Cybersecurity is fundamentally a contest between attackers and defenders. For far too long, governments have been defending their turf alone while attackers frequently target public-sector entities with little resistance, launching attacks that carry national ramifications. Despite the existence of rules and regulations meant to establish baseline controls, attacks continue to define a growing threat landscape. The harsh reality is that the threat surface has expanded wildly beyond what governments can realistically defend on their own.

The digital infrastructure that governments aim to secure is largely a product of private companies. There are inherent limits to what the state can secure independently, which means the focus must shift to closer collaboration with the private sector. This article examines why an ideal defensive and offensive posture for risk management should involve a more collaborative effort between government and industry.

The Rise in Scale and Complexity of Cyberthreats

Modern cyberattacks have escalated significantly in terms of cadence, scale, and sophistication. These attacks no longer rely on a single vector. Palo Alto Networks found that 87% of intrusions across more than 750 incident response cases targeted multiple attack surfaces, from endpoints and networks to cloud infrastructure, SaaS applications, and identity systems. Intrusions spread laterally across connected systems, so defending one layer effectively is insufficient when attackers can pivot through multiple access points in the same campaign. This multi-vector approach makes it imperative for defenders to adopt a holistic strategy that spans all potential entry points.

Historically, many of the most damaging cyberattacks began with a single compromised credential or a minor vulnerability that allowed attackers to move laterally. For example, the 2020 SolarWinds attack compromised a software supply chain, enabling attackers to infiltrate numerous government agencies and private companies. Such incidents highlight that the perimeter-based defense model is obsolete. Governments need real-time threat intelligence and advanced detection capabilities, which often reside in the private sector. Companies like CrowdStrike, Mandiant, and Palo Alto Networks develop cutting-edge tools that can identify and respond to threats faster than most government agencies can on their own.

The Growing Attack Surface Underpinned by Everyday Dependencies

Years ago, the attack surface was largely confined to an organization's operational perimeter. Today's attacks have moved beyond this perimeter to include functional elements such as cloud platforms, APIs, vendors, and managed services providers. These third-party dependencies broaden the attack surface, giving cyber attackers more avenues to exploit. A compromise of a remote support tool enabled attackers to access multiple U.S. Treasury Department offices, an example of how third-party access can become the easiest entry point. Another notable case is the 2021 attack on Colonial Pipeline, which was initiated through a compromised VPN account used by a third-party contractor, causing widespread fuel shortages on the East Coast of the United States.

The reliance on interconnected digital ecosystems means that a vulnerability in one part of the supply chain can cascade into a national crisis. Governments often lack visibility into these dependencies because they are managed by private entities. To mitigate such risks, public-private information sharing is essential. Initiatives like the Cybersecurity and Infrastructure Security Agency's (CISA) Automated Indicator Sharing program allow for the exchange of threat data, but participation remains voluntary and uneven. Stronger mandates and incentives could accelerate collaboration and close the visibility gap.

Technology Ownership Controlled by Private Entities

There was a time when major technological shifts and advancements were direct outcomes of research funded by government entities. Examples include the origins of the Internet, the global positioning system (GPS), and solar energy. But things have changed. The private sector now drives technological advancements. Critical digital infrastructure is overwhelmingly built and operated by private companies, and the government does not have total control over all its operational levers. This demands a change in thinking, requiring governments to partner with the private sector to secure the infrastructure on which a country depends.

Consider cloud computing: major providers like Amazon Web Services, Microsoft Azure, and Google Cloud host vast amounts of government and citizen data. The security of that data relies heavily on the providers' internal controls and practices. While governments can audit and set standards, they cannot directly manage the underlying hardware or software. Similarly, telecommunications networks, power grids, and financial systems are largely owned and operated by private corporations. Collaborative frameworks such as the Joint Cyber Defense Collaborative (JCDC) in the U.S. seek to operationalize trust and coordination between these sectors and the government.

Cybercrime Has Gone Industrial and Is Very Persistent

Cybercrime is an industry with different specializations, services, tooling, and repeatable playbooks. This industry is decentralized, meaning arresting one group does not dent the overall scale and scope of attacks; there is always another group ready to fill the gap. The underlying incentives remain strong. For instance, crypto scams and fraud pulled in roughly $17 billion last year, fueled by a sharp rise in impersonation schemes (up 1,400% year-over-year). In November, a ransomware attack on OnSolve CodeRED forced the emergency-notification platform offline, disrupting alerts used by law enforcement and other public agencies.

The industrial nature of cybercrime means that criminals operate like businesses, with affiliates, ransomware-as-a-service, and customer support. Disrupting this ecosystem requires targeting the entire criminal enterprise model, including hosting services, identity abuse, money laundering pathways, and scam infrastructure. Governments alone lack the reach and agility to dismantle these networks. Private sector companies, especially those in cybersecurity, financial services, and domain registration, possess essential intelligence and capabilities. For example, Microsoft's Digital Crimes Unit and Google's Threat Analysis Group work to take down botnets and phishing campaigns, often sharing their findings with law enforcement.

Geopolitics Enters the Fray as Nation-States Use Cybercrime

State-enabled cybercrime has become routine and normalized as an instrument of espionage, influence, and strategic disruption. State-sponsored operators not only showcase greater capabilities but also deeper reach, traversing global platforms, third-party infrastructure, and cross-border supply chains. Organizations are already on high alert, with 64% accounting for geopolitically motivated cyberattacks in their risk mitigation strategies. Recent examples include Russia's cyber operations targeting Ukraine's critical infrastructure and China's espionage campaigns against technology companies and research institutions.

National cyber defense cannot be purely national in execution. It must include alliance coordination and cross-border collaboration with private-sector operators that manage key visibility and control points. Platforms like the European Union Agency for Cybersecurity (ENISA) and the cybersecurity dialogues between the U.S. and its allies attempt to foster cooperation, but private sector participation is often ad hoc. Formalizing these partnerships through legal frameworks and information-sharing agreements can enhance collective resilience.

The Accelerating Role of AI as an Attack Enabler and Defender

AI is shrinking attack timelines by roughly 100 times. Intrusions that used to unfold over days now play out in minutes. In one in five cases, data is already leaving the environment within the first hour. Organizations are rushing AI systems into production, adding new models, plugins, connectors, and data paths, which widens the attack surface further. Legacy controls were not built for that pace or that sprawl. This is why governments cannot solve it alone. The workable path must involve better public-private coordination, where threat intelligence disseminates faster, secure AI patterns are built and shared, and governance is aligned across sectors.

AI also offers defensive advantages. Machine learning models can detect anomalies, automate incident response, and predict attack vectors. However, these capabilities are typically developed and deployed by private sector firms. Governments can encourage adoption by funding research, creating shared AI testbeds, and establishing ethical guidelines. The road ahead is about building a shared defense paradigm that moves at adversarial speed. Governments can still set standards of accountability, but improved resilience will only come from stronger public-private coordination, faster inter-agency sharing, secure-by-design AI, and joint disruption of criminal infrastructure across borders.

Source: SecurityWeek News