Private-Public Partnerships in Cybersecurity: Cornerstone of Cybersecurity Strategies Worldwide.

The United Kingdom is in the process of finalizing of the national cybersecurity strategy for 2016-2021, following the success of the strategy for the previous five year period, 2011-2016. One of the cornerstones of the new strategy is a deeper reliance on private-public partnerships, defining more efficient mechanisms for collaboration of industry, government, and academia.
Industry engagement in cybersecurity is important on many levels: in many countries, most of the critical infrastructure is privately operated. Moreover, industry has been in the forefront of the pioneering technology development in security and privacy as well as the creation of ever new use cases that can only work with strong cybersecurity and privacy defenses.
The focus on private-public partnerships in improving cybersecurity is not unique to the United Kingdom. In the past ten years, many nations, e.g., Canada, Australia, South Africa, Finland, France, Japan, India, the Netherlands, and many other, released cybersecurity strategies, with private-public partnership (PPP) as a crucial component.
The level of detail and the general framework for private-public collaboration varies in different national cybersecurity strategies as nations take different approaches to defining the nature and key objectives of the PPPs. The national cybersecurity strategy in France released in 2011 calls for the establishment of a PPP to assist in threat detection and other areas without specifying exact characteristics of such a partnership. In Germany, the cybersecurity strategy elected to use a more concrete approach to the partnership mechanism, putting forward a recommendation for the National Cybersecurity Council, with a clear charter. Other PPPs in the area of cybersecurity are already active in Germany, including UP KRITIS and Alliance for Cybersecurity. Japan that, like Germany, has a mature private-public partnership space in cybersecurity, used the national cybersecurity strategy to describe the sector-based approach to PPPs, in order to ensure that new threats are not overlooked and the strategic cybersecurity solutions are developed by experts. The National Cybersecurity Policy in India developed in 2013 considers private-public partnership as a key strategy, and outlines various areas of emphasis, including the creation of a think tank to address complex issues. In India, the national CERT has an active role in fostering collaboration between the Indian government and the private sector. The National Cybersecurity Policy Framework in South Africa stresses the importance of PPPs in cybersecurity and directs them to address both national and international problems.
This informal and incomplete analysis illustrates both the importance of PPPs for the success of cybersecurity strategies worldwide and the diversity of mechanisms used to build successful private public partnerships. Although PPPs established in conjunction with national cybersecurity strategies are still at definitional stages in many regions, the countries where the partnerships are advanced, as is the case in the UK, illustrate the evolution of PPP models towards greater efficiency, agility, and collaboration.
Furthermore, the crucial role of private-public partnerships in cybersecurity in the majority of national cybersecurity strategies may be a precursor of the greater international collaboration achieved through this mechanism.

Comments are closed.