HYBRID COE - COUNTERING HYBRID THREATS: ROLE OF PRIVATE SECTOR INCREASINGLY IMPORTANT. SHARED RESPONSIBILITY NEEDED
←
→
Page content transcription
If your browser does not render page correctly, please read the page content below
Strategic Analysis March 2018
Countering Hybrid Threats:
Role of Private Sector
Increasingly Important.
Shared Responsibility Needed
JARNO LIMNÉLL
Hybrid CoEStrategic Analysis March 2018
Countering Hybrid Threats:
Role of Private Sector
Increasingly Important.
Shared Responsibility Needed
Cooperation between industry and governmental agencies on joint
security initiatives can leverage the unique yet complementary
strengths of both sectors, writes Jarno Limnéll, Professor of
Cybersecurity at Aalto University, Finland, and Adjunct
Professor at the University of Jyväskylä, the Finnish National
Defence University, and Tampere University of Technology.
It is often overlooked in security anal- from working together. Cooperation
yses that the private sector has an between industry and governmental
essential role to play in striving for agencies on joint security initiatives can
security. In many Western countries, leverage the unique yet complementary
80–90% of all critical infrastructure strength of both sectors.
is owned and operated by the private
sector. The first line of defence often In the age of hybrid threats, cooperation
resides outside of the government between the public and the private sec-
and lands squarely on the shoulders tors is increasingly important. “Whole
of private industry. It is important of government”, “whole of nation”, and
to protect critical infrastructures “comprehensive security” are all princi-
(e.g. energy supply chains, transport, ples that are heard in speeches or read
public health), since an unconvention- in national strategies to an increasingly
al attack by perpetrators of hybrid extent today when nation-states are
threats against any “soft target” could preparing for hybrid threats. In short,
lead to serious economic or societal cooperation has been understood as a
disruption. Particularly when securing matter of paramount importance. The
a nation´s critical infrastructure and demand for inter-agency collaboration
developing its resilience, shared re- has grown when facing security chal-
sponsibility between the public and the lenges, and has been identified as a ne-
private sectors is a necessity. This must cessity in order to achieve an adequate
take into account the fact that the pub- level of national security for the nation.
lic and private sectors alike can benefit However, cooperation between public
The demand for inter-agency collaboration has grown
when facing security challenges, and has been identified
as a necessity in order to achieve an adequate level of
national security for the nation.
2 Strategic Analysis March 2018agencies is not enough – it should be between the public and private sectors
supplemented by cooperation between is necessary in order to combat growing
the government, the private sector cyber-crimes, attacks and other cyber
and civil society. In fact, collaborative threats in contemporary society. In the
thinking should extend even further EU´s updated Cybersecurity Strategy,
today, especially when preparing for cooperation with the private sector
threats that are not confined to national is fundamental for public authorities.
boundaries. A “Like-minded nations” Given the shared responsibilities of the
with “like-minded global companies” state, industry and society will only be
cooperative approach is a prerequi- successful if all players act as partners.
site when countering modern hybrid The digital world consists of private-
threats. ly-owned infrastructure for the most
part. Western national cybersecurity
It is now essential to adopt a broader strategies categorize cybersecurity as
and deeper understanding of private a “shared responsibility” with a direct
sector security involvement. There or indirect emphasis on the concept
are numerous examples of the ways in of public-private partnerships, and a
which the private sector has become strategic focus on the promotion of
deeply involved in providing security the cybersecurity industry.
against diverse, complex and often
transnational security risks. They are On a national basis, public-private
not only protecting the vital functions partnerships focus on protecting critical
of society, private companies are infrastructure, serving as a strategic
also taking care of border security signal for preparedness in national se-
and emergency preparedness, for curity, as well as generating a competi-
example. The armed forces have also tive advantage in economic terms. If one
become increasingly dependent on in- wants to be a credible actor in cyber-
frastructure and assets in the private security, a strong cybersecurity private
sector. The trend in Western countries sector is needed. One example is the
is for private companies to take on even contractual Public-Private Partnership
greater responsibilities task-wise, which (cPPP) on cybersecurity between the
was previously the remit of the public European Commission and the Europe-
sector. The role of the private sector in an Cybersecurity Organization (ECSO),
national security is duly increasing as a introduced in 2016. Its main objective
result. On the other hand, careful con- is to promote the status of the Europe-
sideration should be given to those areas an Union as an independent security
of national security and vital societal actor by “building a strong, resilient and
functions that would be considered “off globally competitive European cyber-
limits” for privatization. security industry with a strong Europe-
an-based offering”.
