Our government’s approach to cybersecurity faces a period of uncertainty. Changes in federal staffing, an unsteady geopolitical environment and the widespread proliferation of AI raise questions about how our national security posture will adapt.
The distinction between the private and public sector’s role in cybersecurity is ever changing. These sectors are interdependent, each contributing to national security and cyber defense. Private organizations need to recognize their role in this broader landscape and understand that they are targets for state-sponsored attacks, even if their only connection to the U.S. government is their physical presence inside the country.
The relationship between the public and private sectors is complex and intertwined. As the former head of the FBI’s Cyber Branch in New York, and having since joined BlueVoyant at its formation as Global Head of the Proactive Defense Team, I have experienced this dynamic firsthand. Understanding these dynamics is important for planning, resource allocation and risk management, particularly concerning supply chain and third-party risks. Private sector leaders must adapt to a landscape where government support may be less reliable and more fragmented.
Public-Private Partnerships
Connecting the government’s intelligence gathering capabilities with the private sector’s operational resources, each sector has distinct capabilities and limitations, making collaboration important for a combined strategy aimed at protecting the U.S., its assets and its citizens.
The U.S. government possesses extensive information gathering capabilities. The FBI, CISA or NSA obtains information through classified techniques, which makes it inaccessible for private organizations.
The declassification process could take weeks or months, which limits its utility to implement into real-time defense. For this information to be actionable, it needs to be shared quickly—at machine speed. To mitigate during periods of heightened threat activity, such as an advanced persistent threat targeting critical infrastructure, the government may conduct classified briefings to provide necessary defense information such as indicators of compromise and tactics, techniques and procedures.
Maintaining this access to intelligence gathering and sharing is crucial, especially as geopolitical tensions affect national cybersecurity. However, the U.S. government has limitations in its ability to actively protect all organizations, which further highlights the role of the private sector.
Government Limits And Capabilities
The U.S. government cannot be the cyber defense force for all organizations. They are not structured to provide thorough investigations for all breaches or supply chain attacks. Direct response typically occurs when critical infrastructure is threatened, as seen in incidents like the NASDAQ hack in 2010 or recent attacks on telecom companies. These critical industries remain a government priority, even with budget and staff cuts, due to their impact on the health, safety and welfare of millions of Americans.
This situation highlights the role of private firms. Their importance may increase as staffing shortages and downsizing within the government continue. In the event of a breach or supply chain attack, private incident responders can conduct full investigations, identify weaknesses in network security and provide root cause analysis to support change and improvement in the company.
Private firms can also provide the required expertise to support organizations of all sizes, in all sectors, with growing and hardening their cybersecurity maturity. These dedicated response and security teams can provide the focused attention that government agencies cannot due to resource constraints and mission priorities. Nevertheless, cybercrime should be reported to the FBI for intelligence gathering and to support efforts to disrupt ongoing operations, which can result in website takedowns, disruptions and dismantlement.
The U.S. government’s reduced posture also affects its international partnerships. The United States has historically played a significant role within the Five Eyes intelligence community (U.S., U.K., Australia, New Zealand, Canada), which relies on extensive information sharing. Resource reductions in the U.S. will likely have an impact on these intelligence agencies and coordinated global cybercrime efforts.
Private Sector Limits And Capabilities
With reduced government roles, it is likely that American companies may increase their own proactive efforts. However, it’s important to know what’s within a private company’s control and purview. For instance, “hackbacks“—offensive cyber operations conducted by private entities—are technically illegal and can lead to additional damage or legal complications.
Beyond these more extreme examples, a common challenge involves organizations that hold significant assets but have limited cybersecurity resources. These entities, which often have the most to protect in terms of people, sensitive data and operational uptime, may receive less support due to decreased government involvement. This situation creates opportunities for smaller cybersecurity companies to cater to the needs of these underserved markets.
To maintain protection, private companies of all sizes should focus on fundamental cybersecurity practices and strengthen their overall cyber posture. This includes regularly assessing security providers, posture, contingency plans, third-party vendor relationships and technology agreements.
Preparing For The Shift
The current period of government downsizing aligns with a broader trend in technology and cybersecurity where fewer staff are expected to achieve more efficiency through new tools, knowledge and AI. However, this approach presents challenges in cybersecurity. Leaders in both public and private sectors need to focus on long-term strategies for talent retention, training and development. Without sufficient attention, the knowledge gap could expand.
The government may eventually recognize the need to reinvest in cybersecurity and talent, but only after a period of growing pains. There is a historical trend in the need for increased national security after a major event. Now, threats are more digital, and the hope is that we will not have to witness a tragedy before we readjust our cyber posture.
The status quo used to be that the government had trouble retaining cybersecurity staff, as the benefits of the private sector exceeded those that the government could provide to workers. Now, the burden falls on the private sector to do all that they can in a time when they will see a reduction in public sector support.
As government capabilities become more constrained, companies will increasingly rely on internal teams, vendors and strategic partners.
Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives
