Unlocking the Potential of Public-Private Partnerships for Enhanced Security

Agency News, Industry News
Public-Private Partnerships (PPPs) are essential in enhancing security across various environments, including critical infrastructure. In its new White Paper, CoESS, the European Private Security Employers’ Representation, demonstrates how collaboration between Law Enforcement Agencies (LEAs) and Private Security Companies (PSCs) can strengthen overall security and societal resilience.
The paper draws on theoretical sources and showcases best practices to highlight the benefits of PPPs but also describe the challenges that hinder their effectiveness. It offers recommendations for all stakeholders involved to overcome barriers, implement key success criteria and optimise the potential of PPPs. The White Paper is jointly published by CoESS and its Dutch member, Nederlandse Veiligheidsbranche, with the support of the International Security Ligue.
The White Paper was officially launched at the European Security Summit, on 10 October 2024 in The Hague.
This article outlines the key takeaways from the White Paper, which will drive the policy and advocacy actions of CoESS, among others when contributing to EU policies such as the Preparedness Union and the Internal Security Strategy.
An Opportunity for Complementarity and Increased Efficiency
Public-Private Partnerships considered in this paper are all forms of cooperation between LEAs and PSCs. As such, they combine the strengths and resources of public security forces with the specialized capabilities of private security companies. This collaboration addresses complex security challenges efficiently, ensuring a comprehensive approach to the protection of people, assets and infrastructure, and thus society as a whole. The synergy allows for an extended security reach, leverages advanced technologies, and enhances the strategic allocation of resources across the security spectrum.
Significance and Impact
PPPs are shown to optimize the use of resources, allowing LEAs to focus on their core tasks while PSCs address the prevention and detection dimensions. The partnerships enhance operational capabilities, provide scalability in response to changing security demands, and introduce innovative solutions to security management. This strategic collaboration leads to improved flexibility in operations and a proactive stance in security planning.
Highlights
Surprisingly, PPPs are legally possible in only 9 out of 27 EU Member States and mostly in Western European countries, where they cover different realities. While some Member States have advanced partnerships based on formal frameworks, others are informal, local and temporary. The type of protected objects and events also vary, as do the missions that are given to the PSCs.
There is a correlation between the level of professionalism of the industry, the maturity of the legal framework, and the depth of cooperation between LEAs and PSCs. The White Paper describes the advantages in operating PPPs, including:
• Resource Efficiency: Private companies support LEAs by handling preventive and surveillance tasks, freeing up public resources for LEAs to concentrate on their core missions.
• Advanced Specialization: PPPs bring state of-the-art technology and specialized skills, particularly valuable in areas in which they have developed particular know-how, such as access control, distance surveillance and monitoring, protecting certain infrastructure (critical and others), etc.
• Strategic Flexibility: The ability to dynamically scale security measures in response to situational analyses enhances both proactive and reactive capabilities.
Implications for the Security Landscape
The increased complexity and diversity of threats require a shift towards a more integrated and responsive security framework. This approach not only improves immediate responses to threats but also supports a sustained security strategy that adapts to future challenges. The implications extend beyond immediate security enhancements, suggesting long-term benefits in public safety and trust.
Challenges and Strategies for Overcoming Obstacles in PPPs
While Public-Private Partnerships offer substantial benefits, they also face specific challenges that can hinder their effectiveness. Key obstacles include issues of trust and information sharing, differing operational cultures between public and private entities, and regulatory constraints that can stifle collaborative efforts.
To overcome these challenges, the White Paper recommends several measures, of which the following are particularly important:
1. Enhancing Trust and Transparency: Building trust is fundamental. Initiatives such as joint training sessions, shared operational planning, and regular stakeholder meetings can foster a mutual understanding and strengthen trust. Clear communication and transparency in operations and decision-making processes are crucial for developing a reliable partnership.
2. Harmonizing Standards and Practices: Developing common standards and practices across public and private sectors within PPPs can alleviate cultural and operational discrepancies. Areas to look into may include training, security protocols, data interoperability, vulnerability assessments and complementarity in response strategies to optimise cooperation.
3. Regulatory Adjustments: Modifying existing laws and regulations to support PPP frameworks and allow for the exchange of information between PSCs and LEAs is essential. Legislation should support best value procurement, collaborative actions and facilitate rather than inhibit information sharing, ensuring that both public and private entities operate under a supportive legal framework that will help reinforce mutual trust and promote cooperation. Finally, legislation should also provide that LEAs have a good understanding of what PSCs can and can’t do. This could be included in basic LEA staff training.
By addressing these challenges through targeted strategies, PPPs can not only enhance their operational effectiveness but also achieve a more resilient and adaptive security infrastructure. These efforts require ongoing commitment and adaptation from all stakeholders involved to ensure the continued success and evolution of PPPs in the security sector.
In conclusion, Public-Private Partnerships are indispensable in the modern security apparatus. By effectively combining the unique strengths of LEAs and PSCs, PPPs not only enhance current security measures but also prepare organizations for emerging threats. This White Paper supports the continued development and refinement of PPP frameworks to maximize their positive impact on public security.
About the Author:
Catherine Piana is the Director General of both CoESS and the Aviation Security Services Association – international (in short ASSA-i) and the co-owner and Managing Director of the internationally acclaimed e-learning platform on the Insider Threat, Help2Protect.
The White Paper can be downloaded free of charge at https://coess.org
Leave a comment

