A CSO weighs in on what the new Secretary of Homeland Security can do to improve public-private partnership After announcing his resignation Nov. 30, Homeland Security Secretary Tom Ridge was asked if he has made gains in getting the private sector to take some of the infrastructure protection burden. “I think by engaging them on best practices in terms of securingwhether it’s a chemical facility, telecommunications site and the likeand taking advantage of their professional expertise as we go about setting standards for security, we have been very successful to date,” Ridge said. CSO asked Lynn Mattice, director of corporate security and business intelligence at Boston Scientific and someone who has discussed public-private partnerships with Ridge, to evaluate these partnerships. We wanted to know whether Mattice thinks Ridge’s words are a prelude of security standards to come. “Ridge is saying here that the government has used the sector security organizations like oil and gas and electrical to deal with those specific sectors, but they have not reached out to the broader security community yet,” Mattice says. “We proposed a domestic security advisory council, which Ridge accepted when he was head of the Office of Homeland Security before DHS was created [in 2002]. But, once the office was created, that subject was put on a back burner, and it is only just recently being reconsidered.“His comments are most definitely a precursor to the indication that there will be more security regulations coming down the pike,” Mattice adds. “I think a domestic security advisory council is vital to creating the kind of flow of information necessary between government and industry and to ensure that industry is well represented. I’d make the ISACs [information sharing and analysis centers] part of this council and not a separate group of entities. What’ll happen is conflicting issues will arise and there’ll be deadlock. We know how ineffective Congress can be sometimes. We should learn from this and not create more opportunities for deadlock. There should be a flow of communication.” Related content feature Top cybersecurity M&A deals for 2023 Fears of recession, rising interest rates, mass tech layoffs, and conservative spending trends are likely to make dealmakers cautious, but an ever-increasing need to defend against bigger and faster attacks will likely keep M&A activity steady in By CSO Staff Sep 22, 2023 24 mins Mergers and Acquisitions Mergers and Acquisitions Mergers and Acquisitions brandpost Unmasking ransomware threat clusters: Why it matters to defenders Similar patterns of behavior among ransomware treat groups can help security teams better understand and prepare for attacks By Joan Goodchild Sep 21, 2023 3 mins Cybercrime news analysis China’s offensive cyber operations support “soft power” agenda in Africa Researchers track Chinese cyber espionage intrusions targeting African industrial sectors. By Michael Hill Sep 21, 2023 5 mins Advanced Persistent Threats Cyberattacks Critical Infrastructure brandpost Proactive OT security requires visibility + prevention You cannot protect your operation by simply watching and waiting. It is essential to have a defense-in-depth approach. By Austen Byers Sep 21, 2023 4 mins Security Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe