OPINION

Forging a public-private partnership for cybersecurity

Government, private sector collaboration key to forward-looking security

Consumers, government and private companies have grown increasingly reliant on cyberspace to manage projects, reach potential clients, serve their constituents and disseminate mission-critical information.

Unfortunately, cyber threats have more than kept pace and, according to McAfee’s 2013 Threat Predictions report , this year will an even more sophisticated assault on businesses, private citizens, and government organizations.

Former Secretary of Defense Leon Panetta warned government and business leaders to be prepared for an escalation of cyber attacks. Rather than simply being prepared for a disruption in an organization’s activities in cyberspace through denial of access regimes, leaders need to develop strategies to handle destructive behavior that could cripple systems or corrupt data.

There has been no shortage of recommendations to address this growing concern because of the immense value of the information shared on secured networks and systems.

Private sector companies have a financial and competitive incentive to safeguard their intellectual property to ensure novel innovations are brought to market. Public sector entities must safeguard sensitive information – including intelligence reports, citizens’ personal information and financial data, and national security information – to keep it secure and protected from those who wish to harm our people and our economy.

A Shared Purpose

Despite numerous proposals, progress on establishing an effective system to safeguard cyberspace has provided mixed results.  Shared goals have yet to give way to a collaborative dialogue that yields a security framework with which all organizations, both public and private, can agree.

A rare opportunity exists today to forge public-private partnerships on cybersecurity solutions that benefit all. This will only be possible, however, if public and private entities can agree on a set of objectives focused on information sharing and risk mitigation strategies while taking privacy concerns into account.

Information sharing is an avenue the public sector is pursuing to encourage the participation of private sector companies in developing and pursuing their own internal cybersecurity programs.

For example, the executive branch provides comprehensive information on emerging threats and trends in industry-specific briefing sessions.  And lately, Congress appears to be redirecting its cybersecurity energies from prescriptive compliance programs towards legislation that promotes the adoption of best practices in cybersecurity by both private sector and public sector entities. This type of legislation rewards companies that have invested in forward-leaning security efforts and established a benchmark for others to follow.

Maturity Models – The Path Forward

Maturity models may be one avenue to forge a public-private partnership for critical infrastructure- related companies.  These models are a good way to measure progress against established benchmarks and are forward-looking. Maturity models recognize compliance is a journey, and cannot be achieved overnight or with a single product or tool.

The models also recognize that not all infrastructure or applications must meet the maximum security levels immediately, but progress strengthens the organization and overall security environment. Moreover, the actual process used to develop the model facilitates meaningful information exchange and dialogue necessary to develop a framework for cybersecurity.

Recently, the departments of Energy  and Homeland Security partnered with dozens of energy companies to develop a comprehensive maturity model, designed to identify and combat threats in that industry.

Through this working relationship, the energy industry shared information about what risks it is facing, and the government shared data on emerging threats that could exploit weaknesses or exacerbate threats. Together, they provided a framework for the energy sector that enables companies to assess their own situation, resources, consequences and planning.  This partnership demonstrates great promise for the future and shows that public-private partnerships can work and can produce desired, and mutually beneficial, outcomes.

Using the DOE model as an example, other sectors can adapt the maturity model to fit their needs, evaluating how much of the existing model fits their requirements and what actions need to be taken. While specific issues like supply chain management may vary from industry to industry and entity to entity, issues like identity management are universal and affect all consumers, both public and private.

The protection of intellectual property is directly tied to innovation, market share, and research and development, all of which affect the economy.  Maturity models increase awareness, enable action and are integral to the protection of intellectual property as well as sensitive data.  When industry and the public sector are able to access and receive timely, actionable information, better solutions emerge.

The time to act is now. 

 

Reader Comments

Wed, May 1, 2013

Private owners and operators of critical infrastructure can protect the information they share with governments as Protected Critical Infrastructure Information (PCII) which protects against public disclosure, civil litigation and regulatory use. More information can be found at www.dhs.gov/pcii

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

What is your e-mail address?

My e-mail address is:

Do you have a password?

Forgot your password? Click here
close
SEARCH
 Top 100 Slideshow
contracts DB

Trending

  • Dive into our Contract Award database

    In an exclusive for WT Insider members, we are collecting all of the contract awards we cover into a database that you can sort by contractor, agency, value and other parameters. You can also download it into a spreadsheet. Read More

  • Is SBA MIA on contractor fraud? Nick Wakeman

    Editor Nick Wakeman explores the puzzle of why SBA has been so silent on the latest contractor fraud scandal when it has been so quick to act in other cases. Read More

Webcasts