The Role of Government in Information Assurance and Security - Research Paper Example

? Contents Contents 3 Introduction 4 Background information of the study 4 Justification 7 Literature Review 7 Hypothesis 11 Research questions 11 Objectives 12 Research Methodology/design 12 Introduction 12 Research Design 12 Results and findings 13 Discussions, conclusions and recommendations 15 References 18 The Role of Government in Information Assurance and Security Name Course Instructor Date Abstract The protection of private and public information from unwanted access by hackers and criminals has risen tremendously with the growth of information technology. With increasing incidences of cyber crime and unwanted access to public and private online data rising, the need for more government input is highly needed. The expanding use of the internet and the growing knowledge in computer programming has made it almost impossible to keep private information private. Cyber criminals have continued to develop better and more sophisticated tools of accessing private information of highly confidential government agencies, banks, credit bureaus and research institutes. This has increased to pile more pressure on the government as steps that ensure information assurance and confidentiality rises. With the rising corporate competition, unauthorized access to the competitor’s strategic information can provide the necessary leeway for growth. This has seen company’s loss private marketing and management ideas to their rivals through unauthorized access to private information. The government has a huge responsibility in the provision of information assurance and security to both its agencies and private companies. In the process of achieving this important goal, the government accesses private and personal information of its citizens. This has created a major public outrage as they feel that their privacies have been invaded. Mobile phones, social media and emails are avenues for individuals to exchange either business or personal information. Knowing that a third, party accesses your private information makes an individual feel naked and exposed. However, in the process of providing information assurance, the government can access private information. Such powers are contained within private information access acts and laws of the United States. Introduction Background information of the study Information security is the continuous protection of information and security apparatuses from any unauthorized access, disruption, alteration, publication or even termination and disruption. Information assurance and security is about creating systems that promote a secure platform for storing information and data without the fear of unwanted intrusion. Information in today’s world is a critical asset that must be safeguarded at all costs. Unwanted access to private information can lead to loss of such important assets, which may cripple an organization. Competitive edge is the desire of every corporation in this competitive world of business. Any organization that can easily access the others information regarding their future operation plans can scheme to stifle such plans. Any step that threatens private and business information therefore threatens the existence of the business (Motorola Inc, 2010, p.4). Backstreet terrorism has been replaced with more advanced techniques that vary from cyber attacks, access to confidential security details online and attacks on bank information. Any lapse in the security system of technologically stored information translates into millions of shillings or thousands of lives lost. The main mandate of any government is to ensure that its citizens are protected at all times (Bowens and Keys, 2004). Adopting steps that ensure that no security lapse can occur within the government security details is of great importance. Attack on government dignitaries can be easier if terrorist access their private security details. It is therefore the sole role of the government to ensure that confidential information is kept safe and secure from terrorist attacks (Cybercore Technologies, 2009). The tremendous growth in information technology and telecommunication has presented a number of complex challenges to the government. Private, confidential and highly explosive information has been exposed to a number of risks, including loss and unwanted access by criminals. The government responsibility in ensuring that private and confidential government and corporate information is secured remains tantamount. In achieving this responsibility, the government accesses private information through access to phone records. Such steps are partially justified if the objective of such a step is to ensure the security of its information and its citizens. Accessing private information enables the government stem any impending terrorist attack in the country. The amount of investments that different governmental departments have invested in securing their information points to the gravity of this matter. There is much more that the government still needs to put in place to ensure information technology assurance according to the Coleman report (2008, p74). Protecting private information should also be made cost effective and affordable to other private organizations. A review of effort put in place by private organizations to ensure that a more robust and secure environment for sharing information is developed is necessary. This will improve the government’s ability to create a more secure interface for information sharing and access. Access to private information by the government enables it to protect its