Cyber Security: How to bridge the gap between public and private partnerships

Wolfgang Kehr-Kiester

ENC 2135

october 7, 2021
Cyber Security: How to bridge the gap between public and private partnerships 2

As with many things in life there will be a gap between public and private organizations.

Just like everything else there is also a gap when it comes to cyber security. While the public

organizations are usually law enforcement agencies and private ones are big corporations there is

a gap in how they work together. Cyber Criminologists or cyber security specialists that work for

private companies or private contractors want to keep their clients' secrets safe as well as their

companies secrets. Since these private cyber security specialists want to protect their clients they

are not always willing to work with law enforcement in giving up information that may be

needed. This can cause cyber crimes to go unsolved leading to more crimes or to more hacks of

critical infrastructure which can lead to a shut down or the United States getting attacked again .

With that being said, there are many different ways to bridge the gap between the public and

private sector that include having the two sectors work together protecting critical infrastructure

and establishing trust between the two as well as teaching cyber safety at a young age.

To start off, what is the difference between the public and the private sectors of cyber

security. The public sector of cyber security would be the government and law enforcement

agencies such as the FBI or CIA. While the private sector can be a cyber criminologist that is a

private contractor for different jobs or somebody who works for a particular company, for

example a cyber security specialist that works for a big accounting firm. The reason to close the

gap is because these specialists could hold secrets to nationally secure information and not even

know it when or if they get hacked. If the gap is closed, law enforcement or the public sector and

the private sector would be able to work together to not only keep the particular company safe

but also keep classified information safe from the wrong hands. Generally speaking the private

sector of cyber criminologists or cyber security specialists hold valuable information that could

provide law enforcement or the public sector with key information and data to build
Cyber Security: How to bridge the gap between public and private partnerships 3

investigations and help bring down criminal organizations. With that being said there is no set

agreement between the public and private sectors which causes a gap in what information is

provided and what information could be provided. In the private sector cyber security is more

based on protecting financials and personal reputation and the public sector's main goal of cyber

security is to protect the public, which is mainly how the government sees cyber security. This

causes a gap because the government is expecting the private sector to also look out for the

common good, but that is not the case. While their jobs may be similar they focus on different

aspects of security even though they may be working on similar or even the same tasks.

Neither government, nor the private sector can defend the nation alone. It's going to have

to be a shared mission-government and industry working hand in hand, as partners, said Barack

Obama at a 2015 cybersecurity conference. How can we do that though, it will take work from

both sectors as they will both have to make some sacrifices for the better of both of them.

According to (Eichensehr) the cyber security private sector investigates networks of malware

infected computers that are used by criminals for financial gain, obtain judicial orders to seize

these networks and work with internet providers to eliminate malware on individuals computers.

While the public sector is known to purchase software vulnerabilities off of the black market and

keep these vulnerabilities undisclosed from software makers that could fix the problems. While

in some private sectors a cyber security specialist will have some government like roles if they

are a private contractor that is still not what is needed to close the gap between the two. The

current approach is both sectors working in harmony to keep their respective companies safe and

their country, but with this there has to be enhanced dialogue between both the public and private

sectors which have largely been unsuccessful due to lack of trust, conflicts of interest and

government laws that have to do with secrecy (Shore). While this seems like it could work I
Cyber Security: How to bridge the gap between public and private partnerships 4

believe that it never can, because the private sector workers can never fully trust the public sector

because they will always be keeping secrets that they believe will protect the nation while

expecting the private sector to give them as much information as they can.

Some people believe that it is more than the public and private sectors that can help

protect the cyberspace and help close the gap between the two sectors. Harknett believes that

normal citizens also play a role by protecting themselves from cyber attacks by being safe on the

web, meaning not putting information that can get stolen from them online, not sharing their

passwords, and making sure their computer is protected against a virus. He believes that this is a

civic responsibility to not only protect themselves but to also protect the nation. This is where the

public and private sectors have a mutual interest, they both want to make sure citizens are being

safe with their computers and on the web because if not it could end up falling back on them in

some type of way. Harknett also says that he believes web safety should be mandatory in K-12

and I agree with that. I believe that this is a way to close the gap between the two sectors. While

this is not an immediate solution it can be years from now because if all children grow up

knowing how to protect themselves online and their information the cyber security specialists in

that time won’t have as much work to do and then the sectors would be able to form some type

of agreement where they help each other.

Another way to close this gap is for the public sectors to make stronger relationships with

internet service providers, informational companies such as google or yahoo, and private cyber

security firms. If the public sectors or the government can build on the relationships they already

have with these providers, companies or firms they would be able to work hand in hand to not

only make the companies more secure but to also help protect our nation. Adaminski believes

that the public and private sectors need to be sharing information before the next big attack
Cyber Security: How to bridge the gap between public and private partnerships 5

happens because during an attack you can’t share information without the risk of it being stolen

by the attacker. Adaminski said “Cybersecurity is a team sport. Partnership is critical because no

one organization has the full picture.” She is right that the public sectors cannot do it by

themselves just like the private sectors can’t either, while they might be separate they still have

to work together not only for themselves but for everybody else too. When Adaminski said that

information sharing has to be done now instead of during a time of crisis really stood out because

if information is being shared between the sectors that is closing the gap that they currently have

and possibly making the cyberweb a safer space not only now but for future generations to come.

