These days, there is much chatter in the cybersecurity space about the need for robust "public-private partnerships." Just last month, the Department of Homeland Security in its Blueprint for a Secure Cyber Future, discussed the need for clarification in existing law to strengthen the framework for public-private cooperation. Last week, a non-profit organization announced that in January it will launch the National Critical Infrastructure Cybersecurity Education Initiative, described as "a nationally coordinated public/private collaborative partnership aimed at developing cybersecurity education programs."
My question is simple: what does public-private partnership mean anyway? Beginning in 1998 when President Clinton issued Presidential Decision Directive 63, we have seen information sharing analysis centers (ISAC) for various sectors, sector coordinating councils, and various other "partnership" organizations, both formal and informal, within and between the government and critical (and not-so-critical) sectors. Yet, each year the call for public-private partnerships get louder.
Pending bills within the Senate and House attempt to address the public-private partnership issue but it is unclear whether any of the proposals can do so effectively without addressing the existing structures and the underlying legal frameworks that potentially hinder information sharing.
The saga of the public-private partnership reminds me a lot of the Hans Christian Andersen story about tailors who promise the Emperor a new suit so fine that only those who are worthy can see it. As the Emperor pranced through town wearing this "suit," the people responded with such comments as "Oh, how splendid are the Emperor's new clothes. What a magnificent train! How well the clothes fit!" It was only when a young child spoke up, yelling "but he isn't wearing anything at all," that the Emperor and his subjects realized the truth -- there was no suit.
I worry that an effective public-private partnership on cybersecurity may be like the Emperor's suit -- non-existent -- and that, without a voice to set us straight, we may continue to admire a system that isn't possible under today's laws, regulations, and competitive environment.
Jessica Herrera-Flanigan
Jessica R. Herrera-Flanigan is a partner at the Monument Policy Group, where she focuses on the issues affecting our nation’s security, technology, commerce, and entertainment markets. Previously, she served as the Staff Director and General Counsel of the House Committee on Homeland Security. She also has served as Senior Counsel at the Computer Crime & Intellectual Property Section, Criminal Division, U.S. Department of Justice, where she led the Section’s cybercrime investigation team. She was a Member of the CSIS Commission on Cyber Security and is a Member of the ABA Standing Committee on Law & National Security. She currently serves as the Fellow for Cybersecurity at the Center for National Policy.
JOIN THE DISCUSSION