By: Emma Schroeder and Will Loomis
What is the kernel of the issue?
Information sharing on cybersecurity issues between industry and government is all the rage, but to what end? While much of the last decade of debate over how and when to share information in cybersecurity has focused on responding to a crisis, the US government has an opportunity in the aftermath of the Sunburst/SolarWinds campaign to drive cooperation in anticipation of a crisis.
Why is the issue important?
The largest technology vendors have unseized opportunities to change the cybersecurity landscape in front of adversaries, disrupting attacks by making technical changes directly in the products they sell to users. The private sector and government agencies can magnify the costs imposed on adversaries by collaborating to shift this landscape.
What is the recommendation?
The Biden administration should encourage the Cybersecurity and Infrastructure Security Agency (CISA)’s new Joint Cyber Planning Office (JCPO) to coordinate information sharing among selected private and public intelligence entities, as well as the largest or most widely used core technology and platform vendors, to drive technical changes to disrupt adversary operations.