March 9, 2021

NYCTF panel.png

NYCTF Panel
Greg Rattray, Merit. E Janow, Dennis C. Blair, Erica Borghard, Michael Daniel, and Saleela Khanum Salahuddin.
SIPA’s Tech and Policy Initiative kicked off the 2021 Niejelow Rodin Global Digital Futures Policy Forum with a panel that considered how U.S. cyber security can be improved through better coordination among the public, private, and nonprofit sectors.

 

Now in its seventh year, the annual Forum convenes cross-sector experts from around the world to address policy responses to the emerging challenges of digital transformation. With a focus on the theme of Saving Cyberspace, the 2021 forum is specifically considering the disruptive potential of our increased digital dependence in the context of the global pandemic.

At the three programs that comprise this year’s forum, participants will help identify possible responses to better inform the Biden administration in the United States and other partners and governments across the world.

Panelists at the first program, held February 26, discussed the newly released second report from the New York Cyber Task Force (NYCTF). Entitled Enhancing Readiness for National Cyber Defense through Operational Collaboration, the report develops recommendations to create an effective, whole-of-nation approach to enable enhanced cyber readiness through operational collaboration. (It follows the group’s previous report, Building a Defensible Cyberspace.)

To reflect NYCTF’s commitment to interdisciplinary, cross-sector collaboration, participants came from government, business, and academia.

A former director of national intelligence, Admiral Dennis Blair, began the discussion by recognizing the remarkable growth of the cybersecurity sector, which has brought the level of awareness and concern for these issues to an all-time high. Yet in light of the findings of the Cyberspace Solarium Commission (CSC) and the recent SolarWinds attack that may have compromised up to 18,000 companies, Blair asked “What’s missing?”

The answer: a National Cyber Response Network (NCRN), one of the primary recommendations of the report. He added that all of the other recommendations of the Task Force stem from this central concept and stressed all of our roles in ensuring their implementation. Columbia SIPA Dean Merit E. Janow followed-up by highlighting the urgency of the report and said, “Even in sectors that have long been on the frontlines of this domain, there is much need for improvement. This is particularly true for private-public operational collaboration,” which entails deep organizational partnerships that enable coordinated responses to severely disruptive cyber crises.

The NYCTF Report

Dr. Greg Rattray, executive director of the NYCTF and a senior research scholar at SIPA, provided an overview of the report and discussed the methodology the task force used to arrive at its key findings: First, the group aimed to bring a business-orientated perspective to the policy focused dialogues on cybersecurity. Second, it focused on public-private operational collaboration. Finally, it used a “Day After methodology,” through which task force members considered their response to a series of cyber crisis scenarios to identify gaps and inefficiencies.

The scenarios included a growing conflict in the Middle East that drives Iranian attacks on municipal electrical and transportation sectors, and South China Sea tensions that spur Chinese IoT & AI based attacks on logistics, shipping, and healthcare. The Task Force ultimately found that the U.S. cyber response system does not have a focal point for coordinating a national security-grade readiness effort and that it must be broadened. This finding led to the recommendation of the establishment of a National Cyber Response Network (NCRN) to connect a wide range of existing and potentially new organizations across all levels of government and in collaboration with the private sector.

The Government Perspective 

Dr. Erica Borghard, senior director of the U.S. Cyberspace Solarium Commission (CSC) and a resident senior fellow at the Atlantic Council, said that the NYCTF report validates and builds on the work of the CSC to emphasize the private sector’s role in operational collaboration. She highlighted how both reports call for the creation of a joint planning office within the Cybersecurity and Infrastructure Security Agency (CISA) as well as the need for a joint collaboration environment. In order for the NCRN to be effective, she added, it must be institutionalized prior to an incident through joint playbooks and training, which would allow for the development of a common conception of operations and integrated capabilities.

The Nonprofit Perspective

Michael Daniel, the former cybersecurity coordinator under President Obama who is now president and CEO of the Cyber Threat Alliance, a nonprofit organization that brings together cybersecurity leaders from organizations to share actionable intelligence in real time, discussed the evolving trends in cyberspace that highlight how the field has grown broader, more diverse and prolific, increasingly dangerous, and crucial to society due to our dependence on these technologies. He also discussed the unique nature of the cyber domain, which requires different solutions than in other realms. Therefore, he emphasized the importance of collaboration, to work together in time and space to achieve synchronized effects, much of what the report is attempting to achieve.

The Private Sector Perspective

Saleela Khanum Salahuddin, cybersecurity policy lead at Facebook, discussed the convoluted environment in which operational collaboration must unfold, which includes a diverse cyber landscape with high levels of uncertainty regarding the potential threat to manage. This makes neutralizing, mitigating, and understanding a threat a complex process.

Khanum Salahuddin shared some insight on Facebook´s experience with the 2020 U.S. presidential election cycle. The environment was riddled with uncertainty due to a range of stakeholders ranging from law enforcement to news media platforms and a chaotic information environment. She emphasized how the question of trust was extremely important, and she spoke about how steady communication amongst the stakeholders allowed for trust to be built over time, a critical component for the development of a collaborative operational environment.

The NYCTF report developed these recommendations in the US context in hopes that it can serve as a model internationally. It is an important first step in achieving “shoulder-to shoulder” operational collaboration that requires a shift in laws, procedures, and most importantly culture. Dr. Rattray concluded by emphasizing the importance of protecting the increasingly vital cyber environment, which is what the NYCTF and the Niejelow Rodin Forum are aiming to achieve. He highlighted the importance of investing the necessary resources today to prevent catastrophic consequences in the future.

— Nate Low MPA ‘22 and Danielle Murad Waiss MIA ‘21

The 2021 Niejelow Rodin Global Digital Futures Policy Forum will be held virtually. Register for remaining events including March’s fireside chat with Brad Smith and our panel on the Future of the Internet, and for April’s panel on U.S.-Japan Cyber Collaboration.