Scribd Logo
Upload

Welcome to Scribd!

  • 120 views

    US Cyber Security

    Uploaded by

    Roosevelt Campus Network
    Non-governmental third parties should connect cybersecurity data from the public and private sectors to address private sector concerns about sharing information and foster collaboration. Both government and private industries experience frequent cyber attacks but hesitate to share data due to liability and reputational risks. A third party could compile cyber threat information to help both sectors while protecting private data and systems vulnerabilities from disclosure.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PDF, TXT or read online from Scribd

    US Cyber Security

    Uploaded by

    Roosevelt Campus Network
    120 views2 pages
    Non-governmental third parties should connect cybersecurity data from the public and private sectors to address private sector concerns about sharing information and foster collaboration. Both government and private industries experience frequent cyber attacks but hesitate to share data due to liability and reputational risks. A third party could compile cyber threat information to help both sectors while protecting private data and systems vulnerabilities from disclosure.

    Original Description:

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Non-governmental third parties should connect cybersecurity data from the public and private sectors to address private sector concerns about sharing information and foster collaboration. Both government and private industries experience frequent cyber attacks but hesitate to share data due to liability and reputational risks. A third party could compile cyber threat information to help both sectors while protecting private data and systems vulnerabilities from disclosure.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PDF, TXT or read online from Scribd
    Download as pdf or txt
    120 views2 pages

    US Cyber Security

    Uploaded by

    Roosevelt Campus Network
    Non-governmental third parties should connect cybersecurity data from the public and private sectors to address private sector concerns about sharing information and foster collaboration. Both government and private industries experience frequent cyber attacks but hesitate to share data due to liability and reputational risks. A third party could compile cyber threat information to help both sectors while protecting private data and systems vulnerabilities from disclosure.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PDF, TXT or read online from Scribd
    Download as pdf or txt
    of 2

    Mediating Public-Private Relationships:

    Increasing U.S. Cyber-Security


    Joelle Gamble, University of California Los Angeles

    Non-governmental, third party entities should be used to connect cyberspace data


    from the public and private sectors. This will address private sector concerns of pub-
    lic harm and liability associated with sharing information on cyber-attacks and foster
    a much needed public-private relationship on issues of US cyber-security.

    In 2007, there were almost 44,000 separate reported incidents of malicious cyber-
    activity on US government websites. This marks a 30 percent increase since 2006 and
    10 times as much activity as that reported in 2001. The private sector, particularly fi-
    nancial service providers, experiences cyber-attack on a regular basis. In November
    2008, a cyber-attack compromised the payment processors of an international bank
    and permitted fraudulent transactions at over 130 ATMs in 49 different cities, all within
    a 30 minute time span.4

    In the US, cyber-attacks have been Key Facts


    designed to steal valuable financial • In November 2008, the compromised payment
    and personal information or desta- processors of an international bank permitted
    bilize entire computer networks. fraudulent transactions at more than 130 au-
    The CIA reported in 2008 that tomated teller machines in 49 cities within a
    malicious cyber-activity against 30-minute period.4
    information technology systems • In 2008, industry losses from intellectual
    has caused the disruption of elec- property theft through the internet estimate
    tric power capabilities, including to as high as $1 trillion.2
    • A 2009 White House Cyberspace Policy Re-
    a multi-city power outage. E-com-
    view reported that the private sector is hesi-
    merce in 2008 alone amounted to tant to work with government due to govern-
    $132 billion in retail sales, making ment information sharing measures that could
    private industries a prime target cause reputational harm if shareholders were
    for malware.1 In 2007, a single US made aware of their system vulnerabilities.1
    retailer experienced data breaches
    and losses of personal identifiable
    information that compromised over 45 million credit and debit cards. This incident
    brings up the question of why US government and private businesses are not collabo-
    rating on issues of cyber-security. Both are susceptible to dangerous cyber-activity and
    both sectors regularly develop new methods to stymie cyber-attack.4

    Analysis
    Both President Obama and DHS Secretary Janet Napolitano have expressed a de-
    sire to work with the private sector in promoting US cyber-security.6 However, private
    companies are hesitant to work with the US government for fear that the Freedom of
    Information Act and other transparency measures will harm their reputations and ad-
    versely influence their shareholders by revealing their data systems’ vulnerabilities to
    cyber-attacks. Civil liberties groups are concerned that extending government protec-
    tion and classification standards to private businesses will act as a shield against liability
    for private business practices.

