As the Russian government explores its options for potential cyberattacks on United States critical infrastructure, witnesses today urged members of the House Committee on Homeland Security to increase collaboration and information sharing efforts with industry stakeholders.
At the hearing, witnesses said the recent sharing of cybersecurity threat information from the Biden administration has been “invaluable” and this information sharing between the private and public sectors should only continue.
“The highly competitive financial service industry recognizes that collaboration around cybersecurity is a must,” Steve Silberstein, chief executive officer of the Financial Services Information Sharing and Analysis Center, said during the hearing. “The direction of sharing has been very effective, and we are optimistic that it will continue and advance the security for all.”
Vice Chair Ritchie Torres, D-N.Y., also noted that cyber information sharing has been effective, but said that “there is still room to improve” the United States’ cyber defenses.
“Moving forward, the government and private sector must assess the effectiveness of existing partnerships and continue to deepen strategic collaboration to defend against current and future cyber threats,” Rep. Torres said.
“The Federal government and the private sector must work together to harness the security gains realized as we defend against Russian cyber threats in order to establish a new, heightened security baseline,” he added.
In order to improve the existing information sharing efforts, Kevin Morley, manager of Federal relations at the American Water Works Association (AWWA), suggested the Federal government ensure its threat information is digestible and concise.
“In many cases … advisories and alerts are highly technical and may be difficult to implement by entities that lack in-house cybersecurity expertise,” Morley said.
“To enhance the effectiveness of information sharing, we recommend that CISA work with EPA and partners like AWWA, the WaterISAC (Information Sharing and Analysis Center), and the Water Sector Coordinating Council to properly contextualize threat information and ensure that the information transmitted is concise and actionable,” Morley added.
Adam Meyers, senior vice president for intelligence at Crowdstrike, took the time to note that his organization is a member of the Cybersecurity and Infrastructure Security Agency’s (CISA) Joint Cyber Defense Collaborative (JCDC). Meyers applauded CISA’s collaborative and said the “information sharing has been absolutely critical.”
“CISA has done a phenomenal job of not only sharing information but standing up systems for rapid information sharing between partners and CISA to have more tactical type communications, and I think that fostering those types of environments and that information sharing is absolutely critical,” Meyers said. “I’d like to see that continue.”