Government Cybersecurity Regulation of the Private Sector
University of Maryland University College
Unlike other countries, the line between the public and the private sector in the United States is not finite, and ideally the two should collaborate toward a common goal of increased cyber security to protect national interests. The future of US cyber security legislation is not without obstacles, as private industry resents increased government intervention, and the government assesses the private sector fails to provide the level of security commiserate with the potential damage caused by compromise to national critical infrastructure. Current legislation often focuses on milestones rather than the end-state and offers little in the way of incentives for increased private industry cost and effort to employ better Cybersecurity.
Government Regulation of Private Industry Cybersecurity Standards Introduction
The line between the public and the private sector is not as finite as it once was. The September 11, 2001 terrorist attacks in New York City and Washington DC solidified the need for emphasis on national security, and globalization has effected the way the government and commerce interact in regulatory, financial and security matters. There are numerous examples of the confluence of government and private industry; defense contractors, financial institutions, and equipment and service providers (arms, computers, internet and telecommunications). None are of greater national security significance than critical infrastructure. United States critical infrastructure is defined as electrical, hydrological, nuclear, and chemical. In the last three years attacks against US infrastructure have increased exponentially, and there have been 82 of attacks on the electrical grid in the last year alone (Goldman, 2013). Private industry resents increased government intervention in the form of regulations, laws and rules, and the United States government assesses the private sector is not providing the level of security commiserate with the potential damage caused by system compromise. As in all things, ideally the public and private sector should come together and conduct a national vulnerability assessment, discuss subsidies for critical infrastructure cyber-security upgrades, and provide incentives for businesses to invest the time and money in protecting those items deemed significant to national security. Unfortunately, it is more likely the issue of government intervention into private industry will continue to be a contentious one, and failure to take proactive steps secure critical infrastructure and information may have disastrous effects. Globalization Globalization has affected nearly every major discipline: sociology, psychology, economics and politics to name a few. No matter the area affected, the impetus remains the same: exponential growth in technology, greater ability for international travel and increased availability of information via mediums such as telephones, media, and the Internet. Globalization, accelerated by the world-wide proliferation of the internet, has had a profound effect upon United States politics and commerce, and has resulted in a imprecise distinction between the public and private domain. Like traditional commerce before it, e-commerce has expanded beyond US borders, and as such is subject to both national and international regulations and laws. It is illogical to think companies would be allowed to operate with complete autonomy, without some level of federal oversight, and primarily they do not. One exception is E-commerce, which is essentially in its infancy and evolves so rapidly, that US legislation has not been able to keep pace. Only over the last 20 years or so, beginning with the Computer Fraud and Abuse Act of 1986 has the executive and...
References: Broadhurst, R. (2006). Combating the cybercrime threat: Developments in global law enforcement. In H. Bidgoli (Ed.), Handbook of information security (Vol 1). New York, NY: John Wiley & Sons.
Etzioni, A. (2011). Private sector neglects cyber security. The National Interest. Retrieved from http://nationalinterest.org/commentary/private-sector-neglects-cyber-security-6196
Finkle, J. (2013). UPDATE 1-Researchers say Stuxnet was deployed against Iran in 2007. Reuters. Retrieved from http://www.reuters.com/article/2013/02/26/cyberwar-stuxnet-idUSL1N0BQ5ZW20130226?type=companyNews
Hart, S.W. (2012). The Mcdougal lecture: National strategy, collective security, and the global common. Denver Journal of International Law & Policy, 41(1), 1-6.
Morozov, E. (2009). Cyber-scare, the exaggerated fears over digital warfare. The Boston Review. Retrieved from http://www.bostonreview.net/BR34.4/morozov.php
Reed, J. (2012). Langevin to reintroduce cybersecurity legislation in 2013. Foreign Policy. Retrieved from http://killerapps.foreignpolicy.com/posts/2012/12/13/langevin_to_reintroduce_cyber_security_legislation_in_2013
Waleski, B. (2006). The legal implications of information security: Regulatory compliance and liability. In H. Bidgoli (Ed.), Handbook of information security (Vol 1). New York, NY: John Wiley & Sons
Please join StudyMode to read the full document