Law Enforcement and E-Government Transnational Issues - Coursework Example

Insert Insert Insert 8 February Cybercrime: Law Enforcement and E-Government Transnational Issues Introduction Cybercrime continues to take a high profile incidents and sophisticated methods on information security. Key concepts affecting cybersecurity consist of attacker methods and incentives, malicious code techniques, threat vectors and exploitation trends. Software vulnerabilities and flaws open systems to unauthorized modifications and contribute to the accidental losses of information correctness and integrity. Authorization, nonrepudiation, and authentication constitute tools for enforcing confidentiality, availability, and integrity that system developers could employ in sustaining system security (Howard et al., 2010). This research paper discusses cybersecurity laws, regulations, and legal concepts applicable to managerial decision making concerning industry, transnational crime, and government. A. Government intervention in cybersecurity Sociopolitical based arguments for or against government involvement Given the increased global reliance on communication and information technologies along with the associated threats accruing from the reliance, the internet creates new opportunities for e-government’s public sector to better serve the public and improve efficiency. Hence, the need for government intervention towards the convergence of connectivity, globalization, and relocation of public sector tasks online. Issues that continue to challenge and thus calling for the United States’ government cybersecurity intervention include the growing integration of mobile devices technology into perilous information infrastructure. In addition, the uncertainties of cyber-attack perpetrators’ geographical location in addition to the introduction of new vulnerabilities from increasingly complicated threats to the states’ infrastructure also warrant such intervention. The public sector or the government thus the need for government intervention (Anderson, 2011) could only provide services that provide significant value to taxpayers while minimizing costs. Methods of government intervention Theohary and Rollins (2009) documented current options for congress, legislation and executive branch initiatives governing cybersecurity. Current initiatives addressing United States’ cyber security concerns include the Comprehensive National Cybersecurity Initiative (CNCI), Commission on Cybersecurity for the 44th Presidency and the Obama Administration 60-Day Cyberspace Policy Review. In addition, the Center for Strategic and International Studies (CSIS) also constitutes US initiative to cybersecurity. The CNCI outlines approaches that antedate cyber technologies and threats yet to come as well as establishing strategies, guidelines and policies to secure federal systems. Besides serving as the principal national strategy document, CNCI remains as an action plan for initiatives and programs that need to be addressed both at the strategic and operational level. The initiative’s goal aims at defining the role of cybersecurity in the private industry. Organized by the CSIS, the Commission on Cybersecurity for the 44th Presidency was mandated to provide advice the 44th Presidency Administration on issues relating to the creation and maintenance of widespread cybersecurity strategies. Among the commission’s proposed policies requiring priority, attention included modernizing legal authorities, regulating cyberspace as well as the reinvention of public-private partnership. Similarly, the Obama Administration 60-Day Cyberspace Policy Review assessed the United States’ organizational structures and policies governing cybersecurity. The Department of Homeland Security (DHS) incorporates the National Cyber Security Centre (NCSC) responsible for coordinating information from all agencies to secure cyber systems and networks, improve situational awareness, and foster collaboration. DHS heads the coordination of cybersecurity for federal government agencies and non-military departments. DHS directorate works with the private industry to promote cybersecurity practices on a voluntary basis (Theohary & Rollins, 2009). Real world examples Real world examples of cybercrimes that call for immediate mitigation includes simple thefts and the habit of looking over other person’s shoulder while at the computer screen (shoulder surfing). Moreover, the 2008 case of Heartland Payment System processing created a breach in credit card numbers and could end up in lawsuits with large payouts. Disrupting information integrity in a message while on transit or at rest could also lead to serious consequences. In another instance, an attacker could take advantage in the event that there exists a possibility of modifying funds transfer messages between an online banking system and a user. Hence, the attacker could alter the recipient’s account number appearing on the message to the attacker’s personal bank account number thereby capturing the transfer and stealing the funds transferred. Also widely known, would be the Denial of Service (DoS) attack that exists in various forms yet disrupting systems in that legitimate users remain barred from accessing the system. Network flooding constitutes one form of a DoS attack where traffic overloads the network hence no legitimate requests gets through (Howard, 2010). B. Impacts of government regulation on national security Impacts of government regulation on national security (a) resulting from failure to comply with cyber regulations or requirements Both private and public industry organizations rely on information systems and information in order to support efficient delivery of services and products, enhance productivity and enable business operations. This level of government regulation entails accreditation and certification of federal agencies’ information systems. The Federal Information Security management Act (FISMA) outlines how to manage risks associated with information resources and secure information systems in federal government agencies. Effects of government regulation on national security arising from failure to comply with cyber regulations or requirements may include the variety of threats with the potential to cause harm, loss and damage that organizations face due to their use of IT. Private industry reliance on information systems and information poses risks regardless of laws endorsed to achieve extensive adoption of IT recognizing the explicit potential benefits to agencies. Government regulation recognizes the need for private industry to safeguard the security and privacy of information systems and information thus the need to reduce risks associated with using and operating IT. However, government programs and agencies have remained criticized by industry, Congress, and security practitioners over the introduction of online Cyberscope platform for submitting agency reports. The law does not focus entirely on compliance concerning the implementation of information assurance and management practices private industry need to employ (Zubairi & Mahboob, 2011). (b) Resulting from meeting only the minimum requirements