Industry offers a wealth of advanced technologies and a workforce trained on using these tools – a set of resources that serves as a major asset for the U.S. government. Though public-private partnerships are already abundant, there is still progress that needs to be made with collaboration from a cybersecurity perspective.
As more and more technology is procured from commercial entities, it is critical to ensure that risks are made known by all relevant partners, be it government or industry users, Sarah Nur, associate chief information officer for cybersecurity and chief information security officer for the Department of the Treasury, said during a panel discussion at the Potomac Officers Club’s 2024 Cyber Summit on Thursday.
“We have to establish a very tight relationship [with vendors]. Today, we have to be forthcoming a lot faster, meaning that there’s no need to wait until you confirm an incident. You need to tell us some things are developing so we can get ahead of it,” she said.
The embrace of commercial technologies has widened the cyber arena, opening up new vulnerabilities across different systems. While the government shares plenty of data with industry, industry also shares data with the government, pointed out Jeanette McMillian, assistant director of supply chain and cyber for the Office of the Director of National Intelligence.
Now, a key cybersecurity concern is protecting data on both ends. What is increasingly important, she said, is making sure outside partners are “able to protect it in the same manner that I would protect my own.”
Sharing these ideas and “making sure that we’re there for each other” could dramatically elevate security posture, she added.
Vu Nguyen, chief information security officer for the Department of Justice, emphasized that this information sharing vision should extend to the end user – the “last armed defense” against cyberattacks that may slip through the security stack.
If a threat is not detected by the user – or brought to their attention fast enough – it can be detrimental, he noted.
Training users on proper cyber hygiene presents a challenge, but government-industry partnerships provide a pathway to addressing this issue, according to Michael Molinari, security delivery senior manager at Accenture Federal Services.
“If you’re having compliance issues, there are likely pain points that you’re experiencing in your compliance processes,” he said. “For us, it’s about just having this discussion with our clients, essentially understanding where they have their challenge points and then positioning innovations or technology or solutions that could potentially solve those problems.”
Compliance issues are often unintentional, resulting from dated training practices or cultural standards within an organization, he noted.
Private sector organizations, said McMillian, also have a responsibility to support government cybersecurity leaders.
“Right now, CISOs are having a crisis because we’re trying to figure out how to do the normal job while things are continuing to evolve at a very fast pace. The key thing is collaboration – we need to grow right now,” Nur said, echoing her thoughts.
Cybersecurity, Nguyen underscored, is “a problem that no one can tackle” alone.
“We need each other, so how do we carry each other forward together? That is the theme that I’m trying to get at, because at the end of the day, we need industry, we need partnership, we need everyone to step up their security and best practices,” he said.
The Potomac Officers Club’s next event – the 2024 Army Summit on Thursday – will convene top Army officials and industry leaders to share their insights on the service branch’s top challenges and priorities. It’s not too late to secure your spot – register here!
