Paul Eisler

Strategies for a Cyber Crisis Response

Our Council to Secure the Digital Economy (CSDE) has released Cyber Crisis: Foundations of Multi-Stakeholder Coordination, a long-awaited blueprint for industry and government coordination during major cybersecurity incidents.

While the digital economy has generated quality-of-life improvements on every continent, created whole new industries and millions of jobs, and increased efficiency in every sector, the consequences of cyberattacks have increased in frequency and cost.

In recent years, we have seen cyberattacks against power plants, oil and gas companies, financial centers, military organizations, hospitals, governments, and virtually every other institution that supports modern civilization. Researchers continue to discover malware targeted against specific geopolitical targets in many parts of the world.

The asymmetry between the relatively low cost of launching highly disruptive cyberattacks and the high cost to defend against such attacks, among other factors, has created harmful incentives for sophisticated actors–including nation states that wish to project power and influence in global affairs. In a shared internet and communications ecosystem, attacks targeted at specific nations can (and often do) have severe spillover effects that are damaging for broad sets of stakeholders—not just the intended targets.

Whether dealing with hacking groups sponsored by nation states with geopolitical ambitions or sophisticated cybercriminal organizations with profit-driven goals, like-minded governments and industry alliances have enormous incentives to curtail the most damaging actions in cyberspace and unite against common threats to the shared digital ecosystem.

That is where our new CSDE report comes in.

Based on an extensive survey of CSDE members, we developed an understating of the likely roles of different ICT segments in each of the scenarios analyzed. This understanding, although subject to situational realities “on the ground” during an incident, will serve as effective guidance for private and public stakeholders in most situations.

By strengthening the relationships among governments and ICT companies, as well as developing guidance to mitigate specific kinds of cyber threats and vulnerabilities, the CSDE will continue to serve as a critical forum for cyber policy leaders representing global companies on the front lines during cyberattacks and committed to securing the digital economy.