Page 5 - index
P. 5
It appears that far too many people at DHS are more concerned about who is in charge rather
than collectively advancing an environment of trust and collaboration to meet the challenge of
the growing risk environment.
Sectors such as energy and financial services enjoy more productive partnerships. Perhaps
there are lessons to be learned from these engagements that could be applied by DHS more
broadly across the public-private partnership. More productive results will be achieved for the
American people with an equitable and collaborative partnership.
A National Weather Service (NWS) for cybersecurity type model is necessary to provide
timely, reliable, and actionable situational awareness for cybersecurity. Both the NWS and the
Center for Disease Control provide models for creating an integrated operational capability that
embraces the strengths of the public and private sectors in an environment of collaboration and
trust. These models prove that in collaboratively utilizing technology and data analysis, we are
capable of achieving timely, reliable, and actionable situational awareness. Such awareness
permits the issuance of information such as alerts and warnings, and even recommended
measures to proactively improve the detection, prevention, and mitigation of risks.
Such a capability does not exist for cybersecurity and critical infrastructure protection today,
although the foundation for how to get there does exist. We need to seize the moment,
leveraging a functional public-private partnership to achieve improved results for the American
people.
The National Cybersecurity and Communications Integration Center (NCCIC), which according
to the U.S. government serves as the nerve center for cybersecurity, is instead a series of
stovepipes, including a collection of one-off agreements with individual companies and
organizations. Some progress has been made with the NCCIC, but nearly five years after its
creation, it remains a work in progress stymied by cultural impediments and a lack of
collaborative leadership.
Creating an operational capability is more than pushing out threat indicators in volume and
claiming victory. It must include information sharing, analysis, and collaboration across the
partner community. The targeted outcome must be timely, reliable, and include actionable
situational awareness, both in steady state and during times of escalation that can produce
alerts, warnings, and even recommended protective measures. The NCCIC will achieve greater
success if it leverages an integrated approach that includes industry, federal cyber centers and
entities, state and local governments, along with our international allies. These efforts are
essential to improving the detection, prevention, and mitigation of cyber events that may
become incidents of national or even global consequence.
Leverage lessons learned from actual events and exercises intended to test our national
preparedness and resilience. The government has a lot of information related to actual cyber
events from around the world. Analyzing those events offers information about the tactics,
techniques, and procedures (TTPs) utilized by the bad guys. Developing case studies based on
these events would be very instructive to the cybersecurity community for managing risk to data,
systems, networks, and critical infrastructure. In focusing on the TTPs the analysis should
I25B /1B>9>7C &171J9>5 M +5@D5=25B 49D9?>
?@IB978D K I25B 565>C5 &171J9>5 << B978DC B5C5BF54 G?B<4G945
