In 2019, Jonathan Reiber, former Chief Strategy Officer for Cyber Policy and speechwriter in the Office of the Secretary of Defense for Policy in the Pentagon, published “A Public, Private War: How the U.S. Government and U.S. Technology Sector Can Build Trust and Better Prepare for Conflict in the Digital Age.” The Institute for Security and Technology (then Technology for Global Security) and the Center for Long-Term Cybersecurity (CLTC) co-published the paper, which outlines how the U.S. government and private-sector companies can more broadly collaborate to prepare for a high-end cyber contingency or other significant cyberattacks on U.S. interests. Reiber writes:
At some point in the future, the United States will likely enter into escalating hostilities with a cyber-capable adversary. Public-private preparation for war is an uncomfortable but necessary process to prepare for that day or, better, help deter that day from ever arriving.Jonathan Reiber
Based on interviews with public and private sector leaders, the report details past successes of cooperation between the public and private sectors. For example, the national security community and information technology firms cooperated to close a vulnerability in computers’ Basic Input/Output System (BIOS) back in 2010. In addition, the report details how public-private trust has broken down in the past, such as following Edward Snowden’s release of classified information, and more recently through protests at Google over the company’s participation in contracts with the U.S. Department of Defense. “These stories and others should inform the government and the private sector’s approach to cybersecurity planning,” Reiber writes.
The report includes a variety of recommendations for both the federal government and private sector firms. For example, Reiber recommends that companies should develop a public affairs strategy for government cooperation on cyberdefense and update and update their terms of service to describe their policies for cyber defense operations, including “when and how the company will remove individuals’, companies’, or nation-states’ access to products.” He also suggests the U.S. federal government invest more in initiatives such as the Enduring Security Framework (ESF) that enhances public-private information sharing for cybersecurity.
Building on the inputs of our partners in industry and government, and taking cues from Jonathan’s research, the Institute for Security and Technology turned to a tried-and-true mechanism to help build and promote more public and private cooperation, specifically through Cybersecurity Table-Top Exercises (CTTXs). These are an ongoing part of our Tech Works efforts, which takes a hands-on approach to problem-solving.
The Institute for Security and Technology’s continued efforts in this space will involve establishing a baseline of ongoing discussions and best practices for building relationships between industry and policy experts, with the goal of institutionalizing knowledge and tools needed for technical operators. We are also convening industry professionals, security officials, and diplomatic members at the international level to encourage engagement between nation-states and companies. Please get in touch via [email protected] if you or your organization would be interested in participating.