Government Cybersecurity Regulation
Government Cybersecurity Regulation of the Private Sector
University of Maryland University College
Abstract
Unlike other countries, the line between the public and the private sector in the United States is not finite, and ideally the two should collaborate toward a common goal of increased cyber security to protect national interests. The future of US cyber security legislation is not without obstacles, as private industry resents increased government intervention, and the government assesses the private sector fails to provide the level of security commiserate with the potential damage caused by compromise to national critical infrastructure. Current legislation often focuses on milestones rather than the end-state and offers little in the way of incentives for increased private industry cost and effort to employ better Cybersecurity.
Government Regulation of Private Industry Cybersecurity Standards
Introduction
The line between the public and the private sector is not as finite as it once was. The September 11, 2001 terrorist attacks in New York City and Washington DC solidified the need for emphasis on national security, and globalization has effected the way the government and commerce interact in regulatory, financial and security matters. There are numerous examples of the confluence of government and private industry; defense contractors, financial institutions, and equipment and service providers (arms, computers, internet and telecommunications). None are of greater national security significance than critical infrastructure. United States critical infrastructure is defined as electrical, hydrological, nuclear, and chemical. In the last three years attacks against US infrastructure have increased exponentially, and there have been 82 of attacks on the electrical grid in the last year alone (Goldman, 2013). Private industry resents increased government intervention in the form of regulations, laws and rules, and
University of Maryland University College
Abstract
Unlike other countries, the line between the public and the private sector in the United States is not finite, and ideally the two should collaborate toward a common goal of increased cyber security to protect national interests. The future of US cyber security legislation is not without obstacles, as private industry resents increased government intervention, and the government assesses the private sector fails to provide the level of security commiserate with the potential damage caused by compromise to national critical infrastructure. Current legislation often focuses on milestones rather than the end-state and offers little in the way of incentives for increased private industry cost and effort to employ better Cybersecurity.
Government Regulation of Private Industry Cybersecurity Standards
Introduction
The line between the public and the private sector is not as finite as it once was. The September 11, 2001 terrorist attacks in New York City and Washington DC solidified the need for emphasis on national security, and globalization has effected the way the government and commerce interact in regulatory, financial and security matters. There are numerous examples of the confluence of government and private industry; defense contractors, financial institutions, and equipment and service providers (arms, computers, internet and telecommunications). None are of greater national security significance than critical infrastructure. United States critical infrastructure is defined as electrical, hydrological, nuclear, and chemical. In the last three years attacks against US infrastructure have increased exponentially, and there have been 82 of attacks on the electrical grid in the last year alone (Goldman, 2013). Private industry resents increased government intervention in the form of regulations, laws and rules, and
References: Broadhurst, R. (2006). Combating the cybercrime threat: Developments in global law enforcement. In H. Bidgoli (Ed.), Handbook of information security (Vol 1). New York, NY: John Wiley & Sons. Etzioni, A. (2011). Private sector neglects cyber security. The National Interest. Retrieved from http://nationalinterest.org/commentary/private-sector-neglects-cyber-security-6196 Finkle, J Finkle, J. (2013). UPDATE 1-Researchers say Stuxnet was deployed against Iran in 2007. Reuters. Retrieved from http://www.reuters.com/article/2013/02/26/cyberwar-stuxnet-idUSL1N0BQ5ZW20130226?type=companyNews Goldman, D Hart, S.W. (2012). The Mcdougal lecture: National strategy, collective security, and the global common. Denver Journal of International Law & Policy, 41(1), 1-6. Johnson, N Morozov, E. (2009). Cyber-scare, the exaggerated fears over digital warfare. The Boston Review. Retrieved from http://www.bostonreview.net/BR34.4/morozov.php Rahn, R Reed, J. (2012). Langevin to reintroduce cybersecurity legislation in 2013. Foreign Policy. Retrieved from http://killerapps.foreignpolicy.com/posts/2012/12/13/langevin_to_reintroduce_cyber_security_legislation_in_2013 Rutherford, E Waleski, B. (2006). The legal implications of information security: Regulatory compliance and liability. In H. Bidgoli (Ed.), Handbook of information security (Vol 1). New York, NY: John Wiley & Sons