1 / 35

The New Problem of Cybersecurity Policy

The New Problem of Cybersecurity Policy. Presentation Outline. General Principles & Definitions Unique Factors Affecting Cybersecurity Policy Brief Assessment of Bush vs. Obama Cybersecurity Policy The Way Forward. I. General Principles and Definitions. Public Policy.

hertz
Download Presentation

The New Problem of Cybersecurity Policy

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. The New Problem of Cybersecurity Policy

  2. Presentation Outline General Principles & Definitions Unique Factors Affecting Cybersecurity Policy Brief Assessment of Bush vs. Obama Cybersecurity Policy The Way Forward

  3. I.General Principles and Definitions

  4. Public Policy Definition: Public Policy is a collection of unofficial norms, written laws, and administrative regulations that guide and constrain the behavior of actors within a policy arena.

  5. Policy Arena: Definition A functional field of action within which disparate actors are guided and obligated to abide by a common policy.

  6. Policy Arena: Typical Actors & Elements Traditional Political Institutions (Congress/Presidency/Courts) National Administrative Agency State Administrative Agencies Interest Groups (Private/Public Norms Individuals and Organizations Subject to Norms of Policy Arena

  7. Creating and Growing a Policy Arena in a Federal System is Very Difficult

  8. General Rules for Creating & Growing a Federal Policy Arena Maximize Support Constituents: Those who be benefit disproportionately Clients: Those who mildly benefit Minimize Barriers Victims: Those who suffer from or significantly coerced by the Policy

  9. Federal Policy Arena Growth Must Be in Two Directions

  10. Vertical Barriers The U.S. Constitution 10th Amendment Diversity of State Cultures Diversity of Local Culture Private Property Rights Federal Resources

  11. Vertical Construction:Intergovernmental Command and Control Hierarchies Generating Support Sense of Vulnerability Desire to be Regulated $$$$ The Golden Rule Intergovernmental Monetary Transfers (NIMS)

  12. Horizontal Growth: Construction of Policy Networks Barriers Mistrust Indifference or Unawareness of the Problem Lack of threat or other incentives to collaborate (Ohio Dept Agriculture) Support Strong State/Local/Regional Government Support Strong Private Sector Support Sense that a Regional Problem Exists that Federal Government Policy does not address (International Symposium on Agroterrorism)

  13. The End Result: US Federal Policy Arenas Enviromment Education Labor Federal Nuclear Cyber Security State Local

  14. II.Unique Factors Affecting the Creation & Growth of a Cybersecurity Policy Arena

  15. Comparing Policy Arenas Nuclear Policy: History (65 Years) 1946: AEC 1947: NSA 1950: CDA 1974: NRC Present: 2011 Cybersecurity Policy: History (8 Years) 2009: CPR—Obama Cyber-Czar 2003: NSSC--Bush 2011: DSOC (July) Present: 2011

  16. Nuclear vs Cyber Technology Nuclear Technology Cyber Technology Non Lethal Origins: Peacetime Fulcrum of Domestic Economy Regulation Decentralized Unregulated Citizen Use (no license or supervision or training required) • Lethal • Origins: World War II • Established Opposition Groups that oppose • Regulation • Centralized • Highly Restricted Use (expensive licenses, strict supervision, extensive training

  17. The Tribble Problem

  18. 3 Essential Components of aCybersecurity Policy Arena 1. Intergovernmental Authority Hierarchy 2. Voluntary Public/Private Networks 3. Citizen Acceptance & Support of Cybersecurity Policy Norms The Cybersecurity Triad. Journal of Homeland Security & Emergency Management, 2009, Vol 6, Issue 1, Article 79

  19. 1: The Intergovernmental Cybersecurity Hierarchy Cons t ruction Top Down Federal Political Institutions & Administrative Agencies Vertical State Political Institutions & Administrative Agencies Bottom Up Local Political Institutions & Administrative Agencies

  20. 2: The Horizontal Network Horizontal Construction: Policy Networks Public Agencies Private Corporations No Hierarchy: Voluntary Coordination Example: Infragard

  21. 3: Citizen Acceptance of Policy Arena Norms Essential for Survival of Policy Arena Facilitated by Educational Campaigns Crisis that Shapes public opinion Citizen Awareness of Threat/Danger

  22. The Components of aCybersecurity Policy Arena

  23. III.A Brief Assessment of the Differing Bush and Obama Approaches to Cybersecurity Policy

  24. Bush Era Cybersecurity Initiatives National Strategy to Secure Cyberspace (2003) National Infrastructure Protection Plan NIPP 2006 NIPP IT Sector Specific Plan 2007 NIPP 2009 Comprehensive National Cybersecurity Initiative 2008

  25. The Bush Soft Management Cyber Approach Managing and Coordinating Sector Responsibilities: As described in HSPD-7, the DHS is responsible for managing and coordinating IT Sector CI/KR protection activities, including leading the development of an SSP for the IT Sector. Within the department, this responsibility has been delegated to NCSD. Sector responsibilities include maintenance and update of the SSP, annual reporting, resources and budgets, and training and education. Public and private sector security partners have common and unique roles and responsibilities NIPP Information Technology Sector Specific Plan, 2007, p 4

  26. The Bush Era Approach

  27. The Obama Era Approach

  28. Obama Era Cybersecurity Initiatives Appointment of Cyber Coordinator, January 2009 Cyberspace Policy Review, March 2009 Legislative Initiative, May, 2011 (déjà vu) Reinsertion of DHS into Cybersecurity Loop Emphasis of Public/Private Networks

  29. The Obama Top Down Approach I. Leading from the Top Ensuring that cyberspace is sufficiently resilient and trustworthy to support U.S. goals of economic growth, civil liberties and privacy protections, national security, and the continued advancement of democratic institutions requires making cybersecurity a national priority. Accomplishing this critical and complex task will only be possible with leadership at the highest levels of government. Cyberspace Policy Review, March 2009

  30. Finding aWhite House Cybersecurity Coordinator Melissa Hathaway Howard A. Schmidt February to April 2009 Produced Cyberspace Policy Review, March, 2009 The Nation’s First Cyber-Czar December 22, 2009

  31. The GAO Assessment of CNCI: December 2008 Through March 2010 Agency Roles not Defined No Effectiveness Measures Little Leadership/Transparency Little Progress in Public Education GAO-10-338

  32. IV.The Way Forward

  33. Combine Incrementalism & Strategic Vision

  34. Incrementalism • Accept Limitations • Lack of Resources • Public Lacks Appreciation for Cyber Threat • The Outline of the Intergovernmental Hierarchy is barely recognizeable

  35. Strategy • Build the Cybersecurity Triad • Intergovernmental hierarchy • Public/Private network • Citizen Awareness

More Related