Government Intervention in Cybersecurity - Coursework Example

? Cybersecurity Table of Contents How Can Government Justify Telling Private Industry How To Set Up Or Improve Their Cyber Security? 3 Socio-Political Reasons 4 Motivation 5 Argument For and Against Government Intervention 5 Methods of Government Intervention 7 The Impacts/Effects, If Any, On National Security Due To Government Regulation Required To Be Implemented By Private Industry 9 Conclusion 12 References 13 Introduction The internet is considered as an exclusive medium for communication as it is not restricted by any kind of physical limitations. Unlike other communication systems, the structure of internet is quite different which gives rise to two aspects. The first aspect is the issue of obscurity and the second aspect is the issue of discrepancy. Due to the enormity of the internet, it becomes possible for people to breach security from certain distance. Those who seek to protect themselves from such harm find it difficult to discriminate ex ante between different kinds of invasions, because they all appear similarly on the front end. Thus, considering the above two aspects cyber system is believed to be highly vulnerable for attack. Indeed, it is also being believed that cyber security is difficult to accomplish as cyber-attacks regularly overthrow the cyber defense system. The study aims to discuss the intervention of government for improving the cyber security. The objective of the study is to recognize the methods through which government intervene to enhance cyber security. The study also describes certain arguments on the aspect of government intervention (Rosenzweig, 2011). How Can Government Justify Telling Private Industry How To Set Up Or Improve Their Cyber Security? Nowadays, cyber security has become a national authoritative and governmental priority. Improved cyber security assists in protecting people and organizations, certifying the accessibility of critical structures on which the national economy as well as security depends. Therefore, government of any country can help private organizations and industry to set up and improve the aspect of cyber security. Cyber security solutions which assist organizations and industry on governmental and technological instructions can enhance the defensive power of information system. Self-defense provisions in laws have made the network and communication organizations to share information with the government regarding any kind of incident about cyber-attacks (Nojeim, 2010). Socio-Political Reasons In present days, almost every surface of life is related with internet. People and organizations both are at risk to the inexhaustible threats which impact on the networking activities. Hackers can travel through internet and can be benefitted from lack of security between autonomous network owners. This low coordination among public and private organizations makes internet defenseless, where hackers can easily enter on their network and access private information. Accordingly, it can hamper the confidence of public on organizations. Laws and regulations can be levied by government for improving the security. However, such government intervention is complicated as in reality, internet is a global network and government, businesses and people can be impacted by such governmental interventions in terms of negative market reactions, liability disclosures and undesirable discharge of private information. In every circumstance, the role of government must be prudently demarcated by law, regulation and practice so that public interest is fulfilled without the obligation of heavy burdens (Intelligence and National Security Alliance, 2009). Motivation Government can play an indirect role in fostering cyber security by motivating organizations through several incentives. Government can provide tax recognitions, research and development supports, procurement control and implementation of prevailing regulations as a part of security motivations for organizations. As it is difficult for government to intervene in the work process of private organizations due to several aspects, it can work jointly with them for better understanding of security issues and develop methods to defend against any kind of cyber threats. By working with the industry, government can effectively motivate private segment for ensuring better management of security issues (Rosenzweig, 2011). Argument For and Against Government Intervention Organizations have generally vested interest on national security, thus several businesses in the United States have not demonstrated strong obligation towards cyber security. The reason is quite philosophical in nature, because business leaders believe that they are free to follow their own path towards business. There are certain security experts who have argued that the incentive provided by government to the private organizations and industries for better cyber security are not aligned with the organizational strategies. Thus, incentive should be developed by government to encourage organizations to take effective measures for cyber security. In certain circumstances, intervention of government is also required for ensuring cyber security (Etzioni, 2011). Argument against government intervention towards cyber security in private industry can be substantiated due to diverse organizational structures. The structures of private organizations differ in terms of market forces and regulations among other factors. Water industry and financial industry can be cited as real life examples for this argument against government intervention on cyber security. Water industry is generally characterized by sovereign local monopolies with poor industry forces, whereas