The model of government as regulator and companies as regulated is not sustainable in the realm of cyber security. Instead, what’s required is the fostering of public-private partnerships (PPP).
PPPs have been effective in addressing problems associated with large physical infrastructure projects and have been extremely useful in overcoming barriers to project execution related to all types of risks, access to capital, and efficient project delivery.
These partnerships also provide a powerful means of addressing social and economic problems — education, public health, road safety and pollution — that are difficult or next to impossible for a single entity or government agency to tackle on its own. Through PPP, all parties involved — government, the private sector, academia, etc — bring their different resources to the problem.
This is the kind of public-private partnership approach we need for cyber security. Neither government nor the private sector by itself can be singularly effective enough. Bringing all parties’ resources together is the key.
In the digital world, cyber threats move faster than regulations and legislation can be implemented. This can mean laws are constantly playing catch up.
What’s more, for us to address cyber threats, it’s essential that information be shared in a timely fashion, and often in unconventional directions — such as between government and industry, between law enforcement and industry, among nations, and across both industry and government department silos.
Making this information flow and keeping it flowing is one of the most important roles that government can play in boosting cyber security. Government also must work with industry and educators to build a larger pipeline of young people into the cyber security industry.
As a coordinator, government can set up the systems and organisations to enable rapid information sharing across stakeholders, including reticent corporates. Government can also encourage other types of knowledge sharing, including best practice, and help formalise this with standards and regulations that at least provide a baseline level of security.
Public-private partnership is no panacea. But in a world where traditional lines are blurred; information is held by countless parties; and attackers and targets are a mishmash of strategic government agencies, individual consumers and lone wolf hackers, PPP is a compelling way to respond effectively.
We are already seeing evidence of this with the establishment of entities such as the Smart Dubai Office, the government entity charged with overseeing Dubai’s citywide smart transformation, engaging with leadership in the public and private sector to make Dubai a global benchmark smart city.
The passage of Dubai’s Open Data Law last year, also highlights the efforts in the public sector to organise the operation and security of digital information. The law regulates the use and sharing of “Dubai Data”, which is defined as any data related to the Emirate of Dubai and which is available to data providers. This makes this legislation a fundamental component of Dubai’s smart city ambitions with respect to the exchange of actionable information between critical entities.
We’ve built everything from power plants to hospitals with PPP. Now it’s time to use it to build perhaps our most important edifice yet, a secure cyber future.
The writer is the Founder and Chief Executive Officer of DarkMatter, an international cyber security company based in the UAE, which is empowering digitisation globally. He can be reached on Twitter handle @albannai_faisal
