Federal agencies fighting cyber adversaries must truly integrate their efforts and build a real partnership with the private sector to counter cyber threats, six public and private sector cyber security experts said Oct. 19 in a special panel discussion hosted by Auburn University’s McCrary Institute for Cyber and Critical Infrastructure Security.
Companies and federal agencies need to go beyond information-sharing and create a joint operational approach, said experts from the White House, NSA, FBI and the Cybersecurity and Infrastructure Security Agency, or CISA.
The discussion was moderated by McCrary Institute Director Frank Cilluffo, who described the participants as “the Mount Rushmore” of cyber security experts.
The cyber experts representing the public and private sectors were:
- National Cyber Director Chris Inglis of the Executive Office of the President is the first person to hold the role. Inglis is also a former deputy director of the National Security Agency.
- Department of Homeland Security CISA Director Jen Easterly, a two-time Bronze Star recipient and retired U.S. Army veteran, leads CISA’s efforts to promote and defend civilian government networks, manage systemic risk to national critical functions and collaborate with state and local partners to ensure the security and resilience of the nation’s cyber and physical infrastructure.
- FBI Deputy Director Paul Abbate oversees all FBI domestic and international intelligence activities. His FBI service capacities previously included roles as a counterterrorism supervisory special agent in Iraq and domestic locations.
- NSA Director of Cybersecurity Rob Joyce is instrumental in strengthening the cybersecurity of federal networks and critical infrastructure and revamping the nation’s vulnerabilities equities process.
- Berkshire Hathaway Energy CEO William J. Fehrman has been a senior executive within the Berkshire Hathaway Energy family of companies since 2006. During this time, he held executive roles for PacifiCorp Energy, MidAmerican Energy and BHE Renewables, managed Berkshire Hathaway Energy’s cross-business cyber and physical security strategies and served as the lead executive of Berkshire Hathaway Energy’s supply chain and procurement initiatives.
“In the past, we focused on collecting various pieces of evidence to try to connect the dots and identify a potential threat,” said Chris Inglis, the White House National Cyber Director. “But today, the challenge is how to collaborate to discover a threat that none of us could have discovered alone.
“The private sector is now on the front lines, as it builds, maintains and defends critical parts of our infrastructure. The government needs to shift to a more supportive role, bringing its resources to help secure the private sector. We need a structure where a transgressor in cyber space would need to beat all of us to beat any of us.”
While the federal government is tasked with leading the fight, more than 85 percent of the nation’s critical infrastructure, including cyber networks, remain in private hands, enhancing the national security threat. Federal initiatives will have little impact if they are not built into private sector security operations, the participants noted.
“What we’re undertaking now on the cyber side is a form of terrorism that holds companies unable to function. This requires an elevated level of collaboration like we’ve never seen before in the private sector,” said FBI Deputy Director Paul Abbate.
“Companies handle proprietary and sensitive information all the time,” said NSA Director of Cyber Security Rob Joyce. “What I’ve seen in NSA in the last several months is we’ve been able to take that sensitive information, get it down to that unclassified level where it’s operational and work with companies in the defense industrial base. For years, we’ve had things go up, over, around and down. Frankly, that’s too slow and often misinterpreted. Those are the kinds of things we’ve got to get to right.”
To best protect private cyber infrastructure, panelists suggested becoming a more difficult cyber target through collaboration, trust, resilient cyber networks and building a strong, cyber-educated workforce beginning at an early age.
“Cyber security is a team sport,” said Department of Homeland Security CISA Director Jen Easterly. “It really matters to have those trusted relationships. This is all about the future of partnerships, which is operational collaboration. The federal government is really just a co-equal partner with the private sector and state and local colleagues. It truly is about a collective defense, in particular given that we live in a highly digitized, highly connected and highly complex threatened environment, which is evolving every day.”
“If a company can’t afford to protect itself, it probably can’t afford to be in business,” added Berkshire Hathaway Energy CEO William J. Fehrman. “I know some companies share a significant concern about data being provided to the government. Will it be used for the purposes of national defense and critical infrastructure protection? Or will it be used for regulatory and legal reasons that could come back and hurt the companies? Moving this forward, there must be a confidence built across companies that when the collaboration is occurring, it’s occurring for the purposes of national defense and defensive critical infrastructure.”
McCrary Institute Director Frank Cilluffo noted, “Sometimes we have a ‘plandemic’ of plans. Plans have no value unless we are ready to work together and act on them. I have grappled with the challenge of collaboration for decades, but I believe we finally have the team in place to get this done.”
Frank Cilluffo, director of the McCrary Institute for Cyber and Critical Infrastructure Security at Auburn University, left, moderated a discussion Oct. 19 with five of the nation’s most senior cybersecurity officials: National Cyber Director Chris Inglis, FBI Deputy Director Paul Abbate, Department of Homeland Security CISA Director Jen Easterly, NSA Director of Cybersecurity Rob Joyce and Berkshire Hathaway Energy CEO William J. Fehrman. The panel discusses the next generation of public/private partnerships.