Global cyber capabilities are proliferating at an unprecedented rate and posing additional strategic risk to the United States and private industry alike. Recent reporting done by CrowdStrike highlights improved capabilities by Russia, among others, who have increased cyber proficiency to penetrate networks in under 20 minutes. Compounding this is an issue the government continues to struggle with—stovepiping information and lumping organizations into “sectors.”
Despite bureaucracy and a multi-jurisdictional quagmire, the federal government is moving in the right direction with the establishment of the Cybersecurity and Infrastructure Security Agency (CISA). As the newest agency within DHS, CISA was elevated from its previous incarnation as the National Protection and Programs Directorate (NPPD) to the status of a standalone agency in late 2018. CISA is tasked not only with coordinating the protection of the nation’s critical infrastructure and the .gov domain but also helping secure soft targets, crowded spaces, and schools. A major focus of its mission necessitates strong public-private sector cybersecurity partnerships that involve exchanging cyber threat intelligence and communicating about critical cybersecurity issues that affect national security.
To succeed, CISA must ensure this high degree of public-private collaboration because the private sector owns, operates, and maintains approximately 85 percent of our nation’s critical infrastructure. It should alarm us as a nation that this privately-owned critical infrastructure contains significant security vulnerabilities.