citizens from any imminent terrorist attack. It is also important in the implementation of health and education programs according to behaviors that can only be noticed through the study of private information. However, ethical issues have arisen across the country on the boundaries that the government needs to respect as far as privacy is concerned. Personal privacy is a right protected by the supreme law of the land, a document that the government must uphold. According to Doyle and Liu, (2011, p3), the fourth amendment upholds the rights to privacy at all times and limits the government access to private information. The government through the legislative assembly has however ensured that they are given powers through acts of parliament to access private information. This enables them achieve their role of providing information technology assurance and security at all times, the cyber intelligence sharing and protection act is one such legislation. It enables the government provide a wider surveillance programs that ensure security at all times. According to the bill, the private sector has a mandate to share information that is a threat to security; however, this act ensures that the private sector protect their data and the private information of their clients (Barracks, 2001). The development of social media has led to its integration into several spheres of work and life. The internet has also progressed into an interactive channel of communication where private and personal information are shared. Access to such confidential information from such sites has been regulated by various acts of parliament and laws. The expansion of social media has seen its use grow not only in private organizations but also in government offices. This growth has necessitated the need for the government to formulate policies, which can enable them safeguard, their private information. Social media has been a major target for terrorist as the user ignores the basic internet security practices. As such, the criminals to collect information from the government and private companies have used marauding malwares (Hrdinova, Helbig and Peters, 2010, p2). Just like social media and email addresses, telephone records are made of more intimate and personal information. The government can at times access such information whenever the prevailing security situation demands for it. The growth of brokers who are able to access private phone books has exposed the lack of privacy that mobile phone users are exposed to. Marketing companies who need such information whenever they plan to launch a new product have used such data. According to the report presented to the congress by Ruane (2008, p4) the illegal access of private conversation and phone book data by phone brokers has resulted into legal problems. As a result, legislative enactments that controls and limits the powers of the brokers to access private information has to be enacted. Justification A number of new and emerging threats face information that is stored through the computer and internet. This is mainly due to the development of better-sophisticated tools that are used to gain entry into private and confidential sites. This has increased cyber espionage, application of malicious and destructive malware into private and important information sites and phone hackings. According to the world summit on the information society, governments must take charge of the information security and provide assurance for the same. The tremendous growth of information technology applications within government agencies therefore makes it mandatory for the government to uphold the integrity of its data. Literature Review The government should continually invest a good portion of its budget on measures that improve information assurance and security. This is important as it enables the government and other governmental agencies comply with information security laws, regulatory policies, standards and guidance. Recognition and formulation of proper information security measures should be an important role of the government and its heads of agencies at all time. The federal agencies of the United States serve the American citizens diligently due to the development in information technology. As a result, preserving the integrity of such information is very important as it improves the security systems (Bowen and chew, 2007, p11). The investment of proper machinery to protect information technology has a number of benefits to both the government and the private sector. Keeping the integrity of information preserves the belief, integrity and irretrievability of the information at any time, this enables organizations carry out their missions efficiently without any delays. A great information storage and retrieval system improves the public confidence and trust. This creates better public relations between organizations and their clients. The government therefore has a major role in ensuring that the private data of companies are preserved at all times (Monica, 2001). Denial of service attacks has caused interruption to the operation of different government departments in different countries of the world. In this kind of attack, the criminals successfully prevent the authorized personnel from accessing the information thereby making it impossible for such departments to operate effectively. Completely shutting down a government portal system prevents citizens from accessing government services whenever they need to do so. Most governments have embraced technology in their collection of taxes and other revenues. Citizens therefore make their tax returns through an online portal