US Cyber Security
US Cyber Security
US Cyber Security
In 2007, there were almost 44,000 separate reported incidents of malicious cyber-
activity on US government websites. This marks a 30 percent increase since 2006 and
10 times as much activity as that reported in 2001. The private sector, particularly fi-
nancial service providers, experiences cyber-attack on a regular basis. In November
2008, a cyber-attack compromised the payment processors of an international bank
and permitted fraudulent transactions at over 130 ATMs in 49 different cities, all within
a 30 minute time span.4
Analysis
Both President Obama and DHS Secretary Janet Napolitano have expressed a de-
sire to work with the private sector in promoting US cyber-security.6 However, private
companies are hesitant to work with the US government for fear that the Freedom of
Information Act and other transparency measures will harm their reputations and ad-
versely influence their shareholders by revealing their data systems’ vulnerabilities to
cyber-attacks. Civil liberties groups are concerned that extending government protec-
tion and classification standards to private businesses will act as a shield against liability
for private business practices.
8
In the United Kingdom, vetted information security providers link data from different
members of the private sector.1 If adapted for use in the United States, the compila-
tion of cyber-security data by a third party will allow the private sector to safely share
cyber-security data without compromising their economic security and, with the proper
regulation, can prevent private companies from claiming government protection as an
excuse for concealing reputation-damaging information. In addition, increasing techno-
logical development in cyber-security can also reduce US reliance or foreign supplies of
cyber-defense technologies and improve our global competitiveness.
Next Steps
The Department of Homeland Secu-
rity (DHS) and the EOP Cyber-securi- Talking Points
ty Coordinator, together with private • Cyber attacks are easy to plan and execute;
sector companies, could develop or because there is no immediate physical
hire a third party entity to compile danger to the perpetrators, cyber attacks
cyberspace information that could can be performed by almost any entity or
be utilized by both public and private individual.2
sectors. The Repository of Security • Both the private and public sector are eas-
Incidents (RISI) offers a useful model ily subjected to malicious cyber-activity
and both have independently set up insti-
for what these third-party organiza-
tutions to develop cyber-defense.
tions can look like; RISI combines in- • By combining private and public cyber-se-
dividually reported cyber-attack inci- curity data, the US can improve its market-
dents, as well as incidents reported in competitiveness and boost innovation in
legal databases and news groups. RISI both sectors.
then compiles reports of those inci-
dents and distributes them only to its
members, allowing them to protect themselves against similar attacks.3 Systems of this
nature should be considered for mediating data between the US and private sectors.
Upon development of a system, DHS and private companies must each set guidelines
regarding what information should and should not be shared via the mediating firm.
Shared data should mostly consist of details of cyber-attacks, with less emphasis on
system vulnerabilities.
Endnotes
1. ”Executive Office of the President: Cyberspace Policy Review.” The White House. www.whitehouse.gov/
assets/.../Cyberspace_Policy_Review_final.pdf (accessed December 29, 2009)
2. Clark, Wesley, and Peter Levin. “Securing the information highway: How to enhance the United States’
electronic defenses.” Foreign Affairs 88, no. 6 (2009): 2-10
3. ”Unsecured Economies: Protecting Vital Information.” NAUnsecuredEconomiesReport. http://resourc-
es.mcafee.com/content/NAUnsecuredEconomiesReport (accessed December 27, 2009)
4. ”Security Central | Security Central - InfoWorld.” Business technology, IT news, product reviews and
enterprise IT strategies - InfoWorld. http://www.infoworld.com/d/security-central/retailer-tjx/reports-
massive-data-breach-952 (accessed January 3, 2010)
5. ”Remarks by Secretary Napolitano at the Global Cyber Security Conference.” Council on Foreign Rela-
tions. http://www.cfr.org/publication/20427/remarks_by_secretary_napolitano_at_the_global_cyber_se-
curity_conference_august_2009.html (accessed December 19, 2009)
6. ”Obama’s Remarks on Securing the Nation’s Cyber Infrastructure, May 2009 - Council on Foreign Rela-
tions.” Council on Foreign Relations. http://www.cfr.org/publication/20428/obamas_remarks_on_secur-
ing_the_nations_cyber_infrastructure_may_2009.html (accessed December 19, 2009)