Chief security officers may feel as though they’re fighting a losing battle against threats that continue to increase both in volume and sophistication. Last year, the public sector was hit by a whopping 50,314 security incidents out of a total of 79,790 worldwide, according to Verizon’s 2015 Data Breach Investigations Report.
The threats are too daunting to battle alone. Now, more than ever, officials must align themselves with legislators and executive leadership to build a better business case for security and collaborate with other experts outside of their jurisdiction — the key to quickly sharing and disseminating critical information, especially after a breach or disaster. Fending off the onslaught of cyberattacks calls for creative partnerships with the private sector and other levels of government.
The federal government offers several avenues for IT security assistance, such as the National Institute of Standards and Technology Cybersecurity Framework and standards and the Multi-State Information Sharing and Analysis Center. And then there’s hands-on help. Massachusetts, for example, tapped the U.S. Department of Homeland Security for vulnerability assessments, while California called in the National Guard’s cybersecurity network defense team for a risk assessment.
The public-private partnership InfraGard offers another avenue for collaboration. IT leaders should take advantage of such groups to share information about the latest threats and bounce ideas off their industry peers.
Public-sector security chiefs also need to band together with the private sector to battle breaches. To that end, President Obama recently signed an executive order urging the sharing of cyberattack information between the government and private industry.
“Government has many capabilities, but it’s not appropriate or even possible for government to secure the computer networks of private businesses,” the president said in remarks at the Cybersecurity and Consumer Protection Summit in February. “Many of the companies here today are cutting-edge, but the private sector doesn’t always have the capabilities needed during a cyberattack, the situational awareness, or the ability to warn other companies, or the capacity to coordinate a response across companies and sectors. So, we’re going to have to be smart and efficient and focus on what each sector does best, and then do it together.”
Michigan has its own innovative approach to responding to large-scale IT security incidents. Launched in 2014, the Michigan Cyber Civilian Corps (MiC3) brings together volunteers from government, education and the private sector. The team functions much like a volunteer fire department and offers training opportunities throughout the year.
It’s through initiatives such as those that governmental bodies, academia and the private sector can combine their best and brightest IT security talent to fight cyberthreats both foreign and domestic.