financial industry is characterized by high competitiveness with strong industry forces and legal structure. Similarly, banking organizations are characterized by well-organized and interconnected networks and controlled at national level; on the other hand insurance organizations are characterized by independent networks and regulated at state level. Thus, it can be observed that in each industry there is great variety. Hence, in order to intervene in every segment and apply regulations on behalf of cyber security, there is need for in-depth understanding about the issues of each industry segment; otherwise it can result in potential industry failure. However, with respect to government intervention to private organizations, consequence and receptiveness of the segment towards cyber risks must be considered. There are certain segments where strong cyber security already exists. Hence, additional government invention is unnecessary. Similarly, in such industries where cyber security is insufficient but impact of cyber-attack is limited to local level only, government intervention is also unnecessary. Thus, the major areas for probable government intervention are highly required where impact of cyber-attack is large and where there is low level of incentives among organizations to take precautionary measures on cyber-attacks. Overall, government intervention is acceptable where impact on such actions on industry distortion is low (Katen, 2004). Methods of Government Intervention There are several methods through which government can intervene on the aspects of cyber security such as legislative, regulatory, self-regulatory, incentive and disclosure. Legislative Method: In legislative method, rules are imposed by legal authorizations, compulsory activities are specified, standards are developed, offensive activities are demarcated and penalties for non-fulfillment of rules are set out. The major weakness of this approach is that the strategy encompasses high level of interference in management and it is marked by difficult rules (Rotibi, n.d.). Regulatory Method: In regulatory method, government does not enact new rules to address cyber security, instead government adjusts the existing rules. This method is a real-world method of addressing cyber security on the condition that present rules can be altered quickly. However, regulatory method must be prudently managed to reduce discrepancies between new and existing rules (Rotibi, n.d.). Incentive Method: Government can also control risks by amending financial incentives. Such incentives are useful for organizations and people as incentive method encompasses low interference with managerial and commercial freedoms. Incentive method also minimizes the financial risk as it necessitates low cost implementation. However, this method has also certain weaknesses because it undertakes high level of rationality, where cyber related risks can be irrational in nature (Rotibi, n.d.). Disclosure Method: Government intervention can be forced by the requirements of providing information to the people about the products and the businesses. On the basis of information, customers can chose products. This type of measure involves lower degree of intervention and can be stated as highly independent. This method is beneficial where risks are low and intense precautionary measures are not necessary (Rotibi, n.d.). Each of the above methods of intervention has certain benefits and drawbacks, but only one method is not sufficient enough in providing ideal solution to the cyber security problem. In general, government can observe more effective outcomes if several methods are applied together. Furthermore, legislative and regulatory methods are considered as the most effective methods for enhancing cyber security (Rotibi, n.d.). Both federal as well as state government differs in terms of methods of intervention. For example, in the year 2001, the Bush Administration had sanctioned certain security programs which consisted of constant effort to protect the information system. Federal government has developed Act such as ‘Federal Information Security Management Act’ in order to protect the information system of private as well as public organizations. According to this Act, all government organizations must apply certain strategies, principles, rules and guidelines to protect the information (United States Computer Emergency Readiness Team, 2003). On the other hand, state governments have tried to augment cyber security by growing public visibility. The state governments also passed several laws in order to protect the information. For instance, in the year 2003, California state government had enacted ‘Security Breach Information Act’ in order to notify any kind of break in the information system security. This Act necessitates organizations having private information (such as driving license and personal identification number among others) to inform in detail immediately in case the private information is acquired by any illicit individual (UC Berkeley School of Law, 2007). The Impacts/Effects, If Any, On National Security Due To Government Regulation Required To Be Implemented By Private Industry Traditionally, the evolution of cyber security is largely be determined by industry demand with the lack of formal regulatory control. Nevertheless, after the incident of 9/11 and increased events of cyber-attacks, government intervention in cyber security has become vital. Cyber security is significantly related with national security. It is believed that national security is an individual good provided by the government to the people. Cyber security is the sum of detached decisions of people and organizations. Billions of internet users fail to secure