Custom «Cybersecurity Legislation» Essay Paper

The creation of cyberspace was supposed to make people’s lives easier and safer, and it did, to some degree. However, with every new invention come people that use it for their own good and in the way that it was not intended for in the first place. Jesse Emspak (2013) created a list of good inventions that gone bad. For example, creators of 3-D printing technology made it assist in medical field to create implants; however, someone later employed the same technology to create guns. Alfred Nobel created dynamite to assist in construction and mining in order to make tunnels and demolish decayed buildings, but terrorists all over the world have adopted this technology and use dynamites in terrorist acts nowadays. The list comprises many of similar examples. The government of the United States created the Internet in order to make the humankind safer and ease international communication. Utilization of such an advanced system that could reach any part of the world for the good supposed a risk: as the time passed, a new category of crimes appeared, the so-called cybercrimes. People started using the Internet for different crimes: fraud, fishing, terrorism, extortions, spam, identity theft, creation of viruses, and malware in order to commence attacks on different levels from citizens to governments. In 30 years, all crimes may transfer to cyberspace, and all wars will transform to cyberwars; the signs of such transformation can already be observed. So what can be done about it? Of course, every day new versions of anti-malware software appear, and people develop new designs and antiviruses. Nevertheless, it is not enough. In order to mitigate the impact caused by cyberattacks and increase cybersecurity, the government of the United States created a number of legislations. Cybersecurity Act of 2012 and Revised Cybersecurity Act of 2012 are two of them.

•  

  0

  Preparing Orders

•  

  0

  Active Writers

•  

  0%

  Positive Feedback

•  

  0

  Support Agents

 

Title of your paper

Type of service

Type of assignment

Number of pages

-

+

Academic level

Timeframes

Spacing

Currency

USD

• Total price

Continue to order

 

How Enacting S. 2105 Would Have Improved Cybersecurity

The enacting of Cybersecurity Act of 2012 was supposed to take cybersecurity to a new level. Firstly, the legislation would have determined which sectors were the most vulnerable to cyberattacks and cyber risks. The Secretary of Homeland Security, the Intelligence community, and the private sector should do a research in order to determine such vulnerabilities.

Secondly, the bill would give the Secretary of Homeland Security permission to make a list of actions and precaution measures needed to improve the cybersecurity of the previously determined most vulnerable sectors. The list of actions and precaution measures would analyze governmental systems, disruption of which would land a critical hit on national security and economy. This legislation would only cover precautions in the previously determined sectors, and only if the systems in the given sectors have not been secured already.

Thirdly, the owners of systems in the vulnerable sectors would need to take these actions and precautions immediately, but in the way that they find appropriate. Private sector would also have power to add certain measures to the list for vulnerable systems. The government would thus be prohibited to regulate the development of information technology.

Moreover, as a response to ever-increasing power of cyberattacks, improved information transfer would be important for fighting against cybercrimes and communication with owners of vulnerable systems about their flaws. The government would work in conjunction with private sector to collect precious information. The legislation would create a special communication system, which would be used for information transfer between the government and private sector and within the private sector itself. Such communication system would be secure from cyberattacks.

In order to increase security of governmental systems, the legislation would make amendments to the Information Security Management Act and demand from the government to make a risk management system. These amendments would transfer agencies form compliance plane to the security plane. The Departments of Homeland Security would thus be authorized to monitor agencies’ systems, technologies, and management, which would reduce reporting. The testing would be strengthened to give agencies and owners an insight about the flaws in their systems. The development of security requirements would help inform the owners of vulnerable systems about buying of the right information technology products.

In addition, the legislation would improve the governmental efforts in coping with cyberattacks. The connection between the Department of Defense and the Department of Homeland Security would improve. The bill would unite all the existing cyber institutions in both Departments to create National Center for Cybersecurity and Communication for addressing cyber issues and protecting federal establishments and agencies at risk. The links between federal agencies and private sector would remain untouched. People who already work in cybersecurity field would attend special trainings to provide the most recent information on cyber threats. People who plan to work in cybersecurity field would undergo advanced training. These measures are vital to ensure that government has workforce that has innovative information and can do the job of protecting the cyberspace.

Finally, the bill would make sure that major investment would go to the Research and Development area to guarantee that both federal and private sector are provided with the most modern technology to combat the developing cyberattacks.

There were a number of reasons for passing S.2105, but one reason stands above all: the threat of cyber havoc is real. The hacking and malware technology evolves with giant leaps, while cybersecurity technology advances with small steps. Small change in the programming code of a hacking program can wreck the security system designed specifically for such hacking program. Cyberattacks may hit any part of governmental structure and in the matter of seconds. The United States may take a tremendous fall if the government does not take actions that will improve cybersecurity.

