For many years, public and private sector cybersecurity experts have warned of a large-scale, massively impactful cyber attack on critical infrastructure (CI). Whether you call it a cyber doomsday, a cyber extinction, or as former Defense Secretary Leon Panetta termed it, a “Cyber Pearl Harbor,” the message is clear: it’s not a matter of if, it’s a matter of when, and it’s not just critical infrastructure that’s vulnerable. More recently, experts have started to raise the alarm around not just CI, but other systems as well, notably position, navigation and timing (PNT) services. PNT includes things like GPS devices — extensions of IT systems which are widely used by both private and public sector organizations, and particularly vulnerable to attack thanks to their open source origins and lack of native security controls. While there is no magic bullet to solve the cybersecurity challenge, there’s growing consensus that an effective strategy is going to require large-scale cooperation and coordination between the public and private sectors. While the government is uniquely equipped to source and promulgate guidelines and standards like the Federal Information Processing Standards (FIPS) and NIST Special Publication 800 Series, private sector partners have the expertise to implement these standards across industries. The private sector is also a major driver of innovation in security, making use of sophisticated analytics, AI, and other tools to improve not only native security controls but also hygiene, threat detection, and response. In this episode of Cyberwire-X, guests will discuss the benefits of public/private partnership for cybersecurity, the roles of each, and how the threat of a “Cyber Pearl Harbor” informs the priorities of both.
Joining us today are Keith Mularski from EY, Rob Lee from Dragos, and Egon Rinderer from Tanium.