Security company FireEye provides another example highlighting the private sector’s speed during a breach of its networks. On December 8, 2020, FireEye publicly announced it was the victim of a nation-state cyberattack. The attackers stole three hundred of the company’s tools used to find weaknesses in security systems. FireEye immediately released the countermeasures for their tools to the public. Thus, preventing further victimization and significantly reducing the risk to its customers and the broader global community.
Microsoft and FireEye brought speed, transparency, and decisive actions to bear, helping both the public and private sectors. The companies utilized their unique positions as global leaders to access the broadest audience to mitigate the risks. These examples highlight the private sector’s power, as the public sector lacked access, knowledge, reach, and operational mobility to assume the leadership role. In these cases, without the private sector taking the led, the losses stemming from these incidents would continue to mount.
The role of the private sector in protecting the homeland remains hotly debated. Opponents claim that increasing the private sector’s role in national cyber defense will interfere with diplomatic and political initiatives causing instability. The detractors often cite that the private sector could derail negotiations and cause an escalation that ultimately leads to war. That said, it is more likely that the United States would assume a stronger political and diplomatic bargaining position through a more robust national cyber defense. Further, the private sector’s elevation would increase transparency between the government and its constituents, increasing public trust. A united front sends a strong message to adversaries seeking to take advantage of the disjointed interactions that define the current responses.
It is time to build a strategy of shared cyber command and control, one that unleashes the private sector’s resources and innovation as an equal partner in the command and control of the national cyber defense. Current public-private partnerships fail to adequately account for cyberspace’s new realities, resulting in systemic losses in the national competitive advantage. The recent breach of SolarWinds highlights the power of the private sector in helping to secure cyberspace. Indeed, SolarWinds have ushered in the winds of change.
It is time for the reformation of the public-private partnership. The current cyber crisis demands that we turn away from the past, embrace the present, and build the future by establishing a joint cyber command of public-private leadership. As such, this article is a “call to arms.” By breaking free from the traditional model that has been left behind by technology and leveraging the private sector’s power through a command leadership role in national cyber defense, the United States can improve its defensive posture and inflict a cost on its adversaries. In the end, the business of national cyber defense must include the businesses and its leadership.
Al Lewis is a doctoral candidate in Strategic Intelligence in the School of Security and Global Studies at the American Military University. He oversees the Cybersecurity Operations Center of Boeing. Before that, he served as a Special Agent in the Secret Service.