The term "partnership" has many meanings and definitions. Context, time, culture and circumstances play a large role in the definition of the term and its actual implementation. Cooperation can be permanent, transitory or situational. It can be based on formal mechanisms as well as informal concepts. Cooperation, whether bilateral or multilateral, reaches its peak when the parties believe that this type of relationship is mutually beneficial.

This does not mean that a mechanism of this type, whether formal or informal, is without cost. What is certain is that in any binding agreement some 'freedoms' are voluntarily given up in exchange for a perceived benefit. It is enough to recall the works of Hobbes, Locke or Rousseau to recognize the costs and benefits of creating and joining a community.

That is the essence of cooperation. By joining a community and cooperating with its members, we seek safety, stability and protection, aspects that are often considered positive. In exchange, we give up individualism, free will, and some independence. For some, this is an unacceptable cost that is not outweighed by the benefits derived from the positive aspects of cooperation. It is reasonable.

However, history teaches us that the benefits of cooperation generally outweigh the perceived or real costs, although there are certainly exceptions. However, the concept of "joining forces" in a common enterprise or goal is often considered better than "going it alone". To facilitate or even improve efficiency, the cooperation agreement should include:

Agreement on common goals.
- Mechanisms for continuous evaluation of costs and benefits.
- Mechanisms to cancel the agreement.
- Some parameters for the agreement.
- Agreed application mechanisms of the agreement.

Needless to say, the underlying predicate is that the parties to the agreement voluntarily recognize the necessity of the agreement and accept that the alternative is desirable. As we move forward with our analysis, these principles form the basis of our recommendation that cooperation become an essential aspect of mitigating the threats posed by cyberattacks, regardless of whether they are considered crimes, acts of terrorism, or acts of violence.

To flesh out this proposal, the collaborative model I recommend would benefit both private and public organizations. It would also force hacked corporations to institutionalize reporting mechanisms to both law enforcement agencies and their customers. Cross vectors between the population (in general), municipalities, police and corporations (listed or not).

This complexity reflects the diversity of threats and vulnerable targets. We know that implementing this recommendation is counterproductive to many stakeholders, including (unsurprisingly) corporations and (surprisingly) law enforcement. In any case, this cooperation was received with skepticism as a model of collective security, combined with a component of legitimate self-defense (in both cases derived from international law).

Business resistance reflected concerns about the potential loss of revenue and other unintended consequences in the form of competitive advantage. On the other hand, law enforcement arose from two different logics: the unwillingness of the federal police to cooperate with local agents and the lack of resources to deal with cyberattacks.

Undoubtedly, this imposes unwanted and sometimes unjustified costs. However, the risks and threats posed by cyberattacks justify the search for mechanisms that enforce cooperation. That is, if voluntary cooperation is not possible, the discussion should be extended to the possibility of compulsory cooperation.

— Requests the federal government to periodically publish the best practices document. In this way, entities will be able to use best practices to better defend their cyber infrastructures.

— Identifies the uses of cyber threat indicators and countermeasures authorized by the federal government, limiting the disclosure, storage, and use of information.

— Authorizes entities to exchange cyber threat indicators and defensive measures, among themselves and with the Department of Homeland Security, to protect against resulting legal risks.

— Protects personally identifiable information (PII) by requiring entities to remove all PII from information transmitted to the federal government. Any federal agency that receives cyber information containing PII must protect the PII from unauthorized use or disclosure. The Attorney General of the United States and the Secretary of the Department of Homeland Security will provide guidance to help meet this requirement.

In the same vein, on July 6, 2016, the European Parliament approved the Network and Information Systems Directive (RSI Directive), which provides legal measures to improve the overall level of cyber security in the EU, ensuring:

— The preparation of the member states, asking them to have the appropriate devices for this purpose; for example, a network of Computer Security Incident Response Teams (CSIRTs) and a National Network and Information Systems Authority (NSI).

— Cooperation between all member states, creating a cooperation group to support and facilitate strategic cooperation and information exchange. They must also create a CSIRT Network, with the aim of promoting rapid and effective operational cooperation in the face of specific cyber security incidents and the exchange of risk information.

— A culture of security in the different sectors that are essential to our economy and society and, moreover, highly dependent on information and communication technologies (ICT), such as energy, transport, water, banking, financial market infrastructure, healthcare and digital infrastructure. . Companies in these sectors identified by Member States as operators of essential services must take appropriate security measures and report serious incidents to the relevant national authority. In addition, providers of essential digital services (search engines, cloud computing services and online marketplaces) will have to comply with the security and notification requirements of the new Directive.