Partnerships between the federal government and private sector companies are critical to securing the safety of the country and those companies’ infrastructure, several of the top cybersecurity officials and a major company CEO said Tuesday at a forum held by Auburn University’s McCrary Institute for Cyber and Infrastructure Security
“At the end of the day I think that the premise must be, we need to make it such that if you’re a transgressor in this space, have to beat all of us to meet any of us,” said Chris Inglis, national cyber director, at the start of the forum, which touched on the challenges faced by the federal government and private sector companies as both grapple with growing cyber threats.
FBI Deputy Director Paul Abbate, who oversees the bureau’s domestic and international intelligence activities, said the challenges the country now faces “requires an elevated level of collaboration, much like we’ve never seen before in the private sector.”
The private sector owns the vast majority of the infrastructure in the cyber realm, Abbate said, and as such are in the position to have the intelligence and answers to solutions to solving problems the federal government is faced with.
Jen Easterly, director of the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency, explained that her previous role as Morgan Stanley’s senior technology and cybersecurity leader taught her a valuable lesson.
“From the outside, the government often looked disorganized, a little bit tribal, sometimes kind of competitive and not as coherent as we needed to be in order to help to have those relationships that we needed to have with critical infrastructure to really defend the nation,” Easterly said.
Bill Fehrman, CEO of Berkshire Hathaway Energy and the only forum participant from the private sector explained that over the last several years the focus on collaboration between the federal government and the private sector has slipped, but said in recent months those partnerships have been improving.
“Government is coming together on their side of the equation to actually knock the silos down between all the various agencies and do something that is meaningful for private industry,” Ferhman said. “And private industry has a role in this as well. We have to be able to provide the information that is critical to be assessed by government.”
Fehrman said the endgame is a “swift transfer of data into the government” and for each party to come together to access that data and directives to come back out to quickly implement something.
Fehrman said that while he’s a strong supporter of such partnerships with the federal government he’s aware that some companies are not as optimistic as he is.
“And it has to do a lot with perhaps experiences of the past, where the movement of data to the government was a transaction, and in most cases it was a one way transaction,” Fehrman said.
“There is a very significant, and I think, valid concern around data going into the government, and is it going in for the purposes of national defense and critical infrastructure protection, or is it going in for some sort of regulatory consequences that could come back against the company?,” Fehrman said.
As these partnerships move forward, there will have to be a confidence built across companies that the data going to the government will be for the protection of national defense and critical infrastructure, Fehrman said.
“And that will take time,” Fehrman said.
Easterly said skepticism from private sector companies is “totally reasonable” and that the focus is on ensuring information shared will be used to strengthen security and resilience of those companies’ networks.
“Like any relationship it’s about the trust, but it involves taking risks on both sides for mutual benefit as well,” Abbate said.
U.S. companies have been rocked with waves of ransomware attacks in recent months. Sinclair Broadcast Group, the second-largest operator of TV stations in the U.S., said Monday some of the company’s servers were infected with ransomware, which disrupted office networks, according to Reuters.
Speakers at Tuesday’s forum mentioned recent BlackMatter ransomware strikes. The BlackMatter group has recently hit numerous companies in the U.S. and worldwide and U.S. federal agencies.
“Since July 2021, BlackMatter ransomware has targeted multiple U.S. critical infrastructure entities, including two U.S. Food and Agriculture Sector organizations,” The FBI, the Cybersecurity and Infrastructure Security Agency and the National Security Agency said in a joint statement Monday.
“BlackMatter actors have attacked numerous U.S.-based organizations and have demanded ransom payments ranging from $80,000 to $15,000,000 in Bitcoin and Monero,” the statement reads.