The Potential of Public Private Partnerships to Secure Critical Industries
Author: Anshul Srivastav, Global CIO, IT and Security Leader
Public - Private Partnerships to Secure Critical Industries: Sometime at the end of May while reviewing the impact of Covid-19 on the economy and humanity at large, I came across an article in the Wall Street Journal on the stealing of coronavirus research by various hackers across the world: Hackers for hire ‘targeted hundreds of institutions’. In the Financial Times recently: ‘Honda hit by cyberattack, some production disrupted, forcing some plants to stop operation.’ These are just a couple of the headlines which are making waves in the global setup, but there are hundreds of attacks which are either not reported or don’t make it to the headlines.
As a result of the lockdown, necessitated by the outbreak of COVID-19, an estimated 2.7 billion people, which is more than four out of five workers in the global workforce, have been affected. Business leaders have been challenged to respond to the crisis quickly while realigning their workforce strategies in real-time.
The world is going through some unprecedented times, with everything around us taking a different shape and form. Covid-19 has not only surprised the world from the health aspect, but has also shaken up the economics, as well as digital adoption. With digital adoption the world is now more vulnerable to cyberattacks as the population is getting more and more digital and contactless. There were almost 100 attacks a day in GCC alone from April 2020 to May 2020. Bank heists are increasing with a 250% increase of cyberattacks on banks in just 2 months during the pandemic and all the while the dark cyberworld is highly active and creating uncertainty.
The evolution of a few of industries, like ecommerce, digital/contactless payments, logistics both during and post Covid-19 has been and may well continue to be phenomenal. Some countries have recorded more than 200% growth in ecommerce and digital payments. With tracing apps and contactless everything - even biometric data - is at risk.
Every day we see incidents of phishing, brand abuse, malware, ransomware, scams and other forms of fraud. The capabilities of cybercriminals are evolving, leading to more complex security vulnerabilities. With more ecommerce transactions and remote work risks, exposure is more likely now than ever. Governments and organizations require better cybersecurity frameworks in managing and combating the growth and increase in attempts. More threat intelligence is required.
Cybersecurity is now more a political and governmental issue to protect itself from various forms of cyberattacks than anything else. With lockdowns, it led to opening everything digital without an impact assessment of the exposure a government and its respective citizens are sitting on, which in turn led it to develop a framework and architecture to map the new world with cybersecurity and information security. That new world will surely be more digital and more exposed and prone to access by unauthorized incumbents.
More Edge security, Digital Risk Management, Governance managed through threat intelligence will take shape. Digital Ids will take a different shape, for anything and everything.
More Public Private Partnerships would be required than in the past. More policies and secured frameworks would have to be rolled out for close collaboration between public and private enterprise / setups. A framework needs to be defined and subsequently adhered to, in order to achieve some results which can remain relevant at any crisis or any point of time.
Public - Private Partnerships to Secure Critical Industries - The framework
The framework below would apply to any country or region - it’s all about how they partner and tackle the Covid-19 crisis as well as the cyber and data world. Normally, countries would fall into one of four categories but can transition or transform from one category to another or have attributes overlapping into another category. Ideally HPHP would be the target every country or the region should get into.
LPLP (Low Private and Low Public)
This setup going forward would be a very weak and costly partnership. Both government/public and private organizations would be working in isolation and siloed decisions would be a norm. This is no different to the pre Covid-19 era. Typically, countries which have weak practices secure those practices and are not interested in adopting more secure practices in partnership with private players in the market. These kinds of countries would pay less attention and would be more prone to attacks and normally, the cost of doing business with security would be greater.
Huge investments in secure technologies would be required to stay protected and safe from any kind of compromise and attacks. Globally, many countries were in this state during the pre Covid-19 period. But post pandemic they have to realize a lot of services, both government and private would be moved to digital and with digital there is always an additional cost of security and breach protection.
The recommendation would be to immediately start working with everyone in the ecosystem and progress in strong partnerships between the state and all players in the ecosystem. Moving faster would help in combating high risk ecosystems, taking charge of the post Covid-19 era as gradually everything would be digitized and controlled, as would the exposure.
