Cyber Risk Director Network, February 2020
“Security beyond the boundaries—it leads me to think of traditional models of security that come from the physical world: firewalls, perimeters, zero trust, the castle with a moat. But now we have the cloud, machine learning, the internet of things … All these are blurring the lines between the physical and cyber realms.” – Director
On December 11, 2019, CRDN members met in New York to discuss the ways in which cyber risk transcends traditional corporate boundaries and requires new forms of collaboration between firms, and especially between government and the private sector. Members acknowledged the challenge of managing third-party cyber risk, but the conversation continually shifted toward corporate-government interactions. Professor Steve Weber of the University of California, Berkeley, joined the discussion, as did King & Spalding partners Scott Ferber, Zack Harmon, and Phyllis Sumner, along with Bill Phelps, executive vice president at Booz Allen Hamilton.
The conversation focused on the necessity of public-private collaboration to combat cybercrime, the obstacles that hinder that collaboration, and the vital role of private sector leaders in strengthening collaborative action.
The cyber threat links political and economic security. Nation-states increasingly recognize that economic competitiveness is a cornerstone of their security. Offensive cyber capabilities permit state actors to work across national boundaries, exploiting other countries’ assets without physical appropriation. Reliance on third parties increases vulnerabilities, but the threat can also come from within.
Collaboration between government and the private sector is still embryonic. While large companies and government agencies increasingly recognize the need to share information and work jointly, issues of trust are significant, and there are legal and structural challenges to overcome. Emerging practices, such as information-sharing pilots and the issuing of temporary security clearances, have a mixed record. Nevertheless, there is consensus that collaboration is essential.
Private sector leaders feel the need to take initiative to improve the extent and quality of public/private collaboration. Directors and security experts believe that the private sector should foster better collaboration, not only changing their own approaches to working with government but also by educating public sector leaders on the needs of large companies.