Human Aspects in Cyber and IT Security

Human Aspects in IT and Cybersecurity Outline

Government Justification of Informing Private industry to improve or Set up Cyber-security

Methods of the Government Interventions

Impacts of Government Regulation on National Security

Failure to comply to related cyber regulations

Meeting the minimum requirements.

Exceeding the Minimum Requirements

The economic and national security of the United States rely on the effective functioning of the country critical infrastructures. Recently, the U.S. government has issued an executive order to manage the cybersecurity and protect the country critical infrastructure since a destruction of the critical infrastructures whether virtual or physical can have a negative impact on the national economic security, safety or national public health. The computer and information systems are part of the country critical infrastructures that facilitate effective data communication between organizations. Presently, the U.S. information systems have enhanced interconnectivity that enhances business advantages, which has never happened before. Despite the benefits of interconnectivity among businesses and public organizations, the present network systems have brought increased risks of fraud, theft, threat, cyber terrorism, and abuse.

The objective of this project is to investigate the human aspect of cyber security providing revealing the strategy the government should employ in setting up cyber-security against internal and external threats. The paper discusses a government justification to enact law and regulations mandating business organizations to install minimum cyber defenses. Moreover, the paper discusses the impact of the minimum cyber defenses on the business community.

Government Justification of Informing Private industry to improve or Set up Cyber-security

The rates of the cyber threats in the United States are becoming alarming and the issues require the government immediate intervention to improve cyber security. With an increase of internal threats, organizations are required to use both an interactive and consistency approach to assessing, identify, and manage cyber security. However, the contemporary sophistication of cyber threats is becoming alarming and requiring an intervention of government assistance. The major reason for justification of government intervention for cybersecurity is that the cyber threats have become a cyber war among nation-states, and private organizations alone are not possessing essential security protocol to protect themselves against the current global threats. For example, North Korea and Iran are investing in cyber warfare as part of their military warfare capabilities. Typically, Iran has become a key player in cyber warfare aiming a large-scale attack on the websites of large financial institutions across the United States and other western countries. Moreover, North Korea has recently employed more than 6,000 people and established overseas bases for its hacking attacks. In the last few years, North Korea has attacked the banks, media and military entities' critical infrastructures with malware. China and Russia are also investing heavily in cyber capabilities specializing in cyber warfare units, and they are behind several technology thefts, network disruption, and other cyber attacks against companies and governments. For example, in 2010, Google Inc. released a disturbing news to the world that it had been a target of sophisticated attacks that originated from China with the goal of stealing the company intellectual property. Google was alone, more than 20 other companies in the United States had been a subject of attack spanning across the different sectors that include finance, chemical, and internet industry. The source of the attacks was undoubtedly from China because the country intended to prevent its citizens having access to information from western countries.

At the core of the attacks, Google called the federal government for assistance. The justification is that it is impossible for private organizations to protect themselves alone from cyber-attacks. The government intervention is very critical to combat or prevents cyber warfare. Thus, the government has a big role to play in protecting the country territorial integrity because the United States national security is at stake, and unilateral action cannot solve the problem. Typically, the internet is a global technology, and the U.S. government has a responsibility to protect the U.S. industries preventing the U.S. economy from collapsing. Thus, the government intervention against the cyber warfare is very critical to sustaining national security.

Methods of the Government Intervention

A government intervention is an effective tool for cyber warfare. Apart from investing in cyber security, the U.S. government should develop laws and regulations to protect the country from cyber crimes. In 2012, the Senate proposed the Cyber Security Act with the goal of protecting the private sectors from cyber threats. Moreover, the legislation aimed to create total control over cybercrimes in the United States. Despite the effectiveness of the proposed regulation, the House of Senate failed to pass the bill into a law. Both the business group and some republican's members in the house were against the proposal on the ground that it would put an undue pressure on the business group. Since 2012, the cybercrimes continue to increase with no effective legislations to combat the crime. This paper recommends that the government should reintroduce Cybersecurity Act into the House to protect the private and public sectors from cyber crimes and cyber warfare. The provisions of the law should enhance information sharing among private sectors. The new legislation should also mandate the private sectors to disclose the cyber threat information to assist federal government to collect adequate information to guide against cyber threats in the United States. Moreover, the law should mandate a disclosure of threat when committed or when about to be committed. Using this strategy, the government will be equipped with necessary information to guide against cyber threats in the United States.

In 2002, the U.S. government passed the ISM (Information Security Management) Act into law, which recognizes a significant information security with reference to national and economic security. The ISM mandates the government agencies to develop guidelines and carry out a risk assessment on continuity plan, disaster recovery as well as implementing security policies. The paper suggests that the government should include cyber security in the ISM protocols. For example, the ISM is to develop a guideline for the implementation of public key encryption, cryptography, and wireless security for protection of the private and public sectors critical infrastructures.

While intervention of laws and regulations are very critical in guiding against the cyber-crimes in the United States, nevertheless, many government agencies still lack the technical knowledge to implement the law. Stalling, (2011) points out that law enforcement agency in the United States lack the essential technical knowledge to enforce the law since the application of the laws requires a sophisticated grasp of technical knowledge. While some larger agencies are catching up, lack of personnel with required technical skills is handicapping the application of cyber-crime laws in the United States. Thus, the U.S. government needs to implement a comprehensive training for law enforcement agencies to enhance the application of the law.

