How Cyber Leaders Plan to Make Cyber Defense the New Offense
Good cyber defense comes down to consistent communication and information-sharing.
Cyber defense is the new offense, cyber leaders said at the Billington Cyber Summit Wednesday. The best defense relies on good communication — or communication that has consistent information-sharing and strong public-private partnerships.
“A good cyber offense has a good defense,” said Cyber National Mission Force Deputy to the Commander Holly Baroody during a panel Wednesday. “If we just wait and watch and respond, we’re going to be at a disadvantage. We take what we learn and figure out what infrastructure are they using, who are their operators? What operations and activities can we do to disrupt that? If we can disrupt that activity, we give ourselves the time and space to bolster our defenses while disrupting. We try very hard to make sure what we do is well-shared and coordinating across the community.”
Cybersecurity at the Cybersecurity and Infrastructure Security Agency (CISA) Assistant Executive Director for Cybersecurity Eric Goldstein said he wants government and industry to “pivot from partnership to operational collaboration” to address the increasingly hostile cyber landscape.
“The place we need to be is where the government and private sector are co-equal partners,” he said during a panel at the summit Wednesday. “How do we ensure we’re investing in the right controls and practices as we’re moving forward? Let’s bring what we all have to the table and see if we can connect dots without the silos. Our view is, cyber defenders across the government and industry are executing the same mission, if we can do it at the same time together, we’ll be a lot more effective.”
Varying definitions of risk across different industry sectors are a hurdle to collaboration, standards and expectations around information-sharing. Netflix CISO Vitaly Gudanets said there are still too many information and data silos around cybersecurity risk and incidents.
“On the one hand, we’re moving in the right direction — Shields Up is a great example,” he said during a panel Wednesday. “The work on Log4j was great work, but those are pockets I think where it’s working well. I think the problem is we’re all from different sectors and we all think about risk differently.”
To dispel fears of accountability or retribution around cyber incident reporting in an effort for more effective collaboration, Department of Homeland Security Under Secretary for Strategy, Policy & Plans Rob Silvers noted the agency’s review board.
“The Cyber Safety Review Board is charged with reviewing the most significant cyber incidents, doing an authoritative fact finding into what happened, and then looking and finding lessons learned and recommendations for the community,” he said during the summit. “It’s not about accountability, there’s no punishment, it’s about transparency and sharing that with the community.”
Plus, engagement with industry and other partners earlier in the process could be more beneficial. The more information industry and government can share with each other, the faster cyber incidents can be addressed, and the fewer victims there will be.
“The board is something we in the industry really wanted to see,” said Yahoo CISO Sean Zadig. “We say no secret squirrels — if there’s useful information about an incident, we don’t want to hoard that, we want to share it. I think the board embodies that philosophy.”
This is a carousel with manually rotating slides. Use Next and Previous buttons to navigate or jump to a slide with the slide dots
-
AFCEA West: How the Marine Corps is Securing the Future Battlefield
USMC is focusing on technology, training and the individual warfighters to keep pace with adversaries.
11m watch -
AFCEA West: Advancing Navy’s Cloud, Zero Trust for Future Defense
The service’s tech chief highlighted how its cybersecurity, Flank Speed and future cloud efforts are going.
11m watch -
Preparing for the Future Cyber Landscape
CISA and Rubrik discuss how they’re building cybersecurity best practices and developing their workforces to prepare for the future attack landscape and bolster cyber resilience.
30m watch -
AFCEA West: Adapting Naval Cyber Command to Evolving Threats
Vice Adm. Craig Clapperton broke down how the Navy is responding to technological advancements, collaboration and adversarial threats.
12m watch