Moreover, effects of government regulation on national security could also arise when meeting only the minimum requirements. FISMA in addition to other federal management regulation on information security remain consistent with the adequate protection principle. In this regard, an asset ought to be protected to the extent proportionate with its value and for as long as the asset continues to have value to the private industry. Hence, meeting minimum requirements occurs when information security reduces risks on a constant basis at acceptable levels. Relevant security management practices provide essential support across all levels of the private industry on the management of enterprise risks. Meeting FISMA requirements as well as implementing the guidelines and standards linked to the law remains resource and time intensive thus the government constantly recognizes the worth of these efforts. The government’s comprehensive scope and risk based foundation approach to risk management and information security constitute its positive impact on national security. Government regulation also offers flexibility to private industry so that they may adapt their activities to their specific security requirements and risk management priorities. It also enabled private industry to focus on the mission supporting function of information security as well as the enterprise risk management function. Government regulation established private industry responsibilities at formal executive level for risk and security management. The government also raised the relationship of these positions to top industry leadership in addition to their visibility. On the contrary, conflicting evidence produced by private industry for assessing the relative effectiveness of government regulation contributes to significant frequency, variety and amount of security case (Grantz & Philpott, 2012). (c) Resulting from exceeding the minimum requirements Furthermore, the effects of government regulation on national regulation may result from exceeding the minimum requirements. Even though federal private industry have the freedom to provide additional security exceeding the minimum requirements, their decisions to do so must be aligned the private industry’s level of risk tolerance and justified on cost basis. Government regulation also recognizes that private industry may select specific technical software or hardware information security solutions from products commercially developed. Additionally, information security products commercially developed offer dynamic, robust, effective, and advanced information security solutions. In this regard, an understanding of the historical context primary to the current expectations of private industry remains essential. This helps private industry and system owners to discover causal factors to various security requirements and evaluate the magnitude of causal factors to their specific security goals. Taking this into account, the private industry could more effectively implement cost effective and risk based information security management practices adapted to their industry’s requirements. These solutions replicate market solutions for the protection of essential information infrastructures fundamental to economic security and national defense of the nation (Gantz & Philpott, 2012). Role of private industry in protecting national security Cyberspace constitutes an indispensible part of life providing unrestricted access to faceless persons who cause cybercrimes anywhere in the world. Information technology (IT) practitioners also exist in the private industry where most of the software production IT related technologies originate. All professional practices associated with the knowledge of cybersecurity remain universally integrated into a single practical model of application. The actual realization of recommendations made by the Essential Body of Knowledge (EBK) would be determined by the particular circumstances and roles involved. In addition, the manifestation of competencies in a role-based structure enables organizations to mold EBK’s advice into custom security solutions appropriate for their real world cybersecurity needs. In this regard, organizations could shape paramount and routine security practice solutions customized to their specific needs. Most significantly, organizations could easily modify their security approaches by modifying their competency definitions of roles as circumstances change. Hence, the private sector has the responsibility of protecting national security through implementing good security controls imposed by government regulation (Shoemaker & Conklin, 2011). Real world examples Sensitive government information leaked from the WikiLeaks cables, an illustration of cybersecurity issues. This prompted the White House Office of Management and Budget to send a memorandum prohibiting access to the website’s classified documents by unauthorized employees of the federal government. Fake banking websites and emails have also emerged providing misleading information and sensitive information could as well be sought. Also, the spread of malware in various ways such as through websites or emails accomplish various attacks like installing applications that track key strokes on individual devices. Malware could also hijack devices thus incorporating them as botnets to be rented on the black market as a platform for distributing spam emails or conducting distributed denial of service (DDoS) attacks. Moreover, an attacker could use a memory stick to install software or programs on devices for many malicious intentions, for instance installing a backdoor in order to access a device or monitor keystrokes remotely (Wang, 2009). Conclusion Even though information possesses value that could directly affect people’s lives, it remains difficult to relate personal and specific terms to the magnitude of effect caused by destruction or theft of information in any given situation to an individual. Furthermore, it remains costly and challenging to ensure systematic and reliable protection of information database, which appear intangible and dynamic. The rapidly developing field of cybersecurity specifically exists to address these problems. The formation of public-private partnerships could significantly contribute to mitigating cybersecurity challenges. References Anderson, K. J. (Ed.). (2011). Cybersecurity: Public Sector Threats and Responses. Boca Raton, FL: CRC Press. Gantz, S. D. & Philpott, D. R. (2012). FISMA and the Risk Management Framework: The New Practice of Federal Cyber Security. Waltham, MA: Elsevier. Howard, R., Graham, J. & Olson, R. (2010). Cyber Security Essentials. Boca Raton, FL: CRC Press. Shoemaker, D. & Conklin, W. A. (2011). Cybersecurity: The Essential Body of Knowledge. Boston, MA: Cengage Learning. Theohary, C. A. & Rollins, J. (2009). Cybersecurity: Current Legislation, Executive Branch Initiatives, and Options for Congress. Darby, PA: DIANE Publishing. Wang, J. (2009). Computer Network Security. Lowell, MA: Springer. Zubairi, J. A. & Mahboob, A. (2011). Cyber Security Standards, Practices and Industrial Applications: Systems and Methodologies. Hershey, PA: Idea Group Inc. Read More