Cybersecurity can be described as a
model example of the need for pub- In cybersecurity, developing partner-
lic-private cooperation. Collaboration ships between government authorities
Cybersecurity can be described as a model
example of the need for public-private cooperation.
3 Strategic Analysis March 2018and infrastructure owners and opera- It can be predicted that private sec-
tors is a way to help ensure the stability tor companies, the owners of critical
and availability of critical information infrastructure, are going to be targeted
and communication technologies. more frequently and to fall victim to
more sophisticated cyber attacks in the
Partnership helps the government coming years. When it comes to hybrid
disseminate vital information about influencing, private companies may be
vulnerabilities and security threats, the main targets. This raises an import-
coordinate incident management, and ant question about the responsibility
understand the resilience of critical in- governments have to support private
frastructure. The same partnership can companies in both political and practical
help industry become aware of cyber ways. Companies need to be support-
threats and vulnerabilities to which it ed, particularly if they are facing ad-
would not normally have access, and im- versaries (nation-state or non-state
prove industry’s ability to manage risk. actors) who use sophisticated attack
This must be seen as a win-win situation. techniques.
It has been predicted that humankind might
change more in the next three decades than it has
in the past three centuries – because of technology.
Countering cyber threats is common The pace of technological advance-
ground for both the public and private ment is faster than ever at the moment.
sectors. However, the cooperation The development we are witnessing
needs to be deepened since it is a vital in different disciplines is huge and the
issue for both sectors. The public and effects of technological development
private sectors should share more on societies and people’s lives will be
information related to cyber threats, dramatic. This development also raises
vulnerabilities and consequences. The many questions, especially in relation to
sectors should also work together in the security of people and societies, as
order to strengthen trust among soci- well as to warfare and business. These
eties and to discuss contentious topics questions are not easily answered,
related to technical solutions, such as since it has been predicted that hu-
encryption, data access and cloud serv- mankind might change more in the next
ers. Another key issue entails sharing three decades than it has in the past
best practices related to cybersecurity three centuries – because of technol-
education and training of end users. The ogy. The global growth of technolog-
public and private sectors must also co- ical companies indicates that we are
operate through the fostering of tech- going through a technological revolu-
nology innovations and investments to tion that lists keywords such as digi-
meet global security challenges. Public tization, robotization, virtualization
and private sector preparedness for and artificial intelligence. In addition,
cyber-incident management should be ethical issues related to the develop-
trained through national/international ment of technology are clearly be-
cyber exercises, which test the pre- coming of greater relevance. A perti-
paredness required by cyber incidents. nent question, for instance, concerns
4 Strategic Analysis March 2018how to bring greater transparency to the today’s world. GAFA may be redefining
ever-increasing number of algorithms the very notion of governance, as well
that affect our thinking. Or what kind of as the concepts of political, societal and
ethical rules should govern the way that even geographical organizations and
self-driving cars are programmed? structures.
As technological advancements are becoming more influential and the
role of private companies is increasing in both world politics and security,
a culture of shared responsibility will enhance the strength of democratic
states and will be a powerful tool for countering hybrid threats.
In this disruptive development, the role of There has been a lot of discussion lately
the private sector is both increasing and about misinformation, which has been
increasingly more powerful. This shifts rife in social media. Private companies
the balance between governments and own the social media platforms, which
the private sector. In the field of technolo- people are using ever more frequently.
gy – probably – the most powerful actors As social media has become more effec-
before too long will not be nation-states tive, demands to limit the prevalence and
but private sector technology companies. potential disruptiveness of online mis-
Much of the enabling technology for the information have intensified. Currently,
fourth industrial revolution is originated, amid increasing pressure from govern-
developed and exchanged in the private ments and users, technology companies
sector, where research and development have also been taking steps to reduce the
budgets far exceed those of many indus- financial incentives for the creators of
trialized countries. Technological break- fake news and to enhance the transpar-
throughs will most probably happen ency of material on their platforms. This
in these innovative companies, which is a good example of how shared respon-
usually have the brightest employees sibility is being created in the techno-
and latest technologies. logical environment and preserving the
strengths of democracy – one step at a
For example, GAFA is an acronym for time.