How Enacting S. 3414 Would Have Improved Cybersecurity

When the Senate blocked Cybersecurity Act of 2012, another bill was proposed based on S. 2105. This legislation is a revised Cybersecurity Act of 2012 in some of its clauses.

The legislation would create the Cybersecurity Council, which would consist of the united members of various Departments such as Defense, Justice, etc., federal agencies, private sector, and federal agencies with special responsibilities, and the head of the Council would be the Department of Homeland Security. The Council would do a research on what sectors are the most vulnerable to cyber threats and name such sectors “critical cyber infrastructure”. The Council would be able to apply such term to a sector only if a cyberattack landed on this sector or its components might lead to such consequences as strikes, meetings, natural disasters, evacuations, mobilizations, economic damage, life-threatening conditions, or huge disruption of national security. The legislation would ensure that the Council would find owners of vulnerable systems and take necessary precautions to secure their systems and put safeguards on them to avoid future attacks.

Voluntary industry-based organizations would be created and would undergo special Council cybersecurity practices. The Council would review the creation of such organizations and may introduce needed amendments to organizations in order to mitigate the risks of cyberattacks. Such practices would not require any information technology products or their design. The legislation gives no authority to the agencies to establish standards that were not thereby authorized by law.

Owners of critical sectors have the chance to participate in cybersecurity practices initiated by the Council. Agencies have many ways of meeting cybersecurity requirements; however, they have two ways to show the Council that they have met the requirements and have required practices to take part in the program. The Council gives a conclusion based on certification from the owner himself or the third party. Those agencies that acquire positive conclusions would receive such rewards as undertaking protection from any damage caused by cyberattacks or cyberthreats. The Council gives such protection to the owners that complied with the rules of the program at the time of the accident. Accelerated security of the staff employed is also one of the rewards. Owners enrolled in the program also receive prioritized technical treatment and help when it comes to cybersecurity problems. The newest information on cyber threats is the last reward that owners with certification obtain.

The bill ensures that private sector and the government have the same amount of information on cyber threats to make changes to their security systems if needed. The government would receive authorization to make clearances to the agencies that need to operate the classified information. This communication system would also help share information between the government and private sector and provide undertaking protection for owners that participate in such communication systems. The bill ensures that civil liberties and privacy are protected in terms of information sharing.

In order to increase security of governmental systems, the legislation would make amendments to the Information Security Management Act and demand from the government to make a risk management system. These amendments would transfer agencies form compliance plane to the security plane. The Departments of Homeland Security would thus be authorized to monitor agencies’ systems, technologies, and management, which would reduce reporting. The testing would be strengthened to give agencies and owners an insight about the flaws in their systems. The development of security requirements would help inform the owners of vulnerable systems about buying of the right information technology products. The legislation would also create a National Center for Cybersecurity and Communications from the existing branches of the Department of Homeland Security. People who already work in cybersecurity field would attend special trainings to provide the most recent information on cyber threats. People who plan to work in cybersecurity field would undergo advance training. These measures are vital to ensure that government has workforce that has innovative information and can do the job of protecting the cyberspace.

Finally, the bill would make sure that major investment would go to the Research and Development area to guarantee that both federal and private sector are provided with the most modern technology to combat the developing cyberattacks.

Issues that S. 2105 and S. 3414 Failed to Address

As these bills are almost identical, the points that they failed to address should be regarded in one category.

Firstly, the National Council receives an immense regulating power as they choose who to regulate, and any regulations may be introduced in terms of cyber security. Not only government would receive such power but every federal agency that has internet access.

Secondly, only the government introduces all standards, and the private sector must implement them. Voluntary organizations are not voluntary by nature as they seem to be from the first sight; only the government has power to authorize the creation of such organizations.

Thirdly, the security clearances are a bad policy because the clearances are mandatory and undeniable. Instead of clearances accessibility, government should just encourage the information sharing.

Finally, the information must circulate within the structure of governmental, and the information that the private sector gives should be processed as quickly as possible to reduce the impact of cyberattack.

A Bill to Address Cybersecurity

In order to secure critical infrastructures from hacking attempts and cyber threats, some incentives should be used including defensive, offensive, scientific, and reconnaissance designs, as well as strengthening of the link between the government and private sector. Singer (2014) argues that there are four main cybersecurity alternatives:

1. Strengthening of cyber threats’ analysis and development of measures should be employed to secure critical infrastructures. The analysis may include the reconnaissance work on network activity, information analysis with an aim to analyze included threats, and timely warnings to federal agencies to take action to mitigate the probable impact of cyber threats.
2. The management of information technology infrastructure should improve in order to enhance the security against cyberattacks.
3. The ability to restore the Internet connection while under cyberattacks should be increased by means of creating requirements that every system would be measured against.
4. Innovative protection of classified and internal information should be considered in systems of critical infrastructure and different sectors.

