Reference no: EM131115068 , Length: 1000 words

Case Study:  Why should businesses participate in Public-Private Partnerships for Cybersecurity?

Case Scenario:

A large regional utility company has been approached by a federally funded research and development organization (FFRDC) which is recruiting companies for participation in a government initiated public-private partnership designed to improve cybersecurity for the energy sector. The utility distributes both natural gas and electricity across a three state area that includes both urban and rural households and businesses. The utility company's board of directors is not familiar with the concept of public-private partnerships. They have hired your small consulting firm to help them make an informed decision. Their biggest question is "What's in this for us?" The second looming question is what types of resources would they be expected to contribute to the effort (e.g. money, personnel, facilities)?

Your immediate (quick response) task is to research and write a three page issues brief which addresses public-private partnerships, the types of cybersecurity improvements which could be addressed by such a partnership, the potential benefits to industry partners, and the potential risks and/or costs in resources.

Please note: if you have written a similar paper or assignment for other courses, you may consult that work but you may NOT reuse it. You must write a new white paper that specifically addresses the requirements of this assignment.

Research:

1. Read / Review the Week 7 readings.

2. Research the concepts and structures for public-private partnerships as a means of furthering public policy goals. Your starting resources are:

a. What are Public Private Partnerships (World Bank) https://ppp.worldbank.org/public-private-partnership/overview/what-are-public-private-partnerships

b. The Policy Cycle https://www.policynl.ca/policydevelopment/policycycle.html

3. Research existing or proposed public-private partnerships in cybersecurity and critical infrastructure protection. Here are some sources to get you started:

a. https://www.insaonline.org/CMDownload.aspx?ContentKey=e1f31be3-e110-41b2-aa0c-966020051f5c&ContentItemKey=161e015c-670f-449a-8753-689cbc3de85e

b. https://www.lawandsecurity.org/Portals/0/Documents/Cybersecurity.Partnerships.pdf

c. https://csis.org/files/publication/130819_tech_summary.pdf

d.

https://www.hsgac.senate.gov/hearings/strengthening-public-private-partnerships-to-reduce-cyber-risks-to-our-nations-critical-infrastructure

e. https://www.hsgac.senate.gov/download/?id=66d59b29-25ac-4dc1-a3af-040dcfe3bd38

f. https://www.hsgac.senate.gov/download/?id=5a70808b-ff76-411d-9075-5b21c7398bf5

4. Research the DHS led public-private partnership for Critical Infrastructure Cybersecurity improvements. You should also review the requirements and provisions of the NIST Cybersecurity Framework for Critical Infrastructure Protection. Find out why DHS is encouraging the adoption of this framework.

a. https://www.dhs.gov/blog/2014/02/12/dhs-launches-c%C2%B3-voluntary-program

b. https://www.us-cert.gov/ccubedvp

c. https://www.us-cert.gov/sites/default/files/c3vp/ccubedvp-outreach-and-messaging-kit.pdf

5. Find additional sources which provide information about public-private partnerships for cybersecurity, i.e. Information Sharing and Analysis Centers (ISACs) or Information Sharing and Analysis Organizations. Here are two overview /directory web pages to help you get started.

a. https://www.dhs.gov/isao

b. https://www.isaccouncil.org/memberisacs.html

Write:

Write a two to three page summary of your research. At a minimum, your summary must include the following:

1. An introduction or overview for public-private partnershipswhich provides definitions and addresses the laws, regulations, and policies which permit this type of cooperation between federal, state, and local governments and private companies such as your customer (the utility company). This introduction should be suitable for an executive audience.

2. A separate section which provides an overview of public-private partnerships for cybersecurity which addresses the types of activities which the utility company could reasonably be expected to contribute to (cybersecurity activities for energy sector critical infrastructures). You should provide 3 or more specific examples.

3. An analysis of whether or not participation in a public-private partnership is likely to have benefits for the utility company (with specific examples of those benefits). After you address the benefits, address the problem of costs and/or risks which the company could expect to face (with specific examples). (One risk to consider is how much information about company operations could be exposed to the federal government.)

4. A recommendation with justification or rationale for which, if any, existing or proposed public-private partnerships the utility company should consider participating in.

Your white paper should use standard terms and definitions for cybersecurity and privacy. The following source is recommended:

• NICCS Glossary https://niccs.us-cert.gov/glossary

Submit For Grading

Submit your case study in MS Word format (.docx or .doc file) using the Case Study #1 Assignment in your assignment folder. (Attach the file.)

Formatting Instructions

Use standard APA formatting for the MS Word document that you submit to your assignment folder. Formatting requirements and examples are found under Course Resources> APA Resources.