Six public and private sector cybersecurity experts have spoken out about the state of cybersecurity in the US at a special panel discussion hosted by Auburn University's McCrary Institute for Cyber and Critical Infrastructure Security.
The discussion was moderated by McCrary Institute Director Frank Cilluffo, who described the participants as "the Mount Rushmore" of cyber security experts, as reported in Yahoo Finance.
Companies and federal agencies need to go beyond information-sharing and create a joint operational approach, experts from the White House, NSA, the FBI, and CISA said.
The cyber expects representing the public and private sectors were:
National Cyber Director Chris Inglis of the Executive Office of the President is the first person to hold the role. Inglis is also a former Deputy Director of the National Security Agency.
Department of Homeland Security CISA Director Jen Easterly, a two-time Bronze Star recipient and retired U.S. Army veteran, leads CISA's efforts to promote and defend civilian government networks, manage systemic risk to national critical functions, and collaborate with state and local partners to ensure the security and resilience of the nation's cyber and physical infrastructure.
FBI Deputy Director Paul Abbate oversees all FBI domestic and international intelligence activities. His FBI service capacities previously included roles as a counterterrorism supervisory special agent in Iraq and domestic locations.
NSA Director of Cybersecurity Rob Joyce is instrumental in strengthening the cybersecurity of federal networks and critical infrastructure and revamping the nation's vulnerabilities equities process.
Berkshire Hathaway Energy CEO William J. Fehrman has been a senior executive within the Berkshire Hathaway Energy family of companies since 2006. During this time, he held executive roles for PacifiCorp Energy, MidAmerican Energy and BHE Renewables, managed Berkshire Hathaway Energy's cross-business cyber and physical security strategies, and served as the lead executive of Berkshire Hathaway Energy's supply chain and procurement initiatives.
"In the past, we focused on collecting various pieces of evidence to try to connect the dots and identify a potential threat," said Chris Inglis, the White House National Cyber Director. "But today the challenge is how to collaborate to discover a threat that none of us could have discovered alone.
"The private sector is now on the frontlines, as it builds, maintains and defends critical parts of our infrastructure. The government needs to shift to a more supportive role, bringing its resources to help secure the private sector. We need a structure where a transgressor in cyber space would need to beat all of us to beat any of us.
"While the federal government is tasked with leading the fight, more than 85 percent of the nation's critical infrastructure, including cyber networks, remain in private hands, enhancing the national security threat. Federal initiatives will have little impact if they are not built into private sector security operations, the participants noted.
"What we're undertaking now on the cyber side is a form of terrorism that holds companies unable to function. This requires an elevated level of collaboration like we've never seen before in the private sector," said FBI Deputy Director Paul Abbate.
"Companies handle proprietary and sensitive information all the time," NSA Director of Cyber Security Rob Joyce said. "What I've seen in NSA in the last several months is we've been able to take that sensitive information, get it down to that unclassified level where it's operational and work with companies in the defense industrial base. For years, we've had things go up, over, around and down. Frankly, that's too slow and often misinterpreted. Those are the kinds of things we've got to get to right."
To best protect private cyber infrastructure, panelists suggested becoming a more difficult cyber target through collaboration, trust, resilient cyber networks and building a strong, cyber-educated workforce beginning at an early age.
"Cyber security is a team sport," Department of Homeland Security CISA Director Jen Easterly said. "It really matters to have those trusted relationships. This is all about the future of partnerships, which is operational collaboration. The federal government is really just a co-equal partner with the private sector and state and local colleagues. It truly is about a collective defense, in particular given that we live in a highly digitized, highly connected and highly complex threatened environment which is evolving every day."
"If a company can't afford to protect itself, it probably can't afford to be in business," said Berkshire Hathaway Energy CEO William J. Fehrman. "I know some companies share a significant concern about data being provided to the government. Will it be used for the purposes of national defense and critical infrastructure protection? Or will it be used for regulatory and legal reasons that could come back and hurt the companies? Moving this forward, there must be a confidence built across companies that when the collaboration is occurring, it's occurring for the purposes of national defense and defensive critical infrastructure."
McCrary Institute Director Frank Cilluffo noted, "Sometimes we have a 'plandemic' of plans. Plans have no value unless we are ready to work together and act on them. I have grappled with the challenge of collaboration for decades, but I believe we finally have the team in place to get this done."