Thus, government intervention is very critical to bring satiny into the U.S. economy. The intrusion of T. J. Maxx is one of the examples of cyber threats that is rampant across the United States. The T. J. Maxx is a chain superstore with more than 900 stores in the United States and outside the United States with capital base worth $13 billion. In 2007, the company critical infrastructures were breached and millions of credit and debit cards were stolen. The outcome of the investigation reveals that 40 million Americans had been affected. In a supermarket in Florida alone, the hackers performed transactions that worth $8 million. The hackers were able to gain access to the company network systems because the T.F. Maxx used a weak wireless security system called WEP (Wired Equivalent Privacy) to protect its network system. Moreover, the company used weak encryption techniques using a simple algorithm to design the security system, which allows the hackers to eavesdrop the communication system.

The negative effects of constant cyber threats require a prompt intervention of the federal government and it is crucial to make laws and regulations, which will mandate private organizations to install a minimum sophisticated security system to prevent intrusion of organizational information systems. In the case of the T.J Maxx, the company had not installed firewalls or patches to prevent bug vulnerabilities as directed by Visa and MasterCard. Lack of effective security protocols had exposed the company to various malicious intruders. The security weakness allowed hackers to deploy the Wi-Fi antenna to eavesdrop employee's logging used to penetrate the company's server.

To prevent such occurrence in the future, the federal government should consider cyber security as real public goods where the U.S. government should consider cyber infrastructures as public sectors protection. The government should set up an ISA (The Internet and Security Agency), and Cyber Emergency Shelter staffed with a large group of IT security experts equipped with sophisticated security systems capable of preventing, and warding off DoS (Denial of Service), attacks and use firewall block unauthorized network system at no cost.

2. Impacts of Government Regulation on National Security

Coyne, (2012) investigates the costs-benefit analysis of the intervention of government legislation to protect the critical infrastructures. The author argues that the benefits be derived from the government intervention outweigh the costs. When considering potential benefits of a project, economists evaluate the costs versus benefits especially the marginal costs unit and benefits of a project. If a net gain is recorded, it is revealed that the marginal benefits outweigh the marginal costs, thus, the project should be undertaken. From the economic perspectives, the damage done to organizations and the entire country refers to the costs of not undertaking an effective cyber security. (Coyne, 2012). If the damage is done before an application of an effective cyber security, the whole country will suffer from sluggish economic growth. From experience, the costs of preventing the cyber breach are insignificant compared to the damage that will be recorded if the cyber breach is carried out. For example, $1 million cyber security investment can prevent the damage of critical infrastructures that worth of $500 million. Thus, application of laws and regulations that mandate a minimum cyber security in the United States among private organizations will bring sanity into the U.S. information technology environment. For example, an effective cyber security will enhance protection of service industries such as banking, public transport system, public health unit, hospitals, shipping and shipping services. The production industries that compose of the chemical industries, food production industries, defense industrial bases and energy sector will also be protected. Another important sector that requires a high-level cyber protection is government databases, emergency response systems, intelligence units and a communication unit. If all these sectors are shut down one-by-one due to cyber intrusion, the consequence to the entire economy will be very great. For example, an intrusion in the transport information systems that control train can lead to catastrophic events if the systems are shut down. A similar case may occur if malicious elements intrude the food production industries, gas distribution systems, and water treatment plants. Intrusion in the computer security system of these sectors will expose the nation to a great risk.

Thus, the damage of cyber threats to the economy is far too great to leave the issue unresolved. The most pressing threats are from the state-sponsored elements from FIS (foreign intelligence services) that possess the high capability to access U.S. networks and companies' sensitive IP (intellectual property) that can have a long implication to U.S. national security. The imminent cyber threats within and outside the United States reveal that the current technologies are inadequate. While they can deter amateur hackers, however, they are incapable of providing defenses against state-sponsored espionage and attacks. Typically, installation of a firewall, intrusion detection system, anti-virus and encryption technologies can deter individual or professional hackers; however, these protective devices can do a little to prevent state-sponsored cyber crimes.

Failure to comply with Related Cyber Regulations

A major factor that makes the United States subject to increase cyber-attacks is that the significant number of business community refuse to install necessary cyber defenses to deter cyber threats. Essentially, the government is required to make laws mandating all business organizations to install minimal cyber defenses. Failure to comply with the regulations may make the business community to face incessant cyber risks that can make them lose a significant part of their revenue in that fiscal year. Thus, the government needs to mandate business organizations to conform to regulations and any business organization that fails to comply with the rules should be asked to pay the fines. Moreover, an organization that fails to install minimum cyber defenses and has been subject to cyber-attacks should be held responsible for the attack. While the government is responsible for defending the country's cyber critical infrastructures, however, each organization should install a minimum cyber defense to protect their systems. Failure to comply with the regulations can make the business community to face business risks. Typically, the United States relies heavily on the business community to enhance national security. While the private sectors have their responsibilities to secure their infrastructures, however, the obligation of the government is to protect the national assets from foreign-sponsored cyber marauders. (Liu, Stevens, Ruane, et al. 2013).