EU Space Act - Strengthening Safety, Resilience and Sustainability in Space

Agency News, Industry News, Space Sector
The EU Space Act is a legislative initiative by the European Commission that introduces a harmonised framework for space activities across the Union. The proposal, launched on 25 June 2025, aims to ensure safety, resilience, and environmental sustainability, while boosting the competitiveness of the EU space sector.
Europe’s current regulatory landscape is fragmented—13 different national approaches increase complexity and costs for businesses. The EU Space Act will create a single market for space activities, making it easier for companies, particularly start-ups and SMEs, to grow and operate across borders.
What will the EU Space Act do?
The proposal is structured around three key pillars:
- Safety
The Act introduces robust rules for tracking space objects and mitigating space debris, preserving Europe’s secure and uninterrupted access to space.
- Resilience
Tailored cybersecurity requirements will strengthen protection of European space infrastructure and ensure business continuity.
- Sustainability
Operators will need to assess and reduce the environmental impact of their space activities, while benefiting from support for innovation in emerging technologies like in-orbit servicing and debris removal.
The new rules will apply to both EU and non-EU operators providing space services in Europe. Proportional requirements will be scaled based on company size and risk profile, ensuring a fair, innovation-friendly regulatory environment.
Support for Industry and Member States
A targeted support package will help businesses and Member States transition smoothly. Special attention is given to reducing administrative burdens and facilitating compliance, especially for start-ups, SMEs and small mid-caps.
Next Steps
The legislative proposal will be negotiated under the ordinary legislative procedure by the European Parliament and the Council.
For more details visit: EU Space Act - European Commission
Leave a comment

ENISA develope European Vulnerability Database (EUVD) as provided for by the NIS2 Directive

