CT3- STEVENS
-
Upload
elizabeth-stevens -
Category
Technology
-
view
453 -
download
2
description
Transcript of CT3- STEVENS
U.S. Cyber Security PolicyElizabeth StevensDr. Gurpreet DhillonINFO – 644, CT3
What Is Cyber Security?• Subramanian (2010) defines cyber security as:• “The security of a nation’s computer and
telecommunications infrastructure as well as the data stored within the computers from outside attack” (Dhillon, 2013, p. 188).
• Cyber security includes protection of:• Hardware• Software• Information in both public and private sectors• Military• Communications networks• Electrical grids• Power plants
Circuits of Power• The history of U.S. cyber security policy is
examined through Clegg’s theory of circuits of power.
• Circuits of power “explains power relationships independent of the particular circumstances of organizations or their structure. The application of the theory leads to a complete political appraisal of the organization” (Dhillon, 2013, p. 190).
• Power circulates in three different circuits:• Episodic circuit• Social integration circuit• System integration circuit
Episodic Power• Episodic power – describes the day-to-day
interaction, work, and outcomes (p. 190); can be recognized by outcomes and actions.
• The attacks of 9/11 led to the creation of the Department of Homeland Security (DHS); 22 separate departments merged into one agency.
• The new position of Secretary of DHS would come with great political power:• Appointing responsibilities• Directing funds and resources• Implementing personnel policy• Oversight
Episodic Power cont.• Creation of DHS led to issues within Congress and
other parts of the federal government:• Committee Chairs did not want to give up their powers.• If one committee exercised power, it was resisted by other
ones.• Funds were misappropriated across different agencies
nationwide.• Richard Clarke, author of “National Plan to Secure
Cyberspace” was forced to resign.• Between 2003-2005, there was no real cyber security
strategy; lack of leadership and “turf wars” kept cyber security czars from developing cyber security strategies.• Major cyber security breaches in 2007 and 2008 affected
State Dept., DoD, DHS, NASA and the VA.
Episodic Power cont.• These breaches prompted directives HSPD 23 and
NSPD 54 that led to Comprehensive National CyberSecurity Inititative (CNCI) and the National Cyber Security Center (NCSC).
• The NSA wanted to be in charge of cyber security.• In 2009, Obama promised to develop a national
cyber security policy and appoint a federal cyber security coordinator.
• This position would be above NSA and DHS and depends on the collaboration between different organizations.
• According to Dhillon (2013), “episodic power relationships played a crucial part in the first decade of cybersecurity administration and implementation in the U.S.” (p. 197).
Social Integration• A month after 9/11, Senator Lieberman introduced
a bill to establish a DHS that had aspects of cyber security:• Maintaining a hub of cyber security experts• Sharing of information concerning cyber security in the
U.S.• Establishing cyber security standards with the FCC• Certifying national preparedness for cyber attacks
• After DHS was created, cyber security matters took a low priority
• DHS officials and loyalists to Bush, did not criticize its lacking cyber security initiatives as most of the country supported the government’s national security endeavors unquestionably.
System Integration• System integration has two subcomponents:• Production• Discipline
• The Cyber Security Enhancement Act (CSEA) of 2002 grants companies permission to release customers’ electronic info to government employees without warrants or legal documents.• Reports were exempt from Freedom of Information Act
requests• Companies providing info were free from being sued by
customers• Customers did not have to be notified that their info was
released
• Stop Online Piracy Act (SOPA) of 2012 was met with a huge public backlash; major internet companies opposed SOPA.
Conclusion• Cyber security policy was drastically affected by:• Turf wars• Executive orders• Legislative procedures• Patriotic culture• Public backlash• Major shifts in power within the federal government
• Obama’s 2013 executive order to put cyber security policy into law will design a framework for the government and the private sector to “allow intelligence to be gathered on cyber threats to privately owned critical infrastructure…so they can better protect themselves” (Dhillon, 2013, p. 202).