Public-Private Collaboration Needed to Combat Cyberthreats, Business Leaders Say
“Robust, two-way information sharing that has the appropriate legal and privacy protections between business and government [is needed],” said Michael Manchisi, group executive for global processing business at MasterCard Worldwide — a business that alone suffers hundreds of thousands of attacks each day.
Collaborative efforts will help mitigate the growing and increasingly sophisticated attacks that occur non-stop, said John Engler, president at Business Roundtable (BRT), a trade association that represents more than 200 top CEOs from various industries.
“Cyber-assets in the private sector are … the foundation of modern enterprise and when you threaten those assets you’re actually threatening both those specific companies and our country’s economic vitality,” said Engler at a BRT media briefing.
The organization's recently released report,“More Intelligent, More Effective Cybersecurity Protection” calls for increased information sharing among government and private entities in order to create better defense systems.
As cyberthreats have grown, CEOs are becoming increasingly aware of the necessity to address and stop them, said Liz Gasster, vice president at BRT.
“Cyber-infrastructure and cyber-issues have gone from kind of collateral concerns to, at the CEO-level, … being front and center,” said Gasster. Part of the reason that CEOs are paying more attention is because the threats are becoming increasingly more nefarious, she added.
“We’re seeing that the significance of threats and the seriousness of threats [are] evolving from kind of annoyances that need to be dealt with … operationally to much more significant, pernicious threats,” said Gasster.
The association is calling for businesses to work hand in hand, but also wants the government to becomes involved. Top-down regulations won’t do the trick, Manchisi insisted.
“We need action on this space, but we need action that is less focused on a legislative and administration approach, but action that’s really the true public-private collaboration — not a mandate in terms of a top-down regulatory approach,” said Manchisi.
Members of the 112th Congress introduced several bills that would have imposed information-sharing mandates on industry, but they did not pass in the face of widespread opposition from Republicans who didn't want to add more federal regulations. The Obama administration is said to be working on an Executive Order that may address some of the shortcomings. Executives at the briefing echoed some of the misgivings that emerged last year.
The nature of the legislative process works against effective counter-cybercrime measures, Engler said.
“Your traditional check-the-box kind of regulatory approach doesn’t work because it’s always, from day one, out of date,” he said. “Speed matters here.”
But the government can work harder to tackle cybercrime and set harsher penalties, Manchisi said. Engler compared it to looting the U.S. Treasury — you wouldn’t let a thief get away with it, yet hackers every day get away with stealing valuable intellectual property from companies across the globe.
Besides sharing information — even when it involves classified information — it is essential that the government put in protections to safeguard intellectual property when an entity shares details about an attack, Manchisi said.
Gasster stressed that no longer is it just tech-related companies worried about cybertheft, but companies in every industry.
“It’s not just high-tech companies that view their cyber-infrastructure as key to their economic profitability,” said Gasster. “We have retail companies and companies across the sectors where now their cyber-infrastructure is vital to the work that they do.”
Businesses and the government must work together to meet the current challenge, Engler said.
“The people who are coming at us … they are some of the most creative, smartest kind of people in the world,” said Engler. “We have to be just as good. We’ve got to be better."
Photo Credit: iStockphoto