Agency News, Cyber Security CII sector, Industry News
The European Union Agency for Cybersecurity (ENISA) has developed the European Vulnerability Database - EUVD as provided for by the NIS2 Directive. The EUVD service, to be maintained by ENISA, is now operational.
The database provides aggregated, reliable, and actionable information such as mitigation measures and exploitation status on cybersecurity vulnerabilities affecting Information and Communication Technology (ICT) products and services.
The objective of the EUVD is to ensure a high level of interconnection of publicly available information coming from multiple sources such as CSIRTs, vendors, as well as existing databases. In order to meet this objective, the platform is building on a holistic approach. As an interconnected database the EUVD allows for better analysis and facilitates the correlation of vulnerabilities by facilitating the open-source software Vulnerability-Lookup, thereby enabling enhanced cybersecurity risk management.
The EUVD offers therefore a trusted, more transparent and broader source of information and further improves situational awareness while limiting exposure to threats.
The aggregated information of the database is displayed through dashboards. The EUVD offers three dashboard views: for critical vulnerabilities, for exploited ones, and for EU coordinated ones. The EU Coordinated Vulnerabilities lists the vulnerabilities coordinated by European CSIRTs and includes the members of the EU CSIRTs network.
The collected and referenced vulnerability information comes from open-source databases. Additional information is added via advisories and alerts issued by national CSIRTs, mitigation and patching guidelines published by vendors, together with exploited vulnerability markings. EUVD data records may include:
- A description of the vulnerability;
- ICT products or ICT services affected and/or affected versions, the severity of the vulnerability and how it could be exploited;
- Information of existing relevant available patches or guidance provided by competent authorities including CSIRTs, and addressed to users on how to mitigate risks.
To meet the requirement of the NIS2 Directive, ENISA initiated a cooperation with different EU and international organisations including MITRE’s CVE Programme. ENISA is in contact with MITRE to understand the impact and next steps following the announcement on the funding to the Common Vulnerabilities and Exposures Program. CVE data, data provided by ICT vendors disclosing vulnerability information via advisories, and relevant information such as CISA’s Known Exploited Vulnerability Catalogue are automatically transferred into the EUVD. This will also be achieved with the support of Member States who established national Coordinated Vulnerability Disclosure (CVD) policies and who designated one of their CSIRTs as the coordinator, ultimately making the EUVD a trusted source for enhanced situational awareness in the EU.
As a CVE Numbering Authority (CNA), ENISA can register vulnerabilities and support vulnerability disclosure since January 2024, in relation to:
- vulnerabilities in IT products discovered by EU CSIRTs themselves; and
- vulnerabilities reported to EU CSIRTs for coordinated disclosure as long they are not in the scope of another CVE Numbering Authority.
Leave a comment

20,000 malicious IPs and domains taken down in INTERPOL infostealer crackdown

Agency News, Cyber Security CII sector, Industry News
More than 20,000 malicious IP addresses or domains linked to information stealers have been taken down in an INTERPOL-coordinated operation against cybercriminal infrastructure.
During Operation Secure law enforcement agencies from 26 countries worked to locate servers, map physical networks and execute targeted takedowns.
Ahead of the operation, INTERPOL cooperated with private-sector partners Group-IB, Kaspersky and Trend Micro to produce Cyber Activity Reports, sharing critical intelligence with cyber teams across Asia. These coordinated efforts resulted in the takedown of 79 per cent of identified suspicious IP addresses.
Participating countries reported the seizure of 41 servers and over 100 GB of data, as well as the arrest of 32 suspects linked to illegal cyber activities.
Infostealer malware is a primary tool for gaining unauthorized access to organizational networks. This type of malicious software extracts sensitive data from infected devices, often referred to as bots. The stolen information typically includes browser credentials, passwords, cookies, credit card details and cryptocurrency wallet data.
Additionally, logs harvested by infostealers are increasingly traded on the cybercriminal underground and are frequently used as a gateway for further attacks. These logs often enable initial access for ransomware deployments, data breaches, and cyber-enabled fraud schemes such as Business Email Compromise (BEC).
Following the operation, authorities notified over 216,000 victims and potential victims so they could take immediate action - such as changing passwords, freezing accounts, or removing unauthorized access.
Vietnamese police arrested 18 suspects, seizing devices from their homes and workplaces. The group's leader was found with over VND 300 million (USD 11,500) in cash, SIM cards and business registration documents, pointing to a scheme to open and sell corporate accounts.
House raids were carried out by authorities in Sri Lanka leading to 12 arrests and the identification of 31 victims.
The Hong Kong Police analysed over 1,700 pieces of intelligence provided by INTERPOL and identified 117 command-and-control servers hosted across 89 internet service providers. These servers were used by cybercriminals as central hubs to launch and manage malicious campaigns, including phishing, online fraud and social media scams.
Neal Jetton, INTERPOL’s Director of Cybercrime, said:
“INTERPOL continues to support practical, collaborative action against global cyber threats. Operation Secure has once again shown the power of intelligence sharing in disrupting malicious infrastructure and preventing large-scale harm to both individuals and businesses.”
Leave a comment

