How Prepared the United States in Responding to a Cyber Emergency - Case Study Example

Is the U.S. ready for a cyber emergency? Lecturer Introduction The role played by computers and the internet in the modern times is enormous and cannot be ignored. The benefits associated with these technologies are enormous, and this has generally contributed to the growth of cyberspace (Uma & Padmavathi, 2013). Unfortunately, this technology is being used by individuals to cause damage and exploit others. Such individuals may use this technology to access private information, disable networks and steal data (Uma & Padmavathi, 2013). This problem is what is termed to as a cyber attack. Whereas a number of measures may be put in place to prevent such attacks, it is not entirely possible to completely eliminate the possibility of such attacks happenings. This makes it necessary for organizations and governments to be prepared to deal with such emergencies. This paper attempts to evaluate how prepared the United States is in responding to a cyber emergency. Issues associated with cyber emergency Cases of cyber attacks against important infrastructure in the United States have been on the increase. These attacks do just affects a single department or machine but instead affect the entire economy, national security and social lives. Computer networks have become a critical component of the national infrastructure. According to a statement given to the Committee on Homeland Security in 2012 by Gregory Wilshusen, the director of Information Security Issues, the country faces a number of cyber threats from different sources. These threats can either be intentional or unintentional. The unintentional sources include software upgrades and defective equipment that may affect systems. However, most of these threats are intentional, and these come from criminal groups, terrorists, hackers, foreign nations and insiders (Wilshusen, 2012). These threats have increased the vulnerabilities of critical federal systems and infrastructure. These threats have significant effects to the operations of the government and related departments. These include: loss of resources, inappropriate and unauthorized access to critical information, and disruption of government operations and undermining of the missions of the government (Wilshusen, 2012). The ability of the government to deal with such attacks depends on the overall preparedness in three key areas. The first is risk management, which mainly involves understanding the different security risks and how they affect the government and the population at large. This involves identifying the key assets, analyzing and classifying the threats and understanding the impact of a security threat (Government Technology, 2011). The second component of cyber emergency preparedness is compliance. The government has to ensure that all departments and organizations comply with the relevant laws and regulations regarding cyber security. Finally, there is need to have training programs in order to ensure that all government agencies and department have qualified personnel who understand these risks and how to avoid them (Government Technology, 2011). Employees need to understand the security policies and understand how to use computer systems and devices safely. These three main components are the basis of cyber emergency preparedness. Based on these issues, the section below analyses how prepared the United States is in dealing with cyber emergencies. This analysis is based on the steps taken by the various government agencies and bodies to enhance cyber security. Analysis The National Preparedness Report of 2013 highlights two major findings related to cyber security preparedness. First, the report notes that the Federal Government and private sector are increasingly working together in responding to cyber incidents. However, this partnership is yet to expand to the owners of critical infrastructure and operators (Homeland Security, 2013). Secondly, the report shows that states have low awareness risks to the information systems they use. According to the State Chief Information Security Officers (CISOs), this is attributed to low funding and lack of skilled staff (Homeland Security, 2013). Many federal agencies struggle to attract and retain the necessary cyber security talent and also find it difficult to develop staff members. These findings indicate that although there are a number of steps being taken to prepare the country for cyber emergencies, there is a lot that needs to be done. According to a study conducted by the United States Government Accountability Office (GAO) (2013), it was observed that while the federal government has taken measures to enhance the country’s ability to deal with cyber threats, a number of key issues remain unaddressed. First, there are limitations in assessing risks, development of controls and the monitoring of results in the federal government as well as the critical infrastructure (GAO, 2013). For instance, the report shows that only 8 out of the 22 major agencies comply with the risk management requirements set under the Federal Information Security Management Act (FISMA) (GAO, 2013). Secondly, the report shows that although the Department of Homeland Security has made progress in the coordination of the federal government’s