Wednesday, December 19, 2018
'Government Enforced Cyber Security, a Public Good? Essay\r'
'We exclusively know that cyber gage system is nighthing of great impressiveness to either integrity trying to nurture their communicate as mickles, customer assets, and soulal assets. The sway of possible risks associated with neglecting to practice decline cyber tri thate system be end slight, and the dangers lurking by in cyber place too legion(predicate) to imagine any ch adenosine monophosphateion who is functionling any type of keep come with network to ignore; but the question here(predicate) is whether or non the establishment should produce the cyber shelter en driver not solo within in its be possessed of regimen sector but besides within the personal sector as slowly as a popular honourable. Before we bug out into the discussion of whether or not the politics should mold this role, I believe we should confine a trivial discussion on what ââ¬Å" universe goodââ¬Â truly agency. Gener wholey speaking ââ¬Å" man manikin goodâ â¬Â is a loose boundary used to justify both(prenominal) kind of execute one is victorious, by formulation that it is in the best beguile of the common world to do so.\r\nThe implications screw the use of the border ââ¬Å" usual goodââ¬Â is that #1 the natural action is beneficial to a mass of the creation; and #2 that the majority of the universe is either too ignorant, or incapable for some reason of performing the action for themselves. The use of the consideration is likewise f wholey because it is non-specific as to WHO is very benefiting from the actions; is it the full general consumer, the small handicraftes, big transactiones, the organization, a special touch on group group, all of the higher up, none of the above, Who? Who is actually benefiting from the act? By using the term the ââ¬Å"public goodââ¬Â one does not have to account for who is actually benefiting. Nor do they have to identify who might be harmed or negatively affected by t he action either. additionally by using the term that it is for the ââ¬Å"public goodââ¬Â, by default the concept of how much provide it greet, and who is going to cave in for it, is seemingly automatically a non-concern.\r\nSo by the actually nature of the term for ââ¬Å"the public goodââ¬Â the user of said term has sampleed to write themselves a blank check, quantifying and justifying any and all actions they mean to implement and lend one ego. The term ââ¬Å"public goodââ¬Â has been used by various entities throughout history to accomplish some of the almost horrendous crimes over against their hoi polloi, and to extort unimaginable amounts of wealth and goods from their cosmoss. Any date the term ââ¬Å"public goodââ¬Â is used to ask for justification for an action from any entity it should be straightaway critically examined with a rattling find tooth comb to find what the motivations for much(prenominal)(prenominal) a kind gesture might be, as co me up as analyzed by a staunch accountant to find out where the coin is, and where it leads in the proposition. The term ââ¬Å"public goodââ¬Â more(prenominal) than any other term I give the sack think of, is more often than not the actually term used to lead more sheep to their ingest quiet slaughter consequently any contend cry ever has. It should al slipway be approached with skeptism and guardianship when used, especially in conjunction with the word organisation.\r\nIs Enforcement of Cyber credential a Public Good?\r\nShould the enforcement of cyber pledge department be considered a ââ¬Å"public goodââ¬Â? This is a real difficult question to answer. In theory, on the surface, enforcement of cyber auspices seems equivalent it might be a very viable public attend to. As viable as other cheerions offered as a public good such as the services of forces and jurisprudence nurseions. But then you begin to look a micro deeper into the subject and you reali ze that enforcement of cyber tribute protections has some more layers then the enforcement of physical protections such as military and police. In order to enforce cyber credentials an entity would have to do much more than patently provide, train, and fund forces to patrol the physical atomic number 18as that argon in danger. Enforcing cyber surety measure measure is much more akin to forcing a draft of military service on the general population and forcing them to pay for their ingest room, board, training and service expenses while they are in the military to boot.\r\nIn order to enforce cyber auspices you moldiness force each person who has any interaction with the cyber world, into decorous a cyber security guard, whether they wish to be one or not. Additionally you force any entity whether itââ¬â¢s a multi-billion dollar corporation, a single person running a business out of their basement, or a member of the general population at large trying to access the cybe rspace, into funding not however the physical equipment and software involve to be a good cyber security guard, but the endless(prenominal) training and education expenses associated with it as vigorous. It would be handle an entity not only(prenominal) suggesting that people should have locks on their doors, but enforcing it with requirements for double steel enforced 12 inch wide doors with a minimum 3 locks on it.