at the comfort of their homes or offices. An attack that denies entry into such a system can cripple the government operations completely. It therefore has a number of financial ramifications to their government that can lead to failure in service delivery. In 2007, the world witnessed the Estonian government operations cripple under the cyber attacks. This attack is considered as one of the most severe cyber warfare that has so far been witnessed. The attacks targeted Estonian major government installations and were majorly distributed denial of service attacks. Operations of the government were crippled for long as the international community watched in disgust (Clay, 2008). According to Rollins (2007, p6), a dramatic change in the prevalence of cyber crime has been witnessed in the country. Online credit card frauds have been used to help fund a number of terrorist activities especially in the Middle East and the south Asian countries. Terrorist have therefore adopted new techniques as they struggle to raise fund through fraud and to access important government information. The attacks on the English subway in July 2005 demonstrated the level of information sophistication that today characterizes terrorism. The United States government has taken important steps to ensure that cyber crime is prevented. This comes after a report by the government accountability office that prevention of cyber crime in the future may be an uphill task for the government. Networking has made it possible for government and private organizations to share information effectively and in a time saving manner. In this system, a central server or router is installed upon which data can be shared among the relevant groups. This has eliminated the time wasted in moving from one office to the other with files and documents. However, this kind of network has been an easy target for terrorist who attack the central server. Any attack on the central server cripples the operations of all the departments that share it. This further makes it a mandatory for the government to ensure that measures that improve cyber and information security is adopted (Clay, 2008). Micheletti (2003) acknowledges the threat and problems that the government and its security agencies face on cyber security. The impact of information in today’s world cannot be under estimated as it is the basis for major attacks and espionage acts. There is therefore, a major information revolution the world over and insecurity accompanies such revolution in equal measures. Different militaries are working overnight to gain important intelligence information on the progress made by their enemies for military advantage. In protecting American people, leaders both in the military and government must understand the impact of information revolution that is being witnessed today (Schmitt and O’Donnell, 2002). The drive for illicit profits and money online is also one of the major catalysts of cyber attacks. Several organizations exist today that mint millions of shillings through fraud, espionage and blackmail. Such organizations recruit young college graduates and train them on more practical cyber crime skills to enable them advance their course. The desire to know the plans of the government or an organization has also increased the need for espionage soft ware. Such malwares are secretly installed into private computer networks from where they access confidential information. With sophisticated programming tools available, such malwares are capable of stealing the information without being detected at all. This heightens the risks that private, confidential and explosive information is exposed to (Clay, 2008, p10). Despite the progress made by the security apparatus of the United States to ensure cyber security is upheld, more needs to be done by the government. The U.S naval war college conducted simulated cyber attacks in 2002 in an attempt to see how porous their system was. It was proven that any attack would be impossible as system redundancy would prevent a cyber attack. A rapid recovery from cyber attack is therefore very possible with the current information infrastructure. The CIA to help pre-empt any possible attack by criminals has also done such simulated cyber-attacks. National security simulation plays a major role in gauging the porosity and the vulnerability of the government system to attacks (Clay, 2008, p10). The development of social media and peer-to-peer networks has also opened another frontier for the war on cybercrime. Social media sites such as twitter and Facebook has posed a number of challenges to government investigators and opens avenues for new wave of crimes. Platforms that allow the sharing of digital media between individuals and organizations also provide an opportunity for criminals. The P2P software allows the collection and sharing of digital files with ease. Both the government agencies and entertainment organizers have embraced such software (Denning, 2000). This platform allows the encryption and protection of documents by use of a password. This makes it difficult to access the files and documents if you lack the authorization of the original designer of the document. This also makes it tough for investigators to ascertain the legality of the documents being shared. This has provided a fertile ground for sharing espionage information, illegal entertainment documents like child pornography and other illegal activities (Berg, 2007). Social media networks have been used as site for sharing personal information. As a result, video clips, photos, messages and other personal documents exchange hand through these