Report urges government, private firms collaborate to prevent fallout from major cyberattack

A report published by a think tank Tuesday is urging private companies and the U.S. government to work more closely together to help prevent the potential fallout from a major cyberattack.

The Foundation for Defense of Democracies (FDD) and consultant firm The Chertoff Group hosted a table-top exercise in October to walk through what could happen in the event of a major cyberattack that impacted several critical U.S. functions like the power grid at once.

{mosads}“The most important finding from the discussion is that unless government and private sector decision makers begin developing [cyber-enabled economic warfare] specific procedures and trust now, the United States will find itself flat-footed during a major cyber event,” the report states.

Among those who attended the exercise were former government officials and leaders from private companies that could be impacted in the case of such an attack, like utilities.

The report said some of the issues that could arise in the case of a major cyberattack include how much information private companies can share with the U.S. government without putting their clients or trade secrets at risk.

Other issues include individuals in the private sector being unable to access classified information needed to resolve the scenario.

And the report noted that while the U.S. has resources on hand for other emergency situations like natural disasters, it was unclear if they would be accessible during a major cyber incident.

Those representing the private sector in the exercise also indicated that they felt they wouldn’t be getting much support from the federal government, and that they would largely have to lead the charge in getting through and recovering from the attack, according to the report.

“We sell to pretty much every house in America, and I don’t know what we would do. We’d probably call the local FBI office and go to the governor. We’d be head down trying to fix our stuff. But I just have this feeling that we wouldn’t be getting much help at all,” the chair of the board of directors of a large manufacturing company was quoted as saying during the exercise.

A panel of experts and former government officials who attended the exercise last year spoke about it and the report as well at an event Tuesday. While the panel, convened and hosted by FDD, largely backed the recommendations, they were unclear as to whether they would actually be taken up by the government.

Suzanne Spaulding, who led the Department of Homeland Security’s cyber agency under former President Obama, said she didn’t believe  the U.S. needed any new laws in order to implement the proposed measures.

But she said that, after the elimination of the White House cybersecurity coordinator position, the responsibility of implementing the recommendations would likely fall to national security adviser John Bolton.

“I think effective implementation of these recommendations will be hampered,” Spaulding said, making reference to a lack of collaboration on cyber across the federal government.