Therefore, based on the data above, the proposed bill would have such clauses that would increase the cybersecurity internally and externally. The implementation of these measures would allow to protect information collected from both the private sector and governmental agencies, and make the cyberspace less risky and vulnerable to cyber threats:

1. The creation of national strategy to determine clear goals, strategies, and priorities in the area of information technology and security.
2. Establishment of liabilities for governmental agencies to monitor the implementation of cybersecurity strategy.
3. The creation of special management programs and policies for cybersecurity.
4. Indoctrination of the public with national cybersecurity problems to form understanding of how important the cyber threat may be and how seriously the government tackles the cybersecurity issues.
5. Development of institutions responsible for practical decision-making process in the area of cybersecurity.
6. The support of public and private organizations that combat cyber security issues and stimulate activities in order to encourage the formation of such organizations.
7. Focused attention on learning from experience and studying worldwide cybersecurity threats; international communication and help in the cyber security field is vital; countries should learn not only from their own experience and mistakes but also from mistakes that other countries did.
8. Full implementation of all measures provided by the bills and legislations to prevent criminal activities in cyberspace; the establishment of special organization that will monitor the cyberspace 24/7 and take immediate actions when spotting any suspicious activities to track the hacker and neutralize the criminal as soon as possible before he/she could do any harm.
9. Pay specific attention to scientific activity on creation of new and innovative ways of fighting cyberattacks; creation of new designs; improvement of understanding and link between federal agencies and the private sector to build modern ways of collaboration on cyber security and combating the cyber threats and cyberattacks; the investments into the scientific work and Research and Development institutions to provide federal agencies, public organizations, and the private sector with the most innovative technologies as well as better and more secure systems, which are less vulnerable to cyberthreats.
10. Improved engagement of people who want to work in the cyber security field; professional trainings and tests to ensure that only the most capable and intelligent would work in the information security area; quarterly tests and trainings to ascertain that cyber workforce has the most modern knowledge about cyber threats and still has high level of knowledge in information technologies.
11. Employees of federal agencies, governmental structures, and owners of critical infrastructures should receive the algorithm of actions if they get exposed to cyberattacks or in case their systems are vulnerable to cyber threats.
12. Establishment of teams in each part of critical infrastructure that can neutralize the cyberattack in case it occurs.
13. If needed, recruitment of previously accused criminals in the cyberspace areas (only if a cyber threat has enormous scale); promise of the early release for criminals if they help neutralize the threat.
14. Development of special programs, firewalls, and the secure network to be used on the governmental and international levels. Communication between governments of different countries and within the United States should be as secure as possible and the least vulnerable of all.
15. The owners of critical infrastructures must certify every six month that they received and successfully implemented the innovative cybersecurity technology; the owners of critical infrastructures like nuclear system, banking system, or military system must report on receiving new technology every month.

To sum up, cybersecurity is one of the most important issues in the world nowadays. The reach of cyber threats is immense: anything from a simple fishing and viruses to nuclear plants and aircrafts, hackers can attack any part of infrastructure. It is of primary importance to increase cybersecurity not only in the United States but also all over the world, and global cooperation should take place. Interchanging new designs, notions, development of ideas, and workforce may help build a serious global firewall.

It is bad that the government of the United States blocked those two bipartisan legislations. They were not flawless, but it would have been the first step towards the security of cyberspace.

Of course, most of the population of the world does not imagine the world without computers, tablets, smartphones, or anything that has internet access. The Internet today permeates and penetrates almost every area of people’s lives: they socialize with the help of it, study, work, buy clothes, food, etc. They can do almost anything without even leaving their rooms, even buy an insurance or a car. Such a strong connection between population and the Internet is not good: it gives cyberattackers and hackers more data to work with, more leverage to affect more lives, more cyberspace, and, as a result, more breaches in the security. The progress that the humankind made referring to computerized data and systems is extraordinary; however, “with a great power comes great responsibility”. Humanity is getting more hooked and dependent on gadgets, computers, and computerized data each day. Consequently, governments all over the world should fight hard to protect the progress they made and the security of their citizens. Growth of cyberspace technologies induced people to use it to their advantage; and the more it grows, the more people will devise new ways of utilizing the systems to their own advantage.

Therefore, starting today, every citizen must do what is required to secure his or her data and cyberspace experience. The most powerful countries should devise new ways to help themselves, their citizens, and small and weak countries to counteract cyber threats and build a decent firewall. Governments should propose new legislations that should be considered on the international level. Every day more people appear with the intention to get rich using breaches, committing cybercrimes, and stealing from good people. In a matter of years, such crimes as extortion, blackmail, stealing, and even hijacking with the help of malware software will take place in the cyberspace only.