July 28, 2017 By Eli Ben Meir 3 min read

Imagine it’s lunchtime in Manhattan. Hundreds of thousands of people are leaving their desks to visit their favorite eatery and enjoy a short time away from the office. Suddenly, elevators across the city grind to a halt and a significant percentage of New York’s workforce is trapped.

After too many hours, the overwhelmed emergency responders are finally able to free everyone and declare that elevator service has returned to normal. An investigation attributes the incident to cybercrime: Malware was installed in the test program of a major elevator company and subsequently triggered by a software update.

Meanwhile, countless hours of productivity have been lost, impacting profits and share prices. At the same time, public confidence has taken a severe blow, with millions wondering what other infrastructure or key installations might fall into cybercriminals’ hands next.

Fiction Becomes Reality

It’s a fictional scenario — for now — but it is by no means the stuff of fantasy. In fact, as the recent high-profile WannaCry and NotPetya attacks have demonstrated, nothing is immune to cybercrime. Transit systems and power grids have already fallen victim to fraudsters. If we want to prevent this list from growing and ensure that hypothetical attacks remain hypothetical, we need to answer a key question: Who exactly is responsible?

Going back to our earlier example, who is responsible for protecting Manhattan’s elevators from a cyberattack? Is it the elevator company that handles their physical maintenance? Is it the landlord who owns the buildings? Or is it New York City, which already has binding standards in place to guarantee physical safety? Should the city be setting cybersecurity guidelines too? For now, we have no answer.

Cybercriminals have long made a mockery of national borders. Their reach extends to any country. In a world where digital connections are, by definition, international, the lines on a map have become meaningless. The world is slowly waking up to this reality, and there is a growing recognition of the need for governments to cooperate and combine their cybersecurity expertise. However, the same collaborative maxim must now be applied across the traditional boundaries between public and private sectors, as well as government and business.

Cybercrime Doesn’t Discriminate

Although governments are clearly involved in the private sector to varying degrees, too many maintain a rigid distinction. Companies are keen to closely guard their information. But in today’s world, where everything is interlinked, it is largely a false distinction. For example, a breach of the government’s energy department will likely expose major energy providers. Similarly, if the health department is infiltrated, hospitals and clinics will surely be put at risk. Such division between public and private business helps nobody when it comes to fighting cybercrime.

In fact, these are precisely the gaps that cybercriminals look to exploit. They understand that a weakness in one entity’s defenses is an open door to causing maximum damage elsewhere. Fraudsters often breach the private sector hoping to migrate chaos to the public sector and vice versa.

Blurring Boundaries

Clearly, a wholly different outlook is required when it comes to the cyber boundaries between government and business. Put simply, they are on the same side and must work together toward the same ends. Cybercriminals make no distinction between the private and public sectors, so why should we?

This does not mean that boundaries between the two should vanish completely. However, to get the better of cybercriminals, these lines must be blurred. There needs to be far greater synchronization to formulate methodologies, procedures and best practices that can help protect government agencies and businesses. This means sharing relevant information and establishing common security standards.

The public and private sectors can help to plug each other’s cybersecurity holes. Blurring the superficial boundaries that currently exist is a necessary prerequisite to preventing the type of doomsday scenarios that could otherwise easily become reality.

It is up to government officials and political leaders to drive administrative networks and private enterprises closer together. In doing so, they can ensure a more secure future in which nobody is left — metaphorically or otherwise — stranded in the elevator.

More from Government

NIST’s security transformation: How to keep up

4 min read - One thing that came out of the pandemic years was a stronger push toward an organization-wide digital transformation. Working remotely forced companies to integrate digital technologies, ranging from cloud computing services to AI/ML, across business operations to allow workers to keep up high production and efficiency standards. Now that businesses and consumers have adjusted to the new normal of digital transformation, it is time to develop a security transformation strategy. Coping with the speed of change A constantly evolving tech…

Cyber experts applaud the new White House cybersecurity plan

4 min read - First, there was a strategy. Now, there’s a plan. The Biden Administration recently released its plan for implementing the highly anticipated national cybersecurity strategy published in March. The new National Cybersecurity Strategy Implementation Plan (NCSIP) lays out specific deadlines and responsibilities for the White House’s vision for cybersecurity. The plan is being managed by the White House’s Office of the National Cyber Director (ONCD). Cybersecurity experts have applauded the Administration’s plan as well as the new implementation calendar. For example,…

How the FBI Fights Back Against Worldwide Cyberattacks

5 min read - In the worldwide battle against malicious cyberattacks, there is no organization more central to the fight than the Federal Bureau of Investigation (FBI). And recent years have proven that the bureau still has some surprises up its sleeve. In early May, the U.S. Department of Justice announced the conclusion of a U.S. government operation called MEDUSA. The operation disrupted a global peer-to-peer network of computers compromised by malware called Snake. Attributed to a unit of the Russian government Security Service,…

How NIST Cybersecurity Framework 2.0 Tackles Risk Management

4 min read - The NIST Cybersecurity Framework 2.0 (CSF) is moving into its final stages before its 2024 implementation. After the public discussion period to inform decisions for the framework closed in May, it’s time to learn more about what to expect from the changes to the guidelines. The updated CSF is being aligned with the Biden Administration’s National Cybersecurity Strategy, according to Cherilyn Pascoe, senior technology policy advisor with NIST, at the 2023 RSA Conference. This sets up the new CSF to…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today