Public-private partnership a challenge for cybercrime centers

Public-private partnership a challenge for cybercrime centers

Summary: There may be conflicts in partnership between both sectors preventing its success, including factors related to bureaucracy, regulations, data privacy and leakage of classified information.

SHARE:

Cybercrime centers are too focused on protecting government systems, and within it, public-private collaboration pose challenges when it comes to the fear of information leakage during the sharing of data and the private sector's worries that the government may penalize them.

According to Ngair Teow-Hin, CEO of SecureAge, many cybercrime centers are structured to focus on protecting government systems and critical infrastructure. As such, they tend to leave out the private sector, and subsequently, they cannot benefit from such government efforts and their computer systems remain vulnerable to cyberattacks, he explained.

handshake
Cybercrime centers focus too much on protecting public sector. Both public and private sectors also face issues with information sharing.

His comments follow reports last month that 95 percent of Australia's Cyber Security Center's staff will be from the country's Defense Department. The move has drawn criticism the center will duplicate functions of the country's Department of Defense's own Cybersecurity Center and did not give the private sector a say.

Paul Black, managing principal for Verizon's Risk Team agreed, adding another key challenge is the information sharing between public and private organization. The public sector is hindered by regulatory factors and bureaucracy, while the private sector holds back sharing because of competition and intellectual property (IP), Black explained.

Both sides are also worried that information shared outside their respective organizations may be disclosed to unauthorized parties, he added.

Similarly, Japan's National Police Agency (NPA) too, admitted last month it faced difficulties working with private sector employees to leverage their skills for cybercrime investigations, over concerns that classified information may be leaked.

Additionally, private sectors are also hesitant to collaborate with public sector organizations as there is a fear that opening up to the government may open an opportunity for them to find ways to penalize the private sector's activities or policies, Black added.

Cybersecurity is not a responsibility limited to either the public or private sector but a shared responsibility that has a significant impact on national IT systems and private organizations, the Verizon executive noted.

"Both sides must recognize safeguarding national systems, critical infrastructure, IP can be significantly improved only when both parties combine their resources and intelligence together," he said.

Need for diverse skills, policies and laws to protect information

Cybercrime centers need to include people who truly understand cybercrime activities and technologies used in such a center, Ngair advised.

Many security professionals may be good in traditional methods of protections but cannot keep up with the latest threats and do not understand how cybercriminals' evolving tactics, he pointed out. Such professionals may be able to prevent a "garden variety of threats" but not advanced ones, Ngair warned.

This is why a cybercrime center needs capable cybersecurity professionals, especially people who understand the intrinsic weaknesses in computer systems, the SecureAge CEO said.

Black added staff of a cybercrime center should have a diverse range of skills, ranging from technical intelligence, research, attorneys, developers, software engineers, data analytics professionals, legal compliance officers and criminal investigators.

A transparent and collaborative approach toward information sharing, with right policies should be established to enhance collaboration within a cybercrime center, he added. Proper legal frameworks and work flows need to be established to protect both parties, he explained.

Governments can set up a separate group of experts who do not deal with classified systems so that the group can share the information and knowledge freely with the private industry, Ngair suggested. "This way, the private industry can benefit from the shared information and wisdoms to protect themselves against cybercriminals," he said.

Topics: Security, Data Management, Government

Ellyne Phneah

About Ellyne Phneah

Elly grew up on the adrenaline of crime fiction and it spurred her interest in cybercrime, privacy and the terror on the dark side of IT. At ZDNet Asia, she has made it her mission to warn readers of upcoming security threats, while also covering other tech issues.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

1 comment
Log in or register to join the discussion
  • Public-Private partnerships don't work here

    At least as far as the U.S. goes. Many billions have been invested into cyber-security partnerships of this sort and as far as the general public and the vast number of businesses are concerned, there is literally nothing to show for it. I would give examples, but my last post was flagged for offensive words and have no idea what they were, so.... But anyone interested can Google serach terms like "DHS private partnership" and then see if any of the many search results actually link to anything substantial that was accomplished.
    JustCallMeBC