After multiple intrusions into government networks, the Center for Strategic and International Studies was formed to generate guidance for the incoming administration. One of the recommendations in its report is for a stronger partnership between the public and private sectors. Information security in our nation must be a collaborative effort between government and private businesses. After all, government is responsible for national security, while the private sector owns much of the infrastructure.
Having multiple advisory groups with varying roles and responsibilities amplifies the challenge. We recommended creating a security advisory committee to the White House that eliminates, consolidates and/or simplifies existing advisory capabilities. Senior executives from critical infrastructure companies can interact regularly with senior government officials to develop long-term relationships. They can learn each other's needs and processes, understand who is doing what, and together figure out ways to better protect the nation.
We are quite pleased with the work that Melissa Hathaway is doing in her review of the nation's cybersecurity policies and encouraged about the steps that the administration has taken within its ‘first hundred days.' Her combined industry and government experience has the potential — and early signs are encouraging — to further unite the public and private sectors to improve the U.S. national posture in this arena.
Another partnership recommendation is for town-hall-style meetings that provide an open platform for education and discussion. This would help companies and agencies incorporate security into their operations and learn from one another. Additionally, we should simplify operational groups' mission and structure to focus on what is truly critical.
No single group should be held solely responsible for security. We need to build public awareness and understand that, in the online world, we're all responsible for security.