School or Institution Name (University at Place or Town, State)
Public-Private Partnerships for Cybersecurity
Introduction:
With exponential penetration of information and communication technologies in every aspect of life, most of the government facilities are also turned digital. The state government is not only promoting information technology but relying on the same technology for providing services to citizens. Governments have to deal with personal information of citizens in order to provide better services like any other private business organization. Storing and processing of critical information by the state departments make the information technology infrastructure of these departments a potential target for cyber-criminals ADDIN ZOTERO_ITEM CSL_CITATION {"citationID":"a1gt9to6d12","properties":{"formattedCitation":"(Carr, 2016)","plainCitation":"(Carr, 2016)"},"citationItems":[{"id":1957,"uris":["http://zotero.org/users/local/gITejLE9/items/KVXL4FIA"],"uri":["http://zotero.org/users/local/gITejLE9/items/KVXL4FIA"],"itemData":{"id":1957,"type":"article-journal","title":"Public–private partnerships in national cyber-security strategies","container-title":"International Affairs","page":"43-62","volume":"92","issue":"1","author":[{"family":"Carr","given":"Madeline"}],"issued":{"date-parts":[["2016"]]}}}],"schema":"https://github.com/citation-style-language/schema/raw/master/csl-citation.json"} (Carr, 2016). Protection of such critical information assets is the responsibility of public sector organizations dealing with sensitive data. Public sector organizations always suffered a lack of resources in competition with private sector organizations. Specifically, in the field of cybersecurity solutions, private sector organizations have made tremendous improvements as compared to the public sector institutions.
Cyber-criminals are always trying to compromise existing layers of security in public organizations. With the advent of large-scale data centers, attackers have shifted their attack vectors form individual users to large-scale organizations. Cybercrimes are growing as the most profitable industry. Given the fact that cyber threat landscape is continually evolving and public sector organizations do not have enough resources, it is need of the hour to increase public-private partnerships to secure critical information assets of the nation ADDIN ZOTERO_ITEM CSL_CITATION {"citationID":"a82bm9k9n9","properties":{"formattedCitation":"(Givens & Busch, 2013)","plainCitation":"(Givens & Busch, 2013)"},"citationItems":[{"id":1960,"uris":["http://zotero.org/users/local/gITejLE9/items/VMCC9HH2"],"uri":["http://zotero.org/users/local/gITejLE9/items/VMCC9HH2"],"itemData":{"id":1960,"type":"article-journal","title":"Realizing the promise of public-private partnerships in US critical infrastructure protection","container-title":"International Journal of Critical Infrastructure Protection","page":"39-50","volume":"6","issue":"1","author":[{"family":"Givens","given":"Austen D."},{"family":"Busch","given":"Nathan E."}],"issued":{"date-parts":[["2013"]]}}}],"schema":"https://github.com/citation-style-language/schema/raw/master/csl-citation.json"} (Givens & Busch, 2013). A public-private partnership for cybersecurity means that a collaborative environment between the participants in terms of technology and intelligence sharing. As there are not enough resources available for the security of public information technology infrastructure, public sector institutions rely on cybersecurity solutions developed by independent security companies. Such reliance on third-party solutions for the protection of sensitive information of citizens has many ethical and legal issues. The paper describes the benefits of having a fruitful public-private partnership for cybersecurity instead of relying on solutions developed by the industry.
