Technology to facilitate business

The Nuances of Information Security and Privacy

By Leon Ravenna, CISO, KAR Auction Services, Inc.

The Nuances of Information Security...

Software-Defined Security: The Missing Piece in Your SDDC Strategy

By Shishir Singh, VP, Network Security, Intel...

Software-Defined Security: The...

Creativity Overcomes Scarcity

By Geoffrey Fry, Global VP of Supply Chain, Cree...

Creativity Overcomes Scarcity

How GIS Assists Mass Transit

By Sara Helfrich, GIS Analyst III, MARTA...

How GIS Assists Mass Transit

Why Should Enterprise CIOs Be Aware of Cybersecurity For Private and Public Partnership?

By Enterprise Technology Review | Monday, October 21, 2019

The public and private partnerships present a unique set of strategies in providing cybersecurity, but they also have their challenges. The ability to react to cyber attacks, as well as be flexible to attack cyber malware or ransomware,  depends upon good planning, execution, and training.

FREMONT, CA: These days, more municipalities and public agencies are witnessing cybercrimes, including the ransomware attacks.  The effect of these criminal attacks can range from annoying to devastating as the municipalities continue to maximize their frontline defenses against this kind of attack on their infrastructure. One of the areas in which they should keenly observe is the public-private sector partnerships. Along with this, the criminals might feel that the partnerships are overlooked and not protected, but the government has taken effective measures to strengthen their systems against this.

Public and private partnerships are regarded as cooperative arrangements between two or more public and private sector firms. They are normally long-term in nature and are initially used for infrastructure development, like the building and equipping of schools, transportation systems, hospitals, and water and sewer systems. In fact, they are an important tool for economic development and infrastructure.

These development activities allow public-private partnerships to be attacked. The capability to shut down the power or the water delivery results in delivering healthcare or preventing the collection of revenue. This can have an impact on the partnership and their public partners. Along with this, It must be noted that the attacks can affect bond ratings.

Security challenges

The public and private sector partnerships make a unique challenge from a privacy and security standpoint. Both the public and private partners collect information. A new body formed collects information and drives the infrastructure, which is developed by the partnership. As the information gets collected, keeping it safe is often a challenge because of the number of partners involved. Furthermore, the partnership or the body created may share resources from various partners. These arrangements can create space in cybersecurity technology that can be used inappropriately. There is some guidance that the partnership, both private and public, can follow, which will help to keep information secure and private. This also will ensure the continued trust of customers. These practices are designed to generate a culture of security that permeates through the partnership.

1. Understanding Information

The major key to good hygiene is understanding the information, which comprises knowing what information is getting collected, who collects it, what they do with it, and where it is stored. Getting to know this will permit the entity to make better decisions about the information collected.

For instance, for toll roads that are built by public-private partnerships, knowing who collects the toll usage information, general user data, credit card information, and other sensitive information is the initial step in securing the data. Next would be who is doing what with the information and how they secure the information.

2. Policies and Procedures

All the partnerships, both private and public, should have a cyber awareness assessment performed. This will show the partnership's present state of preparedness as well as find any potential flaws. A good assessment will also help to know the entity's policies and events, as well as its cyber incident response preparation. All partnerships both the public-private are supposed to have a cyber-response plan, commanding the step-by-step instructions to employees in the event of a cyber-attack.

3. Manual process

Manual processes are mostly an overlooked view of cyber awareness. In a cyber attack, the manual processes should be implemented to function the facility, collect revenue, or offer other services. While the manual processes should be a part of any developed business continuity plan, and like any other plan, these manual processes should also be tested from time to time. Most of the time, paperwork or documents must be created before the event happens. It is a must for those employees who have never used paper documents and the manual processes before.

Check Out: Top Enterprise Security Solution Companies