Thursday, April 14, 2011

Enhancing Public-Private Cybersecurity Partnership

The proliferation of computer technology dependence and subsequent vulnerability to cyber threats has catalyzed the focus on developing defense against cyber attack. Whereas national defense is typically a government provided public good via the military, the incentives and capacity to act in the cyber arena lend broader involvement, not restricted to the government.

In the cyber domain, the asymmetric threat(s) makes any and all information and infrastructure vulnerable, and entities ranging from individuals to firms to member-organizations can and do participate in their own and collective security against cyber threats. This alternative nature of cyber threat and defense fosters cooperation among diverse groups and has produced public-private collaboration and partnership in efforts to enhance security.

A recent white paper explores and advocates for more developed partnerships between the public and private sector. The work of the consortium that produced this paper developed recommendations based on President Obama’s Cyberspace Policy Review and worked to enhance the National Infrastructure Protection Plan.

Citing that a majority of infrastructure and communication networks are privately owned or managed, the authors advocate for greater collaboration between the private sector and the government. Another strong argument for partnership among organizations, both public and private, is that no singular agency or firm is capable of responding to the diverse nature of cyber threats. Diverse entities facing risk include those working to secure financial data, communication pathways, and infrastructure operation (to name a few). Each player has unique stakes, and their efforts directed to enhancing cyber security can be combined to enhance broad national security interests. But how should this be coordinated?

One conclusion the paper draws is that “a more government-centric set of [cybersecurity] mandates would be counterproductive to our economic and national security. Rather…government and industry need to continue to develop and enhance the existing [sustainable cybersecurity model].” Furthermore, this paper argues rather than replace individual security efforts by instituting government-umbrella oversight, “the public-private partnership model for cybersecurity also has significant privacy and civil liberties advantages over other, more government-directed models.”

However, some leadership in this venture can and should come from the government. On release of the Cyberspace Policy Review, President Obama declared, “My Administration will not dictate security standards for private companies. On the contrary we will collaborate with industry to find technology solutions that ensure our security and promote prosperity.” As the paper describes, government leadership can take the form of fostering research and development, creating innovation incentives via tax breaks and grants, streamlining oversight regulation, and encouraging STEM education: science, technology, engineering, and math.

Ultimately, collaboration effectiveness can be enhanced within a framework. This paper provides concrete recommendations for enhancing, rather than replacing, the framework currently in place. In consideration of cyber security and the national interest, strengthening this private-public partnership is essential.

No comments: