Agencies, industry must partners more to create a collaborative cyber defensive posture

Date: On Demand
Duration: 1 hour
Cost: No Fee

Agencies and all organizations are facing an ever-increasing number and variety of cyber threats.

While we’ve heard this too many times to remember over the last 20 years, the variety, velocity and volume of cyber attacks require a public-private partnership like no other challenge in the last 50 years.

The most recent White House cyber meeting and new initiatives around cybersecurity epitomize that approach.

But despite the decades of platitudes that cyber is team sport–that cyber will take a whole of government approach and many others–the truth is there still are plenty of questions that need to be answered and challenges overcome.

Information sharing is among the biggest remaining sticky wicket. Even with the Cyber information sharing act of 2015 and several ongoing federally sponsored initiatives, the roles and responsibilities remain confusing at best.

The White House’s cyber executive order attempts to address the roles and responsibilities, but some say may be causing more confusion.

What this all comes down to is the need to continually rethink the public and private sector partnership to defending networks, systems and data.

And when you add both speed and automation to the mix, the complexity of these important challenges become larger.

Steven Hernandez, the chief information security officer at the Department of Education, said despite agency progress over the last decade, there is a new sense of urgency as attackers are motivated in new ways and using a high degree of sophistication to launch their attacks.

“What this is all come together for us at my department is we have this stark realization that the need to innovate and evolve writ large in terms of risk management and cyber is paramount,” Hernandez said on the panel discussion Collaborative Defense sponsored by Raytheon Intelligence and Space. “When we look at that around the risk management side is it’s really about making sure we have near real time visibility to make decisions. We are talking about things like moving to a zero trust architecture. We are talking about things like supply chain security. We are talking about things like better threat intelligence sharing with our private sector partners.”

Kamrin Khaliq, the chief information security officer for the office of the secretary in the Department of Health and Human Services, said his office is rolling out tools like a vulnerability disclosure platform and other approaches to improve the sharing and use of cyber threat data, particularly for public facing websites.

He said the Defense Department has demonstrated the success of VDPs and HHS wants to follow their lead.

“One thing during COVID, we recognized we really needed to engage the private sector as well as the education sector, state and local and territorial organizations so that we can ensure we have that collaboration and give that visibility with respect to COVID related information,” Khaliq said. “That information sharing with respect to coronavirus cases, deaths and other sensitive information that we needed to share that was critical to understanding sharing threat or security information but also actionable information so we could appropriate respond to the threat of the virus at all levels of the government as well.”

The partnership of the public and private sectors that Hernandez and Khaliq talked about is key to staying ahead of the hackers and bringing innovation to cyber defenses.

Jon Check, the senior director for cyber protection solutions at Raytheon Intelligence and Space, said agencies like the FBI, the National Security Agency and the Cybersecurity and Infrastructure Security Agency have taken important steps to put out the joint cyber threat bulletins.

But Check said the more information that agencies and companies can share raises everyone’s threat awareness across the board.

“It’s not about one particular data set, but it gets down to that meta information about those tactics and signatures,” he said. “You can then say ‘here is the meta data, and I may think I’m vulnerable, but based on this information maybe I am.’”

Check added there are policy and technical challenges that still need to be overcome to increase the ability of agencies to act against cyber threat data.

“When you get to collective defense, the biggest thing we have to figure out is how do we truly have a data operations strategy given the mountains of data cloud providers have. That requires a strategy to get insights across that hybrid cloud environment,” he said. “We are taking the steps, but there are still policy and contractual barriers to get to the actions we need to take.”

Learning objectives:

  • Addressing cyber challenges
  • Information sharing
  • Evaluating data

Complimentary Registration

Please register using the form on this page or call (202) 895-5023.

How to access the content: Please note, you may need to re-enter your registration information if you previously registered for this webinar and returned to page after clearing your cookies or using a private browser.

This program is sponsored by      

By providing your contact information to us, you agree: (i) to receive promotional and/or news alerts via email from Federal News Network and our third party partners, (ii) that we may share your information with our third party partners who provide products and services that may be of interest to you and (iii) that you are not located within the European Economic Area.

Comments

Panel of experts

  • Steven Hernandez

    Chief Information Security Officer, Department of Education

  • Kamran Khaliq

    Chief Information Security Officer, Office of the Secretary, Department of Health and Human Services

  • Jon Check

    Senior Director, Cyber Protection Solutions, Raytheon Intelligence and Space

  • Jason Miller

    Executive Editor, Federal News Network

Sign up for breaking news alerts