The World Economic Forum has published a report to advance cyber resilience through increased public and private sector collaboration.
The report, Cyber Resilence: Playbook for Public-Private Collaboration, produced in conjunction with Boston Consulting Group, identifies 14 key policy issues with regards to cybersecurity and collaboration.
These include research, data and intelligence sharing, zero days, vulnerability liability and botnet disruption. The report describes trade-offs in terms of security, economic value, privacy and accountability with zero-day policy choices. “The extent to which vulnerabilities are shared with the private sector impacts the accountability of both the public and private sectors,” it says. “If the public sector shares more vulnerabilities with the private sector, it is incumbent on the private sector to rapidly develop mitigation measures against those vulnerabilities, increasing the private sector’s accountability. The opposite is also true; with more zero-day vulnerabilities held for greater periods of time, the public sector has greater accountability to ensure that those vulnerabilities are not weaponized by adversaries.”
The report also discusses trade-offs that must be considered with policy choices on topics such as cross-border data flows, active cyber defense and cyber insurance. On active defense, the report states that “as active defence creates more private-sector accountability, it also creates substantial concerns for public-sector accountability. If an organization wrongfully responds to a nation-state, it is not clear what obligations the host state of the active defender has.”
In terms of cyber insurance, the study highlights the DHS initiative Cyber Incident Data and Analysis Repository (CIDAR), which aims to remove a barrier to cyber insurance adoption by connecting the failure of a specific security control with the damages incurred as a consequence. “Cyberinsurance provision is hindered by the fundamental paradox of peering backward at an incomplete history to estimate forward-looking future,” says the report.
Read the full report here