Professional Documents
Culture Documents
Wolfgang Kehr-Kiester
ENC 2135
october 7, 2021
Cyber Security: How to bridge the gap between public and private partnerships 2
As with many things in life there will be a gap between public and private organizations.
Just like everything else there is also a gap when it comes to cyber security. While the public
organizations are usually law enforcement agencies and private ones are big corporations there is
a gap in how they work together. Cyber Criminologists or cyber security specialists that work for
private companies or private contractors want to keep their clients' secrets safe as well as their
companies secrets. Since these private cyber security specialists want to protect their clients they
are not always willing to work with law enforcement in giving up information that may be
needed. This can cause cyber crimes to go unsolved leading to more crimes or to more hacks of
critical infrastructure which can lead to a shut down or the United States getting attacked again .
With that being said, there are many different ways to bridge the gap between the public and
private sector that include having the two sectors work together protecting critical infrastructure
and establishing trust between the two as well as teaching cyber safety at a young age.
To start off, what is the difference between the public and the private sectors of cyber
security. The public sector of cyber security would be the government and law enforcement
agencies such as the FBI or CIA. While the private sector can be a cyber criminologist that is a
private contractor for different jobs or somebody who works for a particular company, for
example a cyber security specialist that works for a big accounting firm. The reason to close the
gap is because these specialists could hold secrets to nationally secure information and not even
know it when or if they get hacked. If the gap is closed, law enforcement or the public sector and
the private sector would be able to work together to not only keep the particular company safe
but also keep classified information safe from the wrong hands. Generally speaking the private
sector of cyber criminologists or cyber security specialists hold valuable information that could
provide law enforcement or the public sector with key information and data to build
Cyber Security: How to bridge the gap between public and private partnerships 3
investigations and help bring down criminal organizations. With that being said there is no set
agreement between the public and private sectors which causes a gap in what information is
provided and what information could be provided. In the private sector cyber security is more
based on protecting financials and personal reputation and the public sector's main goal of cyber
security is to protect the public, which is mainly how the government sees cyber security. This
causes a gap because the government is expecting the private sector to also look out for the
common good, but that is not the case. While their jobs may be similar they focus on different
aspects of security even though they may be working on similar or even the same tasks.
Neither government, nor the private sector can defend the nation alone. It's going to have
to be a shared mission-government and industry working hand in hand, as partners, said Barack
Obama at a 2015 cybersecurity conference. How can we do that though, it will take work from
both sectors as they will both have to make some sacrifices for the better of both of them.
According to (Eichensehr) the cyber security private sector investigates networks of malware
infected computers that are used by criminals for financial gain, obtain judicial orders to seize
these networks and work with internet providers to eliminate malware on individuals computers.
While the public sector is known to purchase software vulnerabilities off of the black market and
keep these vulnerabilities undisclosed from software makers that could fix the problems. While
in some private sectors a cyber security specialist will have some government like roles if they
are a private contractor that is still not what is needed to close the gap between the two. The
current approach is both sectors working in harmony to keep their respective companies safe and
their country, but with this there has to be enhanced dialogue between both the public and private
sectors which have largely been unsuccessful due to lack of trust, conflicts of interest and
government laws that have to do with secrecy (Shore). While this seems like it could work I
Cyber Security: How to bridge the gap between public and private partnerships 4
believe that it never can, because the private sector workers can never fully trust the public sector
because they will always be keeping secrets that they believe will protect the nation while
expecting the private sector to give them as much information as they can.
