Amid increasingly sophisticated ransomware and supply chain attacks, the cybersecurity community needs a cultural shift and novel ideas to help new executive branch leadership operationalize President Biden’s recent Executive Order.
The insight and authority of the government — coupled with the agility and innovation of the private sector — will create a powerful force multiplier capable of painting a clearer picture of the threat landscape, timelier coordination of defensive activities, and quicker recovery. Unfortunately, for many reasons, like fear of legal or regulatory liability, lack of regulations and incentives, and uncertainty in where to turn, strong collaboration is largely unrealized today and is limiting US’s ability to get ahead of cyber threats.
The lack of trust between the public and private sectors must be overcome at the grassroots level by creating strong communities and humanizing practitioners. But the onus of creating partnerships across sectors cannot rest with the government or the private sector alone. The entire cyber community must create opportunities for dialogue, partnership, and mutual understanding to create the space for new ideas and stronger toolkits to mitigate growing threats.
For too long, our domestic cybersecurity ecosystem has lacked a sustained, coordinated approach to defending against threats.
Our military and intelligence capabilities are primarily focused outside of U.S. borders, while domestic entities like states, the FBI, and CISA are focused on strengthening internal systems (.gov networks), law enforcement, and advisory assistance to the private sector. Private sector firms, including critical infrastructure operators, are largely responsible for their own cybersecurity, have varying levels of capability, and only engage government in times of crisis or as a compliance requirement.
The resulting system is stove-piped and uncoordinated, leaving cybersecurity analysts and operators overextended, and our nation vulnerable.
The urgent threat environment demands that we knock down these barriers to finally realize ‘whole-of-society’ cooperation. We not only need the structures (organizational and technological), and the policies (legal and cultural) to do this, but at the most fundamental level, we need strong relationships between people.
Grassroots efforts, like Girl Security, #ShareTheMicInCyber and I Am The Calvary tackle this by bringing together students, practitioners, policy professionals, legal experts, technologists and other cyber professionals across disciplines and sectors. This convening of actors in the cybersecurity space is inclusive by design, which builds trust and connections outside traditional silos.
Diversity is essential to this work. This is not a threat environment in which one particular educational background or demographic will succeed: it will take a paradigm shift to defend our national security moving forward. #ShareTheMicInCyber brings together Black cyber experts and cyber allies from well-represented backgrounds to forge connections, learn from each other, and reimagine how we address cybersecurity threats.
This community is strong, supportive and committed to improving the industry, making it well positioned to tackle the complexity of public private partnerships. #SharetheMicinCyber is capable of furthering inclusivity, collaboration, and trust, in the same ways we seek to eradicate systemic racism — through conversation, individual and collective action, accountability, and transparency.
This model is working, as evidenced by the new relationships, professional partnerships, and industry shifting work born of the program such as CyberBase and Aspen Digital’s look at diversity data in cybersecurity.
Strategic vision and policies are vital to setting the conditions for improved public-private collaboration. Relationships at the ground level will operationalize those policies.
Our aim is to start to address the need for trust and connection with our community. Grassroots movements that facilitate connections between people and widen networks among relevant stakeholders can drive the meaningful collaboration necessary for a ‘whole-of-society’ response to cyber threats.
Camille Stewart is the Global Head of Product and Security Strategy at Google and a nonresident fellow with the Belfer Center’s Cyber Project. She is the co-founder of #ShareTheMicInCyber.
Lauren Zabierek is the Executive Director of the Cyber Project at the Harvard Kennedy School’s Belfer Center and a visiting fellow at the National Security Institute. She is the other co-founder of #ShareTheMicInCyber.
To support or participate in #ShareTheMicInCyber visit www.sharethemicincyber.com. The October 2021 campaign is focused on public-private partnerships.