\r\nOne of which had to be specialty ciphers lock, and penalizing those that do not have said door, by taking away their entire house. This ââ¬Å"public goodââ¬Â if make the way it would be required to be make to actually be minimally trenchant, has now become a universal burden just like taxes, whoââ¬â¢s only community quality would be the unified contempt the ââ¬Å"publicââ¬Â would have for its enforcing entity and enforcement policies; very much like the contempt the general public has for the IRS. This all existence said, I think it prophylactic to say that calling the mandatory enforcement of cyber security a ââ¬Å"public goodââ¬Â is some as entire as calling the mandatory taxes we pay a ââ¬Å"public goodââ¬Â. Most people when unexpended to speak of their own analysis as to whether or not taxes are really something that is good for the majority of the public would tend to beg to differ.\r\nShould regime enforce cyber security in the closed-door sector?\r\nThe organization of the United States has many roles. Some of these are roles it was think to have by the Founding Fathers, as indite into the Constitution, and most others were assumed, inherited, given, or seized by some means still unknown to me. One of the compensate-hand(a) roles of the judicature is to provide protection to its citizens by the creation and enforcement of laws that protect the people, ie..Murder is a crime punishable by death; and the creation of protection entities/forces such as police, fire, and military, to physically patrol th e areas our citizens lie in to protect the lives, and airplane propeller that they own, which is comprehensive of the land they occupy as a nation. These concepts were beauteous cut and dry, although our congress still found a way to somehow muddy them; but until lately with the invention of the internet and cyber space it was pretty balmy to tell where the borders of our nation ended and some otherââ¬â¢s began, and what constituted a evil action against another personââ¬â¢s universe or property. At least the common man could tell these things, lawyers, judge and politicians can be excluded from that statement.\r\nIn cyberspace, there are no boundaries. The line of what to protect and what is outside the out-of-the-way(prenominal)ming of required governance protection is very gray. wherefore the disposal up until now has restricted its enforcement of cyber security to its own government networks. This level of protection is the proper responsibility of the governm ent, because it is protecting its networks in the interest of topic security. The department responsible for the protection of its citizens as well as subject area security is the Department of Defense. The ult 15 years with the explosion of Information Systems the defence force has found that its workload and responsibilities have increased dramatically with the government use of Information Technology systems. In the past 5 years alone the cyber security workload on the defending team has more than doubled. Although the U.S. vindication is probably the most secure and efficient government entity in the world, it is far from ideal on levels of security, and it lacks the custody and resources to keep up with its own demands of cyber security implementations.\r\nI have worked in the DOD for over 10 years now, and can tell you first hand that security incidences occur daily, and the security risks to our government networks is a constant ebb and flow of action/reaction. seldom does the department get a chance, have the while, or the resources to be pro-active sooner of re-active. Ultimately as well, with the very best security technologies in place, even the government must remain dependant on the gentleman elements to protect the networks, and schooling. The Wiki-Leaks internet postings are a perfective example of that dependency gone badly. It may or may not have been a proficient mis-security that allowed that government employee access to all that sensitive data, but it was finally several human failures that allowed for that information to be posted on the internet.\r\nThe failure of the trusted government employee to keep the information he was entrusted with secret, and the failure of how many internet blade site owners to work at protecting sensitive matter data of the rude some of them were actual citizens of. The idea that the afoot(predicate) DOD could even enforce cyber security in the nonpublic sector is not only laughable, but w ithal an extremely menacing and terrifying concept. The government enforcement of cyber security in the private sector, ââ¬Å"for the public goodââ¬Â of raceââ¬Â¦would be nothing more than a stratagem to cover its real aim; which would be economy of the internet, or to put it bluntly the control of the sustain totally un caused vestige of free speech. excessively the obvious issue of lack of integrity behind its intentions there are numerous reasons why the U.S. giving medication should stay out of the business of regulating the enforcement of cyber security in the private sector.\r\nThe government, as stated above does not actually have the time, or the resources to make do or enforce any other security implementations outside of itself. ââ¬Â¢ The government already spends most of its time in reactive mode on the security frontier; trying to find additional time to analyze or validate the security set ups of private sector companies as well would be near impossible. ââ¬Â¢ The government does not have the money. financing for such things as IT equipment hardware and software upgrades is already spread extremely thin. Many propagation government offices and system are running on hardware and software that are years behind the current releases due to replacement funding issues. ââ¬Â¢ The government lacks the proficient expertise in its ranks to be able to withstand or even audit / validate the security implementations in private businesses. Over 80% of the good workforce working on government systems are contract workers, hired in because of the lack of security/technical expertise in the government employee workforce. The government does not have within its scope the right to enforce cyber security implementation within the private sector.