The worldwide WannaCry attack from May 2017 has been officially blamed on North Korea. In a press briefing publicly announcing the Administration’s declaration of North Korean culpability, the Department of Homeland Security continued to note the importance of public-private partnership in cyberdefense. While such collaboration (and desire for collaboration) is not new, the press briefing did appear to call for a newfound emphasis on the need for the government to work together with private companies. Specifically calling out the help it has received from Microsoft and Facebook, Homeland Security Advisor Tom Bossert stated,
The attribution [of the attack to North Korea] is a step towards holding them accountable, but it’s not the last step. Addressing cybersecurity threats also requires governments and businesses to cooperate to mitigate cyber risk and to increase the cost to hackers by defending America. The U.S. will lead this effort.
President Trump has rallied allies and responsible tech companies around the free world to increase the security and resilience of the Internet. Cooperation between industry and good governments will bring improved security, and we can no longer afford to wait.
What form such cooperation will take remains to be seen, but Assistant Secretary Jeanette stated that, “To ensure adequate security in the private sector, DHS plans to move beyond only offering voluntary assistance to more proactively becoming the world leader in cyber risk analysis and intervening directly with companies when necessary.”
The critical question for companies dealing with cyber attacks is simply, what does “intervening directly” mean? We will keep an eye on this.