Also with information being shared now and not in a time of crisis it leads to more and more

information being shared throughout the years bringing the sectors closer together while they are

still doing their own thing for their respective companies or agencies.

According to Brooks more than 85% of the critical infrastructure is owned by private

sectors and maintained by the public sectors. This means that they have to work together in those

aspects, therefore, closing the gap between these two sectors. Since not one side can fully handle

the critical infrastructure they do work together on that but that does not mean all the information

is shared like it should be. Brooks goes on to say no matter who the critical infrastructure

security team is, that both the private and public sectors need to be involved in it and formulate a

plan incase of an attack and be ready for one by having a comprehensive and adaptive strategy.

The more the public and private sectors work together the smaller the gap will get.​The closer

they are the less chance there is for somebody to miss a step and make a whole network

vulnerable because protecting yourself from an attack is dependent on information sharing,

planning, newer technology and resources that need to be provided from both parties to make

sure everything runs as smooth as possible. Overall, working together is important for both the
Cyber Security: How to bridge the gap between public and private partnerships 6

private and public sectors and that gap between them needs to be closed so they can work closer

together. This gap can be closed by making them work together now while also teaching the

K-12 students about cyberspace and cyberspace safety. Leading to the sectors working hand in

hand in the future to not only protect themselves but to protect the greater good from attacks. Not

only do many people believe this but the former director of the NSA hailed the importance of the

public and private sector partnership because “collaboration is critical given growing threats to

everyone from cyberspace.” Since collaboration is critical the sectors need to learn how to work

through and with each other to make sure that they can both keep all of their information safe.

With these two sectors working together in the critical infrastructure area of cyber

security some people believe that this can cause a breach in national security because of

communication between the respective cyber criminologists or cyber security specialists working

together. Other things have also been brought up that somebody working for the public sector

could also be there to steal information, while this is possible it is unlikely because these

specialists go through extensive background checks and also may have high security clearances

meaning that they are trusted by the government. The public and private sectors need to embrace

the flaws in their relationship because if they can embrace the flaws in it, they can see what is

wrong and fix what they are doing wrong to make everything run smoother. Some of these flaws

are that the critical infrastructure is owned by private sectors but also want help from the public

to keep the infrastructure safe from attacks, but with this if there is an attack who can you blame

because neither party wants to accept the blame. If they were to embrace this they would be able

to come up with a solution that would let them work effortlessly together.

Overall, there are many ways for the gap between the public and private sectors to be

closed or slimmed down. Some of those ways include teaching children cyber safety from a
Cyber Security: How to bridge the gap between public and private partnerships 7

young age throughout their schooling career, leading to them knowing how to protect themselves

and others. Public sectors can also form closer bonds with providers or companies that have

private cyber security to close the gap, because if a company has the government on their side

instead of just coming at them for information they may be more willing to share knowing they

could get something out of it. Another way to seal the gap is for the two sectors to form a closer

relationship based off of the critical infrastructure that they work on together because currently

there are many flaws in their relationship that is based off of them not trusting each other which

in my opinion does not make sense since they are working towards the same goal.
Cyber Security: How to bridge the gap between public and private partnerships 8

Works Cited

CARR, M. (2016). Public–Private Partnerships In National Cyber‐Security Strategies.

International Affairs (London), 92(1), 43–62.
Https://Doi.org/10.1111/1468-2346.12504

Eichensehr, K. E. (2017). Public-Private Cybersecurity. Texas Law Review, 95(3), 467–.

Harknett, R. J., & Stever, J. A. (2009). The Cybersecurity Triad: Government, Private
Sector Partners, And The Engaged Cybersecurity Citizen. Journal Of Homeland
Security And Emergency Management, 6(1), 79–.
Https://Doi.org/10.2202/1547-7355.1649

Christensen, K. K., & Petersen, K. L. (2017). Public–Private Partnerships On Cyber

Security: A Practice Of Loyalty. International Affairs (London), 93(6), 1435–1452.
Https://Doi.org/10.1093/Ia/Iix189
He, M., Devine, L., & Zhuang, J. (2018). Perspectives On Cybersecurity Information
Sharing Among Multiple Stakeholders Using A Decision‐Theoretic Approach.
Risk Analysis, 38(2), 215–225. Https://Doi.org/10.1111/Risa.12878

Dille, G. (2021) Public-Private Partnership is ‘Critical’ to Cybersecurity