Why feds need to talk to industry about cyber
In the age of increased risk, agency executives say, feds and industry must communicate to design workable incident response and risk management schemes.
Securing the future isn't one sector's game.
According to Deputy Treasury Secretary Sarah Bloom Raskin, the keys to responding to and recovering from cyberattacks "are preparation, coordination and practice." Speaking at the inaugural Incident Response Forum on March 31, Raskin called for increased cooperation between the public and private sectors during.
She hailed the Obama administration's plan for a national cyber incident coordination policy, slated to be released this spring. "Once adopted, such a coordination policy will enable government agencies and the private sector to better understand what to anticipate from each other and one another," she said.
Raskin wasn't able to offer details on the developing plan, but she said the Treasury Department has already been working on coordination with the financial sector.
"To test our collective preparedness, Treasury, working in partnership with [the departments of Homeland Security and Justice] and financial regulators as well as the private sector, has completed five large-scale cybersecurity table-top exercises in little over a year," she said. "This is how we practice."
Across town on the same day, Emile Monette, the General Services Administration's senior adviser for resilience and cybersecurity, urged closer relationships between government agencies and their device suppliers at the American Bar Association's Internet of Things conference.
Monette said buyers don't know what risk-based decisions were made in the manufacturing process for Internet-connected devices, but they assume that risk when they start operating the technology. He said the question for government and industry alike is, "How can we equitably share this risk?"
Historically, feds have kept suppliers at arms' length, despite memos that have noted the necessity of communication. But Monette said feds will struggle to stay aware of the risks inherent in the systems they're procuring, let alone learn of new solutions, if they don't talk to their suppliers.
Raskin, in her address, imagined a ransomware attack that could lead to 21st-century bank panics.
"While initially only impacting the individual bank, the interconnectedness of the financial sector -- through payment systems or third-party vendors processing transactions, providing cloud-computing services or operating mobile solutions -- leads to actual or perceived contagion throughout the sector," she hypothesized. "First one by one, then at an accelerated pace, other institutions' files, data and systems are likewise affected, causing a crisis in confidence that one might imagine could threaten the financial stability of the United States and beyond."
Such an attack hasn't happened yet, she said. But if it does, tight coordination between government and industry will be crucial to keeping the American economy from falling apart.
NEXT STORY: Why data privacy is up to developers