sites. The fourth amendment prevents the government from accessing this information without the prior permission of the owners. However, this has provided an avenue for criminals to share, discuss and plan major attacks without the eyes of the intelligence service. Government access to such information should be made possible in order to improve security and prevent any impending attacks. Cyber bullying and sexual exploitation are some of the risks that young users expose themselves to as they seek fun and friends from the internet. These sites provide a fertile ground due to the lack of proper government protection. Cases of cyber bullying and suicide from cyber causes have been on the increase in the country recently. All these further strengthen the resolve of the government to access private information in the process of providing information technology assurance and security (Berg, 2007). Disini (2012) highlights the importance of government intervention in ensuring that the use of social media is regulated. Cyber stalking has continued to make life for a number of people impossible. This is because such people trust the social media sites to the extent of including their contact addresses on the site. This exposes them to the activities of stalkers and criminals who make life unbearable for other citizens. It is therefore the role of the government to ensure both emotional and physical security of its citizens at all times. Cyber stalking has resulted into a number of murders, suicides and manslaughters in the United States over the last few years (Bowen and Chew 2007, p2). Hypothesis The national government has a paramount role in ensuring information technology security and assurance to its citizens and the private sector. In providing security to members of the public, the government has a right to access private information from social media and private phone call logs. Research questions 1. Has the government done enough to ensure information technology security and assurance? 2. What more steps can the government adopt to enable them fight new and emerging frontiers of cyber crime? 3. Does the fourth amendment acts as impediment to the provision of cyber security by the government? 4. Is the government justified to access private information from social media and phone call logs to enable it fight cyber crime effectively? Objectives To analyze the current step taken by the government to counter and fight and threat to information technology To compare safety and intelligence measure of different governments in countering cyber crime To find out other ways that the government can adopt in order to enable them improve the fight against cyber crime Research Methodology/design Introduction This chapter describes the research methodology that has been used to collect the necessary information on the government progress, actions and steps towards implementing its information assurance and security policy. Research Design This is the overall plan for conducting this study in order to enable the project answer the research questions. It therefore includes the steps that were followed in conducting this research. Based on this study, an analytical approach of the available literature on the government’s commitments to cyber security shall be analyzed and reviewed. This is to enable me form a conclusive decision on the available facts from previous studies, reports and reviews on internet security and access to private information. The articles for this study were collected from the available literature, and articles from university and academic sites. Government portals also provided the best source of information especially on the steps that various departments have adopted to ensure implementation of cyber security. Parliamentary select committee reports on security also provided information on the legislative steps that the government adopted to ensure internet and security of information technology. Results and findings The government of the United States has remained at the forefront of ensuring that its confidential information is kept safe. Despite the numerous challenges that it has faced due to the constitutional restraint that prevent it from making bold steps towards restoring sanity in the internet, the government has done a lot. In ensuring success of its security programs, the government has ensured that all arms of the executive are engaged in the coordination and implementation of any security related issues. The constitutional role of any government the world over according to the UN charter on human rights is to ensure that its citizens are secure. The faces of security change every century and thus the need for changes in approach that the government adopts. In the 18th century, security apparatus of the government was quite different from we have today. This is because as knowledge broadens, so are the threats that we continue to face. Threats to important information that are of essence to the operation of the government or an organization has revolutionized over the last few decades. Today, Criminals struggle to access important and confidential information to enable them gain access into government installations of the government. Protection of such information cannot be relegated to a different organization apart from the government. The development in communication has also been characterized with major historical changes. These vary from use of sophisticated mobile phones, CICSO connected office phones and other wireless tablets. Individuals can today make bank transfers, business transactions and finalize contracts and tenders from their phones. Most of