Project 3: Public-Private Partnerships for Cybersecurity

For this research project, you will be helping identify best practices and strategies for encouraging business participation in public-private partnerships designed to improve cybersecurity for various critical infrastructure sectors. Your deliverable will be a research report which provides an overview of existing public-private partnerships, the types of cybersecurity improvements which are being addressed by such partnerships, the potential benefits to industry partners, and the potential risks and/or costs in resources. Your report should also address the types of due diligence activities a company should engage in before committing to participation in information sharing and other public-private partnership activities.

Research:

• Read / Review the Weekly readings.
• Research the concepts and structures for public-private partnerships as a means of furthering public policy goals. Your starting resources are:
  • What are Public Private Partnerships (World Bank) http://ppp.worldbank.org/public-private-partnership/overview/what-are-public-private-partnerships
  • The Policy Cycle http://www.policynl.ca/policydevelopment/policycycle.html
• Research existing or proposed public-private partnerships in cybersecurity and critical infrastructure protection. Here are some sources to get you started:
  • http://www.lawandsecurity.org/Portals/0/Documents/Cybersecurity.Partnerships.pdf
  • http://csis.org/files/publication/130819_tech_summary.pdf
  • http://www.hsgac.senate.gov/hearings/strengthening-public-private-partnerships-to-reduce-cyber-risks-to-our-nations-critical-infrastructure
  • http://www.hsgac.senate.gov/download/?id=66d59b29-25ac-4dc1-a3af-040dcfe3bd38
  • http://www.hsgac.senate.gov/download/?id=5a70808b-ff76-411d-9075-5b21c7398bf5
• Research the DHS led public-private partnership for Critical Infrastructure Cybersecurity improvements. You should also review the requirements and provisions of the NIST Cybersecurity Framework for Critical Infrastructure Protection. Find out why DHS is encouraging the adoption of this framework.
  • https://www.dhs.gov/ccubedvp
  • https://www.us-cert.gov/ccubedvp
  • https://www.us-cert.gov/sites/default/files/c3vp/smb/CCubedVP_Outreach_and_Messaging_Kit_SMB.pdf
• Find additional sources which provide information about public-private partnerships for cybersecurity, i.e. Information Sharing and Analysis Centers (ISACs) or Information Sharing and Analysis Organizations. Here are two overview /directory web pages to help you get started.
  • http://www.dhs.gov/isao
  • https://www.nationalisacs.org/member-isacs

Write:

Write a five to seven page research report which includes a summary of your research. At a minimum, your report must include the following:

1.An introduction or overview for public-private partnerships which provides definitions and addresses the laws, regulations, and policies which permit this type of cooperation between federal, state, and local governments and private companies. This introduction should be suitable for an executive audience.

2.A separate section which provides an overview of public-private partnerships for cybersecurity which addresses the types of activities which a company could reasonably be expected to contribute to (e.g. information sharing, development of threat intelligence, development of risk profiles, etc.). You should provide 3 or more specific examples.

3.An analysis of whether or not participation in a public-private partnership is likely to have benefits for businesses (with specific examples of those benefits). After you address the benefits, address the problem of costs and/or risks which a company could expect to face (with specific examples). (One risk to consider is how much information about company operations could be exposed to the federal government.)

4.A set of recommendations or best practices for companies to engage in before committing to participation in a public-private partnership for cybersecurity. (Address the requirement for due diligence in decision making.)

• A separate closing section in which you summarize your research and recommendation(s).

Submit For Grading

Submit your work in MS Word format (.docx or .doc file) using the Project 3 Assignment in your assignment folder. (Attach the file.)

Additional Information

• Consult the grading rubric for specific content and formatting requirements for this assignment.
• Your 3 to 5 page research report should be professional in appearance with consistent use of fonts, font sizes, margins, etc. You should use headings and page breaks to organize your paper.
• Your paper should use standard terms and definitions for cybersecurity. See Course Content > Cybersecurity Concepts Review for recommended resources.
• The CSIA program recommends that you follow standard APA formatting since this will give you a document that meets the “professional appearance” requirements. APA formatting guidelines and examples are found under Course Resources > APA Resources. An APA template file (MS Word format) has also been provided for your use CSIA_Basic_Paper_Template(APA_6ed,DEC2018).docx.
• You must include a cover page with the assignment title, your name, and the due date. Your reference list must be on a separate page at the end of your file. These pages do not count towards the assignment’s page count.
• You are expected to write grammatically correct English in every assignment that you submit for grading. Do not turn in any work without (a) using spell check, (b) using grammar check, (c) verifying that your punctuation is correct and (d) reviewing your work for correct word usage and correctly structured sentences and paragraphs.
• You are expected to credit your sources using in-text citations and reference list entries. Both your citations and your reference list entries must follow a consistent citation style (APA, MLA, etc.).