Public-Private Partnerships for Cybersecurity:
Private organizations and independent cybersecurity companies have instead in information security heavily during the last three decades. As cybercriminals have targeted public organizations as the data stored in their systems can be used in many ways, private firms helped organizations to secure their infrastructure against cyber-attacks. Targeted cyber-attacks have increased exponentially during the last five years. Most of the time targeted attacks on public infrastructure are sponsored by rival states to sabotage the information technology infrastructure of their enemies ADDIN ZOTERO_ITEM CSL_CITATION {"citationID":"a13imr5397k","properties":{"formattedCitation":"(Busch & Givens, 2012)","plainCitation":"(Busch & Givens, 2012)"},"citationItems":[{"id":1963,"uris":["http://zotero.org/users/local/gITejLE9/items/LG6F2I32"],"uri":["http://zotero.org/users/local/gITejLE9/items/LG6F2I32"],"itemData":{"id":1963,"type":"article-journal","title":"Public-private partnerships in homeland security: Opportunities and challenges","author":[{"family":"Busch","given":"Nathan E."},{"family":"Givens","given":"Austen D."}],"issued":{"date-parts":[["2012"]]}}}],"schema":"https://github.com/citation-style-language/schema/raw/master/csl-citation.json"} (Busch & Givens, 2012). It has been reported that public sector organizations have faced many issues regarding the security of information technology infrastructure. It is difficult for public organizations to hire and retain the required talent for cybersecurity. Private firms offer better monetary benefits to skilled persons and turn over for public organizations remain high. Modern cybersecurity positions require dynamic individuals having in-depth knowledge and experience of communication technologies.
Due to the budgetary issues in public sector organizations, there is an ongoing crisis for cybersecurity workforce. Cybersecurity professionals are in high demand. Beside budgetary issues there are technical issues as well such as public sector information technology infrastructure is not developed enough as compared to the private firms. To overcome these challenges, public-private partnerships have been made during the last few years. The initiative addressed many of the security issues but have raised new concerns as well ADDIN ZOTERO_ITEM CSL_CITATION {"citationID":"a503lavra5","properties":{"formattedCitation":"(Bossong & Wagner, 2017)","plainCitation":"(Bossong & Wagner, 2017)"},"citationItems":[{"id":1966,"uris":["http://zotero.org/users/local/gITejLE9/items/CTJU8BGW"],"uri":["http://zotero.org/users/local/gITejLE9/items/CTJU8BGW"],"itemData":{"id":1966,"type":"article-journal","title":"A typology of cybersecurity and public-private partnerships in the context of the EU","container-title":"Crime, Law and Social Change","page":"265-288","volume":"67","issue":"3","author":[{"family":"Bossong","given":"Raphael"},{"family":"Wagner","given":"Ben"}],"issued":{"date-parts":[["2017"]]}}}],"schema":"https://github.com/citation-style-language/schema/raw/master/csl-citation.json"} (Bossong & Wagner, 2017). Public organizations have some in-house facilities and staff as well that require support for proper functioning of information technology departments. Public-private partnerships allow both the parties to share information and intelligence gathered by analysis of different security incidents. Through these partnerships, many useful frameworks of cyber security have been developed. Most of the infrastructure deployed in the public sector is not solely developed by the government itself. Therefore, the vulnerabilities in the system are beyond the control of in-house departments if there is no intelligence sharing on incidents ADDIN ZOTERO_ITEM CSL_CITATION {"citationID":"a292bp58bq7","properties":{"formattedCitation":"(Harknett & Stever, 2011)","plainCitation":"(Harknett & Stever, 2011)"},"citationItems":[{"id":1969,"uris":["http://zotero.org/users/local/gITejLE9/items/ND67LSXI"],"uri":["http://zotero.org/users/local/gITejLE9/items/ND67LSXI"],"itemData":{"id":1969,"type":"article-journal","title":"The new policy world of cybersecurity","container-title":"Public Administration Review","page":"455-460","volume":"71","issue":"3","author":[{"family":"Harknett","given":"Richard J."},{"family":"Stever","given":"James A."}],"issued":{"date-parts":[["2011"]]}}}],"schema":"https://github.com/citation-style-language/schema/raw/master/csl-citation.json"} (Harknett & Stever, 2011). For example, a public and private organization may have a similar infrastructure, and one of them is compromised, then the other can be protected against similar attack techniques if they have intelligence sharing partnerships. Lessons learned in one sector will help in improving the security of the other and vice versa.