response to cyber incidents, the sharing of information among the various federal agencies and the private sector remains poor (GAO, 2013). There is lack of a central information system, and this hinders the ability of the government to respond to such attacks. Third, although some progress has been made in understanding and addressing international cyber security challenges, the approach taken by the government in international cyber security challenges is not well implemented. The government lacks a clear international strategy that has clear performance metrics and timeframes (GAO, 2013). This has made it difficult for the government to set and achieve clear objectives relating to international cyber security threats. Fourth, most of the agencies involves in strategic planning such as the Department of Homeland Security and the Office of Personnel Management lack adequate training programs for the cyber security workforce (GAO, 2013). Finally, the report finds that research and development initiatives in the field of cyber security are relatively limited. This is attributed to the poor sharing of information and the inability to effectively monitor R&D projects countrywide. This has made it difficult for the country to develop the necessary skills and innovations that might help in dealing with cyber security threats. The results of this study show that the government has yet to fully address the major issues related to cyber security management. One of the major trends surfacing is the inability of the different federal agencies to train and maintain qualified personnel specialized in cyber security (Roulo, 2012). In addition, the information sharing between the government agencies and the private sector is still wanting. In a report prepared by Sen. Tom Coburn (2014) on the track record of the federal government on cyber security and critical infrastructure, the author identifies some of the trends by the key agencies in relation of cyber security emergency preparedness. The results show that most the government agencies, inducing those that hold large volumes of sensitive data, are vulnerable to cyber attacks. This is because the organizations have failed to take the basic steps in ensuring that their systems are secured. For example, the Department of Homeland Security (DHS) protects sensitive databases with very weak or default passwords (Coburn, 2014). In addition, the computers that control access to the various DHS facilities had their software out of date. The Nuclear Regulation Commission, which is an example of an agency that maintains large volumes of sensitive data, is also highly vulnerable. For example, most of the data is stored to a shared drive that is not secured. Some of the data stored on such drives include the agency’s cyber security programs and the Commissioner’s home address and phone number (Coburn, 2014). These trends indicate that even the most sensitive agencies and those charged with the responsibility of marinating national security still fail to comply with the basic requirements of cyber security. These further show how the government and related agencies are not well prepared to handle cyber emergencies. Conclusion Based on the analysis above, it can be concluded that although the government has taken measures to identify, assess, prevent and deal with cyber threats, there are a number of key issues that need to be addressed. Two among them is the inability of the government agencies to effectively share information with the private sector and the lack of adequate trained staff in these agencies. The implementation and monitoring of the various regulations and polices related to cyber security remains poor. This generally exposes the country to cyber attacks. In the event of a cyber disaster, the country is not fully prepared to deal with such and minimize damage and loss of information. There is need for the government to ensure that all the policies developed are followed and monitored. References Coburn, T (2014). The Federal Government’s Track Record on Cyber security and Critical Infrastructure. Pp. 1-19. Retrieved on 23 March 2014 from http://www.coburn.senate.gov/public/index.cfm?a=Files.Serve&File_id=f1d97a51-aca9- 499f-a516-28eb872748c0 Government Technology (2011). Cyber Security Essentials for State and Local Government. e- Republic. Pp. 1-26 Homeland Security (2013). National Preparedness Report. Retrieved on 23 March 2014 from https://www.llis.dhs.gov/sites/default/files/npr2013_final.pdf Roulo, C (2012).Cybercom Chief: U.S. Unprepared for Serious Cyber Attacks. US Department of Defense. American Forces Press Service. Retrieved on 23 March 2014 from http://www.defense.gov/news/newsarticle.aspx?id=117289 Uma, M and Padmavathi, G (2013). A Survey on Various Cyber Attacks and their Classification. International Journal of Network Security, 15(6), Pp.391-397 US Government Accountability Office (GAO) (2013). Cyber Security: National Strategy, Roles, and Responsibilities Need to Be Better Defined and More Effectively Implemented. Report to Congressional Addressees Wilshusen, G (2012). Cyber security: Threats Impacting the Nation. Testimony before the Subcommittee on Oversight, Investigations, and Management, Committee on Homeland Security, House of Representatives. United States Government Accountability Office. Read More