Cybersecurity cannot be an ad hoc affair; it must be thoughtful, well-planned and continuously maintained. According to Jerred Edgar, Idaho’s Chief Information Security Officer, that kind of cyber resilience comes down to three core principles, or building blocks: competence, trust and collaboration. Edgar, a 24-year Army veteran, sat down with GovLoop recently to discuss how agencies can develop such a resilient security framework. Here is his advice on collaborating with stakeholders to ensure a collective defense — what he calls Building Block #3.
Definition:
Collaboration is essential, given how interconnected systems are — and how ready malicious actors are to exploit that. State and local governments, school districts, critical infrastructure owners, and other stakeholders need to move toward a collective defense.
“As we’ve grown that competency, grown that trust, we are in a position where we can work together to defend ourselves,” said Edgar. It’s the same approach that proved decisive in the 20th-century world wars, he said.
Key Enablers:
- Shared vision. A collective defense begins with reaching a mutual understanding of what the group is trying to achieve. Everyone is rowing their own boat, Edgar said, but they need to move in the same direction.
- Clearly defined roles. Collaboration across organizational boundaries often runs into legal obstacles. For example, if a state-level cyber team sees suspicious activity on a local network, does it have the authority to stop it? State-level legislation or policy might be needed to address these legal ambiguities, Edgar said.
- Managed risk. No collaborative effort can fully eliminate risk. The key is to maximize what’s working, then work on identifying and reducing the gaps. “It’s a long fight,” he said.
Case Study: Operation Grinch
In building a collective defense, you want to create layers that can slow an attacker. This approach paid off for Idaho when someone launched an attack against state systems on Christmas Eve 2025. Edgar’s team dubbed it Operation Grinch, because it seemed likely to ruin everyone’s holiday. However, the state’s layered defense slowed the attack, giving the team enough time to thwart it, Edgar said.
“We’re building in those layers of resilience, so that we can give our teams longer to detect [a threat],” he said. “That really has become key: Do the things that are going to give you the layers so that you can stay in the fight longer.”
To check out Part 1 of this series, which focuses on Building Block #1 (Executing With Competence), click here. Part 2, which focuses on the importance of Trust, is available here.
A version of this article is found in GovLoop’s guide titled “Preparing Agencies for Cyber Disruptions.” Click below to download the full resource.
Leave a Reply
You must be logged in to post a comment.