Increasingly, government leaders recognize the need to approach cybersecurity in the same way they approach public health: There must be a holistic network in which the well-being of individuals, or individual systems, depends on and benefits the well-being of others.
Like viruses, cyber threats succeed by finding a vulnerability before moving on to overwhelm the larger population. The more they succeed, the longer they stay in circulation, putting everyone at risk.
It is in our best interests not only to share resources and expertise, but also cyber intelligence, to create a more complete picture of the threats in the digital ecosystem. Forewarned is forearmed.
Collaboration is inherent in the National Cybersecurity Strategy. “By working in partnership with industry; civil society; and State, local, Tribal and territorial governments, we will rebalance the responsibility for cybersecurity to be more effective and more equitable,” the strategy states.
Here are examples of collaborative efforts already underway.
CISA Coordinates a National Effort
The federal government has collaborated with state governments on cybersecurity over the years. But the National Defense Authorization Act (NDAA) of 2021 institutionalized those efforts by creating a network of state coordinators under CISA’s purview.
The goal is for each state to have a federal, on- the-ground cyber expert. These coordinators will work with public- and private-sector organizations, providing advice, supporting preparation, incident response and mediation efforts, and connecting those organizations with federal resources.
“Cybersecurity for state and local governments is just as important as efforts at the federal level, and frequently, they lack the resources, technical know-how, and situational awareness to secure their systems, or respond in the event of an attack,” said former Sen. Rob Portman (R-Ohio), one of the original sponsors of the bill incorporated into the NDAA.
DHS Extends Funding to Local Agencies
Federal efforts also can help spur collaboration within states. That’s the hope for the State and Local Cybersecurity Grant Program and Tribal Cybersecurity Grant Program, as part of the Bipartisan Infrastructure Law.
With a historic $1 billion, the program funds agencies for four years to address risks and strengthen security, particularly for critical infrastructure. CISA and the Federal Emergency Management Agency will approve state plans, with committees comprised of cybersecurity representatives from counties, cities, towns, public education and public health. States are required to distribute at least 80% of the funding to local and rural communities and 3% to tribal governments, for new and existing programs.
At a 2022 conference of the National Association of State Chief Information Officers, state participants were asked what a successful State and Local Cyber Grant Program would look like. One of the hallmarks of a good program, they said, was that it would “[break] down barriers between state and local government and foster ‘an inertia of collaboration’.”
States Create Cyber Fleets
Federal support and direction are essential, but states also need to run their own cyber defense vessels.
In February 2022, New York Gov. Kathy Hochul established the Joint Security Operations Center (JSOC) to unite local, state and federal response efforts and data collection. It includes businesses that operate critical infrastructure, plus DHS, Emergency Services, the New York State Police, the Metropolitan Transportation Authority, the Port Authority of New York and New Jersey, and other entities.
Qualified personnel from across New York staff JSOC, which is headquartered in Brooklyn, both in person and virtually. Officials expect the center’s central view of threat data to make it easier to detect and respond to emerging threats and to accelerate remediation efforts.
Other states, such as Illinois, North Carolina and Utah, have established similar task forces that include their state’s emergency management agencies, police, the National Guard and infrastructure partners.
Cyber Care on the Global Landscape
But a holistic approach needs to go beyond the public sector.
With that in mind, Congress created the Joint Cyber Defense Collaborative (JCDC) in 2021 for public- and private-sector partners worldwide. The collaboration involves service providers, infrastructure providers, cybersecurity experts and researchers who can share information, decrease threats and build defense plans to serve the global community.
Every government agency, business and nonprofit is part of our cyber landscape. That means that each entity’s level of security is tied to the next, in more ways than we can imagine. As the JCDC website says, “No one entity can secure cyberspace alone.”
This article appears in our guide, “A New Cyber Game Plan Takes Shape.” For more about how agencies are meeting the cybersecurity threat, download the guide:
Leave a Reply
You must be logged in to post a comment.