Irene Moetsana-Moeng, Executive Director and Head at Public Sector Agency on Stakeholders in Cybersecurity: Collaborative Defence for Cybersecurity Resilience at Public Sector Cybersecurity Summit 2024
Irene Moetsana-Moeng: Stakeholders in Cybersecurity: Collaborative Defence for Cybersecurity Resilience
1. Public sector Cybersecurity summit
Gallagher Convention Centre - 3 April 2024
Stakeholders in Cybersecurity: Collaborative Defence for Cybersecurity
Resilience
Irene Moetsana-Moeng
2. INTRODUCTION
Our Nation – government, private sector companies, critical infrastructure,
universities, non-profits and private citizens – are constantly under attack by a
myriad of cyber actors with ever-increasing capabilities
These cyber attacks against our nation are designed to evade our defences,
and using our weaknesses in capabilities, capacity, uncoordinated, laws and
national security structures against us
We need to develop an integrated cyber capability and capacity and a
networked approach to collaborative defence and intelligence analysis, including
sharing between government and the private sector
Our current state is such that there is no integrated network within government,
let alone between government and the private sector
2
3. INTRODUCTION
Cybersecurity is a national security matter, it is of concern to all
Cybersecurity relies on collaboration and communication as the cornerstones of
resilience
Successful collaboration – inclusive decision making, transparent
communication and willingness to embrace fresh ideas and diverse
perspectives
3
4. INTRODUCTION
➢ In today’s interconnected digital landscape, cyber-attack threats loom more
prominent than ever. Cybercriminals are becoming more sophisticated,
launching increasingly complex and targeted attacks that can wreak havoc on
businesses of all sizes.
➢ Organisations must proactively safeguard their digital assets and sensitive
information.
➢ Organisations must partner with cybersecurity specialists/partners for protection
or understanding what they need to secure themselves.
➢ Organisations need to select a cybersecurity partner that wants to work
collaboratively with them.
➢ Organisations need to strengthen their cyber resilience.
4
5. CYBER RESILIENCE
❑ What is Cyber Resilience?
➢ “cyber resilience refers to the ability of systems and organizations to withstand
cyber events, adapt to changing conditions and quickly recover from disruptions
while continuing to deliver their intended objectives.(WEF)
➢ “cyber resilience is the ability of an organization to absorb and adapt to
changing environments while delivering objectives.” (ISO)
➢ Cyber resilience is not just about preventing breaches but assuming breaches
will occur and planning for continued mission execution. (NIST)
5
7. ESSENTIAL ELEMENTS OF CYBER RESILIENCE
Risk Assessment and Management: Conduct a comprehensive evaluation of potential cyber risks
and develop risk management strategies to mitigate the impact and likelihood of these risks.
Incident Response and Recovery: Formulate a clear incident response plan, outlining the steps to
be taken during cyber incident situations, including rapid recovery and operational restoration
schemes.
Technology and Infrastructure: Utilize secure network design, encryption protocols, access
restrictions, and continuous system and infrastructure monitoring as strong cybersecurity measures
that must be implemented.
Human Variables: Highlight the understanding of cybersecurity and acknowledge that employees
play a role that can affect cybersecurity resilience. This is achieved by fostering a culture of
understanding and responsibility among workers, promoting cybersecurity training, and ensuring
their active participation in maintaining corporate security.
7
8. COLLABORATIVE DEFENCE
offers a robust framework for organisations to enhance their cybersecurity posture
and effectively mitigate the ever-evolving cyber-attack threat.
by fostering a culture of information sharing, cooperation, and collective action,
organisations can leverage the collective strength of the cybersecurity community to
stay ahead of emerging threats and protect their digital assets.
is not just a best practice – it’s a strategic imperative for organisations looking to
safeguard their future in the digital age.
8
9. COLLABORATIVE DEFENCE
Principles of Collaborative Defence
no single entity can combat cyber threats alone.
By pooling resources, expertise, and intelligence, an organisation and their
cybersecurity partner can create a unified front against cyber-attacks,
significantly enhancing their ability to detect, prevent, and mitigate potential
threats.
At its core, collaborative defence fosters a culture of collective responsibility,
where stakeholders work together to protect their interests and the broader
digital ecosystem.
The idea is that cybersecurity partners provide the tools, knowledge, information
and personnel to help businesses secure themselves, and businesses help
partners understand the nature of their industries and what’s being targeted.
9
10. COLLABORATIVE DEFENCE
Fostering Innovation and Knowledge Sharing
By facilitating open dialogue and collaboration between cybersecurity partners
and organisations, both can tap into diverse perspectives and ideas, driving the
development of innovative solutions and best practices.
This collaborative exchange of knowledge benefits the organisations and
contributes to the collective advancement of cybersecurity capabilities as a
whole.
Streamlining Incident Response Processes
Collaborative defence can help organisations streamline their incident response
processes and improve their ability to coordinate and collaborate effectively
during a cyber crisis.
By establishing clear lines of communication and protocols for information
sharing, organisations can ensure a more coordinated and cohesive response to
cyber incidents, minimising the potential impact on their operations and
reputation. 10
11. COLLABORATIVE DEFENCE
Access to Actionable Threat Intelligence
One of the key benefits of collaborative defence is its ability to provide organisations with access
to a wealth of actionable threat intelligence.
