Forging a Cybersecurity Social Contract Is Not Optional
BLACK HAT ASIA: The future of cybersecurity public-private partnerships (PPPs) will be about sharing efforts and pooling resources to deliver a common defense, U.S. National Cyber Director Chris Inglis told a Black Hat Asia talk.
Inglis described it as a “new social contract” and defined the joint work ahead of both the government and companies to protect their interests. It should be a “collaboration, not a division of effort,” Black Hat moderator and founder Jeff Moss said. He added that it is up to companies to build secure systems from the beginning instead of being “the poor soul at the end of the supply chain”.
Build a defense system
In exchange for adding the cost of security to the design and construction phase, these companies will not be left alone when it comes time to respond to threats.
“We have to build a defensible system,” Inglis said. “And in a collaborative way, we will defend it.”
Market forces are pushing companies toward this model, but not fast enough, Inglis said, with the assurance that any regulation will be with the “lightest touch” of government.
Business as a government cybersecurity collaboratorr
He added that since the Russian invasion of Ukraine, the US government has shared information with the private sector to help defend its systems against cyberattacks. Inglis also praised Microsoft’s action to deploy a patch against the Russian cleanup virus used in attacks on Ukraine, but warned that it is imperative that “we do not combine geography with risk.”
For example, blocking Putin from the platforms is different from blocking the wider Russian population, which has happened to TikTok, Netflix, Facebook and many others.
Inglis also expressed that the private sector should show that it has an interest in protecting privacy and providing more transparency to its business.
In short, the relationship between business and government is evolving.
“Today, there are cases where the private sector is the supported organization and the government is the support organization,” Inglis said. “This is a new social contract, but we’ve done it before. It’s about assigning responsibilities to the whole ecosystem.”