Collaborative and Cross-Cutting Approaches to Cybersecurity
As I reach the end of my first two months as Cybersecurity Coordinator, I wanted to highlight a few of the Administration’s recent accomplishments working in partnership with the private sector, and also preview some of our future activities. Some of the Government’s cybersecurity activities are already high-profile, like the recent National Level Exercise or our push for comprehensive cybersecurity legislation, but there is also substantial activity occurring outside of the spotlight. Both are needed if we are going to address the serious threats we face in cyberspace and capitalize on the exceptional opportunities cyberspace presents for governments, individuals, and U.S. businesses.
Let me highlight a few recent initiatives where voluntary, cooperative actions are helping to improve the nation’s overall cybersecurity:
- The Defense Industrial Base (DIB) Cybersecurity/Information Assurance (CS/IA) program helps companies protect critical information related to Department of Defense programs and missions. The government shares cybersecurity threat and mitigation information with DIB companies, and in turn, DIB companies can report known intrusions.
- The National Strategy for Trusted Identities in Cyberspace (NSTIC) seeks an "Identity Ecosystem" where individuals will soon be able to choose from a variety of more secure, convenient and privacy-enhancing technologies in lieu of passwords when they log in to different websites. The initial meeting of the Identity Ecosystem Steering Group, the private sector-led body that will help develop Ecosystem standards and policies, is happening next week.
- The Electric Sector Cybersecurity Capability Maturity Model helps firms in the electric sector evaluate and strengthen their cybersecurity capabilities; it also enables the prioritization of network protection investments. This White House-initiated effort, led by the Department of Energy and in coordination with Department of Homeland Security, provides valuable insights to inform investment planning, research and development, and public-private partnership efforts in the electric sector.
- In End-User Cybersecurity Protection, the government is participating in four linked initiatives across the IT industry, law enforcement, the financial sector, and government to counter the threat of malicious software – known as ‘bots.’ This voluntary, public-private effort ties together the capabilities of different sectors to identify compromised computers and help their owners fix them.