By sharing information about emerging threats and reducing the attack surface and malicious
actors, cybersecurity partners can help their clients stay one step ahead of potential attacks.
The real-time intelligence enables organisations/cybersecurity partners to proactively adjust their
security measures, fortify their defences, and respond swiftly to evolving threats, minimising the
risk of data breaches and other cyber incidents.
Comprehensive and Holistic Cybersecurity Approach
Collaborative defence promotes a more comprehensive and holistic approach to cybersecurity.
By leveraging multiple stakeholders’ and specialists’ expertise and insights, a collective unit can
better understand the threat landscape and identify potential weaknesses in defences that may
have otherwise gone unnoticed.
The holistic perspective allows organisations to develop more robust security strategies tailored to
their specific needs and challenges, ultimately enhancing their resilience to cyber-attacks.
11
12. CHALLENGES TO COLLABORATIVE DEFENCE
Cultural, organisational, legal and technological barriers to collaborative defence
and intelligence sharing between the public and private sectors
Fundamental challenge – is trust
Lack of cybersecurity structures
Relationships that do exist are ad hoc and point-to-point
No clear operational picture of the entire threat landscape, or a national
strategic approach to address these threats
Lack of comprehensive understanding of the threat because we are not
collecting, processing and sharing the data that is out there in a coordinated
and sustained manner.
12
13. CHALLENGES TO COLLABORATIVE DEFENCE
Limited resources – talent, data, funding
Working in silos
Reactive – emergency approach to increasing threats
Unable to determine priorities across the nation cyber landscape
No opportunity for the private sector to inform intelligence collection requirements
Uncoordinated, adhoc information sharing
Sharing between public and private sector is often point-to-point and incident-based
Voluntary coordination between sector CSIRTS and their constituents
Contracts and classification prevent some information sharing between the public and private
sectors
Cyber structures and policies are not in place to facilitate sharing and collaboration
We are already under attack and we are ill prepared to tackle imminent present and future
attacks 13
14. EFFECTIVE COLLABORATIVE DEFENCE FOR
CYBER RESILIENCE
A holistic understanding of cybersecurity, where technology, processes, and human factors
integrate to create resilience against threats.
stems, and collaborative information sharing.
By focusing on the integration of security and resilience and promoting collaboration,
organizations can enhance their capabilities to face evolving cybersecurity threats.
By collecting and evaluating relevant data, organizations can learn about new threats,
vulnerabilities, and attack trends.
This knowledge forms the foundation for proactive decision-making and the implementation of
flexible defenses.
Organisations can enhance detection, incident response, and overall resilience by employing
continuous monitoring, adaptive defence systems, and collaborative information sharing.
14
15. STAKEHOLDERS
Organs of State
State Owned Companies
Industry
Sector Regulators
Standard Bodies
Technical community including CSIRTs
Academia
Training Institutions
R & D Institutions
Critical Infrastructure Owners
Civil society organisations
Citizens
International and regional organisations
15
17. STRENGTHENING COLLABORATION FOR CYBER
RESILIENCE
Threat information, best practices, and lessons learned should be actively shared among
organisations, government agencies, and industry stakeholders.
This collaborative effort fosters a cooperative defense ecosystem where stakeholders work
together to identify and counter new threats. The community can effectively defend against
sophisticated cyber attacks that may target multiple entities by combining resources and
knowledge.
Organisations can detect potential threats early on by continuously monitoring and using threat
intelligence, enabling quick actions to mitigate risks and prevent successful attacks.
According to Verizon’s Data Breach Investigations Report, 82% of data breaches involve
insecure sharing of information.
According to Gartner, organizations that share cybersecurity information can reduce the risk of
cyber attacks by 50%.
17
18. STRENGTHENING COLLABORATION FOR CYBER
RESILIENCE
❑ There is no resilience without collaboration, i.e. collaboration is key to building
resilience
➢ it opens doors and breaks down walls so that we can tap into the collective
intelligence of multi-disciplinary teams.
❑ Cyber resiliency is a challenge that crosses political, geographic, and technological
borders
➢ Protecting the ever-expanding attack surface and building toward true cyber
resilience will require an integrated response involving both government and the
private sector.
. 18
19. CONCLUSION & RECOMMENDATIONS
❑ Need to create a network of Collaborative Defence
❑ Emerging technologies have the potential to revolutionise collaboration and
strengthen cyber resilience within organisations
❑ A network of human-to-human and machine-to-machine
❑ Automated collective defence, data collection and analysis
❑ Establishment of cyber structures and sector CSIRTS
❑ Establishment of a National Coordinator as a lead national–level coordination of
cybersecurity strategy and policy both within government and with private sector
❑ Development of laws, policies and standards to enable information sharing between
public and private sectors
19
20. CONCLUSION & RECOMMENDATIONS
❑ Creating a culture shift for effective collaboration and sharing
❑ Sector Risk Management approach for securing critical information infrastructure
❑ Efficient exchange of information including intelligence, between all levels of
governments and critical infrastructure owners and operators – Sector Risk
management, private sector to feed into intelligence collection and analysis – in
order to inform national decision makers on national priorities
❑ Create cyber skills pipeline – training, exchange programmes
❑ Promote cybersecurity – community outreach programmes
❑ By promoting collaboration, organisations can tap into collective intelligence of their
teams, resulting in more comprehensive risk assessments, stronger incident
response capabilities and better-informed decisions
20