From heatwaves to cyber threats: a comprehensive new guide to today’s hazards

Agency News, Cyber Security CII sector, Industry News, Power/Energy/Oil & Gas sector, Telecomms sector, Transport sector
The United Nations Office for Disaster Risk Reduction (UNDRR) and the International Science Council (ISC) have released an updated edition of their comprehensive hazard guide, offering clear, standardized information on 282 hazards - from wildfires and earthquakes to cyberattacks and pandemics.
The new edition reflects the complex and interconnected nature of today's global risk landscape. Hazards increasingly occur together, cascade across systems, and amplify one another. In response, the updated profiles emphasize a multi-hazard approach-critical for effective early warning systems, emergency planning, and disaster resilience. Originally launched in 2021 as the first resource of its kind, the hazard definitions and classification provide an authoritative technical foundation for disaster risk reduction efforts worldwide. This updated edition builds on that foundation with:
- 282 reviewed hazards across 8 types and 39 clusters
- Improved, machine-readable format to support their use across digital tools and systems. E.g. the updated hazard taxonomy with standard definitions enables the new generation UNDRR-UNDP-WMO disaster tracking system.
- Clearer articulation of hazard interactions and multi-hazard scenarios
- User-informed revisions and new content to support real-world planning and response
"From local governments to humanitarian agencies, the need for consistent, science-based hazard information is universal. These profiles reflect the best available scientific understanding of hazards and offer a foundation for evidence-based policies that reduce risk and build resilience," said Salvatore Aricò, CEO, International Science Council.
"Reliable and standardized hazard data are essential for informing disaster risk reduction strategies. This update helps countries implement the Sendai Framework for Disaster Risk Reduction to reduce losses by 2030," said Kamal Kishore, the Special Representative of the United Nations Secretary-General for Disaster Risk Reduction.
"This updated edition reflects what we've learned: hazards are not standalone events. They are part of a complex web of risk. By bringing together diverse expert and user input, we've made these profiles more actionable, more interconnected, and more immediately useful," said Professor Virginia Murray, Chair of the Hazard Information Profiles Steering Group.
The revision process engaged over 270 experts, reviewers, and users from across sectors and regions. A dedicated User Group, Multi-Hazard Group, and Machine Actionability Group ensured the profiles remain practical, future-ready, and inclusive of diverse perspectives and needs.
Since the initial release, the hazard profiles have been widely used by national disaster management agencies, UN bodies, researchers, and humanitarian organizations for planning, monitoring, risk assessments, and training. This success has prompted the current update to ensure that they remain relevant and up to date.
Leave a comment

UK and allies expose Russian intelligence campaign targeting western logistics and technology organisations

Agency News, Cyber Security CII sector, Industry News
The UK government and international allies have today exposed Russia’s military intelligence service for a campaign of malicious cyber activity against western logistics entities and technology companies.
In a new advisory, the UK's National Cyber Security Centre – a part of GCHQ – and partners from ten countries have revealed details about how military unit 26165 of Russia’s GRU has conducted a malicious cyber campaign against both public and private organisations since 2022.
This has included targeting of organisations involved in the co-ordination, transport and delivery of support to Ukraine, and across the defence, IT services, maritime, airports, ports and air traffic management systems sectors in multiple NATO members.
Unit 26165 – also known as APT 28 – was able to gain initial access to victim networks using a mix of previously disclosed techniques, including credential guessing, spear-phishing and exploitation of Microsoft Exchange mailbox permissions. They also targeted internet-connected cameras at Ukrainian border crossings and near military installations to monitor and track aid shipments to Ukraine.
The UK’s support for Ukraine remains steadfast as it continues to suffer Russia’s barbaric war. In total, the UK has committed £13 billion in military aid, and this week 100 new sanctions on Russia were announced, targeting entities supporting its military, energy, and financial institutions. This followed Russia launching its biggest drone attack of the war last weekend.
Supporting UK organisations to stay resilient to cyber threats is helping to secure the foundations for the government’s Plan for Change in a more volatile and unstable world. Along with details of the threat, the advisory includes mitigation advice to help defend against the malicious activity.
Executives and network defenders at technology and logistics companies should recognise the elevated threat of targeting and take immediate action to protect themselves.
Actions include increasing monitoring, using multi-factor authentication with strong factors – such as passkeys – and ensuring security updates are applied promptly to manage vulnerabilities.
The NCSC has co-sealed this advisory alongside agencies from the United States, Germany, Czech Republic, Poland, Australia, Canada, Denmark, Estonia, France and the Netherlands.
Leave a comment

