When a criminal robs a store, the police visit the scene, conduct an investigation and try to bring the perpetrator to justice. What happens when a criminal breaches that same store\u2019s server and makes off with its customer\u2019s credit-card numbers? I\u2019d argue that the response to the physical crime would be much greater and effective than how the cyber crime would be handled, although cyber attacks have the potential to cause more damage than robberies.Blame cyber criminals, not nation-states, for attacksWhile nation-states are typically blamed for breaches, the culprits are usually cyber criminals who are using nation-state techniques and procedures. Companies likely claim infiltration by nation-state attackers because it provides them with some cover from lawsuits and preserves business deals and partnerships. (Yahoo is using this tactic with little success.) The reasoning could look like this: how could our organization protect itself from attackers who have the support and resources of a major government? We\u2019re simply outgunned.That logic is sound. Companies are outmatched. They\u2019re facing adversaries who were trained by nation-state actors and use similar tools. But this logic is also a cop out: Businesses are responsible for protecting their data.The questions I\u2019ve been asking lately are how governments, and particularly the U.S. government, can provide the private sector with better protection and help businesses fight cyber crime. The answer lies in a two-pronged approach with companies handling the bulk of the defensive efforts, while the government occasionally lends a hand in areas such as threat intelligence and post-breach forensics.I realize that the U.S. government isn\u2019t regarded as being at the forefront of information security or for working efficiently. Indeed, governments may lack current technology and move slowly, but that doesn\u2019t mean there isn\u2019t a role for the public sector in protecting private companies.And judging by a survey Cybereason conducted\u00a0(pdf) on how information security factors into November\u2019s election, I\u2019m not the only one who feels this way. Of the 515 registered voters we polled, 75 percent said dealing with cyber risk requires a partnership between the public and private sectors.Move beyond protecting infrastructureThe U.S. government is already moving somewhat in this direction, judging by the creation of the Cyber Mission Force. Viewed as the U.S.\u2019 first troops dedicated to protecting military computer networks from attacks and initiating offensive operations, this group, which reached operational capacity in September and will eventually include 5,000 members, will also help protect the country\u2019s critical infrastructure.Defending critical infrastructure such as power grids, nuclear power plants and utility providers seems obvious. Damaging infrastructure, which often has poor security, could have a massive and devastating impact on thousands of people, if not more. If people don\u2019t have electricity, water or natural gas, they can\u2019t live.Apply a broader definition to critical networksThis same logic should be applied to the computer networks of banks, credit-card companies, internet service providers and healthcare organizations. People panicked last week when a DDoS attack prevented them from using sites such as Twitter and Netflix. Imagine the hysteria that would ensue if an even larger DDoS attack prevented them from accessing the SaaS applications they use to complete their jobs. In other words, many businesses provide services that could be classified as critical. Unfortunately, the Cyber Mission Force lacks a team that focuses on protecting the private sector from attacks, at least for now.The private sector can\u2019t do it aloneCompanies need help if they\u2019re going to face adversaries who use nation-state attack techniques. And both the public and private sectors would benefit greatly from collaborating on information security. The government would learn about the unique issues the private sector faces, such as dealing with a remote workforce that doesn\u2019t necessarily follow corporate security policies or the shortage of security talent. The private sector gains access to detailed threat information and help figuring out how to harden their networks.Adversaries aren\u2019t going to decrease the intensity of their attacks or become less ambitious with whom and what they target. In the past few months, we\u2019ve seen two of the largest DDoS attacks to date, as well as hacks targeting a U.S. presidential candidate. With the U.S. government\u2019s help, companies could have the edge they need to fend off the next round of attacks.