Friday, May 17, 2019
Government Enforced Cyber Security, a Public Good? Essay
We only know that cyber certificate is some(prenominal)thing of great importance to anyone difficult to comfort their network assets, customer assets, and personal assets. The list of possible risks associated with neglecting to convention veracious cyber certificate are endless, and the dangers lurking let on in cyber space too numerous to imagine anyone who is supreme any pillowcase of come with network to ignore nonwithstanding the question here is whether or non the disposal should become the cyber gage spendr non nonwithstanding within in its throw presidency domain but also within the underground domain as well as a humanity good. Before we prevail into the discussion of whether or not the establishment should play this role, I entrust we should relieve oneself a short discussion on what public good actually retrieves. Generally public speaking public good is a loose circumstance utilize to justify some kind of save one is taking, by saying that it is in the best interest of the usual population to do so.The implications nookie the use of the edge public good is that 1 the action is beneficial to a majority of the population and 2 that the majority of the population is either too ignorant, or incap able for some reason of execute the action for themselves. The use of the term is also handy because it is non-specific as to WHO is actually benefiting from the actions is it the general consumer, the small affaires, thumping businesses, the politics, a special interest group, all of the above, none of the above, Who? Who is actually benefiting from the act? By apply the term the public good one does not brace to account for who is actually benefiting. Nor do they have to pick by who competency be harmed or negatively affected by the action either. Additionally by using the term that it is for the public good, by default the concept of how much(prenominal) decease it cost, and who is going to feed for it, is seemingly automatically a non-concern.So by the very nature of the term for the public good the user of said term has attempted to write themselves a blank check, quantifying and justifying any and all actions they mean to implement and use. The term public good has been used by various entities throughout history to live up to some of the most horrendous crimes once morest their commonwealth, and to extort unimaginable amounts of wealth and goods from their populations. Anytime the term public good is used to ask for justification for an action from any entity it should be immediately critically examined with a very square off tooth comb to find what the motivations for such a kind gesture might be, as well as analyzed by a staunch accountant to find out where the money is, and where it leads in the proposition. The term public good more than any new(prenominal) term I can think of, is more often than not the very term used to lead more sheep to their witness quiet butch ery whence any war cry ever has. It should always be approached with skeptism and caution when used, especially in conjunction with the word government.Is Enforcement of Cyber Security a Public Good?Should the enforcement of cyber trade comfortion be considered a public good? This is a very difficult question to answer. In theory, on the surface, enforcement of cyber surety seems care it might be a very viable public service. As viable as other trade shields offered as a public good such as the services of military and police protections. But then you begin to look a little deeper into the subject and you realize that enforcement of cyber security protections has many other(prenominal) more layers then the enforcement of carnal protections such as military and police. In order to enforce cyber security an entity would have to do much more than simply provide, train, and fund forces to patrol the fleshly areas that are in danger. Enforcing cyber security is much more akin to forcing a draft of military service on the general population and forcing them to commit for their own room, board, training and service expenses while they are in the military to boot.In order to enforce cyber security you must force each person who has any interaction with the cyber world, into becoming a cyber security guard, whether they wish to be one or not. Additionally you force any entity whether its a multi-billion dollar bill corporation, a single person running a business out of their basement, or a fragment of the general population at large hard to access the lucre, into funding not only the physical equipment and software required to be a good cyber security guard, but the endless training and commandment expenses associated with it as well. It would be ilk an entity not only suggesting that people should have locks on their doors, but enforcing it with requirements for doubling steel enforced 12 inch wide doors with a minimum 3 locks on it. 1 of which had to be specialty ciphers lock, and penalizing those that do not have said door, by taking away their complete house. This public good if wear oute the way it would be required to be done to actually be minimally effective, has now become a universal burden just like taxes, whos only community quality would be the unified contempt the public would have for its enforcing entity and enforcement policies very much like the contempt the general public has for the IRS. This all world said, I think it safe to say that employment the mandatory enforcement of cyber security a public good is about as accurate as work the mandatory taxes we pay a public good. Most people when left to speak of their own analysis as to whether or not taxes are really something that is good for the majority of the public would slope to beg to differ.Should government enforce cyber security in the private sector?The government of the United States has many roles. Some of these are roles it was intended to ha ve by the Founding Fathers, as written into the Constitution, and most others were assumed, inherited, given, or seized by some means still unknown to me. One of the proper roles of the government is to provide protection to its citizens by the creation and enforcement of laws that protect the people, ie..Murder is a crime punishable by death and the creation of protection entities/forces such as police, fire, and military, to physically patrol the areas our citizens inhabit to protect the lives, and property that they own, which is inclusive of the land they lease as a population. These concepts were pretty cut and dry, although our congress still found a way to someway muddy them but until recently with the invention of the internet and cyber space it was pretty easy to tell where the borders of our nation ended and anothers began, and what constituted a criminal action against another persons being or property. At least the common man could tell these things, lawyers, judges a nd politicians can be excluded from that statement.In cyberspace, there are no boundaries. The line of what to protect and what is external the realm of required government protection is very gray. Therefore the government up until now