Building a national cyber-defense plan took center stage at this week’s Black Hat cybersecurity event. “The [Great Game] is playing out in cyberspace right now,” Homeland Security Secretary Alejandro Mayorkas said in his closing remarks.

Mayorkas explained that the “Great Game” in the mid-19th century was a competition for geopolitical influence on the vast landmass of Central Asia, while the “Great Game” now is competing for the future of cyberspace between democratic and authoritarian governments.

In the last six years, the cybersecurity landscape has shifted from news headlines about data breaches and espionage to ransomware attacks disrupting hospitals, schools, food suppliers, and pipelines, he noted. Cyberattcks on companies like Colonial Pipeline, JBS foods, and Kaseya, as well as interference in the U.S. elections, have reinforced the importance of cybersecurity, how to govern the internet, and why we need free and secure cyberspace, Mayorkas said.

Mayorkas in his speech echoed Director of the Cybersecurity and Infrastructure Security Agency (CISA) Jen Easterly’s call for public-private partnerships against cyberattacks. 

Easterly announced the launch of the Joint Cyber Defense Collaborative (JCDC) during her keynote speech earlier in the day. She also named Google, Microsoft, Amazon Web Services (AWS), and six more private companies as the initial launch partners. 

Mayorkas added that this collaboration is one of many efforts underway that are designed to unite stakeholders around a whole-of-nation approach to cyber-defense operations. “DHS [Department of Homeland Security] is fundamentally a department of partnerships,” he said.

Mayorkas laid out his vision of how the government and private sector can work together. He invited cybersecurity experts to join their team at DHS and announced the launch of DHS’s new Cybersecurity Talent Management System (CTMS). This initiative is the product of the 2014 Border Pay Reform Act, which grants DHS “more flexibility to hire the very best cyber-talents,” he explained.

He added that private partners and experts in the field also can help bridge the gap between the hacker community and the federal government to collectively defend a free, open, and secure internet, as well as inspire the next generation of cybersecurity engineers.

Mayorkas dramatically added that what's at stake is the future of the internet and the United States' economic and national security.

Those comments tied into Trend Micro’s latest Cyber Risk Index (CRI) report that was released this week. It showed that North America has the highest cybersecurity risk level and lowest perceived readiness compared to other regions. 

The report found that organizations are unprepared to share threat intelligence with other companies and governments.

The Biden administration recently released an executive order on improving the nation’s cybersecurity posture. Trend Micro COO Kevin Simzer said he was thrilled to see that the U.S. administration took some steps forward. However, “there is a lot more that needs to be done,” he said. 

Splunk security strategist Ryan Kovar echoed that sentiment. In an interview with SDxCentral, Kovar said this is the federal government’s first step to recognize that there has to be a federal-level dedicated response while acknowledging that organizations in the federal government need to be funded to thwart cyberattacks.

Kovar expects the next steps will be making federal regulations, possibly starting with executive orders on protecting the federal government's software and supply chain.

“The idea of privateers being state-sponsored pirates in 1704 is a direct historical parallel to what we have today: not state-sponsored, but state-supported or state-protected ransomware affiliates in other countries,” Kovar said.

He cited the U.S.-China Cyber Agreement in 2015 that the two governments agreed to “pursue efforts to further identify and promote appropriate norms of state behavior in cyberspace,” adding that the agreement led to a dramatic drop off of nation-state sponsored Chinese attacks against U.S. federal assets. “So diplomacy does apparently work in those areas when clearly defined,” Kovar said.