Government and Private Industry: Partners in Cybersecurity

Recently I had the pleasure of participating in Stanford University’s inaugural Cybersecurity Boot Camp. Attendees included two dozen senior congressional staffers, Silicon Valley business leaders and members of academia. We gathered to further the discussion on cybersecurity threats facing the United States and to arm our congressional colleagues with perspectives important for legislation to better protect our networks and infrastructure.

Raj Shah moderates a panel discussion at Stanford’s Cybersecurity Boot Camp, while Ellen Richey, executive vice president and chief risk officer at Visa, looks on. Photo by Ron Searcey

I moderated a panel discussion that covered a variety of issues related to cybersecurity and featured panelists with a wealth of information to share, including:

• Ellen Richey, executive vice president and chief enterprise risk officer at Visa
• Scott Charney, corporate vice president for Trustworthy Computing at Microsoft
• Melody Hildebrant, global head of cybersecurity at Palantir
• David Liddle, venture partner at U.S. Venture Partners

Some of the key takeaways from the discussion included:

• The fallout from the Snowden affair made some companies wary of working closely with the U.S. government out of fear it could alienate foreign customers and impact their international lines of business.
• Security companies don’t see the world in terms of nation states; they see customers. And the best policy when working with customers is mutual trust, transparency and a respect of privacy.
• While relations between government, law enforcement and private industry are improving, fellow companies are often still the best resources for threat intelligence. The financial sector in particular was cited as having strong, though in some cases informal, mechanisms in place for sharing valuable intel on APT and malware.
• While China is viewed as a significant threat to private sector intellectual property, the opportunity of the Chinese market is too large for companies to ignore. In some ways, dealing with cybersecurity threats from China has become just another cost of doing business.
• Private industry should remember that the U.S. government has to make some very difficult decisions when it comes to investigating (and sometimes prosecuting) nation states involved in cyberattacks. The State Department is often times trying to build stronger political and economic influence with these countries, and these efforts can be severely compromised by U.S. actions against cyberattackers.

While there are significant challenges that need to be addressed in order for U.S. businesses and government agencies to improve the country’s cybersecurity posture, it was exciting to see these business and government decision makers come together and listen to each another. The desire to work together was palpable and I look forward to attending future cybersecurity boot camps.

I had an opportunity to give a quick summary of why this event was so important, which you can see here.

Many thanks to Stanford's Center for International Security and Cooperation and the Hoover Institution for organizing the event.