Resilience, Moving Beyond Sectors

June 9, 2015
CyberPhysicalHuman: Post by Rob Simmons, Peter Sheingold, and Chris Folk

The previous article concluded that cross-sector collaboration is necessary to strengthen resilience in the CyberPhysicalHuman world. Others agree. A February 2015 Executive Order promoted cyber information sharing with an emphasis on cross-sector collaboration. Calling for the establishment of Information Sharing and Analysis Organizations (ISAOs), the order encouraged ISAOs to take a broad view of organizational membership: "ISAOs may be organized on the basis of sector, sub-sector, region, or any other affinity, including in response to particular emerging threats or vulnerabilities. ISAO membership may be drawn from the public or private sectors, or consist of a combination of public and private sector organizations."

This thinking recognizes the need for organizations to work with each other in new ways to enhance security and resilience in a CyberPhysicalHuman world. Today's article builds on these ideas and discusses ways to move beyond a sector-based approach.

Let's begin with a contemporary example. Consider auto manufacturers, who are part of the transportation sector. To design and build cars, auto manufacturers work with companies in other sectors, including the communications and information technology sectors. Companies in these sectors design and manufacture devices and services that today enable GPS systems, rear-view cameras, and collision avoidance systems in cars. In the future, companies in the communications and information technology sectors will play key roles in enabling self-driving cars and vehicles that autonomously communicate with each other. Therefore, vehicular cyber threat information needs to be shared across all three of these sectors, and probably others.

Your Car is an Information Technology and Communications Device

Another construct to help frame cross-sector collaboration and information sharing is regions. Why? Because regions represent areas of geographic connectivity where people have some degree of shared interests that can strengthen trust-based relationships. Regions include many different types of organizations that cut across multiple sectors, which promotes cross-sector collaboration and sharing. Regions are big enough that we can address challenges such as Hurricane Sandy, and small enough that we can capitalize and build on local knowledge, local priorities, and local relationships.  "One size fits all" approaches are not needed. Also, there's no reason to centrally determine what constitutes or creates a region. Local regions define themselves, and many regionally based organizations already exist. By some estimates, much of the continental United States is already covered by some sort of regional consortium.  

This regional approach is something MITRE has supported over the past few years through the Advanced Cyber Security Center (ACSC). MITRE is part of the team that created the ACSC, a non-profit consortium that brings together 27 New England–area industry, university, and government organizations, established to address the most advanced cyber threats. Members include financial, technology, healthcare, government, and research organizations all collaborating under a regional umbrella. ACSC brings these diverse stakeholder organizations together to share cyber threat information, engage in cybersecurity research and development, create education programs to address the shortfall in cyber talent, and advance public policies that will enhance security and resilience.

Whether on the basis of cross-sector roles, regions, or some other approach, organizations seeking to collaborate and share information in the CyberPhysicalHuman world should seek to bring together multiple perspectives. Collaboration that cuts across sectors and incorporates multiple perspectives is an important component to enhancing resilience in a CyberPhysicalHuman world. As we will discuss in the next article, sharing and using threat information can be an important tool to make this collaboration effective.

  1. The CyberPhysicalHuman World of Homeland Security
  2. Convergence: A Recent History
  3. Risk: Focus On Your Main Thing(s)
  4. Applying Ancient Wisdom to Help Manage Modern Risks
  5. Resilience Is a Team Sport
  6. Resilience, Moving Beyond Sectors
  7. Enabling Effective Collaboration with Shared Threat Information
  8. Wrapping It Up and Moving Forward
  9. Coming Closer and Closer to You
  10. More Ancient Wisdom for Today's CyberPhysicalHuman World
  11. There is No One-Size Fits All Approach to the CyberPhysicalHuman World