Vulnerabilities / Threats
05:36 PM
Connect Directly

RSA: Working Together Works

But making public-private partnerships function properly isn't always easy.

Working together is critical to managing cybersecurity risk successfully, but not everyone is on the same page when it comes to how to collaborate effectively, particularly when partnerships stretch across the divide between the public and private sector.

At the RSA Conference in San Francisco, Calif., on Tuesday, pretty much everyone sharing an opinion on the subject of security expressed support for sharing information and knowledge to counter cyber threats.

Scott Charney, Microsoft's corporate VP of trustworthy computing, called for collaborative defenses based on a public health model. William Lynn III, Deputy Secretary of Defense, urged building stronger collective defenses with our allies and better information sharing.

Howard Schmidt, Special Assistant to the President and White House Cybersecurity Coordinator, Philip Reitinger, Deputy Under Secretary for the Department of Homeland Security, and Patrick Gallagher, Deputy Under Secretary of Commerce for Standards and Technology and Director of NIST, all expressed support for collaboration and information sharing across the public and private sector to mitigate cyber security risk.

Though there's widespread agreement that cooperation represents the best defense against the dark arts, there's some heavy lifting required to get from theory to practice.

Lynn, in his keynote address, said that the even if the Department of Defense successfully executes its "Cyber 3.0" strategy, now in the final stages of review, it can't do it alone because most of the national critical infrastructure is in private hands. The Department of Defense has been pushing its senior IT managers to incorporate more practices from the commercial world and Lynn proposed that those in the private sector ought to be mindful of their role in the nation's network defense.

"In the cyber domain, soldiers are not the only ones on the front lines," he said. Civilians ought to take some responsibility for security, in other words.

Lynn suggested that some of the network defense resources provided by the military to the Department of Homeland Security could be made available to assist the private sector, but didn't offer any details about how this might work.

One of the pillars of the "Cyber 3.0" strategy described by Lynn involves marshaling both technology and people to maintain America's preeminence in cyberspace. But there's considerable concern that lack of human resources could hinder that goal.

Reitinger, in a town hall discussion, described cyber security as both a security issue and an economic issue. "It is the cybersecurity workforce of the future that is going to enable our country to succeed," he said, adding his voice to the chorus calling for stronger national efforts develop science, technology, engineering, and math talent.

"We have to make being a geek cool," he said.

Schmidt, during the same discussion, offered a few examples of successful attempts to connect the public and private sector, like the Cyber Storm III exercise last year. And Gallagher confirmed that effective collaboration is occurring at many levels in the government.

But Reitinger stressed that more needs to be done.

"It's just too hard to be secure," he said. "We've got to make it easier."

We have a long way to go, he said, because people don't always understand how to collaborate and share information effectively.

When they hear collaboration, he said, "Some people here think 'kumbaya' and walk out the door and nothing changes."

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Cybersecurity's 'Broken' Hiring Process
Kelly Jackson Higgins, Executive Editor at Dark Reading,  10/11/2017
How Systematic Lying Can Improve Your Security
Lance Cottrell, Chief Scientist, Ntrepid,  10/11/2017
Ransomware Grabs Headlines but BEC May Be a Bigger Threat
Marc Wilczek, Digital Strategist & CIO Advisor,  10/12/2017
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Search Cybersecuruty and you will get unicorn.
Current Issue
Security Vulnerabilities: The Next Wave
Just when you thought it was safe, researchers have unveiled a new round of IT security flaws. Is your enterprise ready?
Flash Poll
The State of Ransomware
The State of Ransomware
Ransomware has become one of the most prevalent new cybersecurity threats faced by today's enterprises. This new report from Dark Reading includes feedback from IT and IT security professionals about their organization's ransomware experiences, defense plans, and malware challenges. Find out what they had to say!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.