Challenges in Public-Private Partnerships for Cybersecurity:
As per the discussion, public-private partnerships can bring many benefits, but there are some issues as well. When any government entity is collaborating or building a partnership with a private entity, then there are confidentiality issues as the government also have to play the role of regulator. Depending on the sensitivity of information stored in public sector information technology systems, the government may not provide granular visibility into the investigations of an attack on the system to the partner organization from the private sector. Similarly, private sector organization may be reluctant in providing information that can reveal an internal business process to state government ADDIN ZOTERO_ITEM CSL_CITATION {"citationID":"a8u5oejuqa","properties":{"formattedCitation":"(Manley, 2015)","plainCitation":"(Manley, 2015)"},"citationItems":[{"id":1972,"uris":["http://zotero.org/users/local/gITejLE9/items/QWZSKJG6"],"uri":["http://zotero.org/users/local/gITejLE9/items/QWZSKJG6"],"itemData":{"id":1972,"type":"article-journal","title":"Cyberspace’s dynamic duo: Forging a cybersecurity public-private partnership","container-title":"Journal of Strategic Security","page":"85-98","volume":"8","issue":"3","author":[{"family":"Manley","given":"Max"}],"issued":{"date-parts":[["2015"]]}}}],"schema":"https://github.com/citation-style-language/schema/raw/master/csl-citation.json"} (Manley, 2015). There can be legal restrictions as well. It has been observed in various advance persistent attack cases that private organizations collaborate with state departments when they are in crisis rather than building an on-going proactive partnership for fighting cyber-attacks ADDIN ZOTERO_ITEM CSL_CITATION {"citationID":"a1cuq4srr8h","properties":{"formattedCitation":"(Andreasson, 2011)","plainCitation":"(Andreasson, 2011)"},"citationItems":[{"id":1975,"uris":["http://zotero.org/users/local/gITejLE9/items/HLRZVCW9"],"uri":["http://zotero.org/users/local/gITejLE9/items/HLRZVCW9"],"itemData":{"id":1975,"type":"book","title":"Cybersecurity: public sector threats and responses","publisher":"CRC Press","ISBN":"1-4398-4663-4","author":[{"family":"Andreasson","given":"Kim J."}],"issued":{"date-parts":[["2011"]]}}}],"schema":"https://github.com/citation-style-language/schema/raw/master/csl-citation.json"} (Andreasson, 2011). Trust issues may also restrict the cooperation in partnerships as the leader of the private organization may fear that government will interfere with internal business processes.
Private organizations try to remain independent when they experience any security incident, instead of seeking help from the government. The reason behind the reluctance is that companies want to ensure data privacy of their customers. If they are sharing internal process information with the government, then they may be accused by customers for working too closely with the government. Organizations will not afford to lose customer's trust in helping the government to fight against digital darks. Most of the private organizations deal with customers at the global level instead of the national level. Therefore, they may be subject to international data communication laws and regulations ADDIN ZOTERO_ITEM CSL_CITATION {"citationID":"a1otkhnbvhq","properties":{"formattedCitation":"(McCarthy, 2018)","plainCitation":"(McCarthy, 2018)"},"citationItems":[{"id":1978,"uris":["http://zotero.org/users/local/gITejLE9/items/6VEMNPKD"],"uri":["http://zotero.org/users/local/gITejLE9/items/6VEMNPKD"],"itemData":{"id":1978,"type":"article-journal","title":"Privatizing Political Authority: Cybersecurity, Public-Private Partnerships, and the Reproduction of Liberal Political Order","container-title":"Politics and Governance","page":"5-12","volume":"6","issue":"2","author":[{"family":"McCarthy","given":"Daniel R."}],"issued":{"date-parts":[["2018"]]}}}],"schema":"https://github.com/citation-style-language/schema/raw/master/csl-citation.json"} (McCarthy, 2018). However, despite the difficulties, many partnerships have been successful. Government organizations have partnerships with private organizations and large scale cyber security giants such as McAfee and Symantec Corporation to help in investigations of security breaches. These organizations share intelligence and threat reports to build a secure ecosystem for information technology solutions.
