A Relationship on the Rocks: Industry-Government Partnership for Cyber Defense

Abstract

Cyber security is a complex issue that requires a smart, balanced approach to public-private partnership. However, there is not a simple gold standard or mandatory minimum standard of cyber security, which can cause friction in the relationship between government and private industry. There are fundamental differences in these two unevenly yoked partners: government's fundamental role under the U.S. Constitution is to provide for the common defense; industry's role, backed by nearly a hundred years of case law, is to maximize shareholder value. Further differences are that government partners and industry players often assess risk differently, based on their differing missions and objectives. To be successful, both government and industry need to remain committed to the relationship and continue working on it by understanding the complexity of the situation, adapting where appropriate to their partner's perspective. For the public-private partnership to endure and grow, an appreciation of these differing perspectives—born from different legally mandated responsibilities—must be reached. Ultimately, the government should compensate private entities for making investments that align with the government's perspective, such as the social contract, rather than mandating that the shareholders subsidize the government function of providing for the common defense. This article is available in Journal of Strategic Security: http://scholarcommons.usf.edu/jss/vol4/iss2/7 Journal of Strategic Security Volume IV Issue 2 2011, pp. 97-112 DOI: 10.5038/1944-0472.4.2.6 Journal of Strategic Security (c) 2011 ISSN: 1944-0464 eISSN: 1944-0472 97 A Relationship on the Rocks: Industry-Government Partnership for Cyber Defense Larry Clinton Internet Security Alliance Washington, D.C., USA lclinton@isalliance.org