Google, Apple, Facebook, and Amazon,
which are the four most powerful Amer- As technological advancements are
ican technology giants. The market value becoming more influential and the role of
of these four companies was estimated private companies is increasing in both
at USD 2,398 billion in 2017. For this set world politics and security, a culture
of private, non-state actors such finan- of shared responsibility will enhance
cial power and market influence would the strength of democratic states and
be enough to impress in itself. There are will be a powerful tool for countering
many other giant technology companies hybrid threats.
too. The way private sector companies
collect and analyse data, create algo- There are three key starting points for
rithms that are more sophisticated, creating this culture of shared respon-
develop disruptive technology and sibility. Firstly, the technology compa-
build their own global undersea inter- nies should be invited to the “tables”
net cable systems, for example, already where governments are discussing
reflects their power and influence in and making decisions on security.
5 Strategic Analysis March 2018Engaging the private sector is an practical actions. Thirdly, increasing
important step. Secondly, private transparency – both in politics and
sector companies must know their in technology – is the foundation
responsibilities and demonstrate of trust, not least when it comes to
their social responsibility through security.
Author
Jarno Limnéll is Professor of Cybersecurity at Aalto University, Finland, and an
adjunct professor in three other Finnish universities. He also works for a private
company. He has been working with security issues for over 20 years, and has a
profound understanding of the global threat landscape, combined with the courage
to address the most complex issues. Professor Limnéll has published a comprehen-
sive list of works on security issues. His most recent book is entitled Are you scared?
Young people and the future of security.
6 Strategic Analysis March 2018Literature:
Carr, Madeline (2016) Public-private partnerships in national cyber-security strat-
egies, International Affairs 92:1, 43–62.
European Commission (2016) Commission signs agreement with industry on
cybersecurity and steps up efforts to tackle cyber-threats.
http://europa.eu/rapid/press-release_IP-16-2321_en.htm
Internet Society (2017) Paths to Our Digital Future.
https://future.internetsociety.org/wp-content/uploads/2017/09/2017-Inter-
net-Society-Global-Internet-Report-Paths-to-Our-Digital-Future.pdf
Morgan, Jonathon (2017) Facebook and Google need to own their role in spread-
ing misinformation – and fix it, CNN.
https://edition.cnn.com/2017/10/09/opinions/social-media-platforms-spread-
ing-disinformation-opinion-morgan/index.html
Munich Security Conference (2018) Munich Security Report 2018.
https://www.securityconference.de/en/discussion/munich-security-report/mu-
nich-security-report-2018/
Prime Minister´s Office Publications (2017) Government Report on the Future,
Part 1.
http://julkaisut.valtioneuvosto.fi/bitstream/handle/10024/80120/13c_17_tulevai-
suusselonteko_osa1_EN.pdf
Rosemont, Hugo (2016) Public-Private Security Cooperation From Cyber to
Financial Crime, RUSI.
https://rusi.org/sites/default/files/op_201608_rosemont_public-private_securi-
ty_cooperation1.pdf
Statista (2018) Google, Apple, Facebook, and Amazon (GAFA) - Statistics & Facts.
https://www.statista.com/topics/4213/google-apple-facebook-and-amazon-gafa/
Warner, Sullivan (2017) Putting Partnerships to work, strategic alliances for devel-
opment between government, the private sector and civil society, Routledge, New
York.
World Economic Forum (2018) The Global Risks Report 2018.
https://www.weforum.org/reports/the-global-risks-report-2018
The European Centre of Excellence for Countering Hybrid Threats
tel. +358 400 253800 www.hybridcoe.fi
ISBN 978-952-7282-05-2
The European Centre of Excellence for Countering Hybrid Threats (Hybrid CoE) serves as a
hub of expertise to enhance civil-military capabilities, resilience, and preparedness to counter
hybrid threats with a special focus on European security and on EU–NATO cooperation.
The responsibility for the views expressed ultimately rests with the authors.
7 Strategic Analysis March 2018Hybrid CoE
You can also read
