Essay Sample on Cybersecurity Strategy, Law, and Policy Group Assignment

Introduction

The cybersecurity Act started being enforced in December 2015 after the then President of the USA signed it into law. The Act's main objective is to protect companies against liability when they share defensive measures freely with other federal agencies or private entities [8] Sharing these indicators of cyber threats has advantages and disadvantages. As shown by Kshetri [5], there can be huge penalties incurred if the company gets sued for violating privacy issues. A revision is scheduled to be undertaken in the next decade. Despite the fact it is operational at the moment, the DHS and the lawyer general has to discharge the rules that have been composed within 90 days. The DHS continues reinforcing openness and trust by establishing straightforwardness, association, and common freedom, and security insurances.

Is your time best spent reading someone else’s essay? Get a 100% original essay FROM A CERTIFIED WRITER!

Save 25%

What the DHS NCCIC Should Share With the Private Sector

The NCCIC provides data to the private sector and general population to ensure a notable understanding of cybersecurity [8]. Also, it interchanges the familiarity of circumstances with relief, occurrences, interruptions, vulnerabilities, familiarity, and recuperation activities. According to White and Harrison [7], the NCCIC tries to reduce hazards within and outside basic divisions of the foundation through cooperation between the insight network and organizations tasked with implementation. They also plan undertakings between sellers, administrators; owners of control frameworks and the neighborhood, state, elected, and previous governments.

Cybersecurity specialists for ICS-CERT help the administrators and owners of basic frameworks through their reaction to happenings and reestablishment of administrations as well as examining more extensive physical or digital effects. Additionally, the ICS-CERT cooperates with CERTs in sharing control frameworks relating to alleviation measures and security occurrences as illustrated by Tropina [4].

The kind of threat information that private organizations need for security of their networks.

The types of network threats include internal threats, structured threats, external threats, and unstructured threats [8]. Hacking is an example of a structured threat [8]. Such a threat is driven by malicious intent rather. Considering the huge amount of information that an individual may possess in the course of their work at an organization, the information becomes easily susceptible to manipulation. Unstructured threats, on the other hand, may include worms and viruses among others and are driven by ethical misconduct rather than malicious intent.

External threats originate from individuals outside the organization. The data is accessible through the internet or dial-up access as stated by White and Harrison [7]. To have a thorough understanding of potential threats, the security personnel is tasked with understanding the organization's network infrastructure and decide on the most suitable means of protecting information from attack. The company is obliged to include Purpose-Built Unconventional Malware Guard in the organization's system [6]. This will help to constantly locate advanced threats, reveal the motion of organized assaults, and disrupt attacks on information.

What Private Entities Should Share With the NCCIC

For the security structure to remain mutually beneficial, both ends need to communicate with each other. There are many details that the private sectors can provide to the NCCIC for security purposes [2].

Any action aimed at denying access, corrupting access, or decimating a private entity's systems.

Any risk to the accessibility, classification, or trustworthiness of a private utility's system or any data traveling on, prepared on, put away on the system.

Actions that intensify unapproved access to a system of a private utility, for instance, increasing unapproved access to exhilarating data in the system or framework [2]

Any vulnerability in a private utility's system or framework.

It is voluntary for private entities to share information. Would it be better if it was compulsory?

There is a notion that the threats to one organization cannot affect others within the industry. This is not true. The same measures used to attack one entity can be used against another. Therefore, it should be an obligation for the individual entities to share information with the NCCIC. This can help to prevent the attacks on private entities through cooperation [1].

Possible Effects on Customers’ Data

The statute makes it clear that any reports of threat should leave out personal data. The DHS has put measures to ensure that information provided to the NCCIC does not reveal personal data. The implication of revealing personal data in any of the reports is that the company is exposed to the risk of getting sued for violation of privacy rights [1].

The government has no permission to collect information on any citizen. What updates should be made on the Act to make it more valuable to the public-private partnership relating to cybersecurity?

Since the government cannot be treated as an individual, the law needs to clarify that crimes have to be handled with a higher magnitude hence there should be more stringent punishments. Consequently, there should be integrity concerning service to subjects. Hence the federal agencies tasked with running security data must be denied permission to collect personal information from citizens [3]. Putting in place a mandatory rule for public and private entities to share information will make the Act better, and the citizens will see a massive decline in threats and cybercrimes.

References

L. A. Gordon, M. P. Loeb, W. Lucyshyn, and L. Zhou, "The impact of information sharing on cybersecurity underinvestment: A real options perspective," Journal of Accounting and Public Policy, vol. 34, no. 5, pp. 509-519, 2015.

L. Tabansky and I. B. Israel, "Towards Comprehensive National Cybersecurity," Cybersecurity in Israel SpringerBriefs in Cybersecurity, pp. 55-61, 2015.

A. Mermoud, M. Keupp, K. Huguenin, M. Palmie, and D. P. David, "Incentives for Human Agents to Share Security Information: a Model and an Empirical Test," Journal of Tourism Research & Hospitality, 25-May-2018. [Online]. Available: https://hal.archives-ouvertes.fr/hal-01753984. [Accessed: 11-Dec-2018].

T. Tropina, "Public-Private Collaboration: Cybercrime, Cybersecurity and National Security," SpringerBriefs in Cybersecurity Self- and Co-regulation in Cybercrime, Cybersecurity and National Security, pp. 1-41, 2015

N. Kshetri, "Recent US Cybersecurity Policy Initiatives: Challenges and Implications," Computer, vol. 48, no. 7, pp. 64-69, 2015. [6]S. E. Donaldson, S. G. Siegel, C. K. Williams, and A. Aslam, "Implementing Enterprise Cybersecurity," Enterprise Cybersecurity, pp. 71-86, 2015.

G. White and K. Harrison, "State and Community Information Sharing and Analysis Organizations," Proceedings of the 50th Hawaii International Conference on System Sciences (2017), 2017.

Cybersecurity Information Sharing Act of 2015, Senate Rpt. 114-32, April 15, 2015, 114-1. 2015.