\r\nââ¬Â¢ The government scope as outlined by the constitution is to protect its citizens against external attack on its own sovereign soil, as well as to protect its citizens from physical attacks and destruction of their private property within the boundaries of its nation. There are no boundaries to cyber space; and then when a citizen of the U.S. chooses to enter into the boundary less area known as cyberspace, they are choosing to inhabit an area that is outside the scope of their countries ability to protect them. They do this at their own risk. If these same citizens left-hand(a) the sanctuary of the U.S. and put themselves willingly into the plaza of Egypt right now, they are taking their chances full well cunning that they are willingly giving up the safety and protection of the U.S. If they are taken captive, the U.S. will attempt to negotiate for their release, but it cannot, and will not ascertain it. If it can secure their release or do anything at all for them, it will, but many times it can do nothing so far outside its jurisdiction; just ask Nicholas Berger, the American beheaded in Iraq several years ago.\r\nââ¬Â¢ The governmentââ¬â¢s responsibilit y to provide protections to its citizens is a homework of protections that are within reason. Although the government provides police, fire, medical and military services to their citizens; I for one do not have my own personal police officer, or doctor escorting and to attend to me in case I should run into a mugger on the street or get a sniffle in the middle of the night. The services provided are broad, sweeping, and for the use of the general population to both reduce and deter its own population from organism criminals as well as to protect and serve its own population. Cyberspace is not its own population.\r\nââ¬Â¢ The government was never given authority to regulate business, in any way, shape, or form; not for the ââ¬Å"public goodââ¬Â or for its own expansion. not in the name of protections for its people, and not with its intent to gain legal monopolies, or cater to interest groups. statute of any business interests, including the enforcement of cyber security on business networks is outside of what the government is supposed to doing, and a fighting of interest to the type of government that was originally complete for the domain which was a democracy. The government does not have the flexibility to efficiently enforce, and manage the cyber Security edicts and deference of the private sector, and in trying to do so, would only hinder the progress of the cyber security technologies industries, and protections implemented by the private sector.\r\nââ¬Â¢ Cyber Security is a MOVING target. The government is a lethargic beast. Government bureaucracy consumes easily 60% of all the time, money and resources spent by the government. Time being the biggest issue on this point. Cyber security in order to be the most effective has to be able to be tweaked, re-configured, and updated as spendthrift as your just cyber criminal can re-invent ways to penetrate. The higher hold dear the data is that you work with as a company, the quicker and mo re flexible you must be to maintain a secure network status. An individual with little valuable data on their system does not need to be all that relate with the security mould of their system. Not all systems, businesses, and networks can be considered the same, and each ones security posture is going to be based on the comfort of what they are trying to protect. all in all cannot and should not be regulated the same. ââ¬Â¢ Creating any type of tiered regulation for cyber security enforcement will add layers of bureaucracy and therefore delays in actual implementation. Once again being counterproductive to the enforcement in the first place.\r\nWho is going to pay for the government to take on this further inclination? I donââ¬â¢t know intimately you but I pay enough in taxes for useless programs, counterproductive government measures, misrepresented & abused government powers, and generally overall government meddling in the private sector, both businesses and perso nal. flush if they charge the businesses for their ââ¬Å"servicesââ¬Â the cost will ultimately end up on the general population. This is where the cost always ends up; and this will be no exclusion.\r\nWhat is the point of the government enforcing cyber security regulating the passel of the internet that runs through the U.S. internet gateways and DNS servers, when it has absolutely no control, or jurisdiction to control anything outside of it. All you would be doing is creating a black market for ââ¬Å"foreignââ¬Â internet feeds; creating yet another flourishing criminal market. Does ââ¬Å"prohibitionââ¬Â â⬠the very act that gave the organized menage their greatest power and fastest wealth windfall, or the more modern ââ¬Å"war on drugsââ¬Â that is only serving to create some of the most furious cartel wars seen, whyââ¬Â¦ because the attempt to regulate and control it only serves to make it an even more lucrative illegal industry.\r\nShouldnââ¬â¢t the government stay cogitate on where it should be counseled? Especially since IT has the largest network, with the most valuable and sensitive data in the country on it. Protection of this data actually falls within the scope and responsibility of the government, in the interest of national security. The data on its network actually does have life and death consequences to people.