National Cyberspace Director Chris Inglis drew attention Friday to the continuing absence of a national cybersecurity strategy – something the government’s Office of Accountability expects to implement – while envisioning co-operation between industry sectors that may have managed risks on their own in the past. but now increasingly dependent on each other.
“I thought I could give a voice to the meaning of a new strategy,” Inglis said. “This is not a US strategy, but this is a sense of the emerging strategy, which I would partly notice, partly use as my mantra for what we need to do in the future, which is not only about buying software, but more about the reasons below that give rise to this phenomenon and so many others. ”
Inglis spoke at an event hosted by Venable to combat ransomware, a year after a comprehensive report released by public and private stakeholders, including non-profit organizations, with recommendations to address the challenge.
“What we need to do in high consultation and high cooperation is to understand what we are doing together so that we can spread this risk across the spectrum of generation, protection and response, instead of delegating it through our inaction to this poor soul. a supply chain that inherits all the risks that we didn’t buy through sustainability or doctrinal approaches, “said Inglis, proposing a” distribution of effort, which is largely the model we’ve probably been following for 40 years – “you defend your things based on on what you know, on the basis of your authority, on the basis of your kind of insights, I will defend my things “” is no longer appropriate.
Much of the administration’s approach to addressing fundamental weaknesses – in the practice of developing software for government contractors such as SolarWinds, for example – and in helping to protect and respond to attacks, has created work for agencies such as the National Institute of Standards and Technology and the Agency. for cybersecurity and infrastructure security.
But the administration is also launching projects for private companies, customers of basic information and communication technologies, to engage more deeply with sector-specific risk management agencies, such as the Ministry of Energy and the Environmental Protection Agency, which manages safety. for the water sector.
“One of the things the administration is really trying to do is to enable risk management agencies in the sector and the EPA is one of the main priorities,” said Elke Sobierad, director of cybersecurity of critical infrastructure at the Council for National Security. event organized by the National Association of Water Companies. “It simply came to our notice then [Deputy National Security Advisor for Cyber and Emerging Tech] Ann Neuberger feels very strongly about. CISA has received a lot of resources when it comes to part of cybersecurity and as a national cybersecurity coordinator, but we also need other risk management agencies in the sector to step up.
Inglis said his office is currently analyzing the capabilities of sectoral risk management agencies in an effort to clarify roles and responsibilities and determine how they should act collectively, both in their operations and in their doctrines.
“It’s not about trying to figure out how to arrange these things hierarchically, but rather how to align these things horizontally,” he said. “It has to be something that has a complementary set of activities at the same time. I think this is a good example of the way forward. ”