Every year for the last 13, the Billington Cybersecurity Summit has convened cybersecurity leaders from around the globe to discuss the latest trends, approaches, and technologies that are shaping the landscape of this dynamic and essential industry. This year’s event included an intentional and important focus on partnerships given world events, the proliferation of new and ever more sophisticated cyber threats, and the strategic direction that the Biden Administration has outlined via executive orders and other means.

This year’s event was as information rich as ever. Yet four observations stood out to me.

Defense is the New Offense – and Everyone’s on the Same Side of the Ball

As Cybersecurity and Infrastructure Security Agency (CISA) Director Jen Easterly said, “Defense is the new offense.�� The message was also shared via t-shirt during her remarks. And she has a point. Agencies must become more aggressive at taking out bad actors before they have an impact. Increasingly, there is recognition that doing that requires acting together and not alone. Blended operations across industry and government are necessary to secure critical infrastructure, to make our supply chain safer and to make government more resilient. Taken together, this means that not only is defense the new offense – everyone’s on the same side of the ball, and that’s refreshing to see.

Mature Partnerships are Taking Root and Having an Impact

Not only are partnerships between business and government taking root and maturing, so too are multilateral partnerships between nations. We heard at the event about some of the Five Eyes coordination across Australia, Canada, New Zealand, the United Kingdom, and the United States. But we also heard from cybersecurity leaders in Ukraine. While battling Russian forces, they’ve invited other nations to listen and learn about what they’re experiencing on the cybersecurity front so that those nations can defend-forward and be prepared for similar attack tactics in the future. We also heard about the progress that CISA’s Joint Cyber Defense Collaborative (JCDC) is making. The JCDC was created to drive public and private sector operational partnerships to enhance collective action across the cybersecurity community – and it’s having an impact.

Securing Critical Infrastructure Means Making Hacking More Expensive

At this year’s event, I had the pleasure of participating in a panel discussion titled “Securing Infrastructure in an Increasingly Connected World” alongside Department of Energy Chief Information Officer Ann Dunkin, Dr. David Mussington, the Executive Assistant Director of the Infrastructure Security Division at CISA and a few peers from the private sector. Our discussion centered on the reality that hacking is becoming inexpensive and puts critical infrastructure and communications at greater risk than ever before. Today’s advances in hacking techniques and technology mean that cyber criminals can do what used to be achievable only by sophisticated state actors. Our job is to make it more expensive and less feasible. One way to increase costs to bad actors is to make it more difficult and to require advanced skills and tools, especially ones that can’t be acquired easily. And it’s imperative that we do this work now, because not only is the continuity of government at stake, the continuity of the entire global economy is on the line.

An Embrace of Zero Trust Is More Important Than Ever

Finally, what stood out to me was that embracing zero trust is going to be more important than ever. Ironically, in an era of partnership something called “zero trust” must be front and center. But it stands to reason. It’s a key part of the collective defense model that closes locked doors and embeds security throughout an digital environment. Securing our economy, government activity and the infrastructure that supports it all will require a full and fervent embrace of Zero Trust as soon as possible.

As it does every year, the Billington Cybersecurity Summit gave cybersecurity professionals from business, government and academia alike a tremendous amount of information to ingest and act upon. It was equal parts engaging and educational and proved, yet again, that the cybersecurity landscape we operate in is an essential part of how we live, work, and build communities around the world.