Cyberthreats may be global, but cybersecurity is everyone’s responsibility. Regional, statewide or local partnerships can map out a ground-level view of critical services and what’s needed to defend them. Watch for more partnerships like PNWER’s Partnership for Regional Infrastructure Security to emerge this year. "This is our home turf, and we know it," says Ray Nelson, executive director with the Commonwealth of Kentucky’s Office for Security Coordination. "What may be critical to the feds may not be critical to a county."

Companies have an incentive to work with the government because it’s cheaper than going it alone. "You can spend all your own money trying to [be secure], or you can learn from other people in your industry and the government," says Jacques Gansler, the Roger C. Lipitz chair in public policy and private enterprise at the University of Maryland School of Public Affairs. So far, most information-sharing has occurred between companies and the federal agencies that regulate them. The feds have also encouraged companies within the same industry to share information about specific threats, vulnerabilities, and countermeasures through Information Sharing and Analysis Centers (ISACs).

While the ISACs have developed industry-specific security plans, companies are often more comfortable sharing vulnerabilities with the business next door. "They have built relationships on trust," notes Richard Clarke, special adviser to President Bush on cyberspace security. He says regional groups also know best, for example, which bridges carry fiber-optic cables or which local experts could secure a city’s 911 system.

William F. Pelgrin, director of the New York State Cybersecurity and Critical Infrastructure Coordination Office, wants to bring industry and government representatives together every quarter. "It’s not only so we don’t reinvent the wheel, but also so we can build relationships across sectors." Those relationships are essential to address interdependencies, he says.