The strategy mentions in nearly every section that federal cybersecurity efforts hinge on support from private industry.
The plan lays out seven industries that will have priority in terms of information sharing with government partners: “national security, energy and power, banking and finance, health and safety, communications, information technology, and transportation.”
It also lends support for law enforcement agencies to decrypt the communications of suspected criminals: “law enforcement will work with private industry to confront challenges presented by technological barriers, such as anonymization and encryption technologies, to obtain time-sensitive evidence pursuant to appropriate legal process.”
The White House also expects tech start-ups and private industry to work with government agencies in how they develop artificial intelligence and quantum computing products that could help deter cyber threats.
This increasing focus on the role of American companies in combating cybercrime alongside government agencies can be problematic to companies that fall into any of these categories. That’s because corporations must comply with privacy and security laws in all the countries where they operate — not just the United States.
Unsurprisingly, some foreign jurisdictions don’t support sharing data about their citizens with U.S. law enforcement agencies or security agencies. Multinationals will increasingly have to engage in a delicate diplomatic effort to do their part in information-sharing with government agencies while appeasing local authorities where they operate. This is particularly in countries that are cyber rivals like Russia and China; or in privacy-minded jurisdictions like Germany and South Korea.