After 9/11, the U.S. Government rolled out “See something, say something” in an effort to shift the culture around security to one of awareness and openness to reporting on suspicious activity. While we may not be able to quantify the impacts of that societal ‘alertness’ in terms of crises averted, it arguably empowered people to more quickly identify potentially dangerous situations and alert authorities about them. One recent example of this empowerment was the hotel housekeeper in Denver who reported over a dozen guns and more than 1,000 rounds of ammunition found in a hotel room two blocks away from the Major League Baseball All-Start Game. Who knows how many lives her reporting saved.
Shift to today’s cyber world, and we find a different approach. Instead of “See something, say something”, a saying might go something more like, “See something, and wait as long as possible to say something so it doesn’t hurt your reputation.” This is an understandable reaction when the cyber community and news media have made it seem as though an organization that has been the victim of an attack is weaker, or less-than. Add to that the challenge that regaining trust from customers (or residents/citizens) can be difficult after a security breach.
However, the unfortunate truth is that cyber-attacks today are when, not if. In that context, the greatest antidote to attacks – whether from criminals or nation-states – is transparency and communication between our various levels of government and businesses. Transparency and communication not only help the authorities identify the source of significant threats more quickly, but they also help to prevent further damage from being done when an attack is underway.
Debbi Blyth, Colorado’s outgoing Chief Information Security Officer (CISO), demonstrated a real-world example for how communication and transparency can help in the cyber world during the 2018 Colorado Department of Transportation (CDOT) attack. Almost immediately after the malware attack was reported, Debbi worked with several state and federal agencies to coordinate a response that helped ensure that CDOT did not pay the hefty ransom. The coordination effort created the impetus for increased collaboration between local, state and federal governments in Colorado to address large-scale cyber-attacks.
Debbi has also led with transparency around the event. While many organizations choose to not share details, Debbi worked with the CDOT team to openly outline the attack so that more organizations can know how to better defend themselves against similar attacks. To this day, organizations are still learning lessons from it, and are more secure because of that transparency
We can continue Debbi’s example by sharing our own experiences in trusted networks of fellow CISOs – whether through the Multi-State-Information Sharing and Analysis Center (MS-ISAC), or the Colorado Threat Intelligence Sharing (CTIS) network. Even if its months or years after an attack, the information about the experience will be valuable in helping to turn our individual defenses into a collaborative defense. And then, we might just have a chance to win against the criminals and nation-states who benefit from our silence.