Cyber security cooperation between the federal government and the private sector is essential, yet our cyber systems are particularly vulnerable to attack. Why is that so, and what can we do to fix the problem? We need to approach the question from fundamental first principles: Is cyber security a public good or a private good? Once we answer that question, we can determine whether our current laws and regulations enhance the government’s proper function or impede the private sector. This essay attempts to begin that effort.