Cybersecurity Has a Posse

March 19, 2020

At RSA this year, Chris Krebs gave an important talk: “Cybersecurity Has a Posse” where he stressed the importance of collaboration between government and industry to fight the cybersecurity war. He started by pointing out that his agency, Cybersecurity and Infrastructure Security Agency (CISA) is an “all-source” group. He meant that CISA collects threat information from sources all over the world, including government agencies, private industry, and more. Krebs’ group consolidates that information and disseminates it – daily – to security professionals across all industries.

The purpose, he said, is to help security professionals defend against these threats both tactically and strategically. The tactics include specific measures in response to the ever-changing threat landscape. Strategically, CISA’s alerts and updates provide credible data for the CISO who needs to convince the board or CEO to provide funds for security.

Krebs also pointed out that CISA threat data is anonymized: a company can submit threat information without fear of embarrassment, or of a competitor misusing that information to gain a competitive advantage. This anonymization also lets CISA disseminate classified information, in a careful and limited way, in their alerts – a capability few companies in private industry can match.

Krebs is particularly concerned about the level to which our adversaries have weaponized cyber warfare to undermine our democracy, a revelation he compared to the realization decades ago that Russia’s nuclear weapons could reach the United States. However, he also stressed that the level of cooperation between government and industry, and within industry, is extremely strong when it comes to defending the integrity of U.S. elections.

He reiterated the theme: “cybersecurity has a posse”. Defending the nation is a team sport, and CISA is doing its part. Let’s do ours, too.