Collaboration between government and industry professionals— while nothing new—is critical in order to anticipate emerging cyber threats and build global resilience to threats like Distributed Denial of Service (DDoS) attacks. Through our engagement with network security professionals, DDoS mitigation companies, Internet Service Providers, threat intelligence experts, and both serving and retired government officials, the Institute for Security and Technology (IST) realized that more, and deeper, relationships are needed across the spectrum of cyber-related challenges. Each group is often unaware—between industry and government, but also within industry and government themselves—and may not care about the capabilities or responsibilities of those outside their stovepiped domain, yet broader collaboration and insight would benefit the problems they are tasked with solving.
In 2019, Jonathan Reiber, former Chief Strategy Officer for Cyber Policy and speechwriter in the Office of the Secretary of Defense researched steps that could be taken to address this need – summarized in his report, “A Public, Private War: How the U.S. Government and U.S. Technology Sector Can Build Trust and Better Prepare for Conflict in the Digital Age.” That paper, co-published by the Center for Long-Term Cybersecurity (CLTC) at UC Berkeley and IST (then Technology for Global Security), outlines how the U.S. government and private-sector companies can collaborate more broadly to prepare for a high-end cyber contingency or other significant cyberattacks on U.S. interests. For example, Reiber recommends that companies should develop a public affairs strategy for government cooperation on cyberdefense and that their terms of service be updated to describe their policies for cyber defense operations, including “when and how the company will remove individuals’, companies’, or nation-states’ access to products.” He also suggests that the U.S. federal government should invest more in initiatives such as the Enduring Security Framework (ESF), which is designed for public-private information sharing for cybersecurity.
Building on the inputs of our partners in industry and government, and taking cues from Jonathan’s research, the Institute for Security and Technology turned to a tried-and-true mechanism to help build and promote more public and private cooperation, specifically through Cybersecurity Table-Top Exercises (CTTXs). These are an ongoing part of our Tech Works efforts, which takes a hands-on approach to problem-solving.
The Institute for Security and Technology’s continued efforts in this space will involve establishing a baseline of ongoing discussions and best practices for building relationships between industry and policy experts, with the goal of institutionalizing knowledge and tools needed for technical operators. We are also convening industry professionals, security officials, and diplomatic members at the international level to encourage engagement between nation states and companies. Please get in touch if you or your organization would be interested in participating.
If you want to learn more about how IST can host a CTTX for you or if you are interested in sponsoring one of our CTTX’s please email us at [email protected] and place CTTX Inquiry in the Subject line.