• About 22CW
  • Who is 22CW
22nd Century World

Cyber Hygiene and Government–Industry Cooperation for Better Cybersecurity

July 11, 2017 by 22nd Century World

By The #CyberAvengers

Paul Ferrillo, Chuck Brooks, Kenneth Holley, George Platsis, George Thomas, Shawn Tuma, and Christophe Veltsos

Originally Published on Brink on July 11th, 2017

This past month cybersecurity legislation, called Promoting Good Cyber Hygiene Act of 2017, was introduced that would mandate the National Institute of Standards and Technology (NIST), the Federal Trade Commission (FTC), and the Department of Homeland Security (DHS) to establish baseline best practices for good cyber hygiene, authentication and cooperation.

Specifically the legislation states that the list of best practices established “shall be published in a clear and concise format and made available prominently on the public websites of the Federal Trade Commission and the Small Business Administration.” It also recommends including “other standard cybersecurity measures to achieve trusted security in the infrastructure.”

This introduction of the legislation is timely and follows an expanding trend of public–private cooperation. In February of 2013, Presidential Policy Directive-21 was issued to provide an approach to developing standards and enhancing information sharing with critical infrastructure owners and operators. The executive order was aimed at identifying vulnerabilities, ensuring security, and integrating resilience in the public–private cyber ecosystem.

Subsequently, the National Cybersecurity Protection Act of 2014 became law to help provide a roadmap for the roles of DHS and stakeholders. The law authorized the National Cybersecurity and Communications Integration Center’s current activities to share cybersecurity information and analysis with the private sector, provide incident response and technical assistance to companies and federal agencies, and recommend security measures to enhance cybersecurity.

Collaboration is Key

Certainly, information collaboration is a key component of any successful cybersecurity initiative effort, and the relationship between industry and government is no exception. Recently, DHS in cooperation with NIST developed guidelines for information sharing among several industry sectors with government. The benefits are evident. Information sharing allows both government and industry to keep abreast of the latest viruses, malware, phishing threats, and especially denial of service attacks. Information sharing also establishes working protocols for resilience and forensics, which is critical for the success of commerce and enforcement against cybercrimes.

Because of privacy and intellectual property issues, the private sector appeared reluctant to share established protocols, data and lessons learned with other industry players and government. Both government and commerce are now prioritizing critical infrastructure as the primary focus of threat and response. There is a growing understanding of the seriousness and sophistication of the threats from adversarial actors that include states, organized crimes, and loosely affiliated hackers. This budding government–industry relationship still needs to be expanded and enhanced, especially in regard to critical infrastructure—85 percent of which is owned and operated by the private sector.

A closer partnership between governments and the private sector could help produce tactical and long-term strategic cybersecurity solutions quicker. Cooperative research and development in new technologies such as hardware, software algorithms and operational processes are needed just to keep up with the evolving global threat matrix. There are no areas on the cybersecurity spectrum that do not need more investment and modernization to help fill capability gaps. The Science and Technology Directorate at DHS operates several programs and projects facilitating public–private cooperation in R&D, tech prototyping, and commercialization. These programs and projects need to be expanded and provided with more funding resources.

Keeping up with cybersecurity threats is often daunting. There are a wide variety of architectures, systems, and jurisdictions, and adaptability and scalability to upgrade to new security technologies and processes is a significant challenge. The Internet of Things (IoT), which relies on the interoperability of a plethora of devices, platforms, and protocols, is a good example of the complexities involved.

…read the rest on Brink…

Posted in: Cybersecurity Tagged: awareness, cybersecurity, network security, policy, politics, vulnerability

Categories

July 2017
M T W T F S S
« May   Aug »
 12
3456789
10111213141516
17181920212223
24252627282930
31  

Recent Posts

  • Multilateral Cyber Interests Will Rarely Align
  • Before You Declare Your Enemy, Be Sure of Your Interests
  • Cybersecurity Starts With Basics
  • Cyber Hygiene and Government–Industry Cooperation for Better Cybersecurity
  • Ransomware Heists are Only Part of the Board’s Problems

Archives

  • August 2017
  • July 2017
  • May 2017
  • April 2017
  • March 2017
  • December 2016
  • July 2016
  • June 2016
  • May 2016
  • November 2015

Tags

artificial intelligence awareness big data byod change management communications cybersecurity data security education encryption foreign relations healthcare human element information security innovation legal machine learning mobile computing network security policy politics ransomware risk management security social engineering strategy threats tokenization training vulnerability WannaCry

Copyright © 2022 22nd Century World.

Omega WordPress Theme by ThemeHall