Cybersecurity Alliance-In the physical world, governments are responsible for keeping citizens and corporations safe from enemies. The digital world, so far, has been a little different. When it comes to cybersecurity and cyber attacks, most governments have spent much more time increasing their offensive capabilities than protecting companies and individuals.
The reason for this is, until recently, national security officials viewed digital networks as fairly benign and cyber attackers as unlikely threats to safety — or to a country’s sovereignty. However, the advent of cyber-physical systems and the internet of things, along with the increasing sophistication of bad actors, has made cyber attacks issues of human safety. But companies have largely been left to fend for themselves.
That’s why, over the last few years, tech-focused companies have begun entering into cybersecurity alliances and pacts with one another. These alliances are a symptom of the breakdown of trust between policy makers and those they’re making polices for. Hundreds of companies — some of them, such as Airbus, Cisco, HP, Microsoft, Siemens, and Telefonica, among the largest in the world — have tried to step into this trust gap by forming groups around goals related to the future of the internet and digital networks. Some of these groups (those I call the operational alliances) are mainly practical, sharing intelligence or technical data. Others (the normative alliances) are explicitly aimed at changing the ways companies deal with cybersecurity vulnerabilities and renegotiating the social contract between states and their citizens.
The operational alliances are built around small groups of companies. Their exchanges of information about cyber attacks and threats try to raise the collective level of cybersecurity, shape overall security practices, and speed the adoption of security technologies. Groups such as the Cyber Threat Alliance, the Global Cyber Alliance, and the Trusted Computing Group (to name a few) represent the range of such alliances.
For companies with IT or security departments capable of sorting through and acting on cybersecurity data, it often makes sense to become part of a network that can keep a CISO or IT team apprised of looming threats and best practices for mitigating them. The nature of digital networks is that everyone has to share the risks; these alliances help leaders to share solutions, too.
The normative alliances, on the other hand, make explicit calls for digital peace, government support for companies under attack, and cooperation to limit the use of private systems and networks against citizens (especially by a nation-state). They try to uphold values like trust and accountability in cybersecurity and to spur collective action in favor of peace and nonaggression — much as agreements between countries do.