Over the past several years, within DHS, the National Cybersecurity and Communication Integration Center (NCCIC) and the Cybersecurity and Infrastructure Security Agency (CISA) have been working hard to improve the quality, quantity and timeliness of information sharing through a variety of programs, with the Cybersecurity Information Sharing and Collaboration Program (CISCP) being the leading effort.
But more important than any formal program of information exchange are a couple of elements that need to be part of your thinking as you develop effective information exchange with partners and vendors. These are 3 key things that I believe need to be in the mix as you develop information exchange muscle memory.
Trust – developing an effective information exchange relationship is based upon trust – both people trust and organizational trust.
Time – developing an effective trust relationship MUST happen before a “bad day” – this applies to both relationships with partners and vendors…exchanging business cards in the middle of an incident just isn’t useful or effective.
Tenacity – an effective relationship does not happen overnight nor does it persist without tenacious maintenance – and both parties need to work at it regularly – keep the lines of communication open and current.
So…keep in mind that we are in this together – no matter the sector. With all the interconnectivity needed to be safe, secure and efficient in the maritime environment, it is critically important that we cooperate. Yes, we compete, but at the end of the day we need to stand together to be resilient to cyber attacks. We need to help each other. Keeping information related to cybersecurity as a competitive advantage is no longer the way we need to think or behave. There really is no advantage when upstream or downstream stakeholders you are dependent upon fall victim to an attack. We need to be more open to exchanging information, both good and bad, as the weakest link in ANY sector can cause everyone in the sector, and across other sectors, to be impacted.