The Cybersecurity Ecosystem

Terms like “public private partnership” and “information sharing” may strike some as clichéd, but in cybersecurity, they are essential for success. For example, while private companies possess most of our nation’s capability to uncover and defend against cyber crime, only government enjoys the legal authority to pursue and punish perpetrators. Both stakeholder groups must work hand-in-glove to stop cyber criminals. Cybersecurity is a team sport, with many players involved.

Why do we need an ecosystem?
  1. Shared-technology infrastructure. When government, private industry, and individuals use the same commercial hardware and software, the exchange of threat information between potential victims can minimize the impact of a prevalent security flaw.
  2. Incidents in private systems affect the public interest. A single cyberattack on a Ukranian electricity company shut down a power grid and, with greater frequency, hackers are using ransomware to hold hospital computers hostage. States cannot prepare for or respond to these attacks without having more information from their victims.

  1. Cybersecurity workforce issues demand a whole-of-state approach. The cybersecurity-talent crisis demands committed partnerships between governors, education leaders, nonprofits and the business community. Only together can these groups build a pipeline of skilled cyber graduates and enable underemployed citizens to enter cybersecurity.

Governors should understand the key players who form the cybersecurity ecosystem. It is not a hierarchy that begins or ends with any single entity. Each component, whether it is the governor’s office or legislature, another state or the White House, a small business or a Fortune 500 corporation, should fit into the planning and execution of any state cybersecurity initiative.

Citizens

What is the citizens role in the ecosystem? Citizens...
  • deserve to know how their government is protecting them.
  • that understand the threat are less prone to basic errors that cause most breaches.
  • are well-positioned to report cyberattacks and online fraud.
  • can promote cybersecurity as a mainstream, lucrative career for children.
  • can communicate to state and federal legislators that they care about cybersecurity.

Localities

What is the locality's role in the ecosystem? Localities...
  • hold vast amounts of private data that hackers want.
  • play a signature role in implementing federal and state policy, including response planning for cyber-related emergencies.
  • are in desperate need of assistance the thwart cybersecurity threats.
  • rely on other components of the cybersecurity ecosystem—state IT offices, nonprofits, volunteer experts, and free federal resources—to improve their own security.
  • have visibility into the consequences of cyberattacks on individual citizens.
  • can share critical cyber threat information with state officials.

States

What is the state's role in the ecosystem? States...
  • are the natural hubs of the cybersecurity ecosystem, linking communities, localities, businesses, the National Guard, and federal partners
  • hold massive amounts of private data and control vital government services.
  • articulate local needs to national-level organizations.
  • prioritize enforcement efforts and recovery planning.
  • educate citizens on cybersecurity best practices.
  • can lead statewide cybersecurity workforce initiatives.
  • can lobby Congress for cybersecurity assistance.

Federal Partners

What is the federal partner's role in the ecosystem? Federal partners...
  • have legal authority and resources to assist states during major crises.
  • employ experts dedicated to helping achieve state and local missions.
  • allocate federal funding for state cybersecurity projects.
  • have a uniquely sophisticated understanding of foreign cyber threats.
  • have legal authority to penalize states for insufficient data security.
  • can formalize contacts between other elements of the ecosystem

Private Industry

What is the private industry's role in the ecosystem? Private industry...
  • holds most of the nation’s cybersecurity expertise.
  • provides information systems that government relies on.
  • needs to be coordinated with to respond to a widespread cyberattack.
  • offers unique perspectives on government challenges.
  • offers government agencies potential access to cyber threat intelligence.
  • can define requirements for cybersecurity education programs.
  • operates the majority of critical infrastructure in the country.

Nonprofits

What is the nonprofits's role in the ecosystem? Nonprofits...
  • offer a wealth of low-cost or free, vendor-neutral assistance.
  • can devote time to policy advocacy, instead of crisis management.
  • possess experienced experts devoted to creative policy solutions.
  • focus on collaboration, not zero-sum competition.

Information Sharing Bodies

What is the information sharing bodies's role in the ecosystem? Information sharing bodies...
  • are the means for keeping pace with evolving cyber threats.
  • integrate cyber-related decisions into established processes.
  • promote trust between the private sector and government.