First, while public-private partnerships have been something of a buzzword in cybersecurity for a very long time, several examples from the on-the-record conversations at this year’s Verify point to a qualitative shift in the importance of these partnerships for protecting networks, devices, and the people that rely on them. In an opening night interview with Dina Temple-Raston of the Click Here podcast, Rob Silvers, the Department of Homeland Security’s under secretary for strategy, policy, and plans, pointed to the recently formed Cyber Safety Review Board, which he chairs, bringing together leaders from both government and the private sector to review major cybersecurity events and make recommendations for needed changes. Such partnerships aren’t new, of course, but Silvers was highly complimentary of the “luminaries” on the board — people like national cyber director Chris Inglis and NSA’s Rob Joyce, as well as Katie Moussouris of Luta Security and CrowdStrike co-founder Dmitri Alperovitch — and described himself as “really pleased with the level of input we’ve gotten from a wide range of companies,” open-source software foundations, and security researchers on the board’s first “after-action review” on vulnerabilities in the Log4j software library. Their report will be issued later this summer.
And while the proof of the board’s effectiveness will come in that first report, other examples shared during Verify show the increasing integration of private companies into nation-state cyber defenses. Kori Schake of the American Enterprise Institute, for example, pointed to Microsoft’s role in supporting Ukraine’s war effort during a panel conversation with other national security experts on the geopolitics of cyberspace, citing the “willingness of American tech companies to take a side” as an important “source of strength” in democratic nations, along with contributions from civil society, philanthropy, and even “mischievous actors” like Anonymous as all making important contributions to the war.
Similarly, Microsoft’s Matt Masterson pointed out, during a panel on election security in the 2022 cycle, the role that large companies like Microsoft and their peers are playing in moving beyond simple information sharing with the thousands of local election authorities in the U.S. to providing “real-time support, incident response services, and threat intelligence” to help those local officials deal with the threats.
What starts online doesn’t end there