Cybersecurity Roles and Responsibilities: Private Sector Perspective
May 24, 2019 at 02:53 pm
Share
Last week, I had the pleasure of briefing members of the U.S. Senate's Homeland Security and Government Affairs Committee to provide Cisco's perspective on the roles for the private sector and government in protecting the nation's digital infrastructure. I focused my remarks on a much-publicized recent cybersecurity attack since it's a great example of how the public and private sectors can and should work together.
The important lessons we can draw from this recent attack are that:
Government and industry both have distinct, but important, roles to play in preparing for and responding to cyber-attacks;
Effective communication between our roles is essential; and
We all need to maintain vigilance because the attackers never sleep and their sophistication is only limited by software and imagination.
Last month, Cisco's Talos threat intelligence team made headlines globally publishing a report on a state-sponsored attack dubbed 'Sea Turtle.' This attack, which was impossible to detect, enabled the theft of login credentials and other sensitive data. It was so successful, like many other attacks, because we continue to rely on passwords, which users frequently reuse.
The response to the Sea Turtle attack demonstrated the power of the public-private partnership so central to cybersecurity in our country. First, it was a positive development that the private sector was able to quickly detect both attacks and raise awareness. Second, the US government set a positive example by issuing a Binding Operational Directive to federal agencies, and providing concrete, usable advice to the general public about the importance of MFA.
Today, MFA can frustrate attempts by hackers to reuse stolen passwords. Longer term, we need to pivot away from a reliance on these passwords and build a more 'zero trust' environment that will continuously authenticate users and devices. Fortunately, MFA is again part of this longer-term approach.
This attack and many others exploits trust in ways that we should all view as highly troubling, but can be prevented through wider use of technologies, such as multifactor authentication. I'm a student of history and I know how powerful the public/private partnerships can be to drive innovation. It's how the Internet was created and it's certainly how it can be protected. Effective communication between the private and public sector can also drive actionable information to the public in time for harms to be mitigated while we develop longer term solutions, together, to the problem of ongoing cyber threats.
Share:
Attachments
Original document
Permalink
Disclaimer
Cisco Systems Inc. published this content on 24 May 2019 and is solely responsible for the information contained herein. Distributed by Public, unedited and unaltered, on 24 May 2019 18:52:02 UTC
Cisco Systems, Inc. is the world leader in designing, developing, and marketing Internet network equipment. Net sales break down by family of products and services as follows:
- network equipment (68.9%); switches and routers, technological software and systems (storage, Internet access, and security systems, wiring, gateways, connection interfaces and modules, etc.), etc.;
- services (24.3%): technical assistance, network design, execution, and integration services, etc.;
- security products (6.8%).
Net sales are distributed geographically as follows: Americas (58.7%), Europe/Middle East/Africa (26.6%) and Asia/Pacific (14.7%).