Cybersecurity: An Urgent Opportunity for Public-Private Partnerships (P3’s)
Cybersecurity: An Urgent Opportunity for Public-Private Partnerships (P3’s)
by Diane Rath & Ron Simmons
Cyber attacks in our region and across the state point to an imperative to make cybersecurity a higher and more urgent priority for state and local government. In a November 2021 letter to the Department of Information Resources (DIR) and the Department of Public Safety (DPS), Governor Abbott directed the agencies to enhance critical infrastructure protection against cyber-attacks. He’s correct.
Relatedly, an IT Oversight Committee created by the 87th Legislature is currently considering proposals from multiple state agencies to dispense over $200 million in federal funds specifically for additional cybersecurity across state government. Run by a six-legislator board, this Committee is charged with ensuring that sound agency proposals receive funds specifically to augment existing cybersecurity programs or pilot new approaches. Their work is timely.
The last few years have seen a significant increase in attacks- both in number and severity. Federal agencies were breached in the SolarWinds event and significant fuel shortages ensued following infiltration of the Colonial Pipeline. In our own backyards an assault by a Russian crime syndicate hit more than 20 small communities across the state, threatening gas and meat supplies, with another attack targeting our state’s court system and Department of Transportation. School networks have become a new frontline, as dozens of Texas school districts have fallen prey to breaches resulting in ransom payments. Judson ISD in San Antonio paid one of the highest ransomware payments in the nation, totaling over $500,000 according to news reports. High-tech cyber combat is no longer the stuff of political and espionage fiction- it is our present reality.
As international tension continues to escalate, and other nation-state actors use cyber warfare as an offensive capability, it is imperative that the public and private sectors work together to mitigate these unprecedented dangers. In our community, UTSA is a leader in cyber security nationally, and the collaboration between Joint Base San Antonio and the community has been designated as the model employed by DOD for electromagnetic defense. We need to maintain this momentum. 919 Congress Avenue, Ste. 1500, Austin, TX 78701 www.investtexacouncil.com Additionally, continued development of cyber capability must include rapid identification of threats and the ability to share real-time information among participating entities on potential breaches and how best to address them, an approach also known as “collective defense.”
The concept of this level of public-private cooperation in cybersecurity has been embraced at the federal level, with National Cyber Director Chris Inglis voicing support for the use of collective defense in both the government and private sectors. More recently the Director added, “We’re … pushing hard for the government to stand up to its role to collaborate with the private sector.”1 And the 2022 Omnibus spending bill includes language around the swift disclosure of all hacks and ransom payments, as well as recommendations to accelerate investments in systems aimed at avoiding breaches and damages.
In his letter, the Governor appears to concur with such an approach, emphasizing the imperative to follow best industry practices, as well as other key measures, to quickly detect potential cyber intrusions using software services.
Neither the government nor private businesses can defeat this threat alone. But the approach requires a true partnership, not a mandate to compel private sector participation. The State of Texas is in a unique position to develop a collective defense system for its own agencies and infrastructure that will permit, or even incentivize, local municipalities and private businesses to participate in the vital effort to protect Texans against cyber criminals, including nefarious nation-state actors.
State lawmakers must explore policies to rapidly facilitate collaboration and encourage partnerships between government agencies and private entities in the effort to protect sensitive data, personal identifying information, and critical infrastructure all within under a “collective defense” umbrella.
Diane Rath is Executive Director of AACOG; Ron Simmons served as a member of the Texas House (2013 – 2019). Rath and Simmons serve on the Advisory Board of the Invest Texas Council. The Invest Texas Council (ITC) is a policy-oriented organization founded to champion public-private partnerships (or “P3s”) across government and industry sectors. 1 https://thehill.com/policy/cybersecurity/3521797-top-cyber-official-urge-for-transformation-incyberspace/?utm_source=bambu&utm_medium=social&utm_campaign=advocacy&blaid=3140967
1 https://thehill.com/policy/cybersecurity/3521797-top-cyber-official-urge-for-transformation-incyberspace/?utm_source=bambu&utm_medium=social&utm_campaign=advocacy&blaid=3140967