ï»¿Exploration of Cyber Security as a Public Good
1) How can government justify telling private industry how to set up or improve their cyber security?
â€œPresident Obama has identified cybersecurity as one of the most serious economic and national security challenges we face as a nation, but one that we as a government or as a country are not adequately prepared to counterâ€ (U.S. White House Office, 2010). Today, more than ever, society is dependent on cyberspace to accomplish many aspects of our daily lives. We utilize computer networks to ensure Americaâ€™s economic competitiveness through e-commerce, the stock exchange and numerous other methods. Along with using the network for ...view middle of the document...
According to the National Strategy To Secure Cyberspace, â€œ Federal actions to secure cyberspace are warranted for purposes including: forensics and attack attribution, protection of network and systems critical to national security, indications and warnings, and protection against organized attacks capable of inflicting debilitating damage to the economy.â€ (U.S. White House Office, 2003) In these cases the federal government can directly intervene and dictate specific security requirements.
The government indirectly dictates cyber security by instituting certain laws, regulations and standards. Through these, private industry is required to be compliant with the regulations or conform to the set forth standards. The Financial Services Modernization Act of 1999, better known as Gramm-Leach-Bliley (GLB), does no directly dictate how institutions secure the network. However, GLB does focus on the privacy of certain personal information but also specifically address the security of the data. Through the use of GLB the federal government regulates the handling of nonpublic personal information. GLB also lays out several security obligations that organization must provide in order to safeguard data. GLB does not spell out how to secure the data, but obligates agencies to create standards that cover administrative, technical, and physical safeguards. (Bidgoli, 2011). Specifically, GLB requires organizations; â€œensure the security and confidentiality of customer records and information. It requires that the protect against any anticipated threats or hazards to the security or integrity of such records; and to protect against unauthorized access to or use of such records or information which could result in substantial harm or inconvenience to any customerâ€ (Bidgoli, 2011). In requiring a certain level of protection of data, the government is justified in indirectly telling private industry how to improve their cyber security.
Another similar situation in which the government indirectly instructs private industry on security is the Electronic Communications Privacy Act (ECPA, 1986). Although an older piece of legislation, it still remains relevant today. â€œECPA prohibits anyone from intentionally accessing, using, or disclosing stored communications, such as email or stored voice messages, without authorization.â€ (Bidgoli, 2011, p50) â€œThe ECPA also expressly prohibits providers of â€œelectronic communicationsâ€ or â€œremote computing servicesâ€ from knowingly divulging the content of a communication in electronic storage, except under certain enumerate circumstances (18 U.S.C. 2707c)â€(Bidgoli, 2011, p50) The ECPA does not directly focus on the data security. However, organizations must be aware that in order to prevent the compromise or release of this data the security of their network and data must be thorough. Therefore, the government has justified improving private industry security through another regulation.