\r\nVery a couple of(prenominal) other enterprises process data with such importance and consequence. So shouldnââ¬â¢t the government worry about its own house and worry about maintaining it; instead of trying to regulate the private industry which is not only outside of their scope of responsibility, but is as well a project with so much less importance then their own. It seems insane to wish them to focus on anything other than their own networks, and data. The one exception would be for them to have a level of standards required of any business network that was allowed to connect straightway to th em. I am happy to report, these are comparatively few.\r\nWhat would be the impact of government enforced cyber security in the private sector?\r\nThere would be numerous impacts to the private sector if government seek to enforce cyber security regulations. Many I can name right now, and numerous I am sure would be unexpected results. ââ¬Â¢ The price for such regulation would ultimately fall on the average citizen to bear. ââ¬Â¢ The price for such regulation would drive numerous smaller companies unable to bear the cost (and also processing information not much cost hacking) out of business. ââ¬Â¢ The overall security posture for the private sector as a whole would be reduced- business that involve increased security then government standards would even out with businesses needing very little security carrying all kinds of security they donââ¬â¢t need.\r\nââ¬Â¢ The rights of a business and the people to use their own judgment to decide the amount of security needed on their enterprises is once again diminished, and compromised, as well as them to suffer the consequences of misjudgments nullified. Building dependency on the government for critical thinking and analytical skills as well as basic survival skills is continued. ââ¬Â¢ A flourishing and profitable black market for ââ¬Å"non-regulatedââ¬Â internet feeds is created. ââ¬Â¢ The integrity of the biased lean of the information being ââ¬Å"regulatedââ¬Â through to the general population is immediately under question; resulting in further suspicion of the regulating entityââ¬Â¦ie government. ââ¬Â¢ Overall to both the businesses being regulated and the businesses that produce technology instruments and devices the impact would be negative.\r\nShould private industry have the responsibility to protect national security? Private industry has a debt instrument to protect national security when itââ¬â¢s a situation that is a direct action to do so. For example, a company that p rocesses government information has a duty to protect that information. A company that sells porcelain dolls has no responsibility to protect the national security. however as they would not load up their employees with mask and weapons and send them out to a base to somewhere to ââ¬Å"assistââ¬Â the troops for a day every week, they donââ¬â¢t have a duty or responsibility to practice cyber security out on the internet like some kind of mercenary.\r\nIt is good business sense for them to practice some level of cyber security that is appropriate to the sensitivity and value of the data they process but that is an act of self interest; and a show of good business intelligence. Not only does private industry not have a responsibility to protect the national interest by practicing cyber security, but once again should protect their own interests and leave the national interest to the appropriate experts. Only companies that process government information, or connect to governme nt systems should be attempting to apply cyber security in the name of national interest. Those are the only people who have that duty and the only people properly schooled in the expertise to do so, and should have an interest to. Any other business or entity should remain concerned with their own business interests, or be brought under suspect for spying or espionage; they have no business being concerned with the national defense and should stay out of it.\r\nReferences:\r\nTuutti , C. (2010, kinsfolk 13). Cyber experts:\r\nespionage, apts, malware among most dangerous\r\ncyber threats. Retrieved from http://www.thenewnewinternet.com/2010/09\r\n/13/cyber-experts-espionage-apts-malware-among-most-dangerous-cyber-threats/\r\nStenbit, John.P. Department of Defense, Command,\r\n supremacy Communications and Intelligence. (2003).\r\nInformation assurance implementation (8500.2).\r\nWashington, DC: DISA.\r\nBavisi, J. (2010, July 26). Biggest national security threat: cyber attack. Re trieved from http://www.foxbusiness.com/personal-finance/2010/07/26/biggest-national-security-threat-cyber-attack/\r\nDhamankar, Dausin, Eisenbarth, King, Kandek, Ullrich, Skoudis, Lee, R., M.,M.,J.,W.,J.,E.,R. (2009, kinfolk 09). The top cyber security risks. Retrieved from http://www.sans.org/top-cyber-security-risks/\r\nAitoro, J. (2010, August 17). Employees still pose biggest security threat, survey finds. Retrieved from http://www.nextgov.com/nextgov/ng_20100817_1347.php\r\nBishop, M., & Irvine, C. (2010). Call in the cyber national guard! IEEE Computer and Privacy, 8(1), Retrieved from http://www.computer.org.ezproxy.umuc.edu/portal/web/csdl/abs/html/mags/sp/2010/01/msp2010010056.htm\r\nClarke, R.A. (2010). Cyber war: the next threat to national\r\nsecurity and what to do about it. New York, NY: Ecco.\r\n'
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment