US Cyber Security Policy


Published on

Published in: Technology, Business
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

US Cyber Security Policy

  1. 1. By Jenna Barbee Dr. Gurpreet Dhillon Info 644
  2. 2. Power in Information Systems Security  What is Cyber Security? It is “the security of a nation‟s computer and telecommunications infrastructure” (Dhillon, 2013)  Very little research exists regarding power in Information Systems (IS) security. However, with new policies promulgated over the past 12 years, resistance is bound to occur, which makes a fantastic breeding ground for research on how effective the IS policy can be.
  3. 3. Clegg‟s Circuits of Power  This theory “explains power relationships independent of the particular circumstances of organizations or their structure… [that] leads to a complete political appraisal of the organization” (Dhillon, 2013)  3 different „circuits‟ exist:  Episodic – describes day-to-day interaction, work, and outcomes  Social Integration – views how social structures affect power relationships and focuses on memberships and relationships – has 2 subunits: membership and shared norms  System Integration – looks at the technological means of control of an organization over the social and physical environment – has 2 sub elements: production and discipline
  4. 4. Episodic Circuit of Power  The creation of the Department of Homeland Security (DHS) has recently become greatly affected by cyber security policy  Between 2001 and 2007, very little occurred within policy dealing with cyber security  In late 2007 – early 2008, several security breeches hit the Defense, State, Homeland Security, and Commerce Departments, NASA, Veterans Affairs, & the National Defense University  These breeches led to HSPD 23 and NSPD 54 which in turn created a Comprehensive National Cyber security Initiative (CNCI) ○ The CNCI was designed to combine the different federal agencies who dealt with cyber security by developing a National Cyber Security Center (NCSC) ○ Instead, this created power struggles and many complaints of secrecy and too much classified data, and lacked any clear leadership roles
  5. 5. Episodic Circuit of Power  The end of 2008 saw cyber security being jointly handled by both the DHS‟s NCSC and the National Security Agency (NSA)  In early 2009, it was determined that the NSA would be in charge of cyber security  The expanding role of the military in cyber security added an extra dimension of struggle for power
  6. 6. Social Integration Circuit of Power  The DHS was originally introduced to legislation prior to 9/11, and it was called the National Homeland Security Agency; the bill was dropped due to disinterest  It was passed through after 9/11 and renamed DHS, effectively sheltering the FEMA, the Customs Service, Border Patrol, the Coast Guard, and other departments under its umbrella  It was brought to life under the Homeland Security Act (HSA) in November 2002  DHS was put into existence within 60 days of passing, in January 2003  Despite its creation, there still was not much emphasis on the idea of cyber security
  7. 7. Social Integration Circuit of Power  A cultural phenomenon began to emerge within both politics and the general public: a desire to appear „patriotic‟ by supporting everything the federal government did without question  Democrats began losing seats in Congress due to having made reproachful remarks against provisions in the HSA  This phenomenon went hand-in-hand with criticizing Bush or his administration because no one wanted to portray the administration as failing and no one wanted to end up becoming vilified or defamed
  8. 8. System Integration Circuit of Power  The Cyber Security Enhancement Act (CSEA) of 2002 produced the ability for companies to be able to give their customers‟ electronic information (such as personal email, chat conversations, phone records, and online purchases) to any government employee without any necessary legal documents or court warrants  If a company felt that the information held any “immediate threat to national security interest” (Dhillon, 2013), they were required to make a good faith effort to turn it over – this did not have to happen only when requests were made by the federal government
  9. 9. System Integration Circuit of Power  The CSEA received resistance when it was criticized for overriding personal liberty of privacy protections of citizens based upon a very subjective idea of what posed an „immediate threat‟ to national security, without even a provision for judicial review  Even the controversial US Patriot Act requires that the courts must be notified if a federal official looks into a US citizen‟s personal emails, but the CSEA overrode even this protection
  10. 10. System Integration Circuit of Power  Several other notable instances have occurred in which cyber security legislation has incited retaliation  The Stop Online Piracy Act (SOPA) of 2012 garnered much attention and displeasure form both individuals and large corporations (many companies threatened to „black out‟ in protest)  In 2013, Edward Snowden released classified information in regards to a clandestine surveillance program called PRISM led by the NSA in which privately owned companies like Verizon Wireless were required to release customer information without customer knowledge
  11. 11. Conclusion: Efficacy of US Cyber Security Policy  Power relationships played a very important role in shaping consistent cyber security policy through territory wars, Executive Orders, legislative processes, patriotic culture, public criticism, and major federal government shifts in power  This struggle has ultimately weakened our position as a cyber security power in a time of constant cyber attacks from within our nation as well as from outside  President Obama‟s 2013 Executive Order put into law a cyber security policy in order to set up a framework between the federal government and private sector companies to allow the private sector companies to better protect themselves and their customers from government purview
  12. 12. Reference  Dhillon, G. (2013). Enterprise Cyber Security: Principles and practice. Washington, D.C.: Paradigm Books.
  13. 13. Question Why has it taken the US over 12 years to realize the significance that cyber security plays in the overall purpose of Homeland Security?