Today, cybersecurity and infrastructure are intertwined – a single cyberattack can disrupt systems critical to Americans’ day-to-day activities. Incidents like the Colonial Pipeline attack, which resulted in a gasoline shortage that impacted millions, have shined a light on this relationship, and now, the U.S. government is more focused on cyber than ever before.
“We recognize that we’re in an era of strategic nation state competition. Since nation state adversaries are investing significantly in building world-class intrusion capabilities, we are more vulnerable than ever to remote attacks on the homeland through avenues such as cyber,” said David Patrick, chief acquisition executive at the Cybersecurity and Infrastructure Security Agency.
Staying ahead of these increasingly sophisticated cyberattacks requires strong relationships between all players within the U.S cyber ecosystem. To cultivate this collaborative environment, CISA has set out to unify the U.S. cyber community and enable the collaborative creation of a “more sustainable cybersecurity framework for the nation,” he said during his keynote address at the Potomac Officers Club’s 2023 Cyber Summit last week.
Sustainable cybersecurity, he explained, is a joint pursuit of a shared objective that “favors long-term investment in real and equal cybersecurity for all.”
Patrick emphasized that this goal cannot be achieved by federal agencies alone. These efforts, he said, must begin at the earliest levels of the supply chain to ensure that vulnerabilities are patched before new technologies are deployed by organizations that may not have the right tools to defend themselves, such as healthcare or educational entities.
“Today, we suffer through the impacts of unsafe technology products, and these products are used by consumers, enterprises and governments alike. Because the damage is distributed over time in different spaces, the impact is more difficult to measure,” Patrick said.
“While we play our role, it is really up to technology manufacturers to increase and embrace their role in putting consumer safety first,” he said.
Corporate governance, said Patrick, is another element of bringing cybersecurity players together. He said that CISA aims to encourage organizations across the nation to “move to a corporate cyber responsibility model” in which senior leaders are “well-educated on cyber risk and cybersecurity considerations are appropriately prioritized in every business and technology decision.”
This does not just pertain to business contracted by the government, but any company that provides technology to the American public. All personal data, whether it is stored by the government or by any private sector organization, must be secured, Patrick said.
He added that to efficiently implement this method of governance, the cyber community must cultivate a wide base of technology talent that can effectively share their knowledge with corporate leadership to ensure an understanding of cybersecurity at all levels of a business.
To foster these necessary relationships, CISA has positioned itself as a partner to the private sector. The agency has already established a new procurement function and begun offering vendor engagement opportunities, according to Patrick.
These efforts are an ongoing process. Though CISA is moving quickly to harness its role as a national coordinator between federal agencies and outside organizations, there is still plenty of growing and maturing to be done, Patrick said.
The Potomac Officers Club is hosting its next summit – the 2023 Annual Navy Summit – on June 21. Click here to learn more and register to attend the event, which will bring together Navy officials and private sector leaders to discuss the service branch’s top modernization priorities.