Some people believe that it is more than the public and private sectors that can help
protect the cyberspace and help close the gap between the two sectors. Harknett believes that
normal citizens also play a role by protecting themselves from cyber attacks by being safe on the
web, meaning not putting information that can get stolen from them online, not sharing their
passwords, and making sure their computer is protected against a virus. He believes that this is a
civic responsibility to not only protect themselves but to also protect the nation. This is where the
public and private sectors have a mutual interest, they both want to make sure citizens are being
safe with their computers and on the web because if not it could end up falling back on them in
some type of way. Harknett also says that he believes web safety should be mandatory in K-12
and I agree with that. I believe that this is a way to close the gap between the two sectors. While
this is not an immediate solution it can be years from now because if all children grow up
knowing how to protect themselves online and their information the cyber security specialists in
that time won’t have as much work to do and then the sectors would be able to form some type
Another way to close this gap is for the public sectors to make stronger relationships with
internet service providers, informational companies such as google or yahoo, and private cyber
security firms. If the public sectors or the government can build on the relationships they already
have with these providers, companies or firms they would be able to work hand in hand to not
only make the companies more secure but to also help protect our nation. Adaminski believes
that the public and private sectors need to be sharing information before the next big attack
Cyber Security: How to bridge the gap between public and private partnerships 5
happens because during an attack you can’t share information without the risk of it being stolen
by the attacker. Adaminski said “Cybersecurity is a team sport. Partnership is critical because no
one organization has the full picture.” She is right that the public sectors cannot do it by
themselves just like the private sectors can’t either, while they might be separate they still have
to work together not only for themselves but for everybody else too. When Adaminski said that
information sharing has to be done now instead of during a time of crisis really stood out because
if information is being shared between the sectors that is closing the gap that they currently have
and possibly making the cyberweb a safer space not only now but for future generations to come.
Also with information being shared now and not in a time of crisis it leads to more and more
information being shared throughout the years bringing the sectors closer together while they are
still doing their own thing for their respective companies or agencies.
According to Brooks more than 85% of the critical infrastructure is owned by private
sectors and maintained by the public sectors. This means that they have to work together in those
aspects, therefore, closing the gap between these two sectors. Since not one side can fully handle
the critical infrastructure they do work together on that but that does not mean all the information
is shared like it should be. Brooks goes on to say no matter who the critical infrastructure
security team is, that both the private and public sectors need to be involved in it and formulate a
plan incase of an attack and be ready for one by having a comprehensive and adaptive strategy.
The more the public and private sectors work together the smaller the gap will get.The closer
they are the less chance there is for somebody to miss a step and make a whole network
planning, newer technology and resources that need to be provided from both parties to make
sure everything runs as smooth as possible. Overall, working together is important for both the
Cyber Security: How to bridge the gap between public and private partnerships 6
private and public sectors and that gap between them needs to be closed so they can work closer
together. This gap can be closed by making them work together now while also teaching the
K-12 students about cyberspace and cyberspace safety. Leading to the sectors working hand in
hand in the future to not only protect themselves but to protect the greater good from attacks. Not
only do many people believe this but the former director of the NSA hailed the importance of the
public and private sector partnership because “collaboration is critical given growing threats to
everyone from cyberspace.” Since collaboration is critical the sectors need to learn how to work
through and with each other to make sure that they can both keep all of their information safe.
With these two sectors working together in the critical infrastructure area of cyber
security some people believe that this can cause a breach in national security because of
communication between the respective cyber criminologists or cyber security specialists working
together. Other things have also been brought up that somebody working for the public sector
could also be there to steal information, while this is possible it is unlikely because these
specialists go through extensive background checks and also may have high security clearances
meaning that they are trusted by the government. The public and private sectors need to embrace
the flaws in their relationship because if they can embrace the flaws in it, they can see what is
wrong and fix what they are doing wrong to make everything run smoother. Some of these flaws
are that the critical infrastructure is owned by private sectors but also want help from the public
to keep the infrastructure safe from attacks, but with this if there is an attack who can you blame
because neither party wants to accept the blame. If they were to embrace this they would be able
to come up with a solution that would let them work effortlessly together.
Overall, there are many ways for the gap between the public and private sectors to be
closed or slimmed down. Some of those ways include teaching children cyber safety from a
Cyber Security: How to bridge the gap between public and private partnerships 7
young age throughout their schooling career, leading to them knowing how to protect themselves
and others. Public sectors can also form closer bonds with providers or companies that have
private cyber security to close the gap, because if a company has the government on their side
instead of just coming at them for information they may be more willing to share knowing they
could get something out of it. Another way to seal the gap is for the two sectors to form a closer
relationship based off of the critical infrastructure that they work on together because currently
there are many flaws in their relationship that is based off of them not trusting each other which
in my opinion does not make sense since they are working towards the same goal.
Cyber Security: How to bridge the gap between public and private partnerships 8
Works Cited
Harknett, R. J., & Stever, J. A. (2009). The Cybersecurity Triad: Government, Private
Sector Partners, And The Engaged Cybersecurity Citizen. Journal Of Homeland
Security And Emergency Management, 6(1), 79–.
Https://Doi.org/10.2202/1547-7355.1649