First Interoperability Milestone Achieved: sBMS and VIS4EES Go Live

Agency News, Cyber Security CII sector, Industry News
eu-LISA has successfully launched the shared Biometric Matching Service (sBMS), the EU’s central biometric matching system, and upgraded the Visa Information System (VIS4EES). These two systems mark the completion of the first milestone of the Interoperability Roadmap, ensuring that Member States and EU Agencies are well prepared for future developments.
The technical activities enabling the go-live were carried out overnight by eu-LISA experts, in collaboration with external partners. Both systems are now fully operational and accessible to Member States and competent EU Agencies.
The Visa Information System (VIS) is a large-scale IT system that supports the implementation of the EU’s common visa policy and facilitates checks at external borders. It allows Schengen States to exchange data on short-stay visas and connects consulates in non-EU countries with border crossing points. The upgraded VIS4 introduces enhanced functionalities, improved performance, and greater readiness for future interoperability.
The shared Biometric Matching Service (sBMS) is a centralised system that stores and compares biometric data—such as fingerprints and facial images—across multiple EU information systems. As the first operational component of the interoperability architecture, sBMS enables biometric searches and identity checks across systems, contributing to the accuracy, security, and efficiency of EU border and migration management.
Together, VIS4 and sBMS represent a major step forward in reinforcing the EU’s external border security. They constitute the first operational element of interoperability and lay the groundwork for the upcoming integration of the Entry/Exit System (EES).
Leave a comment

Network Monitoring Program Needs Further Guidance and Actions

Agency News, Cyber Security CII sector, Industry News
The Department of Homeland Security's Continuous Diagnostics and Mitigation (CDM) program gives agencies cybersecurity tools to strengthen the networks and systems they use to meet their missions.
A key aspect of a rigorous cybersecurity program is continuously monitoring networks and systems to identify and manage risks. Consistent with the FISMA requirement for agency network monitoring, the CISA-led CDM program provides tools to agencies to assist in this effort.
FISMA includes a provision for GAO to periodically report on agencies' implementation of the act. Among its objectives, this report examines the extent to which the CDM program is (1) meeting its goals, and (2) supporting other federal cybersecurity initiatives.
While the program has met two of its goals, it lacks sufficient guidance for managing network security and data protection. The program generally supports government-wide cybersecurity initiatives, but DHS's Cybersecurity and Infrastructure Security Agency hasn't finalized all plans for how CDM can provide support. For example, the agency hasn't fully updated the program's cloud asset management guidance.
The Department of Homeland Security (DHS) established the Continuous Diagnostics and Mitigation (CDM) program in 2012 to strengthen the cybersecurity of government networks and systems. Its goals are to: (1) reduce exposure to insecure configurations or known vulnerabilities; (2) improve federal cybersecurity response capabilities; (3) increase visibility into the federal cybersecurity posture; and (4) streamline Federal Information Security Modernization Act of 2014 (FISMA) reporting. The Cybersecurity and Infrastructure Security Agency (CISA) manages these goals across four capability areas (see figure). The program is meeting two of its four goals and partially meeting the other two, as discussed below.
CDM has met two goals. First, it is reducing exposure to insecure configurations and known vulnerabilities—22 of 23 agencies reported that the program was helpful in accomplishing this. CDM is also meeting its incident response capability goal.
The program, however, has been less successful in meeting the other two goals.
Although CISA developed dashboards to visualize and provide insight to the federal cybersecurity posture and the associated capability areas noted above, officials from 21 of 23 agencies stated that they had not yet fully implemented network security and data protection capabilities. Several agencies cited a lack of guidance as contributing to the slow implementation.
While officials from four agencies stated that CDM helped to automate FISMA reporting, officials from seven other agencies said that data quality issues were adversely affecting efforts to streamline reporting leading to manual updates to correct data errors.
Regarding supporting other initiatives, the Office of Management and Budget (OMB) established expectations that CDM would support federal cybersecurity efforts on zero trust architecture, endpoint detection and response, and cloud asset management. CDM has generally met expectations for the zero trust architecture program. However, CISA had not finalized key activities to support endpoint detection and cloud asset management. CISA's actions to implement an endpoint solution for all agencies and issue updated guidance on cloud asset management would improve the cybersecurity posture of federal agencies.
GAO selected for review the 23 civilian agencies covered in the Chief Financial Officers Act of 1990 (CFO Act). GAO compared CDM program documentation against relevant guidance, and summarized survey results from the 23 civilian CFO Act agencies. GAO also interviewed CISA and OMB officials.
GAO is making four recommendations to DHS and CISA to (1) issue guidance on implementing network security and data protection capabilities, (2) address data quality issues, (3) implement an endpoint solution, and (4) issue updated guidance on cloud asset management. DHS, on behalf of CISA, concurred with the recommendations.
Leave a comment

