Cross-sector Collaboration in Cybersecurity

To help users find relevant, quality resources from our Resource Library, we create curated lists on a variety of topics, bringing important practitioner- and academic-oriented work to the forefront.


Here we present resources on cross-sector collaboration in cybersecurity — tools, reports, books, and scholarly articles that tackle topics ranging from the legal, strategic, and pragmatic obstacles to cross-sector collaboration in cybersecurity to public-private partnerships to protect critical cyber infrastructure.


View all our curated lists here.


NextWare Cyber Collaboration Toolkit, Center for a New American Security, 2017

“The NextWare Cyber Collaboration Toolkit aims to demonstrate the value of … broad, cross-disciplinary collaboration through a series of tools that guide users through actionable collaborative methods.” The Toolkit is “a product of The NextWare Sessions project … [which] convened a select group of expert stakeholders from key fields to engage in facilitated workshops where they considered a variety of cross-disciplinary, collaborative methods to address endemic cybersecurity challenges and inform the development of the Toolkit.”


Cybersecurity Partnerships: A New Era of Public-Private Collaboration, The Center on Law and Security, NYU School of Law, Judith H. Germano, 2014

“It is generally understood that the public and private sectors need to collaborate to address the nation’s cybersecurity challenges, yet there remain significant questions regarding the circumstances, nature, and scope of those relationships. Legal, strategic, and pragmatic obstacles often impede effective public-private sector cooperation, which are compounded by regulatory and civil liability risks. … In an effort to better understand and, hopefully, help address the challenges of institutionalizing effective cooperation, this paper [explores] four key areas that should be clarified as a necessary step in adopting a strategic approach to cybersecurity.”


Self- and Co-regulation in Cybercrime, Cybersecurity and National Security, Tatiana Tropina and Cormac Callanan, 2015

✴ Available only with purchase from publisher

This SpringerBrief eBook “provides insights into the development of self- and co-regulatory approaches to cybercrime and cybersecurity in the multi-stakeholder environment. It highlights the differences concerning the ecosystem of stakeholders involved in each area and covers government supported initiatives to motivate industry to adopt self-regulation. Including a review of the drawbacks of existing forms of public-private collaboration, which can be attributed to a specific area (cybercrime, cybersecurity and national security), it provides some suggestions with regard to the way forward in self- and co-regulation in securing cyberspace.”

Scholarly Article

Public–Private Partnerships in National Cyber-security Strategies, International Affairs, Madeline Carr, 2016

✴ Available only with purchase from publisher

“Despite its centrality in the national cyber security strategies of the [United States] and the [United Kingdom], the public-private partnership is a nebulous arrangement, which is especially problematic in the context of critical infrastructure protection. Privately owned and operated critical infrastructure that is regarded as a potential national security vulnerability raises questions about the allocation of responsibility and accountability in terms of cyber security. … This article draws on the extensive literature on public-private partnerships in order to assess the tensions and challenges of this arrangement in national cyber-security strategies [and] finds that there is a serious disjuncture in expectations from both ‘partners.’”


Cybersecurity and Public Goods: The Public/Private “Partnership”, Hoover Institution, Paul Rosenzweig, 2015

“Cyber security cooperation between the federal government and the private sector is essential, yet our cyber systems are particularly vulnerable to attack. Why is that so, and what can we do to fix the problem? We need to approach the question from fundamental first principles: Is cyber security a public good or a private good? Once we answer that question, we can determine whether our current laws and regulations enhance the government’s proper function or impede the private sector. This essay attempts to begin that effort.”


ITU National Cybersecurity Strategy Guide, International Telecommunications Union, Frederick Wamala, 2012

This report argues that “national leaders have accountability for devising a cybersecurity strategy and fostering local, national, and global cross-sector cooperation. … [The report discusses] what constitutes a national cybersecurity strategy; the typical ends it seeks to accomplish and the context that influences its execution [and] how States and other relevant stakeholders such as private sector organisations can build capacity to execute a cybersecurity strategy and the resources required to address risks.”


Cyberspace Policy Review: Securing America’s Digital Future, U.S. National Security Council, 2009

Especially see “Sharing Responsibility for Cybersecurity” on pp. 17-23: “The public and private sectors’ interests are intertwined with a shared responsibility for ensuring a secure, reliable infrastructure upon which businesses and government services depend. Government and industry leaders both nationally and internationally need to delineate roles and responsibilities, integrate capabilities, and take ownership of the problem to develop holistic solu­tions. Only through such partnerships will the United States be able to enhance cybersecurity and reap the full benefits of the digital revolution.”


Guidance on Public-Private Information Sharing against Cybercrime, World Economic Forum, 2017

“It is generally recognized globally that to better deal with the negative aspects of the digital world, international cooperation between [public and private] actors is required especially when it comes to sharing information.” This report aims to provide insight on two questions that are key to that effort. First, what type of information should be shared between public and private partners in efforts to combat cybercrime? And second, How should this information be shared?

Scholarly Article

Cybersecurity: Protection of Critical Information Infrastructures and Operators’ Obligations, European Journal of Law and Technology, Antonio Segura-Serrano, 2015

“Protection of critical information infrastructures from cyber-attacks is becoming an acute problem for nation states. … The United States and the European Union are among the first regulatory powers that have adopted important initiatives in the cybersecurity field.” This paper argues that “the approach based on voluntary [public-private] standards and soft-law experienced in the [United States] for the last twenty years has proved to be insufficient in order to provide a real improvement in this field” and that “the adoption of clear, mandatory obligations regarding the setting up of information sharing and technology standards is the best normative option.”


Advancing Cybersecurity Capacity Building: Implementing a Principle-Based Approach, Global Public Policy Institute, Mirko Hohmann, Alexander Pirang, and Thorsten Benner, 2017

“Governments, international organizations, and non-state actors all recognize that cybersecurity capacity building (CCB) is crucial to mitigating the negative crossborder externalities of increasing connectivity.” This report “present[s] five principles that can provide guidance on scaling CCB going forward. For each principle, [the report] suggest[s] a goal, analyze[s] the status quo, and provide[s] recommendations for how to work towards that goal.”