Cybersecurity Collaboration: The Emergence of Public-Private Partnerships
The Dangers of Cyber Threats
In recent years, the world has witnessed the reach of cyber threats, which can impact millions of innocent people. A seemingly low-level cyber incident such as a password breach that occurs in a private company, like Colonial Pipeline, can end up taking down sections of the critical infrastructure. This blurs the line between attacks on the public sector and private interests.
The Emergence of Public-Private Partnerships
The Biden Administration has initiated new directives and initiatives, including forming new departments within federal agencies, aimed at collaborating with companies to address emerging cyber threats. Government agencies, as well as private vendors, currently see the value in building partnerships, including in the area of cybersecurity.
Pat Gould, Defense Innovation Unit (DIU) Cyber Portfolio Director, states “Partnering with the private sector is critical for advancing our mission of accelerating commercial adoption of technology across many sectors, especially in cybersecurity.” Initiatives like the National Cybersecurity Strategy are bringing in private-sector security vendors to share threat information or provide solutions and tools that are beyond the government’s scope.
Challenges Faced in Collaboration
There is inherent distrust between the private sector and the government, especially with changes in administrations and congressional leadership. It is a challenge to build credibility in such an atmosphere, and private vendors are hesitant to share information with the government in fear of leaks.
The continuity that cybersecurity and the private/public partnership requires seems to be finally in place, thanks to a push by the current administration. The Cybersecurity Collaboration Center (CCC), part of the National Security Agency, was established three years ago and signifies the shift in how the government works with private-sector vendors to share information and expertise to scale mitigations.
The Role of the Government in Collaboration
Government agencies, such as Cybersecurity and Infrastructure Security Agency (CISA), FBI, and Department of Energy, are uniquely set up to focus on collaboration with the private sector. CISA, beyond its high-profile work in keeping voting systems safe, is responsible for securing critical infrastructure in cooperation with companies. FBI has worked closely with public and private entities for years, and with cybercrime – especially ransomware – ramping up, the FBI is now reaching out to the private sector.
The Department of Energy needs to build partnerships not only to keep the infrastructure safe but also to prevent disinformation and misinformation that could cause a national panic. The Colonial Pipeline cyber incident is a prime example where poor communication led to gas shortages on the East Coast.
Partnerships with Private Vendors
Innovation in cybersecurity comes from small companies, which file more patents in the US than larger businesses and universities do. Therefore, government and large enterprises rely on strategic partnerships with small security vendors to build out their cybersecurity programs. States, counties, and especially municipalities do not have the large budgets or staffing to manage cybersecurity needs.
Vendors may have a better or different view of the threat landscape and can work quickly to develop the right tools or solutions for a government entity at a more affordable rate than the private sector. Having an approved government vendor gives federal oversight to community governments, which cannot always afford the large cybersecurity programs operated by private sector companies.
Unifying Against Ransomware
The fight against ransomware is a good example of a public-private collaboration. The FBI actively works with private vendors to not only identify but also defend against ransomware crime rings and nation-state actors. All the actors use the same tools and services, which leads to an increase in all the options against the crime.
In the fight against ransomware, victimized organizations become partners with government agencies sharing key information about what happened and what they continue to see happening in their networks. The government agencies gather this information and help the companies put the threats into context. Collaboration between public and private entities is critical, and it is essential to have the cybersecurity conversation early and often in a trusted relationship.
Conclusion
Public-private partnerships are vital and necessary to combat cyber threats as they emerge. Governments need to continue building trust with the private sector, and both parties need to recognize that they bring unique strengths to the table. Cybersecurity program-building requires constant support and updating, and it is only possible through collaboration, information sharing, and risk management. There is no doubt that public-private collaboration is the future of cybersecurity, and both sectors need to take the initiative to build more productive partnerships.
<< photo by Nick Fewings >>
You might want to read !
- “PyPI Downtime Sparks Concerns Over Package Distribution Resilience”
- Meta Fined $1.3 Billion by EU Regulators for Data Transfer Breaches
- Meta Faces Consequences with $1.3B Penalty for Violating GDPR
- China’s Order to Stop Using Micron Chips Escalates Feud with US Tech Industry
- “Samsung’s Security May Be At Risk: Critical Flaws Being Actively Exploited”
- Ransomware Campaigns: Unpacking the Three Common Initial Attack Vectors
- Bridging the Cybersecurity Divide: The Power of Public-Private Information Sharing
- Strengthening Industrial Cybersecurity: Balancing Remote Access and Risk Concerns
- Manufacturing Security: Strategies for Cutting the Attack Surface
- Key Criteria for Choosing an Effective Patch Management Solution
