By Scott Algeier, IT-ISAC Executive Director
Cyber defenders are in a tough spot. The community is no longer dealing with a gradual evolution of cyber risks. Instead, we are experiencing a massive, hyper-speed acceleration. At a time when security budgets are being squeezed, threat actors have access to an arsenal of better, faster technology and tools that automate attacks. Meanwhile, the Cybersecurity and Infrastructure Security Agency (CISA), the nation’s focal point for cyber defense, has experienced budget cuts, government shutdowns, and the loss of experienced staff. Given this environment, defending in isolation is not a viable solution.
While cybersecurity spending continues to rise, with global spending on products and services increasing from $260 billion in 2021 to over $560 billion in 2026, as noted by Dan Lohrmann in a Government Technology piece, outcomes are not improving. Adversary dwell time has increased to 11 days on average, and we’ve seen an over 78% year-over-year jump in ransomware attacks on the IT sector. In total, attackers are causing trillions of dollars in economic damage, demonstrating once again that the economics are heavily stacked against the defenders. It is a lot cheaper to launch attacks than it is to build defenses against them
In this environment, collaboration across industry and government is more essential than ever. As I testified before the House Committee on Homeland Security Subcommittee on Cybersecurity and Critical Infrastructure Protection last month, we must recommit to build an effective partnership of equals. This will help both industry and government maximize the effective use of limited resources.
The IT-ISAC has worked extensively with the government since our founding over 26 years ago. We are committed to helping CISA and other government partners succeed. There are several specific actions the government as a whole can take to ensure long-term success of the public-private partnership.
One is to implement a replacement for the CIPAC framework. When CIPAC was suspended by DHS, it removed the legal framework that helped foster collaboration between CISA and industry. This has impaired the government’s ability to engage with industry to develop risk reduction strategies.
In addition, it is critical to maintain a legal framework that incentivizes voluntary sharing of threat intelligence across industry and government. The current legal framework is widely viewed as being one of our most consequential and effective policy tools. However, the Cybersecurity Information Sharing Act of 2015 (CISA 2015), which provides this framework, is set to expire at the end of the fiscal year.
Another important tenet is institutionalizing the principles and processes that make public-private partnerships successful. In 2012, the IT Sector Coordinating Council conducted a study that identified 12 practices leading to successful partnership outcomes. Adopting these practices would be a good first step in refreshing CISA’s engagement with the industry.
Finally, building a common operating picture among industry and government is essential. We must move beyond sharing one-off alerts and enable organizations across sectors to collectively anticipate risks and proactively shift their defenses. The goal should be for industry and government to have the same set of real-time strategic and tactical threat intelligence.
Our adversaries already know that they are stronger when they pool resources and talent. Defenders, too, are stronger together. By combining the innovation of the private sector with the reach and scope of the federal government, we can flip the script on attackers and better protect our digital economy.
Facts Only
Scott Algeier, Executive Director of IT-ISAC, authored the piece.
Cybersecurity spending is projected to rise from $260 billion in 2021 to over $560 billion in 2026.
Adversary dwell time averages 11 days.
Ransomware attacks on the IT sector increased by over 78% year-over-year.
CISA has faced budget cuts, government shutdowns, and loss of experienced staff.
The Cybersecurity Information Sharing Act of 2015 (CISA 2015) is set to expire at the end of the fiscal year.
The CIPAC framework, which facilitated government-industry collaboration, was suspended by DHS.
IT-ISAC has worked with government agencies for over 26 years.
A 2012 study by the IT Sector Coordinating Council identified 12 practices for successful public-private partnerships.
The article advocates for a common operating picture to enable real-time threat intelligence sharing.
The House Committee on Homeland Security Subcommittee on Cybersecurity and Critical Infrastructure Protection held a hearing on the topic.
The IT-ISAC testified before the subcommittee in the past month.
Executive Summary
Cybersecurity defenders face an increasingly challenging environment marked by rapid acceleration in cyber threats, budget constraints, and resource limitations. Despite rising global spending on cybersecurity—projected to exceed $560 billion by 2026—outcomes are worsening, with adversary dwell times increasing to 11 days and ransomware attacks surging by over 78% year-over-year. The Cybersecurity and Infrastructure Security Agency (CISA), the U.S. government's cyber defense focal point, has been weakened by budget cuts, shutdowns, and staff losses, exacerbating the difficulty of isolated defense strategies. Collaboration between industry and government is emphasized as essential, with calls to replace the suspended CIPAC framework, extend the Cybersecurity Information Sharing Act of 2015, and institutionalize best practices for public-private partnerships. The IT-ISAC, a long-standing industry partner, advocates for a unified threat intelligence framework to enable collective risk anticipation and proactive defense. The core argument is that defenders must pool resources and innovation to counter adversaries who already operate collaboratively.
The piece highlights structural challenges in cybersecurity, including economic imbalances favoring attackers and the need for legal and operational frameworks to facilitate information sharing. While the urgency of the situation is clear, the effectiveness of proposed solutions depends on sustained government-industry cooperation and policy continuity. The expiration of key legal frameworks and the absence of a replacement for CIPAC pose immediate risks to collaborative defense efforts. The call for a "common operating picture" reflects a shift from reactive to proactive cybersecurity, though achieving this requires overcoming bureaucratic and technical hurdles. The narrative underscores a paradigm shift: cybersecurity is no longer a solitary endeavor but a collective responsibility requiring systemic change.
Full Take
The strongest version of this narrative is that cybersecurity is at an inflection point where isolated defense is untenable, and only systemic collaboration between government and industry can counter the escalating threat landscape. The piece effectively highlights structural vulnerabilities—budget constraints, legal gaps, and adversarial innovation—while proposing concrete solutions like renewing CISA 2015 and institutionalizing partnership best practices. It avoids emotional exploitation or distortion, focusing instead on data-driven urgency (e.g., dwell times, ransomware spikes) and policy-specific recommendations.
However, the root cause analysis reveals an unstated assumption: that government and industry can align incentives quickly enough to outpace attackers. The call for a "common operating picture" presupposes seamless integration of disparate threat intelligence systems, which historically faces bureaucratic inertia and trust deficits. The paradigm driving this narrative is one of collective action as the only viable counter to asymmetric cyber warfare, echoing Cold War-era mutual defense pacts but in a digital context. The implication is that without policy continuity and resource commitment, the economic imbalance favoring attackers will persist, eroding digital trust and economic stability.
Bridge questions: What evidence exists that past public-private partnerships (e.g., CIPAC) measurably reduced cyber risks? How might adversaries exploit gaps during legal framework transitions? What alternative models (e.g., decentralized threat intelligence sharing) could supplement government-led efforts?
Counterstrike scan: A coordinated influence campaign pushing this narrative might emphasize systemic failure to undermine confidence in current defenses while positioning specific policy renewals as the sole solution. However, the content aligns with long-standing IT-ISAC advocacy and lacks manipulative framing. No patterns detected.
Patterns detected: none
Sentinel — Human
The text is a highly coherent, policy-focused piece written in an authoritative, advocacy style, grounded in specific, verifiable data and institutional knowledge, suggesting human authorship.