State, Industry Officials Seek Collaboration vs. Cyberattacks

There won’t be progress on the cyber front without collaboration between government and industry, state and industry officials agreed Wednesday at an Information Technology Industry Council event. “Self-preservation” often incentivizes companies not to seek government aid in breaches, said Florida Chief Information Officer James Grant. He cited industry’s fear of losing jobs, or shame over cyberincidents: “We have to establish trust that threat actors don’t care about branches or divisions of government, and we are only as strong as our weakest vulnerability.” Entities need to “get away from victim-blaming,” said Texas Chief Information Officer Amanda Crawford. “There is no silver bullet for any of this, so we need to understand there isn’t a shame to this. You need to be able to report and get back on your feet.” Texas successfully responded to a 2019 ransomware attack because it had a statewide cyber plan, she said, noting Gov. Greg Abbott’s (R) declaration of a state of disaster, the first time a cyberincident triggered that. The ultimate goal should be statewide and citywide visibility of threats, consistent reporting and rapid response, said Cisco's U.S. Sled Systems Engineering Director Mike Witzman. “We really welcome that industry partnership with government.” He said government and organizations should implement multifactor authentication and zero trust architecture as standards.