Recommendations:
Public-private partnerships for cybersecurity are inevitable given the state of targeted attacks on significant information technology infrastructure. Challenges in building such partnerships can be overcome by utilizing incident response efforts and by enforcing standard frameworks. It can be clearly stated in agreements beforehand that up to what extent information will be revealed to the government in case of an incident investigation. Purpose of such partnerships along with the obvious reason of protection of critical information infrastructure should be the building of an innovative incident response mechanism ADDIN ZOTERO_ITEM CSL_CITATION {"citationID":"a132qh4106l","properties":{"formattedCitation":"(Kaul et al., 2018)","plainCitation":"(Kaul et al., 2018)"},"citationItems":[{"id":1981,"uris":["http://zotero.org/users/local/gITejLE9/items/VUGC3Q5H"],"uri":["http://zotero.org/users/local/gITejLE9/items/VUGC3Q5H"],"itemData":{"id":1981,"type":"article-journal","title":"GOING DARKER 2.0: POLICY RECOMMENDATIONS FOR LAW ENFORCEMENT, THE INTELLIGENCE COMMUNITY AND THE PRIVATE SECTOR","author":[{"family":"Kaul","given":"Krystle Veda"},{"family":"Tucker","given":"Michelle"},{"family":"McNamara","given":"G. S."},{"family":"Hicks","given":"Jacqueline"},{"family":"Bliss","given":"Colin"},{"family":"Tosi","given":"Scott"},{"family":"Loethen","given":"Lora"}],"issued":{"date-parts":[["2018"]]}}}],"schema":"https://github.com/citation-style-language/schema/raw/master/csl-citation.json"} (Kaul et al., 2018). Such a mechanism will help in combating the latest attack vectors proactively. Most of the private organizations have developed artificial intelligence and machine learning algorithms to fight against digital darks. These algorithms must have collaborated in public-private partnerships for cybersecurity as the aim is to create a secure infrastructure rather than competition in algorithm development. Such collaborations and intelligence sharing between the public and private sectors will help in building frameworks that can render the most common attack vectors useless.
As cyber threats are evolving continuously both in numbers and in complexity, partnerships between public and private organizations are inevitable. Both the sectors store and confidential process information and securing critical information assets is the obligation of involved parties. Collaborations between these sectors will help in educating individuals about safe practices while they surf, search, and socialize using information and communication technologies. Technology sharing will help in the improvement of the existing tools and development of new sophisticated prevention technologies leveraging artificial intelligence concepts.
Summary:
The information technology infrastructure of both public and private organizations are being targeted by the cybercriminals. During the last two years the rise in cryptographic malware attacks caused millions of dollars in loss. Targeted attacks locked individuals and organizations out of their systems. Data stored on the machines was encrypted, and attackers demanded ransom amount to decrypt the files. No security solution was able to stop the wave of such attacks unless significant damage was done by the attackers. Therefore, public-private partnerships are inevitable in securing the information technology infrastructure. Building such partnerships will complement each other’s deficiencies and will help people enjoy safer technology.
References
ADDIN ZOTERO_BIBL {"custom":[]} CSL_BIBLIOGRAPHY Andreasson, K. J. (2011). Cybersecurity: public sector threats and responses. CRC Press.
Bossong, R., & Wagner, B. (2017). A typology of cybersecurity and public-private partnerships in the context of the EU. Crime, Law and Social Change, 67(3), 265–288.
Busch, N. E., & Givens, A. D. (2012). Public-private partnerships in homeland security: Opportunities and challenges.
Carr, M. (2016). Public-private partnerships in national cyber-security strategies. International Affairs, 92(1), 43–62.
Givens, A. D., & Busch, N. E. (2013). Realizing the promise of public-private partnerships in US critical infrastructure protection. International Journal of Critical Infrastructure Protection, 6(1), 39–50.
Harknett, R. J., & Stever, J. A. (2011). The new policy world of cybersecurity. Public Administration Review, 71(3), 455–460.
Kaul, K. V., Tucker, M., McNamara, G. S., Hicks, J., Bliss, C., Tosi, S., & Loethen, L. (2018). GOING DARKER 2.0: POLICY RECOMMENDATIONS FOR LAW ENFORCEMENT, THE INTELLIGENCE COMMUNITY, AND THE PRIVATE SECTOR.
Manley, M. (2015). Cyberspace’s dynamic duo: Forging a cybersecurity public-private partnership. Journal of Strategic Security, 8(3), 85–98.
McCarthy, D. R. (2018). Privatizing Political Authority: Cybersecurity, Public-Private Partnerships, and the Reproduction of Liberal Political Order. Politics and Governance, 6(2), 5–12.
