Over the past year, the number of cyberattacks on agencies has grown exponentially. Not only have the attacks become more frequent, but they have also become more sophisticated. In the wake of these seemingly relentless attacks, The Cybersecurity and Infrastructure Security Agency (CISA) has recommended that information sharing is essential to the protection of critical infrastructure and the furthering of cybersecurity for the nation.
With the major attacks that have recently occurred, Tim Brown, Chief Information Security Officer and Vice President of Security at SolarWinds, says the industry has reached an inflection point, where the theoretical attacks that could happen to us have become reality. Brown says, “we have to share ideas on how to become more resilient to threat actors inside of an environment.” By sharing knowledge of events, more agencies will be better prepared to defend against these attacks.
Agencies are learning it’s advantageous to take a collaborative approach to cybersecurity. The latest U.S. Cyberspace Solarium Commission reported setting up a system of information-sharing throughout agencies will promote responsible behavior and dissuade adversaries from launching attacks. Katie Arrington, Chief Information Security Officer for Acquisition and Sustainment at the Department of Defense, said legislation is “breaking down the barriers about how and what agencies can share with each other.” When an attack happens, the whole industry is affected, and agencies look inward to assure security of their systems. Micah Czigan, Chief Information Security Officer at Georgetown University said this becomes a “shared risk, since we’re all connected.”
Through information-sharing, agencies can compare security strategies, learn from experiences, build best practices, and better prepare their environment. Bob Kolasky, Director of the National Risk Management Center at CISA said from the COVID-19 pandemic, agencies have learned to be “more intentional early on and to be prepared for and understand different operating environments. Those who do this will come out better in the end.”
“By educating agencies on cyber risks and working together, agencies will be more successful in defending against cyberthreats in the years to come”, said Thomas Sullivan, Deputy Chief of National Security and Cybercrime Section at U.S. Attorney’s Office for the District of Maryland.
Both Arrington and Czigan agreed with information-sharing, there will be a change for the better in cybersecurity. Czigan shared a large change in the industry is that “non-cybersecurity individuals are now looking at projects and assessing risks and who could potentially be affected.”
“The inflection point in the public sector is bringing positive change and a more openness about sharing going forward,” said Brown.
To learn more about the effects of information on cybersecurity, click here.