ClearanceJobs chatted with Bradford Willke, a Senior Advisor at the Cybersecurity and Infrastructure Security Agency (CISA), about his work on cyber-physical convergence and the role of strong partnerships in cybersecurity.
Cybersecurity and Physical Security Convergence
At CISA, stakeholder engagement is all about partnership and making sure the right partners are connected to each other, and with CISA and the federal government, to best reduce risk to our critical national infrastructure. That partnership is a two-way street, with industry offering different perspectives from their vantage point and CISA offering partners its own view of threat, vulnerability, and risk. Keeping everyone at the table is essential. The key is to know your customers, audience, and partners; and in turn, make sure that their expectations are being met and that they have a seat at the table. In a connected world, partnerships are critical to cooperating strategically and operationally against cybersecurity challenges.
While cybersecurity and physical security are often seen as independent of each other, Willke is endeavoring to, “break the silos and systems [internal to government and industry] to make sure people don’t view themselves as having discrete subject matter expertise –that they can really look at risk management as the [multi-domain] dimension that we’re striving for and not just security practices.” But, Willke continues, “I’ve talked to so many people and part of my work [in cyber-physical convergence] is not to disrupt what is ‘working’ and what we are already doing [well].” It’s to draw together those domain experts to form a more holistic and complete picture of cyber and physical threats to cyber-physical systems.
Making a COmmon Investment in a Connected World
Cybersecurity is not a separate requirements column against which we build only cybersecurity solutions – it falls alongside other requirements to achieve operational resilience, whether answered by personnel, physical, or policy controls. Everything must be connected and work together. The future is a blended environment of interactive technologies that create smart infrastructure.Smart cities, for example, will include an ecosystem of cyber-physical systems that require a different type of infrastructure resilience discussion. CISA’s role as the nation’s risk advisor and reducer isn’t just to project or broadcast these system-of-system risks, but also to collaborate with partners to find blind spots. Partnerships are fundamental. In order to change risk behaviors, we need to be evidence-based and analytically sound because we are supporting someone else’s decision-making. You can’t work as a risk advisor or risk reducer without having partnerships, and that requires access to experts and decision-makers of all types so that you can bring diverse groups together to collaborate. Private industry as a partner is not enough; our partner ecosystem must include state, local, tribal, and territorial government and international partners. Willke explains, “When you think about (including) everybody from school districts to those that have large facilities to thinking about their integration of cyber-physical, or thinking about manufacturing systems across the United States, it’s a diverse community.”
Unity of effort is one of the great challenges when we talk about who implements which best practices and whether we share a common view and common goals on a threat or vulnerability. And that unity can be easily undercut in a world where social media platforms place opinions alongside fact and misinformation . So, it’s critical for partners to both unify efforts and affect a unity of messaging – to have the same talking points, express commitment to the same evidence and facts, and to be resolute to act in the same timeframe as other partners – whether we are facing natural disasters or cyber attacks.A common investment in effort and messaging shows the public there is trust and commitment to shared goals and shared values.
CISA pushes to get the technical piece, as well as the partnership model. But, one agency alone cannot solve the infrastructure risks and problems without looking to the collective expertise and diversity of industry partners. No one has the total skill, acumen, or equity – or should work in a vacuum – especially not the government. As much as risk is multi-domained, CISA itself strives to be an inclusive and equitable workforce diverse in thought and technical skill through its incredible amalgamation of personnel with cultural, ethnic, and racial differences . It takes all of America represented in and through our workforce to reach all of the country’s communities. Partners and partnerships extend our reach, but reaching our goals comes from a collective will that leverages our differences.
One Ask of Partners
The biggest ask we have for partners is for feedback, for requirements, and for consultation. Input from the industry helps remove or reduce our confirmation bias. Partners offer valuable information, identifying cyber requirements to help us develop leading practices. Willke also points out the importance of identifying cyber requirements at the beginning – not in the implementation phase. It’s critical to build -in security as a preventative measure and to be as proactive as possible in planning operational resilience. Willke says, “It’s a shared attack surface. And if we aren’t working together, we’re not going to have insights on that and how to shrink it….I would rather have us be there to prevent the breaking or the stress happening in the first place….That’s why CISA exists…nation’s risk advisor, nation’s quarterback, [and] I would say the nation’s convener for infrastructure resilience.”
Help Defend Today, Secure Tomorrow. Find job opportunities.
SPONSORED CONTENT: This article is written on or behalf of our Sponsor.