their internet connections and become potential medium for terrorists and hackers to conduct harmful activities. The actual core element of internet is interconnectivity. This is the reason; national security concerns are straightforwardly related with most elementary security matters of usual internet users. There are certain organizations that have unsolicited the idea of government intervention on internet. However, cyber security is a national obligation and government has vital role in it. Failure to comply with cyber security can result in loss of resources. Several specialists agree with the fact that government intervention is necessary for improving national security, but there is also disagreement about the fact that those interventions concentrated more on regulation and less on innovation. Numerous government officials believe that private organizations are unable to solve the cyber security issues and thus for the sake of national security, high regulation is required (Office of Inspector General, 2007). The real life example of government intervention and its impact on national security can be observed from development of National Cyber Security Division (NCSD) in the US. It is a division which is conscripted by Department of Homeland Security with the core objective of enhancing national defense. This division develops strategies for fulfilling the minimum requirements in organizations to protect the information system against any kind of unknown attacks. It has developed a completely operational, cyber related event handling center. This center simplifies information sharing in every segment and assists in safeguarding and maintaining steadiness in nations’ cyber infrastructure. NCSD has been also involved with public and private organizations in order to protect cyberspace and cyber resources. It has developed several programs in order to enhance cyber security such as ‘Outreach and Awareness Program’, ‘Software Assurance Program’ and ‘Standard and Best Practices Program’ among others. These programs not only encourage consciousness among people regarding cyber security, but also help to minimize mistreatment of internet (Office of Inspector General, 2007). Considering the aspect of cyber security, the level of cyber regulation that needs to be complied can differ. For example, in financial organizations, any kind of effective cyber-attack can potentially impact on the economy. If information system of one financial organization is interrupted, the other dependent organizations will also suffer from it. This kind of cyber threat would rapidly spread through other commercial segments, causing turbulence in the national economy. Thus, in financial organizations, cyber security needs to exceed the minimum requirements. On the other hand, it is argued that for certain private segment such as information technology (IT) organizations, government regulation can be extremely counterproductive. Implementing security regulations in this segment can suppress innovation and make the business offshore. Thus, in IT segment, it should meet only the minimum requirements provided by government (Katen, 2004). Conclusion Cyber security is a significant aspect for any organization and government as it possesses significant threat for public. Government intervention for cyber security is vital but there must be a balance between over-regulatory measures and low-regulatory measures because over regulations can harm the public interests, but low regulation can result in creating harm in terms of information misuse. It is beneficial for government to perform jointly with private organizations and develop partnership to gain better cyber security. Internet is the backbone of the economy of any nation and it is vulnerable as internet can easily be accessed illegally. The cyber security regulations must not hinder innovation; rather it should enable organizations to develop innovative products and services by securing better protection so that others are unable to take illegal advantages. References Etzioni, A. (2011). Cybersecurity in the private sector. Issues in Science and Technology, pp. 58-62. Intelligence and National Security Alliance. (2009). Addressing cyber security through public-private partnership: an analysis of existing models. Retrieved from http://www.insaonline.org/assets/files/CyberPaperNov09R3.pdf Katen, K. (2004). Best practices for government to enhance the security of national critical infrastructures. Retrieved from http://www.dhs.gov/xlibrary/assets/niac/NIAC_BestPracticesSecurityInfrastructures_0404.pdf Nojeim, G. T. (2010). Cybersecurity and freedom on the internet. Journal of National Security Law & Policy, 4, pp. 119-137. Office of Inspector General. (2007). Challenges remain in securing the nation’s cyber infrastructure. Retrieved from http://www.oig.dhs.gov/assets/Mgmt/OIG_07-48_Jun07.pdf Rosenzweig, P. (2011). Cybersecurity and public goods. Retrieved from http://media.hoover.org/sites/default/files/documents/EmergingThreats_Rosenzweig.pdf Rotibi, A. (n.d.). Managing cyber-risk with regulations. Retrieved from http://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=1&cad=rja&ved=0CCwQFjAA&url=http%3A%2F%2Fwww2.ncc.gov.ng%2Findex.php%3Foption%3Dcom_docman%26task%3Ddoc_download%26gid%3D227%26Itemid%3D&ei=dkhQUOSuKMLLrQeovIDIAg&usg=AFQjCNHY0jCx5lxkhMBvMA6cSf1L2JRZ_A&sig2=b3E4yk4E-FWZDkFRszqIhQ United States Computer Emergency Readiness Team. (2003). The national strategy to secure cyberspace. Retrieved from http://www.us-cert.gov/reading_room/cyberspace_strategy.pdf UC Berkeley School of Law. (2007). Security breach notification laws: views from chief security officers. Retrieved from http://www.law.berkeley.edu/files/cso_study.pdf Read More