The Need for a Joint Effort Between Government and the Private Sector
In recent years, an increasing number of sophisticated cyberattacks—including ransomware and nation-state attacks—have targeted businesses, government agencies, schools, hospitals, non-profits, and others.
The complex challenge of strengthening cybersecurity and deterring attacks requires a coordinated, multi-pronged response from governments and the private sector. No single company or government can stop attacks, but a coordinated effort, including implementing best practices and policies worldwide and within our borders, can help stem the tide.
The Role of the Federal Government
Every federal agency has a role to play in securing our cyber ecosystem, whether through improving its own cybersecurity, driving increased cyber hygiene practices across organizations, or identifying and neutralizing cyber attackers. In 2021, John Christopher Inglis was confirmed as the nation’s first National Cyber Director (NCD), and his office will lead the country’s strategic efforts to align and strengthen cybersecurity roles and responsibilities throughout the federal government.
The NCD will work closely with the White House, the Cybersecurity and Infrastructure Security Agency (CISA), other agencies, and the private sector to improve coordinated cybersecurity efforts. CISA serves as the lead agency for protecting and defending federal civilian networks and performs an ever increasingly important coordinating function between public and private sectors to identify and disseminate actionable threat information to enhance the nation’s cybersecurity.
Congress has a critical role to play as well—both in creating policies and investing in cybersecurity programs. The Infrastructure Investment and Jobs Act (IIJA, also known as the infrastructure bill), signed into law on November 15, 2021, provides substantial cybersecurity investments, including funding to help strengthen the cybersecurity of utilities and state and local governments.
In March 2022, President Biden signed the the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA) into law. Under CIRCIA, CISA is developing cyber incident and ransomware reporting requirements for “covered entities,” which include a wide range of sectors including energy, finance, telecommunications, IT, agriculture, defense, healthcare, and others.
Congress has considered adopting policies to identify, designate, and secure Systemically Important Critical Infrastructure (SICI). The goal of this legislation would be to improve cybersecurity for critically important—and often vulnerable—national assets, such as energy infrastructure and key software. This proposal, however, failed to be enacted in 2022.
Voices for Innovation will continue to monitor debates about cybersecurity legislation and highlight the best opportunities for our members to engage on this issue.
Global Initiatives
Cybercrime knows no borders. The most severe attacks on U.S. businesses, institutions, and government have come from nation-state actors and hacking groups located outside our borders. Our government as well as the tech sector must also engage at the global level to strengthen cybersecurity.
The U.S. government, as well as the European Union, recently joined the Paris Call for Trust and Security in Cyberspace, a global cybersecurity initiative. More than 1,200 private sector entities, international organizations, and governments have signed on to the Paris Call. The United Nations is also engaged on this issue, and many technology companies, including VFI partners have signed on to the global Cybersecurity Tech Accord.
The Role of Tech and Microsoft Partners
The tech sector supports cybersecurity on several fronts, including by developing secure software and systems; monitoring and securely managing systems; and supporting the cybersecurity of customers. Cloud, enterprise, and platform technology companies, including Microsoft, have special responsibilities and capabilities, such as notifying customers of attacks, disrupting attacks and hostile infrastructure, and collaborating with government agencies.
Microsoft partners can support strengthened cybersecurity in several ways as well. In addition to following cybersecurity best practices, partners can advise their customers about the importance of maintaining cyber hygiene—and point them toward resources such as the “Actionable Insights” of Microsoft’s Digital Defense Report. Microsoft partners can also help mitigate the impact of attacks and help customers restore systems.
At appropriate moments during policy discussions, Voices for Innovation may also encourage partners to share their expertise and experience with policymakers. Partners have a unique perspective that can help policymakers better understand the threat landscape and impacts on small businesses.
Resources
A Strategic Intent Statement for the Office of the National Cyber Director – The White House
Cybersecurity & Infrastructure Security Agency (CISA)
Paris Call for Trust and Security in Cyberspace
Microsoft Digital Defense Report
Protecting People from Recent Cyberattacks – Tom Burt, Microsoft on the Issues
America Faces a Cybersecurity Skills Crisis – Brad Smith, Official Microsoft Blog
The Next Chapter of Cyber Diplomacy at the United Nations Beckons – Kaja Ciglic, Microsoft on the Issues