Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Tenable Blog

Subscribe

Securing Critical Infrastructure: The Essential Role of Public-Private Partnerships

How to secure critical infrastructure through government-private sector partnerships

Government collaboration with industry can help drive strategic planning and tactical operations to address cyberthreats.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) states, “Public-private partnerships are the foundation for effective critical infrastructure security and resilience strategies, and timely, trusted information sharing among stakeholders is essential to the security of the nation’s critical infrastructure.” We couldn’t agree more.

Critical infrastructure is highly susceptible to cyberattacks, as seen with the SolarWinds attack in late 2020, which impacted global governments and critical infrastructure providers, and in the ransomware attacks on Colonial Pipeline and JBS Meat last year. However, with the proper IT infrastructure security in place, organizations can mitigate the risk of cyberattacks and protect their vulnerable data.

We believe it’s imperative for global governments to leverage the combined resources and expertise of government, industry and other stakeholders to enhance cybersecurity. Public-private partnerships play a critical role in establishing the strategic frameworks and tactical operational mechanisms necessary to secure data and IT infrastructure.

In the U.S., there are many federal agencies involved in public-private partnerships. For example, CISA and other government agencies are partnering with the information technology and communications industries to identify and to develop strategies to help address supply chain risk management challenges. Additionally, the National Cybersecurity Center of Excellence (NCCoE) leverages expertise from both the public and private sectors to develop cybersecurity guidance and solutions, aligned with international standards and the National Institute of Standards and Technology (NIST) Cybersecurity Framework, to address real-world sector-specific and cross-sector cybersecurity challenges. For example, the NCCoE has announced a project on Implementing a Zero Trust Architecture, which will develop “how-to” guides and example approaches to help organizations on their journey to adopt zero trust strategies.

The President’s National Security Telecommunications Advisory Committee (NSTAC) and the Joint Cyber Defense Collaborative (JCDC) are critical public-private partnerships that should be further advanced over the next year. The NSTAC and JDCD allow for agencies to join efforts on combating cyberthreats through strategic planning and proactive defense measures.

How NSTAC supports public-private cybersecurity initiatives

NSTAC aims to assist agencies dealing with telecommunications that affect national security and emergency preparedness. The NSTAC brings together IT and communications sector industry leaders and executives from many of our country’s largest and most influential companies, as well as cybersecurity experts from the White House, CISA and other government agencies to provide advice on securing telecommunications and digital technologies to protect the nation. I have the privilege of supporting Tenable co-founder Jack Huffard, who serves as a member of the NSTAC.

The NSTAC is currently working on a multi-phase project for improving internet resilience. Under the initial phase of this project, the NSTAC released a report to the President on Software Assurance in the Information and Communications Technology and Services Supply Chain. For the second phase, the NSTAC is currently developing a report on recommendations for adopting zero trust architectures. In the next couple of months, NSTAC will launch the third phase of this project, focused on addressing cybersecurity challenges associated with the convergence of Information Technology and Operational Technology, which is vital to further protect industrial control systems and other critical infrastructure from cyberattacks.

How the JCDC supports public-private cybersecurity initiatives

The JCDC was established by CISA to create a collaborative environment for federal agencies and the companies involved to prevent cyber intrusions and implement national cyber defense plans. The JCDC joins forces with federal agencies, state and local governments, and private-sector companies to protect our nation’s critical infrastructure. CISA Director Jen Easterly noted that the JCDC allows for “a shared situational awareness of the threat environment, so that we understand it better to develop whole-of-nation comprehensive cyber defense plans to deal with the most significant threats to the nation to include significant threats to our critical infrastructure.”

Tenable was recently named as an Alliance Partner for the JCDC, meaning we will be collaborating with CISA across a range of cybersecurity issues and challenges, to provide strategic insights and operational response acumen. Managing vulnerabilities is essential to secure critical IT infrastructure and the work done by JCDC and CISA promotes the prioritization of network security. Federal agencies across the nation need to adopt initiatives put forth by the JCDC to ensure their networks are protected from vulnerabilities, like the recent Apache Log4J flaw, which has impacted billions of devices worldwide. The JCDC and CISA have been quick to respond and help protect the nation’s infrastructure from this vulnerability, a vital effort, especially given that recent research from Tenable shows that nearly 30% of organizations hadn’t begun scanning for Log4J as of late December.

Conclusion

As cyberattacks become more sophisticated, building collaborative communities between the public and private sectors is crucial to synchronize operations and take preventative measures as a unified front to critical infrastructure threats.

In order to complete many large-scale projects, the expertise and technology from private-sector entities, as well as the resource support and convening power of global governments, are what permit public-sector proposals to come to fruition.

Learn More

Related Articles

Cybersecurity News You Can Use

Enter your email and never miss timely alerts and security guidance from the experts at Tenable.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Buy Now

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Buy Now

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Buy Now

Try Tenable Web App Scanning

Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable One Exposure Management platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now.

Your Tenable Web App Scanning trial also includes Tenable Vulnerability Management and Tenable Lumin.

Buy Tenable Web App Scanning

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

5 FQDNs

$3,578

Buy Now

Try Tenable Lumin

Visualize and explore your exposure management, track risk reduction over time and benchmark against your peers with Tenable Lumin.

Your Tenable Lumin trial also includes Tenable Vulnerability Management and Tenable Web App Scanning.

Buy Tenable Lumin

Contact a Sales Representative to see how Tenable Lumin can help you gain insight across your entire organization and manage cyber risk.

Try Tenable Nessus Professional Free

FREE FOR 7 DAYS

Tenable Nessus is the most comprehensive vulnerability scanner on the market today.

NEW - Tenable Nessus Expert
Now Available

Nessus Expert adds even more features, including external attack surface scanning, and the ability to add domains and scan cloud infrastructure. Click here to Try Nessus Expert.

Fill out the form below to continue with a Nessus Pro Trial.

Buy Tenable Nessus Professional

Tenable Nessus is the most comprehensive vulnerability scanner on the market today. Tenable Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy a multi-year license and save. Add Advanced Support for access to phone, community and chat support 24 hours a day, 365 days a year.

Select Your License

Buy a multi-year license and save.

Add Support and Training

Try Tenable Nessus Expert Free

FREE FOR 7 DAYS

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

Already have Tenable Nessus Professional?
Upgrade to Nessus Expert free for 7 days.

Buy Tenable Nessus Expert

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

Select Your License

Buy a multi-year license and save more.

Add Support and Training