Cyber operational collaboration enables deep, public-private partnerships to secure key critical infrastructure sectors from systemic cyber attacks. In recent years, the risk of cyber attacks on critical infrastructure has risen to the top of the US national security agenda. However, government and industry still lack an effective approach for shoulder-to-shoulder cooperation to detect, deter and respond to systemic cyber threats. Operational collaboration must combine the technological agility and expertise of the private sector with the authority for action against adversaries and national defense capabilities of the government. Next Peak’s founders have decades of experience leading government and corporate cyber defense efforts. We believe that understanding operational collaboration is crucial in advancing our ability to defend the nation and US companies. In this blog post, we explore the need for operational collaboration, key focus areas for progress, and current initiatives underway.
The Need for Operational Collaboration
The United States economy is at risk of serious disruption by malicious adversaries acting through cyberspace. Interdependencies in key critical infrastructure sectors such as banking, energy, healthcare, telecommunications and transportation, result in systemic cyber risk. We have yet to see a systemic cyber attack occur. However, our technological reliance combined with interdependencies in systems and inherent advantages for cyber attackers create a situation where such an attack would have significant adverse effects on public health and safety, the economy and national security. Our adversaries are aware of our vulnerabilities. We would be naïve to think that they are not planning and preparing today to take advantage of the right moment.
Systemic cyber risk is shared across public and private entities, but unlike in physical domains, in cyberspace it is usually the private sector on the front line. The majority of operational assets and capabilities to provide digitally enabled services are owned and operated by the private sector. As such, US national cyber defense depends significantly on the efforts of private sector owners and operators of networks and infrastructure. This situation demands much deeper public-private partnerships than currently exist between government and industry in order to provide a comprehensive, whole-of-nation approach to cyber defense.
For the past decade, public-private cooperation in cybersecurity has focused heavily on information sharing. Information sharing activities are necessary and important to establish a shared understanding of the threat landscape and tracking adversaries. However, information sharing activities alone cannot provide the joint response capabilities necessary to warn of, and mitigate and recover from systemic cyber attacks. Operational collaboration builds on existing cooperation around information sharing and allows defenders to plan and execute public-private actions to defend against our adversaries in cyberspace.
Key Focus Areas for Operational Collaboration
Anticipation. Governments and the private sector have generally taken reactive approaches to cyber defense. Effective cyber defense demands that government and industry anticipate – rather than simply react to – adversary intentions and operations. Operational collaboration engages key players from the public and private sectors in activities including daily coordination and analysis of intelligence. These activities can provide organizations with advanced warning, allowing defenders to preemptively align defenses against attack, as well as generate effective responses when attacks do occur.
Strategic Impact. The public and private sectors have comparative advantages when it comes to cyber defense. Operational collaboration ensures that efforts undertaken by each sector occur where they have an outsized impact on adversaries. Current tactics pursued by the private and public sectors – software patching, malware testing, server takedowns, electronic seizures, and more – only inflict temporary costs to highly adaptable and flexible adversaries. Leveraging effective operational collaboration, defenders from the public and private sector would integrate resources to jointly plan and execute operations that maximize lasting disruption of adversary operations.
Operational speed. Operational collaboration improves the speed with which cyber defenders can track and pursue adversaries. Longstanding legal and policy restrictions currently limit freedom of action by government actors and stymie attempts to thwart attackers. Enhancing collaboration between the government and private sector is essential in enabling the operational speed necessary to disrupt adversaries’ cyber operations.
The concept of operational collaboration arose in 2016 as key private sector leaders understood that in order to protect critical infrastructures, cyber collaboration with the government needed to extend beyond information sharing. Increasingly, private sector leaders – particularly in the financial services and energy sectors – sought real-time, shoulder-to-shoulder, public-private collaborative cyber defense at scale.
Pathfinding work occurred within the Financial Systemic and Resilience Center (FSARC) established in late 2016. Under the FSARC, financial institutions, the US government, and other key sector partners conduct analysis of critical financial sector systems, and jointly monitor and warn against current and emerging threats to those systems. The program was initiated by leaders of US banks who sought to enhance the resilience of critical systems that underpin the US financial services sector. Next Peak Co-Founder Greg Rattray was instrumental in driving the FSARC as Head of Global Cyber Partnerships at JP Morgan Chase and he served as one of its first Co-Presidents.
In 2017, the newly formed Aspen Cybersecurity Group took up the charge. The Group completed significant work in developing a framework that covers operational collaboration activities for both steady state environments as well as during significant cyber incidents. Later this year, the Aspen Cyber Group will present a set of national cybersecurity recommendations for the coming administration in which operational collaboration will play a leading role.
The current iteration of Columbia University’s New York Cyber Task Force is also working to develop the operational collaboration concept. The Task Force consists of over 30 senior-level experts from industry, government and academia focused on addressing how the US can find effective approaches to public-private operational collaboration to build US national cyber defense. Greg serves as the Executive Director of the Task Force, and he is currently leading Task Force members in workshops designed to tease out operational collaboration challenges and solutions. The workshops center on scenarios envisioning severe but plausible national security level cyber attacks in 2025, based on the most concerning technological, geopolitical and economic drivers.
Since initial development, the concept has quickly advanced up the list of national priorities. Operational collaboration is one of six pillars of recommendations put forward by the Cyberspace Solarium Commission to protect US cyberspace through a strategy of layered cyber deterrence. This approach involves three layers of activity: 1) shaping behavior in cyberspace; 2) denying benefits to adversaries; and 3) imposing costs to malicious actors. Operational collaboration occupies the second layer as a part of securing critical networks to promote cyber ecosystem resilience. Specifically through the codification of systemic critical infrastructure, as well as the establishment of a Joint Collaborative Environment, an integrated public-private cyber center, and a Joint Cyber Planning Cell. Our understanding is that the Commission’s recommendations are being advanced as part of the drafting of the 2021 National Defense Authorization Act.
If passed, these provisions would institute real-time, shoulder-to-shoulder, public-private collaborative cyber defense at scale. We must improve our nation’s operational collaboration efforts and improve the cybersecurity landscape for all. In coming weeks will be exploring the New York Cyber Task Force scenarios as well as operational collaboration considerations and solutions here on the Next Peak blog. Follow our LinkedIn page to keep up with new installments!