CSIA 360: Cybersecurity in Government Organizations
Case Study #4: Why should businesses participate in Public-Private Partnerships for Cybersecurity?
A large regional utility company has been approached by a federally funded research and development organization (FFRDC) which is recruiting companies for participation in a government initiated public-private partnership designed to improve cybersecurity for the energy sector. The utility distributes both natural gas and electricity across a three state area that includes both urban and rural households and businesses. The utility company’s board of directors is not familiar with the concept of public-private partnerships. They have hired your small consulting firm to help them make an informed decision. Their biggest question is “What’s in this for us?” The second looming question is what types of resources would they be expected to contribute to the effort (e.g. money, personnel, facilities)?
Your immediate (quick response) task is to research and write a three page issues brief which addresses public-private partnerships, the types of cybersecurity improvements which could be addressed by such a partnership, the potential benefits to industry partners, and the potential risks and/or costs in resources.
Please note: if you have written a similar paper or assignment for other courses, you may consult that work but you may NOT reuse it. You must write a new white paper that specifically addresses the requirements of this assignment.
1. Read / Review the Week 7 readings.
2. Research the concepts and structures for public-private partnerships as a means of furthering public policy goals. Your starting resources are:
a. What are Public Private Partnerships (World Bank) http://ppp.worldbank.org/public-private-partnership/overview/what-are-public-private-partnerships
b. The Policy Cycle http://www.policynl.ca/policydevelopment/policycycle.html
3. Research existing or proposed public-private partnerships in cybersecurity and critical infrastructure protection. Here are some sources to get you started:
4. Research the DHS led public-private partnership for Critical Infrastructure Cybersecurity improvements. You should also review the requirements and provisions of the NIST Cybersecurity Framework for Critical Infrastructure Protection. Find out why DHS is encouraging the adoption of this framework.
5. Find additional sources which provide information about public-private partnerships for cybersecurity, i.e. Information Sharing and Analysis Centers (ISACs) or Information Sharing and Analysis Organizations. Here are two overview /directory web pages to help you get started.
Write a two to three page summary of your research. At a minimum, your summary must include the following:
1. An introduction or overview for public-private partnerships which provides definitions and addresses the laws, regulations, and policies which permit this type of cooperation between federal, state, and local governments and private companies such as your customer (the utility company). This introduction should be suitable for an executive audience.
2. A separate section which provides an overview of public-private partnerships for cybersecurity which addresses the types of activities which the utility company could reasonably be expected to contribute to (cybersecurity activities for energy sector critical infrastructures). You should provide 3 or more specific examples.
3. An analysis of whether or not participation in a public-private partnership is likely to have benefits for the utility company (with specific examples of those benefits). After you address the benefits, address the problem of costs and/or risks which the company could expect to face (with specific examples). (One risk to consider is how much information about company operations could be exposed to the federal government.)
4. A recommendation with justification or rationale for which, if any, existing or proposed public-private partnerships in which the utility company should consider participation.
5. A separate closing section in which you summarize your research and recommendation(s).
Your white paper should use standard terms and definitions for cybersecurity and privacy. The following sources are recommended:
· ISACA Glossary http://www.isaca.org/pages/glossary.aspx
· Guidelines on Security and Privacy in Public Cloud Computing http://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-144.pdf
Submit For Grading
Submit your case study in MS Word format (.docx or .doc file) using the Case Study #1 Assignment in your assignment folder. (Attach the file.)
Use standard APA formatting for the MS Word document that you submit to your assignment folder. Formatting requirements and examples are found under Course Resources > APA Resources.
1. You are expected to write grammatically correct English in every assignment that you submit for grading. Do not turn in any work without (a) using spell check, (b) using grammar check, (c) verifying that your punctuation is correct and (d) reviewing your work for correct word usage and correctly structured sentences and paragraphs.
2. You are expected to credit your sources using in-text citations and reference list entries. Both your citations and your reference list entries must comply with APA 6th edition Style requirements. Failure to credit your sources will result in penalties as provided for under the university’s Academic Integrity policy.
Copyright ©2017 by University of Maryland University College. All Rights Reserved