Published on

Cyber Security Policy

Published in: Technology, Business
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide


  1. 1. Elizabeth Stevens Dr. Gurpreet Dhillon INFO – 644, CT3
  2. 2. • Subramanian (2010) defines cyber security as: • “The security of a nation’s computer and telecommunications infrastructure as well as the data stored within the computers from outside attack” (Dhillon, 2013, p. 188). • Cyber security includes protection of: • Hardware • Software • Information in both public and private sectors • Military • Communications networks • Electrical grids • Power plants
  3. 3. • The history of U.S. cyber security policy is examined through Clegg’s theory of circuits of power. • Circuits of power “explains power relationships independent of the particular circumstances of organizations or their structure. The application of the theory leads to a complete political appraisal of the organization” (Dhillon, 2013, p. 190). • Power circulates in three different circuits: • Episodic circuit • Social integration circuit • System integration circuit
  4. 4. • Episodic power – describes the day-to-day interaction, work, and outcomes (p. 190); can be recognized by outcomes and actions. • The attacks of 9/11 led to the creation of the Department of Homeland Security (DHS); 22 separate departments merged into one agency. • The new position of Secretary of DHS would come with great political power: • Appointing responsibilities • Directing funds and resources • Implementing personnel policy • Oversight
  5. 5. • Creation of DHS led to issues within Congress and other parts of the federal government: • Committee Chairs did not want to give up their powers. • If one committee exercised power, it was resisted by other ones. • Funds were misappropriated across different agencies nationwide. • Richard Clarke, author of “National Plan to Secure Cyberspace” was forced to resign. • Between 2003-2005, there was no real cyber security strategy; lack of leadership and “turf wars” kept cyber security czars from developing cyber security strategies. • Major cyber security breaches in 2007 and 2008 affected State Dept., DoD, DHS, NASA and the VA.
  6. 6. • These breaches prompted directives HSPD 23 and NSPD 54 that led to Comprehensive National CyberSecurity Inititative (CNCI) and the National Cyber Security Center (NCSC). • The NSA wanted to be in charge of cyber security. • In 2009, Obama promised to develop a national cyber security policy and appoint a federal cyber security coordinator. • This position would be above NSA and DHS and depends on the collaboration between different organizations. • According to Dhillon (2013), “episodic power relationships played a crucial part in the first decade of
  7. 7. • A month after 9/11, Senator Lieberman introduced a bill to establish a DHS that had aspects of cyber security: • Maintaining a hub of cyber security experts • Sharing of information concerning cyber security in the U.S. • Establishing cyber security standards with the FCC • Certifying national preparedness for cyber attacks • After DHS was created, cyber security matters took a low priority • DHS officials and loyalists to Bush, did not criticize its lacking cyber security initiatives as most of the country supported the government’s national security endeavors unquestionably.
  8. 8. • System integration has two subcomponents: • Production • Discipline • The Cyber Security Enhancement Act (CSEA) of 2002 grants companies permission to release customers’ electronic info to government employees without warrants or legal documents. • Reports were exempt from Freedom of Information Act requests • Companies providing info were free from being sued by customers • Customers did not have to be notified that their info was released • Stop Online Piracy Act (SOPA) of 2012 was met with a huge public backlash; major internet companies opposed SOPA.
  9. 9. • Cyber security policy was drastically affected by: • Turf wars • Executive orders • Legislative procedures • Patriotic culture • Public backlash • Major shifts in power within the federal government • Obama’s 2013 executive order to put cyber security policy into law will design a framework for the government and the private sector to “allow intelligence to be gathered on cyber threats to privately owned critical infrastructure…so they can better protect themselves” (Dhillon, 2013, p. 202).