A fascinating article in the San Jose Mercury News discusses the recent expansion of public-private partnerships in the growing effort to combat cyber threats from criminals and foreign governments. These partnerships occur through formal agreements between major corporations and government-backed organizations, such as law enforcement, the military or research institutions. The agreements usually involve sharing of intelligence between the government and corporate representatives, as well as participation in threat reporting programs and security exercises. In some cases, the partnerships relate directly to research and development regarding ways to mitigate security threats.
One example of a public-private partnership discussed in the article is the Network Security Innovation Center (NSIC), a component of Lawrence Livermore National Laboratory that works directly with a number of companies to investigate cyber threats. The NSIC is described as a an “industry-driven network security initiative” that includes Adobe, Cisco, eBay, Intel, McAfee, PayPal, Qualcomm, Seagate among its corporate partners. Some of the same firms, along with Hewlett-Packard, Juniper Networks, Symantec and VMware, reportedly help military and intelligence agencies with similar issues at a Maryland-based lab owned by Lockheed Martin.
These partnerships are considered to be of such importance to the government’s cybersecurity efforts that Secretary of Homeland Security Janet Napolitano will be personally speaking on Monday to companies in Silicon Valley about the need for their involvement. This year’s upcoming National Level Exercise will focus on cybersecurity threats to critical infrastructure and many corporations are expected to participate in the exercise. FEMA has even produced a guide to encourage private-sector participation. The Cybersecurity Intelligence Sharing and Protection Act (CISPA), which is currently working its way through the House, widely expands the capabilities for sharing classified information in public-private partnerships between government agencies and major corporations. Though the NSA has reportedly been sharing threat information with banks and other private companies for some time, CISPA enables companies to have immunity for providing information to the government and allows for greater sharing of potentially personally-identifiable information than is possible in traditional public-private partnerships.