LPHP (Low Private and High Public)
This kind of setup would be regulated and require more controls from the state, heavily restricting the private players attempt to go digital. Typically, a tightly controlled and regulated setup would delay the process of innovations and disruptions. Private players would continue to build solutions and alternatives around the regulations, like Data Residency, Encrypted Data across all organizations within the country, and Access Management regulations in many countries. Thus, security solutions would be built by both private and public players on the typical laws and regulations and nothing much innovative would happen. Lesser private participation would lead to many deadlocks and therefore lead to resistance of investment of money and time.
The recommendation would be to transform and allow more private partnerships. A progressive approach is required to incubate and allow the entry of more private players to participate in digital initiatives and subsequently allow auxiliary security players to participate and support public players to give them an insurance that initiatives are going to help them in the future. Private investment should be policy and help big players in information security to establish a base and create a strong partnership with public enterprises and manage the balance of the entire ecosystem of cyber threats.
HPLP (High Private and Low Public)
This setup is the opposite of LPHP, which is flexible on government side in terms of opening the ecosystem for private players but the public players’ involvement is much less. This leads to a lot of effort and investment from private players but lesser involvement from public enterprise, which creates a lot of imbalance. So private players either build solutions for the public players or solve problems of security in the country for some specific issues/problems and expand good bases elsewhere.
Demography as well as the size of the country can also be a reason for lesser participation of public enterprise opening up with the private. It’s a good opportunity for private players to leverage governmental policy formations and access to other countries’ developments and work closely with them. Many countries with a low population would fall in the bracket of HPLP.
Recommendations would be to work very closely with government and public enterprise setups to build security solutions and help them to leverage convergence towards greater adoption of digital technologies and helping them have confidence in protected and secure implementations. More access to global government policies and implementation within the country and supporting other governments in implementing more and better secured solutions to stay protected.
HPHP (High Private and High Public)
Ideally this setup and piece of the framework is the most sane and profound target to achieve and every country or region should target reaching and achieving it. HPHP is a synergistic and collaborative way of managing global heist in the cyber and digital world. This would help countries work together as both private and public, not just in more progressive countries but also help countries in need. Countries or regions falling under HPHP can work with global teams to solve many problems which exist, which are lethargic and costly to implement. Some of the existing deficient global generic problems include data residency and sovereignty, cryptographic identities, centralized cyber policing systems, etc. HPHP can push governments to sign data access agreements apart from the trade and other agreements they sign and create a central repository for future engagements and solutions for solving cyber and data problems in the new age digital world.
Every region or country should converge towards or push towards high Private and high Public Partnership arrangement as this creates a proactive ecosystem to solve the digital problems and issues more proactively. This is the most progressive block for the world in times of crisis like Covid-19. Governments or regions with their respective private players should invest heavily in this block of the framework to weed out inefficiencies and costs of maintaining and managing the security world.
With more connected setups like smart homes, smart cities, smart devices, more exposure would lead to more proactive approaches.
Moving Beyond Covid-19 onto a better and safer tomorrow with strong and powerful Public Private Partnerships
Cybersecurity moving forward would need and require an understanding and knowledge of the emerging landscape and the cyber risks. Cyber security strategies have to be redefined and recreated in the new world with stronger and more powerful partnerships.
We need real time prevention as we connect more, and more digital red carpet is laid out. Real time prevention gives a proactive measure, putting us in a better position to defend anything.
HPHP would help in securing everything - the new world will push you to continuously monitor and check security levels across ecosystems from a macro level to endpoints, and consolidate and asses security investment as more engaging Public and Private Partnership will help in answering the right kind of questions in terms of the right solutions implemented and the right investments. More Artificial intelligent based threat intelligence would pilot this aircraft.
Thus a strong Public Private Partnership would be a more profound way of moving towards a new normal.
Follow Us
The Potential of Public Private Partnerships to Secure Critical Industries
