Current and former law enforcement officials met at the 4th annual cybersecurity conference at Georgetown University last Thursday to discuss the private sector’s increasing vulnerability to cyber-attacks and foreign cybercriminals. Officials explained that this national security concern is unlike any we have seen before because it involves private industries so heavily. Steven Chabinsky, former head of the FBI’s cybersecurity program and current general counsel at CrowdStrike, explained that the private sector has become a “national security target” and is “on the battleground,” facing a threat that will only grow as industries become more digitized and private information becomes more valuable. To combat foreign cyber-threats on a national level, the government needs an “active deterrence approach to impose costs on hackers,” said Assistant Attorney General John Carlin. Simply taking a defensive approach to combat cybercrime will not be effective.
These concerns go hand-in-hand with recent pressure from the private sector urging the government to increase its focus on foreign cyber-attacks on private organizations that do not rank as a national threat. “These lower-level attacks by nation-states and other foreign bad actors are targeting vulnerabilities that are increasingly costing industry in terms of lost assets,” sources say. Further, Chabinsky explained the government currently lacks a “coherent cybersecurity strategy.” Right now, it’ all tactical which leaves everyone vulnerable to a cyber-attack, said Chabinsky. All the panelists at the conference agreed that this increasing threat will require greater collaboration between the government and the private sector and increased information sharing among the two is the first step. However, private entities must first become comfortable with sharing cyber-threat indicators for this to be possible.