Building the right collective defense against cyberattacks for critical infrastructure
Commentary
In an op-ed published in The New York Times, Robert M. Lee, CEO and co-founder of cybersecurity company Dragos, emphasizes the need for a unified and collaborative approach to defending critical infrastructure against cyberattacks. Lee argues that the increasing threat landscape requires collective defense efforts that involve government agencies, critical infrastructure owners and operators, and cybersecurity vendors.
Lee points out that as industrial systems become more connected and digitized, adversaries have learned how to exploit these systems to threaten human health and safety. Given the complexity and scale of the cybersecurity challenges facing critical infrastructure, no single organization can effectively address them alone. Therefore, a community-based approach is necessary.
The Role of Government
Lee stresses the importance of government leaders aligning across agencies with a consistent approach to empowering critical infrastructure owners and operators. He acknowledges the National Cybersecurity Strategy as a step in the right direction but emphasizes the need for effective implementation.
The first area that Lee highlights is the need to address overlapping cybersecurity regulatory frameworks. He argues that harmonizing regulations will allow organizations to focus on real security rather than compliance. Additionally, he emphasizes the importance of public-private sector collaboration and the utilization of private sector expertise and capabilities.
A Model that Works: Talk to the Regulated
Lee suggests that the government should communicate to the private sector the importance of cybersecurity for critical infrastructure systems and outline the desired outcomes. However, he believes that the asset owners and operators should be given the autonomy to determine how to achieve those outcomes, as they possess the expertise and knowledge of their own systems.
Lee provides successful examples of this model, such as the collaboration between the Federal Energy Regulatory Commission, North American Energy Reliability Corporation, and the electricity sub-sector. By detailing what they sought to achieve and forming a committee to evaluate proposed changes, they were able to align objectives and create effective regulations.
Next Generation Public-Private Partnerships
Lee argues that public-private partnerships should be taken to the next level, optimizing the knowledge and capabilities across both government and industry. He suggests that the government should focus on longer-term strategic initiatives, leveraging their talent in areas where there is no commercial market, such as building cybersecurity resilience into engineering efforts.
Additionally, he highlights the value of tools and capabilities already developed and deployed by the private sector, which can provide answers to key strategic questions or offer visibility into the vulnerabilities of critical infrastructure supply chains. Using existing capabilities, the government can obtain important information more quickly and effectively.
Editorial and Conclusion
In this editorial, Robert M. Lee emphasizes the urgency of building a strong collective defense against cyberattacks targeting critical infrastructure. He argues that a unified and collaborative approach involving government, critical infrastructure owners and operators, and cybersecurity vendors is necessary to effectively address these challenges.
Lee highlights the need for government leaders to align across agencies and foster strong cybersecurity while empowering critical infrastructure organizations. He emphasizes the importance of harmonizing overlapping cybersecurity regulations and promoting public-private sector collaboration that utilizes private sector expertise and capabilities.
Lee provides examples of successful collaboration between government and the private sector, where clear objectives were defined, and industry expertise was leveraged to achieve them. He argues that the government should focus on longer-term strategic initiatives and utilize existing tools and capabilities developed by the private sector.
In conclusion, Lee calls for the infrastructure community to come together with a cohesive voice and apply existing industry expertise and capabilities to meet the challenge of cyberthreats. By working together, they can defend national security and ensure the safety of the communities they serve.
Overall, the editorial highlights the importance of a unified approach and collaboration in addressing the complex cybersecurity challenges facing critical infrastructure. It emphasizes the need for effective government leadership, regulatory harmonization, and leveraging industry expertise to protect critical infrastructure from cyberattacks.
Advice
To truly address the cybersecurity challenges facing critical infrastructure, it is crucial for government leaders, critical infrastructure owners and operators, and cybersecurity vendors to align and collaborate effectively. Here are some key steps to build a collective defense against cyberattacks:
- Regulatory harmonization: Government leaders should work together to harmonize overlapping cybersecurity regulations, enabling organizations to focus on real security rather than compliance.
- Public-private sector collaboration: Emphasize the importance of collaboration between government and the private sector. Leverage the expertise and capabilities of the private sector to optimize the collective defense against cyberattacks.
- Clear communication and autonomy: Government agencies should communicate the importance of cybersecurity to critical infrastructure owners and operators while allowing them the autonomy to determine how best to achieve the desired outcomes based on their expertise.
- Strategic initiatives and utilization of existing tools: Governments should focus on longer-term strategic initiatives and leverage existing tools and capabilities developed by the private sector. This can provide quick and effective solutions to key cybersecurity challenges.
- Cohesive community defense: The infrastructure community should unite with a common purpose and voice to defend national security and ensure the safety of the communities they serve.
<< photo by Pixabay >>
The image is for illustrative purposes only and does not depict the actual situation.
You might want to read !
- Healthcare in Crisis: The Staggering Data Breach that Exposes Millions of Patients
- The Rise of Cyberattacks: ScarletEel Hackers Breach AWS Cloud Security
- The Rise of Big Head Ransomware: A Threat Disguised as Windows Updates
- Pro-Chinese Twitter accounts spark concerns over Beijing’s growing influence in Latin America
- Exposing the SCARLETEEL Cryptojacking Campaign: Unmasking AWS Fargate’s Role
- Cyberattack Paralyzes Ventia: The Vulnerability of Critical Infrastructure Services
- Critical Infrastructures at Risk: Unveiling Severe Vulnerabilities in Wago and Schneider Electric OT Products
- “Securing Critical Infrastructure: CISA and NSA Join Forces to Strengthen Baseboard Management Controllers”
- Russian RomCom Cyberattack: Romance Meets Espionage at NATO Summit
- Sophisticated ‘Toitoin’ Campaign Targets Banking Firms: Exploring the Cybersecurity Threat to the Financial Industry
- The Future is XDR: Saving Costs and Preserving SOC Sanity
- The Rise of SAIF: Google’s New Framework for Secure and Ethical AI Development
- The Risks Lurking in Your Wearable: A Look at Device Safety.
