As new Trump adviser Rudy Giuliani puts together a cyber security plan for the incoming administration, he has made it clear that the private sector will be part of the strategy.
Companies like Symantec (SYMC - Get Report) , FireEye (FEYE - Get Report) , Cisco (CSCO - Get Report) , Proofpoint (PFPT - Get Report) , Splunk (SPLK - Get Report) and BlackBerry (BBRY) could all play a larger role in the nation's defenses. The recent hacks of the Democratic National Committee by Russia groups and the potential effects on the election have given the issue a political charge.
The DNC hired privately held Crowdstrike to investigate the attacks. And FireEye conducted an independent investigation of the high-profile intrusion, which has raised the stakes for politicians and cyber security firms looking to secure networks.
To fight hackers backed by foreign nations and organized crime, Symantec Senior Director of Global Government Affairs and Policy Jeff Greene said, the government will need more boots on the ground. "We don't have enough trained experienced cybersecurity professionals," he said.
The government has picked up its cyber awareness since the 2015 hack of the Office of Personnel Management, which exposed personal data of more than 20 million of Americans. The government put an emphasis on identifying, monitoring and protecting sensitive, highly valued data and assets.
Washington also stepped up "basic cyber-hygiene," Greene said, such as more strenuous user authentication.
"It's a cliche that passwords aren't secure but they aren't," Greene said, noting that authentification that involves both a password and a device, like a cell phone, is more secure.
Giuliani and the Trump cyber security team could also negotiate international agreements, like the cyber security pact that the Obama administration struck with China in 2015.
Like Symantec, FireEye is a security company that has made inroads in Washington, Wedbush analyst Steve Koenig noted. "They have made some pretty good progress in getting traction in Federal sales," he said.
Likewise, Proofpoint's strength in email security could appeal to the government. "Email is clearly coming to the fore in terms of people recognizing it as being the primary initial threat vector for targeted attacks," Koenig said.
Splunk uses its data analysis capabilities to monitor networks for breaches, and could build on its position in Federal sales. "They are becoming the de facto dashboard for all things security," Koenig said. Splunk can incorporate data from other software vendors' firewalls, email protection software and network security appliances.
Cisco is "omnipresent" in networking conversations, Morningstar analyst Ilya Kundozerov suggested, and could be included in Guiliani's outreach.
For its part, BlackBerry has a connection with Giuliani. The mobile device company, which is remaking itself as a software developer, announced an agreement with Giuliani Partners at the Consumer Electronics Show earlier in January. Giuliani's firm would use BlackBerry's software to support its government and corporate consulting security service.
While Giuliani Partners offers a security service, much of his appeal is the name recognition that the Mayor of New York during the 9/11 attacks possesses.
"While he occasionally uses the wrong or outmoded words or phrases, Giuliani has been in and around the problems of cybersecurity, at least at a strategic level understanding, since around 2004," Daniel Kennedy Research Director for Information Security 451 Research suggested in an email. "In short, while I can think of more technically qualified candidates, I don't know that they would pass the name recognition test required of a political response; at least Giuliani has an understanding of the problem."
Giuliani likened cyber security to the search for a cure to cancer at a Thursday press conference. "There are so many different things being done to cure cancer, you almost feel like if you could put all the people in the same room, and they'd all share the information with each other, maybe we'd cure it," he said.
Kennedy suggested a different cancer analogy would be more fitting for cyber security. As in the fight against cancer, early detection, treating the problem and taking steps to reduce risk are more attainable than a cure or a permanent solution. "Security is not a problem that's going to be 'solved,' it's an ongoing evolutionary race between those who threaten the integrity of online systems and data, and those preventing, detecting, and/or responding to those attacks," Kennedy wrote.