Working Towards a Unified Cyber-Security Strategy
Technology is a critical enabling tool that helps agencies and practitioners promote interoperability and helps facilitate higher levels of communication and collaboration across all industries. Emergency responders (emergency medical services (EMS), fire rescue personnel, and law enforcement officers) need to share vital information across disciplines and jurisdictions to successfully respond to day to day incidents and larger scale emergencies. Many people may presume that agencies across the Nation are already interoperable, but many emergency responders cannot even talk across to people in some parts of their own jurisdiction!
The provision of public safety services requires higher levels of interoperability, and investments in critical infrastructure must continue across all levels of government. But as governments and supporting agencies either continue or begin to work more collaboratively with each other and break down the communication barriers that have existed –the potential impacts of cyber-attacks also increases. As efforts to enhance interoperability expand, so too does the potential attack surface available for bad actors to exploit. As computers connect to each other, share information, and control processes remotely, the threat surface expands. Many software and hardware systems are designed for easy access. When combined with the global architecture of the internet, openness and interoperability make these systems attractive to criminals, hackers and foreign adversaries who want to steal information, damage computer systems, or disrupt the provision of services.
The increased risks of cyber-attacks necessitate effective relationships being developed between and among government agencies across all levels AND requires higher levels of collaboration and cooperation between private sector infrastructure owners and all levels of government.
This level of collaboration is necessary in order to prepare, prevent, respond and recover from cyberattacks.
In a 2016 survey conducted by the International City/County Management Association, nearly a third of local governments IT officials reported a spike in cyberattacks during the past 12 months. I would argue that this number should be much closer to 100%-and that many of the other two thirds of governments are either using the wrong monitoring tools, don’t have the personnel or resources to accurately assess their cyber vulnerabilities or are ignoring reality.
Although there has been increased focus on sharing threat information, both within the private sector and between the government and the private sector, such sharing remains incomplete at best, particularly when it comes to the techniques, tactics, and procedures that bad actors are employing. As a result, companies and governmental agencies alike, often lack enough knowledge of the specific threats they face so they can defend themselves. Competitive forces within industries likely contributes to this ongoing challenge, as cyber security can be a competitive differentiator within any given industry.
As cyber-attacks continue to grow in both their rate and their sophistication, businesses and governments are left with no option but to sit up and pay attention to what has become a serious issue. Governments and businesses can no longer be satisfied or get away with taking a reactive approach or think that just because they have not been attacked, that they won’t in the future. Rather, they need to take an aggressive and proactive approach that includes preparations and measures to mitigate risks and protect all valuable data and assets.
However, depending on the size and nature of the business, adopting this proactive stance is often easier said than it is done. The biggest issue for most businesses is convincing the senior leadership teams that cyber security is something worth actively investing in. Fighting cyber-attacks reactively, is not an acceptable approach, nor is assuming that cyber-attack is under the sole purview of IT departments. Cyber-security and cyber-safety are much larger than it used to be and now requires company/agency-wide participation and engagement.
The best way to effectively combat cyber-attacks is through the implementation of a cyber security strategy. This is a comprehensive set of best practices that covers every eventuality and is distributed to all employees, citizens and constituents, raising awareness of the issue and making sure everyone is prepared in the event of an attack.
The great news is–none of us need to create a new wheel. In 2018, the Department of Homeland Security released its 2018 Cyber-security Strategy document, intended to foster “a more secure and reliable cyber ecosystem” through increased security and resilience. Though this is a federal strategy, it provides some excellent guiding principles for risk prioritization, cost effectiveness, innovation and agility, and collaboration–and does so with a global approach. In the strategy, they have laid out a strategy, which if followed and collaborated on, can help facilitate greater and safer collaboration and interoperability. If we all can agree to lower the barriers of competition and work together to combat this global epidemic, we will all be better positioned to fend off cyber-attacks and promote interoperability regardless of what industry we are in.