Introduction

On May 13, 1972, the newly christened USS Nimitz slid down Slipway 11 of Newport News Shipbuilding and Dry Dock Co.,¹ launching not just one ship but the largest class of warships ever built.² Indeed, the Nimitz, at more than 1,000 feet long, was more: an advertisement for and indicator of American dominance in the entire scope of national security. The US government was the world’s largest player in technology and innovation; lawmakers in Washington, D.C., could set industry agendas through purchases, grants, and regulations.

Decades later, the global security environment has shifted. The Nimitz class of warships would remain the world’s largest for the next four decades,³ but they no longer served as the same metaphor for supreme federal power. Globally, commercial R&D spending eclipsed government levels,⁴ and democratizing technology meant that industrial decisions would now be driven by a host of different international public and private participants, each with differing agendas and incentives. When it comes to national security today, government is less an aircraft carrier than one ship—albeit a large ship—among many, with routes intersecting and crisscrossed with destinations varied.

Russia’s invasion of Ukraine has highlighted this trend toward a more disaggregated, interest-driven world, with a wide range of public- and private-sector organizations making independent decisions, each with an impact on military and security outcomes.

Shortly after Russia’s invasion of Ukraine, companies began to pull out of the Russian market,⁵ motivated not by any central security decision, such as a nation’s imposition of sanctions, but by the diverse pull of shareholders and customers overwhelmingly opposed to Russia’s actions and the business risk they believe resulted from Moscow’s choices.⁶ The trend of disaggregated action continued as the conflict evolved. For example, when attacks threatened Ukrainian communications infrastructure, Ukraine’s deputy prime minister tweeted an appeal to SpaceX, which moved quickly to provide Starlink internet service and terminals.⁷ The satellite-based technology’s ubiquity and jamming resistance helped Ukraine, in the words of an adviser to President Zelenskyy, “survive the most critical moments of war.”⁸ But the nation’s appeal to and reliance on the actions of a private company—one based thousands of miles away, no less—to bolster its national security put Ukraine in an awkward position where it had to consider the interests of a private sector actor to preserve a critical wartime capability.⁹

As governments around the world grapple with this trend, it is increasingly clear more collaboration with public and private participants is necessary to protect national security. Indeed, leaders are beginning to evolve new approaches and new tools to shape commercial partners’ incentives and protect public security.

Walls coming down

• Traditional distinctions between purely commercial and national security issues are becoming increasingly fuzzy with corporate actions to pull out of countries, relocate manufacturing plants, or provide/deny service having significant national implications.
• Renewed strategic competition between major powers is driving new collaboration between other nations on issues beyond security as they find their interests currently aligned.
• Global, interdependent supply chains also increase the shared risk for both government and businesses as conflicts, or other disruptions, can cause whole industries to grind to a halt.

Trend in action

The breaking down of these walls is creating perceptible shifts in how national security is achieved.

Shift from central control to disaggregated action

Once centrally controlled, security is now increasingly driven by the actions of disaggregated players. For example, military supplies traditionally flowed to foreign countries through a closely regulated sales process tightly controlled by ministries or departments of defense. But the increasing dual-use applicability of consumer technologies to military tasks means that suppliers increasingly have the opportunity to sell directly to militaries around the world. Defense ministries already purchase consumer-grade drones, hacking software, and more—SpaceX developed its Starlink internet system for consumers, not for Ukrainian national security.¹⁰

And if companies are free to do business with countries, they can choose not to do business as well. Traditional government tools such as economic sanctions or military blockades have long controlled the process of limiting a country’s markets to certain buyers, but corporations pulling out of Russia showed that the same effect could be achieved by individual companies electing—based on their own commercial interests—to no longer do business there.¹¹ While the Russia pullouts happened to align with Western nations’ security goals, they raise the troubling issue of whether a government could influence, much less control, such actions if commercial incentives and national security interests pulled in opposite directions.

The intelligence space is confronting rising tensions between security needs and other potentially competing incentives. The proliferation of commercial satellite imagery, online data, and, especially, social media has given amateur analysts the tools to track even sensitive military radar systems in real-time while sitting at their kitchen tables.¹² While internet detectives had used these tools to do everything from tracking warship deployments in the Syrian conflict to identifying those responsible for downing Malaysian Air flight 17, the Ukraine conflict focused fresh attention on the trend.¹³ In advance of Russia’s invasion, online communities were able to track and share details of Russian troop buildup and accurately predict the invasion’s movements.¹⁴ Once the invasion began, communities used social media posts and facial recognition to identify individual Russian service members serving in Ukraine,¹⁵ particular munitions used,¹⁶ and even members of a clandestine Russian military unit programming missile flight paths.¹⁷

Again, in all of these cases, the actions of these online sleuths aligned with key Western security goals. But there’s no guarantee that future independent initiatives will share those objectives.

The clash of familiar roles and shifting interests

The proliferation of players now acting in the security space means that government must adjust traditional roles to work within a more diverse ecosystem, often only able to exert influence—not control. In place of fixed rules set by a department of state or ministry of defense, each participant is often guided by their own unique, ever-shifting set of incentives: how they can make money, what sales and activities align with stated organizational values or brand, how certain contracts might conflict with others, and so on. The way a government agency is currently organized or equipped may not be suited to meet changing private-sector incentives.