has restricted its enforcement of cyber security to its own government networks. This level of protection is the proper province of the government, because it is protecting its networks in the interest of subject field security. The department creditworthy for the protection of its citizens as well as national security is the Department of Defense. The past 15 age with the explosion of Information Systems the DOD has found that its workload and responsibilities have increased dramatically with the government use of Information Technology systems. In the past 5 years alone the cyber security workload on the DOD has more than doubled. Although the U.S. DOD is probably the most secure and efficient government entity in the world, it is farther from ideal on levels of security, and it lacks the manpower and resources to keep up with its own demands of cyber security implementations.I have worked in the DOD for over 10 years now, and can tell you first hand that security incidences march on daily, and the security risks to our government networks is a constant ebb and flow of action/reaction. Rarely does the department get a chance, have the time, or the resources to be pro-active instead of re-active. Ultimately as well, with the very best security technologies in place, regular(a) up the government must remain dependant on the human elements to protect the networks, and information. The Wiki-Leaks internet postings are a perfect example of that dependency gone badly. It may or may not have been a technical mis-security that allowed that government employee access to all that clarified selective information, but it was ultimately some(prenominal) human failures that allowed for that information to be posted on the internet .The failure of the trusted government employee to keep the information he was entrusted with secret, and the failure of how many internet web site owners to work at protecting sensitive national info of the country some of them were actual citizens of. The idea that the current DOD could even enforce cyber security in the private sector is not only laughable, but also an extremely peril and terrifying concept. The government enforcement of cyber security in the private sector, for the public good of coursewould be nil more than a ruse to cover its real aim which would be jurisprudence of the internet, or to gift it bluntly the hold up of the last totally unregulated vestige of free speech. Besides the obvious emerge of lack of integrity behind its intentions there are numerous reasons why the U.S. Government should pacify out of the business of regulating the enforcement of cyber security in the private sector.The government, as stated above does not actually have the time, or the resources to manage or enforce any other security implementations outside of itself. The government already spends most of its time in reactive mode on the security frontier trying to find additional time to analyze or validate the security set ups of private sector companies as well would be near impossible. The government does not have the money. Funding for such things as IT equipment hardware and software upgrades is already spread extremely thin. many an(prenominal) times government offices and system are running on hardware and software that are years behind the current releases due to successor funding issues. The government lacks the technical expertness in its ranks to be able to support or even audit / validate the security implementations in private businesses. Over 80% of the technical workforce on the job(p) on government systems are contract workers, hired in because of the lack of security/technical expertise in the government employee workforce. The gov ernment does not have within its sphere the right to enforce cyber security implementation within the private sector. The government scope as outlined by the constitution is to protect its citizens against foreign attack on its own sovereign soil, as well as to protect its citizens from physical attacks and destruction of their private property within the boundaries of its nation. There are no boundaries to cyber space therefore when a citizen of the U.S. chooses to enter into the boundary less area known as cyberspace, they are choosing to inhabit an area that is outside the scope of their countries ability to protect them. They do this at their own risk. If these same citizens left the safety of the U.S. and ensnare themselves willingly into the middle of Egypt right now, they are taking their chances full well knowing that they are willingly giving up the safety and protection of the U.S. If they are taken captive, the U.S. will attempt to negotiate for their release, but it ca nnot, and will not guarantee it. If it can secure their release or do anything at all for them, it will, but many times it can do nothing so far outside its jurisdiction just ask Nicholas Berger, the American beheaded in Iraq several years ago. The governments office to provide protections to its citizens is a provision of protections that are within reason. Although the government provides police, fire, medical and military services to their citizens I for one do not have my own personal police officer, or doctor escorting and to encounter to me in case I should run into a mugger on the street or get a sniffle in the middle of the night. The services provided are broad, sweeping, and for the use of the general population to both lower and deter its own population from being criminals as well as to protect and serve its own population. Cyberspace is not its own population. The government was never given authority to regulate business, in any way, shape, or form not for the publi c good or for its own expansion. Not in the give away of protections for its people, and not with its intent to create legal monopolies, or cater to interest groups. Regulation of any business interests, including the enforcement of cyber security on business networks is outside of what the government is supposed to doing, and a conflict of interest to the type of government that was originally established for the country which was a democracy. The government does not have the flexibility to expeditiously enforce, and manage the cyber Security regulations and compliancy of the private sector, and in trying to do so, would only hinder the impart of the cyber security technologies industries, and protections implemented by the private sector. Cyber Security is a MOVING target. The government is a groggy beast. Government bureaucracy consumes easily 60% of all the time, money and resources spent by the government. Time being the biggest issue on this point. Cyber security in order t o be the most effective has to be able to be tweaked, re-configured, and updated as fast as your average cyber criminal can re-invent ways to penetrate. The higher revalue the data is that you work with as a company, the quicker and more flexible you must be to put forward a secure network status. An individual with little valuable data on their system does not need to be all that concerned with the security posture of their system. Not all systems, businesses, and networks can be