Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Tenable Blog

Subscribe

Securing Critical Infrastructure: The Essential Role of Public-Private Partnerships

How to secure critical infrastructure through government-private sector partnerships

Government collaboration with industry can help drive strategic planning and tactical operations to address cyberthreats.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) states, “Public-private partnerships are the foundation for effective critical infrastructure security and resilience strategies, and timely, trusted information sharing among stakeholders is essential to the security of the nation’s critical infrastructure.” We couldn’t agree more.

Critical infrastructure is highly susceptible to cyberattacks, as seen with the SolarWinds attack in late 2020, which impacted global governments and critical infrastructure providers, and in the ransomware attacks on Colonial Pipeline and JBS Meat last year. However, with the proper IT infrastructure security in place, organizations can mitigate the risk of cyberattacks and protect their vulnerable data.

We believe it’s imperative for global governments to leverage the combined resources and expertise of government, industry and other stakeholders to enhance cybersecurity. Public-private partnerships play a critical role in establishing the strategic frameworks and tactical operational mechanisms necessary to secure data and IT infrastructure.

In the U.S., there are many federal agencies involved in public-private partnerships. For example, CISA and other government agencies are partnering with the information technology and communications industries to identify and to develop strategies to help address supply chain risk management challenges. Additionally, the National Cybersecurity Center of Excellence (NCCoE) leverages expertise from both the public and private sectors to develop cybersecurity guidance and solutions, aligned with international standards and the National Institute of Standards and Technology (NIST) Cybersecurity Framework, to address real-world sector-specific and cross-sector cybersecurity challenges. For example, the NCCoE has announced a project on Implementing a Zero Trust Architecture, which will develop “how-to” guides and example approaches to help organizations on their journey to adopt zero trust strategies.

The President’s National Security Telecommunications Advisory Committee (NSTAC) and the Joint Cyber Defense Collaborative (JCDC) are critical public-private partnerships that should be further advanced over the next year. The NSTAC and JDCD allow for agencies to join efforts on combating cyberthreats through strategic planning and proactive defense measures.

How NSTAC supports public-private cybersecurity initiatives

NSTAC aims to assist agencies dealing with telecommunications that affect national security and emergency preparedness. The NSTAC brings together IT and communications sector industry leaders and executives from many of our country’s largest and most influential companies, as well as cybersecurity experts from the White House, CISA and other government agencies to provide advice on securing telecommunications and digital technologies to protect the nation. I have the privilege of supporting Tenable co-founder Jack Huffard, who serves as a member of the NSTAC.

The NSTAC is currently working on a multi-phase project for improving internet resilience. Under the initial phase of this project, the NSTAC released a report to the President on Software Assurance in the Information and Communications Technology and Services Supply Chain. For the second phase, the NSTAC is currently developing a report on recommendations for adopting zero trust architectures. In the next couple of months, NSTAC will launch the third phase of this project, focused on addressing cybersecurity challenges associated with the convergence of Information Technology and Operational Technology, which is vital to further protect industrial control systems and other critical infrastructure from cyberattacks.

How the JCDC supports public-private cybersecurity initiatives

The JCDC was established by CISA to create a collaborative environment for federal agencies and the companies involved to prevent cyber intrusions and implement national cyber defense plans. The JCDC joins forces with federal agencies, state and local governments, and private-sector companies to protect our nation’s critical infrastructure. CISA Director Jen Easterly noted that the JCDC allows for “a shared situational awareness of the threat environment, so that we understand it better to develop whole-of-nation comprehensive cyber defense plans to deal with the most significant threats to the nation to include significant threats to our critical infrastructure.”

Tenable was recently named as an Alliance Partner for the JCDC, meaning we will be collaborating with CISA across a range of cybersecurity issues and challenges, to provide strategic insights and operational response acumen. Managing vulnerabilities is essential to secure critical IT infrastructure and the work done by JCDC and CISA promotes the prioritization of network security. Federal agencies across the nation need to adopt initiatives put forth by the JCDC to ensure their networks are protected from vulnerabilities, like the recent Apache Log4J flaw, which has impacted billions of devices worldwide. The JCDC and CISA have been quick to respond and help protect the nation’s infrastructure from this vulnerability, a vital effort, especially given that recent research from Tenable shows that nearly 30% of organizations hadn’t begun scanning for Log4J as of late December.

Conclusion

As cyberattacks become more sophisticated, building collaborative communities between the public and private sectors is crucial to synchronize operations and take preventative measures as a unified front to critical infrastructure threats.

In order to complete many large-scale projects, the expertise and technology from private-sector entities, as well as the resource support and convening power of global governments, are what permit public-sector proposals to come to fruition.

Learn More

Related Articles

Are You Vulnerable to the Latest Exploits?

Enter your email to receive the latest cyber exposure alerts in your inbox.

tenable.io

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable.io Vulnerability Management trial also includes Tenable Lumin, Tenable.io Web Application Scanning and Tenable.cs Cloud Security.

tenable.io BUY

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

65 assets

Choose Your Subscription Option:

Buy Now

Try Nessus Professional Free

FREE FOR 7 DAYS

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy Nessus Professional

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy a multi-year license and save. Add Advanced Support for access to phone, community and chat support 24 hours a day, 365 days a year.

Select Your License

Buy a multi-year license and save.

Add Support and Training

Tenable.io

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable.io Vulnerability Management trial also includes Tenable Lumin, Tenable.io Web Application Scanning and Tenable.cs Cloud Security.

Tenable.io BUY

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

65 assets

Choose Your Subscription Option:

Buy Now

Try Tenable.io Web Application Scanning

Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable.io platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now.

Your Tenable Web Application Scanning trial also includes Tenable.io Vulnerability Management, Tenable Lumin and Tenable.cs Cloud Security.

Buy Tenable.io Web Application Scanning

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

5 FQDNs

$3,578

Buy Now

Try Tenable.io Container Security

Enjoy full access to the only container security offering integrated into a vulnerability management platform. Monitor container images for vulnerabilities, malware and policy violations. Integrate with continuous integration and continuous deployment (CI/CD) systems to support DevOps practices, strengthen security and support enterprise policy compliance.

Buy Tenable.io Container Security

Tenable.io Container Security seamlessly and securely enables DevOps processes by providing visibility into the security of container images – including vulnerabilities, malware and policy violations – through integration with the build process.

Try Tenable Lumin

Visualize and explore your Cyber Exposure, track risk reduction over time and benchmark against your peers with Tenable Lumin.

Your Tenable Lumin trial also includes Tenable.io Vulnerability Management, Tenable.io Web Application Scanning and Tenable.cs Cloud Security.

Buy Tenable Lumin

Contact a Sales Representative to see how Lumin can help you gain insight across your entire organization and manage cyber risk.

Try Tenable.cs

Enjoy full access to detect and fix cloud infrastructure misconfigurations and view runtime vulnerabilities. Sign up for your free trial now.

Your Tenable.cs Cloud Security trial also includes Tenable.io Vulnerability Management, Tenable Lumin and Tenable.io Web Application Scanning.

Contact a Sales Rep to Buy Tenable.cs

Contact a Sales Representative to learn more about Tenable.cs Cloud Security and see how easy it is to onboard your cloud accounts and get visibility into both cloud misconfigurations and vulnerabilities within minutes.

Try Nessus Expert Free

FREE FOR 7 DAYS

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

Already have Nessus Professional?
Upgrade to Nessus Expert free for 7 days.

Buy Nessus Expert

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

Select Your License

Promotional pricing ends September 30th.
Buy a multi-year license and save more.

Add Support and Training