The Evolution of Cybersecurity: The Cyber Nexus Approach

Hagerty Consulting, Inc.’s (Hagerty’s) final post on the Evolution of Cybersecurity comes at the close of 2019 National Cybersecurity Awareness Month (NCSAM) and considers our team’s unique, programmatic approach to cybersecurity preparedness, specifically as it relates to cyber stakeholder engagement. The Cyber Nexus Approach (CNA) is intended to maximize participation in cyber preparedness and response activities across public, private, and non-traditional stakeholders to improve response and recovery operations during a real-world incident.

The Evolution of Cybersecurity Stakeholders

Hagerty’s work in cybersecurity planning has reinforced that there is a growing appetite for improved coordination between emergency management and information technology (IT) stakeholders to prepare, respond, and recover from cybersecurity incidents. The first blog post of this series considered how the Cybersecurity and Infrastructure Security Agency’s (CISA’s) National Critical Functions and the Federal Emergency Management Agency’s (FEMA’s) Community Lifelines frameworks could bring together emergency management and IT concepts to enhance cybersecurity.  Coordination among these two stakeholder groups is critical to the success of all-hazards cybersecurity planning.

Though most incidents can be resolved by traditional cybersecurity stakeholders, the complexity of larger scale incidents (especially those with the potential to cause kinetic cascading impacts) may require participation from a broad group of stakeholders to resolve. It is important that cybersecurity preparedness efforts are inclusive of these secondary stakeholders, such as fusion centers, private-sector organizations, and critical infrastructure, to achieve better coordination outcomes during a real-world incident. However, implementing a strategy to include numerous stakeholders can prove difficult because diverse priorities and objectives among stakeholders can inhibit their ability to share information and work together.

Facilitating Robust Stakeholder Coordination

Ensuring effective stakeholder engagement and coordination is a key challenge to implementing the CNA. As Hagerty has worked with clients across the nation to develop cybersecurity response plans, we have identified the following recommendations for jurisdictions seeking to engage a more robust stakeholder group:

• Identify and Engage Secondary Stakeholders. Jurisdictions are often responsible for managing coordination between a variety of stakeholders during an incident, including fusion centers, private sector stakeholders, critical infrastructure owners and operators, other levels of government, and IT stakeholders. All of these groups play a vital role in cyber response and should be considered in planning efforts. To build a more robust stakeholder group, consider the organizations that should come to the table to respond to or recover from a catastrophic cyber incident.
• Recognize Barriers to Participation and Plan Accordingly. Each jurisdiction has its own intricate cyber infrastructure; however, establishing coordination between diverse stakeholders can be challenging. An organization or agency’s unique processes and privacy laws can inhibit communications between entities. The CNA can help start to break down these barriers and provide motivation for partners to identify alternative pathways to coordination.
• Build a Communications Web. Information should be shared both from the top down and from the bottom up to guarantee effective coordination and response while building trust between stakeholders. It is important to foster and formalize two-way communication between key partners. Identify trusted partners that can help facilitate information-sharing, such as fusion centers, to promote coordination while protecting sensitive information.

While it is important to expand the breadth of the stakeholders engaged in cybersecurity preparedness, creating overarching governance to manage response and recovery operations is essential to operationalizing these connections. The CNA can provide a framework to strengthen collaboration during cyber planning, response, and recovery.

Hagerty is prepared to help your organization engage and coordinate response partners to support cybersecurity response. Using our innovative Cyber Nexus Approach, Hagerty leverages subject matter expertise and experience planning with states across the country to bring diverse stakeholders together and build organized, effective cyber operations. To learn more about our cybersecurity services, contact development@hagertyconsulting.com.