Nowhere might this struggle between government roles and industry incentives be more visible than in cyberspace, where lines between sanctioned and freelance, legitimate and rogue, often blur. In April 2022, a Russian hacker group launched a ransomware attack on the government of Costa Rica, crippling the nation’s electric grid. As with previous cyberattacks on Brazil and Argentina, Costa Rica found itself in discussions and negotiations with other governments, private companies, and hackers to bring the issue to resolution.¹⁸

The conflict in Ukraine sounded a clarion call for online freelancers on all sides, guided largely by their own sense of right and wrong: Russia-backed hackers aimed to take down Ukrainian government websites; Western hackers targeted Russian sites and even Russia-backed hackers themselves.¹⁹ And this activity often occurred without state sanction and, thus, outside of any internationally agreed-upon principles of conduct.²⁰ This type of behavior—which will likely become more common²¹—not only complicates attribution and response by other nations but can make these activities difficult for even an aligned state to control. What do you do if a hacker invokes your nation’s name in taking down a hospital, whether in an allied or enemy country? Are you legally responsible? Can an adversary legitimately encourage its own freelance hackers to respond?

Finding mechanisms to coordinate these disaggregated, interest-driven actions is key to solving or at least mitigating these difficult possibilities.

This shift challenges traditional tools

For government leaders looking to steer behaviors through a new set of incentives, the challenge is exacerbated by the ineffectiveness of many traditional tools. National security is increasingly tangled with economic and other considerations.

Take semiconductors, for instance. A critical component of electronic devices, from personal vehicles to fighter jets, semiconductor availability is vital to a country’s economic and national security. But their production is highly concentrated, with companies in Taiwan, the United States, China, and South Korea owning 84% of the global market share in assembly, testing, and packaging.²² Furthermore, just two regions—Taiwan and South Korea—manufacture nearly all advanced chips.²³ This concentration creates supply chain chokepoints and vulnerabilities, which could leave entire industries and countries without access to semiconductors during heightened geopolitical tensions or other trade disruptions.²⁴

As the COVID-19 pandemic and the Russian invasion of Ukraine disrupted a range of global supply chains, some governments moved to bolster or jumpstart domestic semiconductor industries: The European Union recently announced a €43 billion EU Chips Act with the aim of making the region self-sufficient in semiconductors, while the US government’s CHIPS Act laid out plans for more than US$52 billion in federal funding.²⁵ Yet some governments—especially those without the means to stand up a new high-tech industry—may have little choice but to deal with an uncomfortably tenuous supply chain.

The promise of making national security more, well, secure—aligning the interconnected challenges of semiconductors, cybersecurity, and open-source intelligence, among other areas—demands tools more fine-grained than the blunt instruments of export controls and similar regulations. Agencies need agile tools that can inform and align private-sector interests and guide decisions without costly consequences for government or industry.

Efforts to shore up vulnerabilities have thus far focused on encouraging closer collaboration around shared interests. For example, the FY2023 US National Defense Authorization Act requires key government agencies to study how to build a more collaborative cyber information environment.²⁶ The European Union has also doubled down on collaboration through Horizon Europe, a research and innovation program with particular emphasis on pressing transnational or regional issues, such as climate change and support to Ukraine. The program pays special attention to open-science policies and new approaches to partnerships with industry.²⁷ It’s likely that governments and agencies will further expand such initiatives as national security ecosystems continue to sprawl.

Moving forward

A more disaggregated and interest-driven world means that government agencies and ministries cannot go it alone even when it comes to national security, a role topping any list of government responsibilities. Increasingly, governments must collaborate with a broad ecosystem that includes a wide variety of players—often quickly, with crises and events still developing—to advance national security outcomes. If that collaboration is well-managed, new and more effective security capabilities may emerge. Recommendations to establish and manage that collaboration include:

• Be receptive to shifting interests and adjust plans accordingly. As is evident from the private-sector pullout in Russia, companies’ interests can change rapidly. Government and business leaders should carefully assess the significance of changing interests to identify where opportunities for collaboration exist and where they may arise, communicating to discuss potentially aligned agendas. For government agencies and ministries, this may mean challenging entrenched organizational culture and assumptions that may blind people to the realities of a changing world. For business leaders, this may mean not waiting until government requests and/or requires action but, rather, being proactive in recognition of shifting security imperatives as well as business interests.
• Identify bridgebuilders who can span both worlds.³¹ Whether in industry, academia, or government, sectors often speak different languages. Finding leaders who understand the nuances of various interests and can translate is often a first step to establishing the trust and communication necessary to work together on tough security issues. Recognized bridgebuilders need to be empathetic of partners and their positions and be incentivized to grow strong relationships around shared—or at least not opposing—interests.
• Create platforms for collaboration. Once initial trust has been established, government and the private sector need forums where they can share information and work out the details of the collaboration. These forums should be outcome-oriented, flexible in design, quick to stand up, and easy to dissolve as interests shift. The internet governance community offers this through various technical and policy working groups and task forces.
• Take an iterative approach. Finally, wherever conflicting interests are concerned, progress will not be instantaneous or assured—especially when the stakes are so high. But the consequences of conflicting government and private-sector interests are likely to impair security equally. Where collaboration proves difficult, remain agile in changing people, processes, and techniques to allow new ideas, tools, and practices to break barriers. Sustained dialogue over time will create opportunities for increased alignment and collaboration.

Deloitte Center for Government Insights

The Deloitte Center for Government Insights shares inspiring stories of government innovation, looking at what’s behind the adoption of new technologies and management practices. We produce cutting-edge research that guides public officials without burying them in jargon and minutiae, crystalizing essential insights in an easy-to-absorb format. Through research, forums, and immersive workshops, our goal is to provide public officials, policy professionals, and members of the media with fresh insights that advance an understanding of what is possible in government transformation.

Defense, Security & Justice

Deloitte offers national security consulting and advisory
services to clients across the Department of Defense, the Department of
Homeland Security, the Department of Justice, and the intelligence
community. From cyber and logistics to data visualization and mission
analytics, personnel, and finance, we bring insights from our client
experience and research to drive bold and lasting results in the
national security and intelligence sector. Our people, ideas,
technology, and outcomes are all designed for impact.

Learn more