Cybersecurity: Building resiliency together

National Cyber Security Awareness Month has concluded, but we continue to urge everyone—individuals, businesses, and governments—to do more to protect themselves and our organizations against cyber incidents. Everyone using the Internet has a role to play in our nation’s cybersecurity.

Numerous cyber incidents over the past three years alone have affected countless people and inflicted immeasurable costs. Whether it is major hacks making the front page news or the day-to-day incidents and attempted intrusions that every organization faces, enhancing cybersecurity is a critical issue for our nation and its businesses.


Malicious cyber activity aimed at businesses are increasingly launched by sophisticated hackers, organized criminals, and state-sponsored groups. These attacks are growing in scope and complexity. A few years ago, our banking institutions were defending against simple brute force denial-of-service attacks. Today, we see hackers successfully using ransomware to extort hospitals and other businesses after cutting off access to their systems and data.

We all have to do our part to prevent successful cyberattacks. The most secure systems and the strictest polices are meaningless if organizations and individuals do not take responsibility for their online actions and safety. Business leaders need to build cybersecurity into their risk management plans and treat cybersecurity as a valuable investment. Employees need to take their cybersecurity as seriously as they take their physical security. Just as you wouldn’t accept a package from a stranger on the street, you shouldn’t open a link from an unknown source. Just as you lock your doors at night, you should secure your online accounts by setting strong passwords and using multifactor authentication. It takes just one person to make an entire system vulnerable.

Together, the U.S. Chamber of Commerce and the Department of Homeland Security are focused on promoting sound cybersecurity practices among businesses of all sizes and sectors in our country. Working together, government and industry can foster partnerships among key stakeholders.

For businesses, this means adopting the tenets provided in the National Institute of Standards and Technology’s Cybersecurity Framework, which consists of standards, guidelines, and practices to enhance the protection of networks and systems. It also involves participating in DHS’s information-sharing efforts, specifically, the Automated Indicator Sharing program. Automated Indicator Sharing is the cornerstone of DHS’s effort to create an information-sharing ecosystem. The moment a company or federal agency observes an attempted compromise, indicators associated with that incident are shared in near real time with organizations that are members of the program, protecting them from that particular threat.

Congress helped us take a big step forward last year by passing the Cybersecurity Act of 2015. Among other key provisions, this law provides liability protections for companies sharing indicators with DHS.

We urge Congress to take further action and ensure that DHS is resourced and organized to meet the growing cyber threat and the potential for large-scale or catastrophic physical consequences as a result of a cyberattack.

We urge all businesses to take advantage of the information and resources that DHS, the U.S. Chamber of Commerce, and others have made available to strengthen our cyber, economic, and national security. Most important, if individuals and businesses make online safety a part of their daily lives and approach cybersecurity as a normal part of their operations, they can more easily adapt and respond to cyber threats.

Jeh Johnson is Secretary of the Department of Homeland Security. Thomas J. Donohue is President and CEO of the U.S. Chamber of Commerce.

The views expressed by authors are their own and not the views of The Hill.