The United States’ top cybersecurity official is asking for government and private sector security experts to move beyond the platitude of information sharing and cooperate on a deeper level to help protect the country’s networks and critical infrastructure as the 2020 election approaches.
For the better part of two decades, when asked how the federal government could shore up the security of its networks, the go-to answer has been to improve information sharing between specialists in the private sector and their government counterparts. The thinking is that by sharing data on threats and attacks, both private enterprises and government agencies could improve their security postures and help identify emerging threats and vulnerabilities sooner. This has taken many forms over the years, both formal and informal, with organizations such as information sharing and analysis centers (ISACs) in specific industry verticals serving as clearinghouses for information flow.
One of the major complaints about the information sharing programs has been that much of the information flows from the private sector to the government, and little comes back the other way. However, that has improved in recent years as the federal government has been more forthcoming with information, especially regarding nation-state actors and their toolsets. But information sharing is by no means a cure-all and Christoper Krebs, the director of the Cybersecurity and Infrastructure Security Agency (CISA), is asking for enterprises and government agencies alike to do more.
“I don’t know about you but I’m tired of hearing about information sharing and how it is going to solve every problem. It’s not,” Krebs said during the CISA Cybersecurity Summit this week.
“We don’t do it by sharing [indicators of compromise]. That’s part of the solution but it’s not the entire solution.”
“We have to stop selling fear. Fear sells, but we have to do better than looking for the next mark."
With the next presidential election little more than a year away, the federal government’s cybersecurity apparatus is preparing to defend against not just direct attacks on government networks, but also disinformation campaigns by foreign actors and potential threats to the election infrastructure itself. The 2016 election season saw a wide range of disinformation and influence campaigns on social media platforms that have been attributed to foreign actors, and that’s not expected to change for the 2020 election.
But influence campaigns are just one piece of a much larger threat landscape, and Krebs urged defenders to prepare for what may be on the horizon. He cited the ransomware attacks on state and local governments throughout the summer as an example of the incidents defenders need to think about.
“Everyone knows what happens when we have a hurricane, what their role is. We don’t have that same doctrine built out for a large-scale cyber event. I had some sleepless nights this summer so my brain got to thinking, how can we take this thing forward?” he said.
“Ransomware could be deployed against a voter database. What does that resilient posture look like to make sure the American people have confidence in the voting process?”
Although the threats to the election process and federal and private networks are real, Krebs said it was incumbent on those in the security community to keep some perspective on the problem and not exaggerate the risks for short-term gains.
“We have to stop selling fear. Fear sells, but we have to do better than looking for the next mark. We have to take the hysteria out of the conversation. We have to have measured conversations about the risks,” Krebs said.