Tech leaders testifying on Wednesday before a House subcommittee on cyber told lawmakers that more coordination is needed between the public and the private sector to identify security threats, including cyber, that stem from emerging technologies like quantum computing and artificial intelligence.
Ron Green, executive vice president and chief security officer at Mastercard, said that partnership should incentivize the government to share threat intelligence to the private sector so that both sectors are able to mitigate cybersecurity risks posed by U.S. adversaries both at home and abroad.
“Cybercrime is not constrained by borders or sectors,” Green told lawmakers.
“Our digital world is too interconnected, and threats are too fast changing for any one organization to counter them alone,” he added.
Green, who was joined by three other tech leaders, made his remarks during a House Homeland Security subpanel that touched on the intersection between emerging technologies and security risks.
Green’s recommendations to Congress have previously been raised by U.S. cyber officials in government and experts in the private sector.
Robert Knake, a U.S. official at the White House’s Office of the National Cyber Director, told lawmakers in April that companies are increasingly asking the government to share cyber threat intelligence as they seek to prepare and counter growing security threats.
“What we’ve heard from every private sector company we talked to is to make sure that we can provide the one thing that private companies can’t do on their own, which is intelligence,” Knake said.
“Only the U.S. government can collect intelligence, and only the U.S. government can provide it back. So that’s a major focus of our efforts,” he added.
Cyber executives who also testified before Congress in April said that the U.S. government should be less of a regulator and more of a partner for critical infrastructure in the private sector, adding that its focus should remain on providing guidance and sharing threat intelligence.
Those calls to action have been emboldened by President Biden’s executive order on cybersecurity which introduced several key initiatives, including facilitating threat information sharing between the government and the private sector.
Green also suggested that Congress authorize the Cybersecurity and Infrastructure Security Agency (CISA) to create a national cyber training center to train and prepare cybersecurity workers in identifying and mitigating national security threats arising from emerging technologies.
“Planning for an attack is crucial, but those plans are ultimately worthless without practice,” Green said.
Green made an analogy explaining how cyberattacks should be taken as seriously as military operations. “It’s the same way that [ground] battle plans would be of little use without real world war games and live fire exercises.”
Green said that the U.S. Army already has a national training center based in Fort Irwin, California, adding that CISA should follow suit.
“We need a similar facility for cybersecurity,” he added.
Green also said that part of his job is to forecast future threats as technology evolves and anticipate how those security risks may threaten businesses like his and government bodies like Congress.
“We’re often looking at 10 years ahead,” Green said.
He added that he and his team regularly consult experts in the private sector, government and academia about ways to identify and mitigate emerging threats.
“This may seem like purely speculative work, but we’re actually developing an informed textured picture of the future,” he said.