these iPhones are also operated based on operating softwares like android and windows. This makes it possible for criminals to make softwares that can be used to hack into such private information. Terrorists have not been left behind in this revolution of mobile telephony. They also use the same gadgets to communicate their plans and execute their orders effectively. The fourth amendment restrains the government from accessing private information from its citizens without a court order. Terrorism plans are fast, efficient and timely. This leaves no time for the government to acquire a court order before accessing such information. The government access to private information should be allowed whenever necessary, and this will enable them respond to terrorist attacks timely before such attacks are executed. The parliamentary permanent report on access to private information highlighted the importance of delegating powers to investigative and intelligence agencies to access private information. The third phase off information technology development is the development of social media and interactive internet inter phase. Governmental and private organization has been forced to allow the use of the social media at their workplace. Most organizations, both private and governmental have created public social media sites to enable them interact with their clients. This has it easier for complaints to be addressed in time. However, the growth and rise in the use of social media has led to the increase in the number of fraud and criminal activities. Cybercrime, cyber fraud, cyber bullying and cyber stalking have been made quite easier due to the rise of the social media. Individuals today share private and confidential information through the social media and this makes an easy target for criminals. Revolutionary and terrorist groups also interact and plan their attacks through the social media. Several groups today organize major anti-government events through the social media. They recruit; influence and brain wash members of public into believing in their course, and such groups pose serious threats to the national and international security and therefore must be stopped, but who can do that? The only institution with the legal mandate and power to protect the lives of citizens is the government. Providing security to the citizens can only be possible if the government can be able to foresee the dangers that such groups present. Access to private social media accounts should be allowed through necessary legislative mechanisms to enable the government. The need for this authorization has been reflected in a number of articles that formed part of this study. It will be impossible for the government to protect its citizens if it cannot be in a position to collect intelligence information. The suspension of the bill of rights is common whenever the security of a country is threatened, granting freedom to enjoy rights, which can lead to security threats, has retrogressive impacts on national safety. Provisions that allow the government to suspend such privileges should be enacted to give more powers to the government to collect intelligence information. Discussions, conclusions and recommendations The government has the uppermost responsibility of ensuring that its citizens are protected. Any step that may threaten the fabric that holds the security of the country cannot be taken for granted whatsoever the reason is. The government of the United States has put in place several measures that ensure cyber security and the integrity of their data. There is however a lot of steps that need to be done by the government to seal all the routes that have been used to access confidential information. IMPACT (2008) explained the different level of insecurity that our online and network shared data faces. These include use of personal computer systems without the necessary authorizations. As a result, the integrity of the personal information in such a computer is violated and lost. Hacking and denial of access leads in the cases of cyber attacks that are reported. Denial of service attack on the Estonian government by an individual caused a lot of panic in the country as it brought it economy to its knees. A number of infrastructure threats also make it impossible to maintain the integrity of personal financial, health and business information. The protection of such serious information cannot be delegated to any other group apart from the government (IMPACT, 2008). Rollins (2007) acknowledges the impact of information assurance and security to the government. He highlighted a number of steps that the government has adopted that the security for its agencies is not compromised. Programs that address various facet of cyber crime has been viewed as an attempt by to recognize the threat that cyber security poses that making it a national priority and agenda. However, the department of homeland securities has not made important progress that can enable it effectively fight and reduce threat information technology. DHS is the leading security federal agency in the country and therefore holds the legal mandate of countering cyber crime. However, the infrastructural progress of the department has not enabled it to develop proper tools that can enable them tackle such security threat. The government should therefore make more budgetary allocation to this department in order to equip it with the necessary infrastructure for fighting cybercrime (Aldrich 2009, p.8). The formation of the joint functional component command network warfare has also enabled the department of defense to improve and enhance its war against