Public-Private Partnerships in the Cyber Domain

Uploaded on 2015-07-24 in NEWS-Cybersecurity News, FREE TO VIEW

0.jpg

Eugene Kaspersky has played down the alleged links between Kaspersky and the Kremlin

Whether the USA and Google, China and Huawei or Russia and Kaspersky, it is clear that many technology firms are closely aligned with a particular state. States work closely with technology firms for a number of reasons. Technology firms often possess more advanced expertise, infrastructure and access given their global outreach. Yet these public-private partnerships have interesting implications going forward - both for technology firms and states.

A technology firm's clientele often reflect the foreign policy stance of their home government. For example, many of the US cyber security firms work closely with the US government and other likeminded Western states whilst unlikely to work with states that pose a threat to the US. Of course, not all technology and cyber security firms correlate so closely with their state of origin: A recent data breach of Milan-based Hacking Team shows that they have been perfectly willing to deal with a number of states with questionable human rights records, selling spyware and intelligence gathering software to government agencies in Ethiopia, Bahrain, Egypt, Kazakhstan, Morocco, Sudan Russia, Saudi Arabia, Azerbaijan and Turkey. 

As states cooperate more closely with their state of origin (and like-minded states), it will foster mistrust amongst more distant states. Even just the perception of such a relationship is enough to create mistrust. For example, Iran accused German technology firm Siemens of colluding with the US and Israel in creating the Stuxnet virus that sabotaged an Iranian nuclear centrifuge that used Siemens software. Kaspersky is another interesting example - although respected within the cyber security community, it's perceived relationship with the Kremlin alienates some in the West.
 
These relationships with a state (or at least perceptions of them) have the potential to negatively affect a firm's business. For example, suspicions over Huawei's relationship with China has meant that Australia barred the telecommunication giant from bidding on its national broadband network and a US congressional report recommended Huawei be excluded altogether from sensitive US systems.

This sense of mistrust towards cyber security and technology firms believed to be aligned with a particular state has serious implications for globalisation. The main concern is that states will become increasingly sceptical of interacting with foreign-based firms and become more inward looking, instead seeking domestic solutions. Although there is already evidence of this trend, it is a concern going forward given the benefits globalisation brings. States that refuse to deal with foreign-based firms are bad news for consumers as technology products and services become less innovative and domestic firms are rewarded despite better options being available. In many respects this trend has already begun to take shape and looks unlikely to reverse. For example, China has worked hard to create viable alternatives to Western technology firms; having established these alternatives, China is unlikely to work closely with Western technology firms regardless of their stance in the future. There has been a lot of discussion on the decentralisation of the Internet where states increasingly work in small clusters with close allies. However, perhaps politically sensitive public-private partnerships pose bigger questions for globalisation in the cyber domain.

China has established a number of equivalents to Western firms such as Baidu, a search engine used in place of Google. 
Of course, states may decide to increasingly distance themselves with specific states. Firms want to maximise sales and that involves catering to as large a market as possible. The Information and Technology Foundation estimating that the NSA revelations will cost US technology firms up to $35 billion in lost revenue.

Yet for many of these firms, the state remains a valuable client that represents significant, business and revenue. This highlights a tension that currently exists: firms are incentivised to publicly distance themselves from states yet want to retain their business. 

Perhaps one solution for technology firms that is to perform 'separation theatre' - where efforts are made to create a public perception that firms are distancing themselves from a state whilst maintaining close relations behind closed doors. This process is arguably occurring at the moment. For example, although firms such as Google and Apple have worked hard to distance themselves from the US government since the Snowden leaks, the measures implemented have arguably only a limited effect. For example, whilst Apple now encrypts devices by default, there are a number of ways intelligence agencies such as the NSA can potentially still access data.

Crucially, private sector firms are going to be faced with real ethical and foreign policy decisions in the cyber domain. The relationship a cyber security or technology firm has with particular states will have consequences for both their future clientele and globalisation more broadly. Meanwhile, with an absence of regulation in many areas of the cyber domain, firms are faced with ethical decisions regarding the states they sell their products and services to. Whilst many states are acting with restraint, other firms are acting more recklessly. Hacking Team's recently exposed clientele reveals the limitations of regulation that currently exist in this space. The UN arms embargo prevents firms selling weapons to states with questionable human rights records. However, when Hacking Team's business relationship with Sudan was questioned by the UN, Hacking Team argued that its spying tools do not count as weapons so do not fall under such an embargo.

The Internet is undeniably a vehicle for globalisation. Email, social media and e-commerce all make the world smaller than ever before. Yet, when it comes to public-private partnerships, states appear increasingly inward looking. 

Jamie Collier

Jamie Collier is a DPhil Candidate in Cyber Security at Oxford's Centre for Doctoral Training in Cyber Security.

 

« United Hackers Given a Million Free Air Miles
Finland – Prolific Hacker Arrested & Sentenced »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Booz Allen Hamilton

Booz Allen Hamilton

Booz Allen Hamilton is a management & tech consulting firm. Technology services include cloud computing, cyber security, systems development and integration.

Black Duck Software

Black Duck Software

Black Duck Hub allows organizations to manage open source code security as well as license compliance risks.

Northbridge Insurance

Northbridge Insurance

Northbridge is a leading Canadian business insurance provider. Services offered include Cyber Risk insurance.

Feedzai

Feedzai

Feedzai provide software that uses big data analysis and machine-based learning to prevent fraud in ecommerce.

SharkGate

SharkGate

SharGate provide a cloud-based website security solution to protect websites from being hacked.

Sentia

Sentia

Sentia is an IT and infrastructure firm, with focus on Outsourcing, IT operation and management, Hosting, Co-location, Network, and IT security.

Skurio

Skurio

Skurio create cost-effective, intuitive and powerful Cloud based solutions to identify threats, detect data breaches outside the network and automate the response.

ngCERT

ngCERT

ngCERT is the National Computer Emergency Response Team for Nigeria.

BELAC

BELAC

BELAC is the national accreditation body for Belgium.

SmartContractAudits.com

SmartContractAudits.com

SmartContractAudits.com is the leading platform for finding companies providing smart contract auditing services.

Client Solution Architects (CSA)

Client Solution Architects (CSA)

Client Solution Architects (CSA) is a leading digital transformation consulting firm focused on the U.S. Defense Department and all U.S. Federal enterprise information technology service areas.

DataSixth Security Consulting

DataSixth Security Consulting

DataSixth delivers Cybersecurity Intelligence. With our unique capabilities, we’re able to deliver value, deliver answers, and deliver actionable security intelligence.

Kubus Hitam

Kubus Hitam

Kubus Hitam are a research-based company focused on cyber security. we strongly believe that innovation and safety are the two keywords for the future business market.

Troye Computer Systems

Troye Computer Systems

Troye provide a complete range of digital workspace solutions that empower people to do their very best work in a safe and secure manner anywhere, anytime, using any device.

BJSS

BJSS

BJSS is an award-winning technology and engineering consultancy for business.

Aprio

Aprio

Aprio is a premier business advisory and accounting firm. We deliver advisory, tax, managed, and private client services to build value, drive growth, manage risk, and protect wealth.