The NSA's new Cyber Directorate marks the latest in a line of government cyber initiatives in the last year, and when it comes to cybersecurity, redundancy is almost definitely a good thing.
Is it possible for the government to be too aggressive when it comes to cybersecurity? Jarno Vanto, a partner in the privacy and cybersecurity group at Crowell & Moring, doesn’t think that the U.S. is in danger of finding out any time soon.
“I think there’s more that there’s been a general sentiment that the government is doing too little right now. At least the media right now has been emphasizing that there’s been too little effort to protect critical infrastructure,” he said.
Still, that doesn’t mean the government isn’t trying. Over the past year, multiple government agencies have stepped up their cybersecurity efforts.
While having the Department of Defense, FBI or the National Security Agency all involved with cybersecurity in some capacity might be construed as overkill, Vanto pointed out that cybersecurity threats span almost every level of society. Expecting any one group to be able to effectively monitor all of them might be a losing proposition—and besides, it’s not like the various government players involved can’t compare notes.
“Coordination is probably good in order to avoid duplicating efforts,” Vanto said.
Here are some of the more recent cybersecurity efforts that the government has launched within the last year.
Talk is (Fortunately) Cheap
At least the Department of Defense (DoD) got the memo about sharing. Last September, the DoD released new updates to its Cyber Strategy that emphasized a renewed focus on enhancing collaboration with the private sector to protect from potential threats.
David Simon, a partner at Mayer Brown and a former special counsel at the DoD, told Legaltech News that this was a step in the right direction.
“With respect to public-private partnerships, the DoD can and should play an even greater role in providing or sharing indications and warnings of potential attacks on the private sector in the U.S.,” he said.
The DoD is doing more than just passing notes, though. The new Cyber Strategy also stressed that the department would be setting an expectation of ongoing cybersecurity due diligence for all of its private contractors, leveraging its considerable purchasing power as both carrot and stick.
Who You Gonna Call?
Not to be outdone, the U.S. Department of Homeland Security began stepping up its game last August with the launch of a National Risk Management Center.
The move was geared towards both heightening collaboration with the private sector on cybersecurity and repositioning the department’s security arm—the National Protection and Programs Directorate (NPPD)—into an operational agency capable of engaging digital threats.
By November 2018, the U.S. House of Representatives and the U.S. Senate had approved a bill transforming the NPPD into the Cybersecurity and Infrastructure Security Agency, a designated point of contact for both federal and non-federal cybersecurity stakeholders alike.
“The rise in geopolitical risk requires a forum for sharing actionable threat intelligence between public and private sectors. It is paramount for securing our critical infrastructure, as industry owns most critical information assets,” Bill Conner, president and CEO of the network security company SonicWall, told Legaltech News.
It’s all well and good to have agencies, departments or teams focused on cybersecurity, but locating top tier talent has always presented some difficulty. Last May, President Donald Trump issued an executive order centered around America’s cybersecurity workforce, which included measures to locate hidden gems within the government.
Among the particulars was a mandate for the Secretary of Homeland Security, Secretary of Defense and Director of the Office of Science and Technology Policy to develop an annual President’s Cup Cybersecurity Challenge with an eye towards identifying and rewarding the government’s best offensive and defensive cybersecurity practitioners.
The executive order dictates that the first competition be held sometime before December 31, 2019.
New Kid on the Block
Starting October 1, 2019, the National Security Agency’s national intelligence and cyber defense responsibilities will be unified into a new Cybersecurity Directorate concentrated on protecting the defense industrial base and national security systems.
According to information released by the NSA, the Cybersecurity Directorate will collaborate on that mission with other entities across the U.S. government, including U.S. Cyber Command, the FBI and the Department of Homeland Security.
Vanto believes that emphasizing those collaborative efforts is part of the point.
“It’s kind of a signal that the NSA is more willing to now engage with a broader society in ways that are not just purely more of a darker tone. This is one of the ways that the NSA is trying to position themselves as doing good things,” he said.
Reprinted with permission from the July 31, 2019 edition of Legaltech News © 2019 ALM Properties, Inc. All rights reserved. Further duplication without permission is prohibited.