considered the same, and each ones security posture is going to be based on the value of what they are trying to protect. All cannot and should not be regulated the same. Creating any type of tiered regulation for cyber security enforcement will add layers of bureaucracy and therefore delays in actual implementation. Once again being counterproductive to the enforcement in the first place.Who is going to pay for the government to take on this further endeavor? I dont know about you but I pay enough in t axes for useless programs, counterproductive government measures, misrepresented & abused government powers, and generally overall government meddling in the private sector, both businesses and personal. Even if they charge the businesses for their services the cost will ultimately end up on the general population. This is where the cost always ends up and this will be no exception.What is the point of the government enforcing cyber security regulating the portion of the internet that runs through the U.S. internet gateways and DNS servers, when it has absolutely no control, or jurisdiction to control anything outside of it. All you would be doing is creating a relentless market for foreign internet feeds creating yet another flourishing criminal market. Does prohibition the very act that gave the organized mob their greatest power and hot wealth windfall, or the more modern war on drugs that is only serving to create some of the most vicious cartel wars seen, why because the att empt to regulate and control it only serves to make it an even more profitable illegal industry.Shouldnt the government stay focused on where it should be focused? Especially since IT has the largest network, with the most valuable and sensitive data in the country on it. Protection of this data actually falls within the scope and responsibility of the government, in the interest of national security. The data on its network actually does have life and death consequences to people.Very few other enterprises process data with such importance and consequence. So shouldnt the government fuss about its own house and worry about maintaining it instead of trying to regulate the private industry which is not only outside of their scope of responsibility, but is also a project with so much less importance then their own. It seems nutty to wish them to focus on anything other than their own networks, and data. The one exception would be for them to have a level of standards required of an y business network that was allowed to connect directly to them. I am blessed to report, these are relatively few.What would be the impact of government enforced cyber security in the private sector?There would be numerous impacts to the private sector if government tried to enforce cyber security regulations. Many I can name right now, and numerous I am sure would be unthought-of results. The price for such regulation would ultimately fall on the average citizen to bear. The price for such regulation would drive numerous smaller companies unable to bear the cost (and also processing information not much worth hacking) out of business. The overall security posture for the private sector as a whole would be reduced- business that needed increased security then government standards would even out with businesses needing very little security carrying all kinds of security they dont need. The rights of a business and the people to use their own judgment to decide the amount of secu rity needed on their enterprises is once again diminished, and compromised, as well as them to suffer the consequences of misjudgments nullified. Building dependency on the government for critical thought process and analytical skills as well as basic survival skills is continued. A flourishing and profitable black market for non-regulated internet feeds is created. The integrity of the biased lean of the information being regulated through to the general population is immediately under question resulting in further distrust of the regulating entityie government. boilersuit to both the businesses being regulated and the businesses that produce technology instruments and devices the impact would be negative.Should private industry have the responsibility to protect national security? Private industry has a vocation to protect national security when its a situation that is a direct action to do so. For example, a company that processes government information has a duty to protect that information. A company that sells porcelain dolls has no responsibility to protect the national security. Just as they would not load up their employees with camouflage and weapons and send them out to a base to somewhere to assist the troops for a day every week, they dont have a duty or responsibility to practice cyber security out on the internet like some kind of mercenary.It is good business sense for them to practice some level of cyber security that is suppress to the sensitivity and value of the data they process but that is an act of self interest and a turn up of good business intelligence. Not only does private industry not have a responsibility to protect the national interest by practicing cyber security, but once again should protect their own interests and leave the national interest to the appropriate experts. Only companies that process government information, or connect to government systems should be attempting to apply cyber security in the name of nation al interest. Those are the only people who have that duty and the only people properly schooled in the expertise to do so, and should have an interest to. Any other business or entity should remain concerned with their own business interests, or be brought under shadowed for spying or espionage they have no business being concerned with the national defense and should stay out of it.ReferencesTuutti , C. (2010, September 13). Cyber expertsespionage, apts, malware among most dangerouscyber threats. Retrieved from http//www.thenewnewinternet.com/2010/09/13/cyber-experts-espionage-apts-malware-among-most-dangerous-cyber-threats/Stenbit, John.P. Department of Defense, Command,Control Communications and Intelligence. (2003).Information pledge implementation (8500.2).Washington, DC DISA.Bavisi, J. (2010, July 26). Biggest national security threat cyber attack. Retrieved from http//www.foxbusiness.com/personal-finance/2010/07/26/biggest-national-security-threat-cyber-attack/Dhamankar, Da usin, Eisenbarth, King, Kandek, Ullrich, Skoudis, Lee, R., M.,M.,J.,W.,J.,E.,R. (2009, September 09). The top cyber security risks. Retrieved from http//www.sans.org/top-cyber-security-risks/Aitoro, J. (2010, imposing 17). Employees still pose biggest security threat, survey finds. Retrieved from http//www.nextgov.com/nextgov/ng_20100817_1347.phpBishop, M., & Irvine, C. (2010). Call in the cyber national guard IEEE Computer and Privacy, 8(1), Retrieved from http//www.computer.org.ezproxy.umuc.edu/ introduction/web/csdl/abs/html/mags/sp/2010/01/msp2010010056.htmClarke, R.A. (2010). Cyber war the next threat to nationalsecurity and what to do about it. novel York, NY Ecco.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.