How Cyber Leaders Plan to Make Cyber Defense the New Offense
Good cyber defense comes down to consistent communication and information-sharing.
Cyber defense is the new offense, cyber leaders said at the Billington Cyber Summit Wednesday. The best defense relies on good communication — or communication that has consistent information-sharing and strong public-private partnerships.
“A good cyber offense has a good defense,” said Cyber National Mission Force Deputy to the Commander Holly Baroody during a panel Wednesday. “If we just wait and watch and respond, we’re going to be at a disadvantage. We take what we learn and figure out what infrastructure are they using, who are their operators? What operations and activities can we do to disrupt that? If we can disrupt that activity, we give ourselves the time and space to bolster our defenses while disrupting. We try very hard to make sure what we do is well-shared and coordinating across the community.”
Cybersecurity at the Cybersecurity and Infrastructure Security Agency (CISA) Assistant Executive Director for Cybersecurity Eric Goldstein said he wants government and industry to “pivot from partnership to operational collaboration” to address the increasingly hostile cyber landscape.
“The place we need to be is where the government and private sector are co-equal partners,” he said during a panel at the summit Wednesday. “How do we ensure we’re investing in the right controls and practices as we’re moving forward? Let’s bring what we all have to the table and see if we can connect dots without the silos. Our view is, cyber defenders across the government and industry are executing the same mission, if we can do it at the same time together, we’ll be a lot more effective.”
Varying definitions of risk across different industry sectors are a hurdle to collaboration, standards and expectations around information-sharing. Netflix CISO Vitaly Gudanets said there are still too many information and data silos around cybersecurity risk and incidents.
“On the one hand, we’re moving in the right direction — Shields Up is a great example,” he said during a panel Wednesday. “The work on Log4j was great work, but those are pockets I think where it’s working well. I think the problem is we’re all from different sectors and we all think about risk differently.”
To dispel fears of accountability or retribution around cyber incident reporting in an effort for more effective collaboration, Department of Homeland Security Under Secretary for Strategy, Policy & Plans Rob Silvers noted the agency’s review board.
“The Cyber Safety Review Board is charged with reviewing the most significant cyber incidents, doing an authoritative fact finding into what happened, and then looking and finding lessons learned and recommendations for the community,” he said during the summit. “It’s not about accountability, there’s no punishment, it’s about transparency and sharing that with the community.”
Plus, engagement with industry and other partners earlier in the process could be more beneficial. The more information industry and government can share with each other, the faster cyber incidents can be addressed, and the fewer victims there will be.
“The board is something we in the industry really wanted to see,” said Yahoo CISO Sean Zadig. “We say no secret squirrels — if there’s useful information about an incident, we don’t want to hoard that, we want to share it. I think the board embodies that philosophy.”
This is a carousel with manually rotating slides. Use Next and Previous buttons to navigate or jump to a slide with the slide dots
-
Energy Researchers Aim For Holistic Approach to AI Issues
A new center at the Oak Ridge National Laboratory is looking at under-researched areas of AI to better understand how to secure it.
2m read -
A Prepared Workforce is Key to Cyber Resiliency
Strong training strategies and emphasizing cyber hygiene basics enhance security practices at federal agencies.
2m read -
Coast Guard Poised for Growth in Cyber
The service’s prevention policy chief discusses his priorities for combatting cyber incidents that could have global impacts.
23m listen -
Sea-Air-Space: Marine Innovation Unit Bridges Defense and Commercial Tech
Commanding Officer Col. Brooks Braden said the office is focused on how to innovate using available resources in the Marine Corps.
10m watch