    8
    In the United Kingdom, vetted information security providers link data from different
    members of the private sector.1 If adapted for use in the United States, the compila-
    tion of cyber-security data by a third party will allow the private sector to safely share
    cyber-security data without compromising their economic security and, with the proper
    regulation, can prevent private companies from claiming government protection as an
    excuse for concealing reputation-damaging information. In addition, increasing techno-
    logical development in cyber-security can also reduce US reliance or foreign supplies of
    cyber-defense technologies and improve our global competitiveness.

    Next Steps
    The Department of Homeland Secu-
    rity (DHS) and the EOP Cyber-securi- Talking Points
    ty Coordinator, together with private • Cyber attacks are easy to plan and execute;
    sector companies, could develop or because there is no immediate physical
    hire a third party entity to compile danger to the perpetrators, cyber attacks
    cyberspace information that could can be performed by almost any entity or
    be utilized by both public and private individual.2
    sectors. The Repository of Security • Both the private and public sector are eas-
    Incidents (RISI) offers a useful model ily subjected to malicious cyber-activity
    and both have independently set up insti-
    for what these third-party organiza-
    tutions to develop cyber-defense.
    tions can look like; RISI combines in- • By combining private and public cyber-se-
    dividually reported cyber-attack inci- curity data, the US can improve its market-
    dents, as well as incidents reported in competitiveness and boost innovation in
    legal databases and news groups. RISI both sectors.
    then compiles reports of those inci-
    dents and distributes them only to its
    members, allowing them to protect themselves against similar attacks.3 Systems of this
    nature should be considered for mediating data between the US and private sectors.
    Upon development of a system, DHS and private companies must each set guidelines
    regarding what information should and should not be shared via the mediating firm.
    Shared data should mostly consist of details of cyber-attacks, with less emphasis on
    system vulnerabilities.

    Endnotes
    1. ”Executive Office of the President: Cyberspace Policy Review.” The White House. www.whitehouse.gov/
    assets/.../Cyberspace_Policy_Review_final.pdf (accessed December 29, 2009)
    2. Clark, Wesley, and Peter Levin. “Securing the information highway: How to enhance the United States’
    electronic defenses.” Foreign Affairs 88, no. 6 (2009): 2-10
    3. ”Unsecured Economies: Protecting Vital Information.” NAUnsecuredEconomiesReport. http://resourc-
    es.mcafee.com/content/NAUnsecuredEconomiesReport (accessed December 27, 2009)
    4. ”Security Central | Security Central - InfoWorld.” Business technology, IT news, product reviews and
    enterprise IT strategies - InfoWorld. http://www.infoworld.com/d/security-central/retailer-tjx/reports-
    massive-data-breach-952 (accessed January 3, 2010)
    5. ”Remarks by Secretary Napolitano at the Global Cyber Security Conference.” Council on Foreign Rela-
    tions. http://www.cfr.org/publication/20427/remarks_by_secretary_napolitano_at_the_global_cyber_se-
    curity_conference_august_2009.html (accessed December 19, 2009)
    6. ”Obama’s Remarks on Securing the Nation’s Cyber Infrastructure, May 2009 - Council on Foreign Rela-
    tions.” Council on Foreign Relations. http://www.cfr.org/publication/20428/obamas_remarks_on_secur-
    ing_the_nations_cyber_infrastructure_may_2009.html (accessed December 19, 2009)

    You might also like