any security threat to defense information. The government does all it can possibly do to ensure that its defense infrastructure is protected. This is because it is a major target from cyber crime and terrorist related crimes. This step has strengthened the government’s ability to defend and secure its military infrastructure at all times. The legislation of the cyber aptitude involvement and protection act is another sign of the government’s commitment and efforts to ensure internet and network security. Even it was widely criticized by the public and rights groups, it is a step towards sealing the leeway that has been available for terrorist’s exploitation. It ensures the coordination of the government and the private sector in ensuring that any anonymous information that pose a threat to national security is shared within the legal parameters available. These include sexual exploitation, child pornography, trafficking and kidnapping, this acts calls for the voluntary corporation of both the public and the private sector; however, it does not force any individual to provide the information without their own voluntary decision. The fourth amendment provides protects the citizens against any move by the government that can be seen to infringe on their privacy and confidential information. It therefore provides guidelines for the government on how to acquire important private information that can be used in legal proceedings. Such restrictions have been a fertile ground for criminal minds to conceal any incriminating evidence that can be used against them in a court of law. The fight on the cyber crime and threats to important information technology can only be won if the government is given powers to access private information from telephone, mail and social media records if they feel that such information can be used to prove a case legally (NACDL, 2012, p9). Access to third party records should also be made easier for the right government organizations in order for the government to accurately collect intelligence information. Banks and telephone companies hold important incriminating information on their clients but the law strictly regulates its sharing. Such records can be used by the government well in time to prevent an impending cyber attack before it does occur. The current laws make it tough for the government to easily and in a timely manner access such information (Aldrich, 2009, p8). References Aldrich, R. (2009). Cyber terrorism and computer crimes: issues surrounding the establishment of an international legal regime. Retrieved from http://www.au.af.mil/au/awc/awcgate/usafa/ocp32.pdf Barracks, C. (2001). The information revolution and national security. U.S army War College. Strategic studies institute. Berg, T. (2007). The changing face of cybercrime: new internet threats create challenge to law enforcements. Michigan bar journal, 23, 45-51. Bowen, P and Chew, E. (2007). Information security guide for government executives. Retrieved from http://csrc.nist.gov/publications/nistir/ir7359/NISTIR-7359.pdf Bowers, S and Keys, K. (2004). Technology and terrorism: the new threat for the millennium. Lamington, Spa, UK. Clay, W. (2008). Botnets, cybercrime, and cyber terrorism: vulnerabilities and policy issues for the congress. Retrieved from http://www.fas.org/sgp/crs/terror/RL32114.pdf Cybercore technologies. (2009). The information assurance process: charting a path towards compliance. Retrieved from http://cybercoretech.com Denning, E. (2000). Cyber terrorism testimony before the special oversight panel on terrorism committee on armed service U.S. House of Representatives. Retrieved from http:llwww.cs.georgetown.edu/denning/infosec/cyberterror.html Disini, J. (2012). Social media and cybercrime: ITU-ASEAN forum on promoting effective and secure social media. Retrieved from http://www.itu.int/ITU-D/asp/CMS/Events/2012/socialmedia/S5_Jesus_Disini.pdf Hrdinova, J, Helbig, N. and Peters, C. (2010). Designing social media policy for government: eight essential elements. Center for technology in government. Retrieved from http://www.ctg.albany.edu/publications/guides/social_media_policy/social_media_policy.pdf IMPACT. (2008). An introduction to cyber crime and terrorism: problems and the challenges. Retrieved from http://www.intgovforum.org/cms/workshops_08/IGF_dimensions_Marc-Goodman.pdf Liu, E and Doyle, C. (2011). Government collection of private information and issues related to the USA PATRIOT Act reauthorization. Retrieved from http://www.fas.org/sgp/crs/intel/R40980.pdf Micheletti, E. (2003). The information revolution and national security. U.S. Army War College. Strategic Studies Institute. Monica, S. (2001). Network and net wars: the future of terror, crime, and militancy. California: Rand Corporation. Motorola Inc. (2010). The user role in information security: building effective and efficient environments in the age of mobility and social networking. Retrieved from http://www.motorolasolutions.com National Association of Criminal Defense Lawyers. (2012). Electronic surveillance and government access to third party records. Retrieved from http://www.nacdl.org/reports/thirdpartyrecords/thirdpartyrecords_pdf/ Ruane, K. (2008). Selected laws governing the disclosure of customer phone records by telecommunications carriers. Retrieved from http://www.fas.org/sgp/crs/misc/RL34409.pdf Rollins, J. (2007). Terrorist capabilities for cyber-attack: overview and policy issues. Retrieved from http://www.gwu.edu/~nsarchiv/NSAEBB/NSAEBB424/docs/Cyber-024.pdf Schmitt, M and O’Donnell, B. (2002). Computer network attack and international law. Newport: Naval War College. Read More