CybersecurityDeterring cyberattacks requires building a public-private partnership

Published 27 August 2014

Cyberattacks loom as an increasingly dire threat to privacy, national security, and the global economy, and the best way to blunt their impact may be a public-private partnership between government and business, researchers say. The time to act is now, however, rather than in the wake of a crisis, says an expert in law and technology. The expert says that an information-sharing framework is necessary to combat cybersecurity threats.

Cyberattacks loom as an increasingly dire threat to privacy, national security, and the global economy, and the best way to blunt their impact may be a public-private partnership between government and business, researchers say. The time to act is now, however, rather than in the wake of a crisis, says a University of Illinois expert in law and technology.

According to a study by Jay Kesan, the H. Ross and Helen Workman Research Scholar at the College of Law, an information-sharing framework is necessary to combat cybersecurity threats.

“Cybersecurity is a big deal, and the protection of critical network infrastructure is a matter of national security,” said Kesan, who directs the Program in Intellectual Property and Technology Law at Illinois. “If nothing else, cyberattacks are very expensive, costing the global economy almost a half-trillion dollars per year, according to some estimates. For either of those reasons alone it should be given more attention.”

Meaningfully improving cybersecurity and ensuring the resilience of systems will require cooperation between members of the private sector and the government, according to the paper.

A U. of I. release reports that to that end, Kesan and co-author Carol M. Hayes, a research associate with U. of I. College of Law, propose a framework for the sharing of information about threats and solutions that they believe reconciles the competing concerns of privacy and cybersecurity, Kesan said.

“Privacy and cybersecurity are not mutually exclusive, but balancing the two interests may require cooperation and the occasional compromise,” Kesan said. “We believe that cybersecurity can be enhanced without creating an Orwellian, Big Brother world, and encourage the development of what we call a ‘Circle of Trust’ that brings the public and private sectors together to resolve cybersecurity threats more effectively.”

The goal is to foster trust between the private and public sectors, he said.

“When the public sector shares information with the private sector, that encourages the private sector to trust the public sector, and vice versa,” Kesan said. “Our proposed framework advances this notion of trust even further by allowing both sides to preserve a degree of secrecy — for example, government secrecy for classified military activities and geopolitical information, and private-market secrecy for consumer information, including information about consumers’ online activities. It functions to assure participants that overreach by either side will be limited.”