DDoS-for-hire empire brought down: Poland arrests 4 administrators, US seizes 9 domains

Agency News, Cyber Security CII sector, Industry News
In the latest blow to the criminal market for distributed denial of service (DDoS)-for-hire services, Polish authorities have arrested four individuals who allegedly ran a network of platforms used to launch thousands of cyberattacks worldwide. The suspects are believed to be behind six separate stresser/booter services that enabled paying customers to flood websites and servers with malicious traffic — knocking them offline for as little as EUR 10.
The now defunct platforms – Cfxapi, Cfxsecurity, neostress, jetstress, quickdown and zapcut – are thought to have facilitated widespread attacks on schools, government services, businesses, and gaming platforms between 2022 and 2025.
The platforms offered slick interfaces that required no technical skills. Users simply entered a target IP address, selected the type and duration of attack, and paid the fee — automating attacks that could overwhelm even well-defended websites.
Global law enforcement response
The arrests in Poland were part of a coordinated international action involving law enforcement authorities in 4 countries, with Europol providing analytical and operational support throughout the investigation.
Dutch authorities have deployed fake booter sites designed to warn users seeking out DDoS-for-hire services, reinforcing the message that those who use these tools are being watched and could face prosecution. Data from booter websites, seized by Dutch law enforcement in data centres in the Netherlands, was shared with international partners, including Poland, contributing to the arrest of the four administrators.
The United States seized 9 domains associated with booter services during the coordinated week of action, continuing its broader campaign against commercialised DDoS platforms.
Germany supported the Polish-led investigation by helping identify one of the suspects and sharing critical intelligence on others.
What are stresser and booter services?
Stresser and booter services offer on-demand cyberattacks, often disguised as tools for legitimate testing but widely used to cause deliberate disruption. These services let users flood a target server or website with enormous volumes of fake traffic, making them inaccessible to real users – a technique known as distributed denial of service.
Unlike traditional botnets, which require the control of large numbers of infected devices, stresser/booter services industrialise DDoS attacks through centralised, rented infrastructure. They are often advertised on underground forums and the dark web, and transactions are typically anonymised.
This coordinated action is part of Operation PowerOFF, an ongoing international law enforcement effort targeting the infrastructure behind DDoS-for-hire activity.
Leave a comment

New Best Practices Guide for Securing AI Data Released

Agency News, Cyber Security CII sector, Industry News

CISA, the National Security Agency, the Federal Bureau of Investigation, and international partners released a joint Cybersecurity Information Sheet on AI Data Security: Best Practices for Securing Data Used to Train & Operate AI Systems.

This information sheet highlights the critical role of data security in ensuring the accuracy, integrity, and trustworthiness of AI outcomes. It outlines key risks that may arise from data security and integrity issues across all phases of the AI lifecycle, from development and testing to deployment and operation.

Defense Industrial Bases, National Security Systems owners, federal agencies, and Critical Infrastructure owners and operators are encouraged to review this information sheet and implement the recommended best practices and mitigation strategies to protect sensitive, proprietary, and mission critical data in AI-enabled and machine learning systems. These include adopting robust data protection measures; proactively managing risks; and strengthening monitoring, threat detection, and network defense capabilities.

As AI systems become more integrated into essential operations, organizations must remain vigilant and take deliberate steps to secure the data that powers them.

Leave a comment
1 2 3 62