ECON 202 Written AssignmentDue April 28th Submitted through Blac

ECON 202 Written Assignment
Due April 28th Submitted through Blackboard
Topic: You can choose a business or industry that has been
impacted by COVID 19. I want you to write a 2 page paper on
how you think the pandemic has effected the business and the
impact on society. I want you to relate the topic to the economic
effects on the society. This will require you to use the terms we
have learned and relate the economic principles we have studied
in class.
When I say 2 pages I MEAN content of 2 pages. Do not put
your name, class section, or any other info at the top or bottom
of the page. I will know who it is when you submit it in
blackboard, but, if you want to put that information on your
paper, Do A Title Page! Use double spacing and a font of 14
for your paper.
The rubric is:
Economic termsuse a minimum of 15 @ 2points each 30
points
Length of paper minimum of 2 pages, 5 paragraphs
10 points
Content of paper is your paper logical, did you present an
Economic position, is it relevant to society?
10 points
Reproduced with permission of the copyright owner. Further
reproduction prohibited without permission.
The Cyber Domain
Metcalf, Andy, USMC;Scott, Dan
Marine Corps Gazette; Aug 2015; 99, 8; ProQuest

pg. 57
Cyber Espionage: The Silent Crime of Cyberspace
Virginia Greiman
Boston University, Boston, USA
[email protected]
Abstract: In recent years, the disclosure of secrets through
cyber infiltration of America’s largest intelligence organization,
the National Security Agency (NSA), has raised the fears of
veteran intelligence officials and close allies around the globe
that
no institution or government is secure from those who roam the
discrete halls of cyberspace. Although espionage has existed
since before the days of the Greek mythological Trojan horse,
no one could have envisioned the sophisticated use of
espionage in today’s networked world. Espionage has been used
for political and military intelligence and economic and
industrial pursuits with a lack of understanding of all of the
impacts on our daily lives. In the context of foreign or
international
law, espionage is sometimes characterized as lawless, without

controls or regulation, and it rarely distinguishes between
economic and security based cyber espionage. Through
empirical analysis this paper explores the treatment of
espionage
under various legal systems including those countries and
regions considered the most advanced at cyber espionage, the
United States, the United Kingdom, Russia and China. To
provide greater insight into the different perspectives of cyber
espionage from a legal standpoint, this paper distinguishes the
law of national intelligence collection from the criminal laws
of economic/industrial espionage on the domestic front. The
purpose of this research is to analyze the development of cyber
espionage as a preferred means of contemporary warfare, as
well as a tool for economic and political intelligence. The paper
concludes by responding to the challenges faced by nation-
states in the development of an effective legal system governing
espionage at the domestic and international level.
Keywords: cyber espionage, cybercrime, foreign surveillance,
national intelligence, economic espionage, cyber warfare
1. Introduction
Although many countries all over the world are committing
cyber espionage, the United States, Russia, and China
represent the most sophisticated cyber spying capabilities
(Senate, 2014). A 2011 Report by the Office of the
National Counterintelligence Executive (ONCIX) suggested that
the rise of cyberspace as a platform for
innovation and storage of trade secrets was greatly enhancing
the risks faced by American firms. The report also
found that the United States remains the prime target for foreign
economic collection and industrial espionage
by virtue of its global technological leadership and innovation
(ONCIX, 2011).
Cyber espionage has also become an accepted and even

preferred means of warfare. That is not to say that
cyber espionage will replace traditional means of warfare, but it
is already affecting the nature of nation-state
conflict. Dunn Cavelty (2012) suggests that this shift began
with the Cold War, when the United States and Russia
focused their efforts on covert information gathering over
outright warfare. Because all-out war between major
world powers has become less acceptable in the modern world,
more cautious strategies have continued into
the 21st century. In the last few decades especially, as
technology has become more advanced, cyber espionage
tools have become indispensable to modern military operations
(DoD, 2015). The Defense Department
continues to support the Justice Department and other agencies
in exploring new tools and capabilities to help
deter such activity in cyberspace (DoD, 2015, p. 12). For
example, the United States used verifiable and
attributable data to engage China about the risks posed by its
economic espionage. The attribution of this data
allowed the United States to express concerns regarding the
impact of Chinese intellectual property theft on
U.S. economic competitiveness, and the potential risks posed to
strategic stability by Chinese activity. To deter
China from conducting future cyber espionage, the Justice
Department indicted five members of the People’s
Liberation Army for stealing U.S. intellectual property to
directly benefit Chinese companies. The Chinese
hackers were indicted on 31 counts, 23 of which were under the
Computer Fraud and Abuse Act. While Justice
Officials say the indictment was a breakthrough, others
characterize the punishment as only symbolic as the
likelihood of prosecution is slim (DOJ, 2014).
The 2014 Office of Personnel Management (“OPM”) data
breach has been described as the greatest theft of
sensitive personnel data in history. However, neither the scope

nor scale of the breach, nor its significance, has
been fully investigated and shared with victims and the public.
The 22 million victims—and their families—of
this espionage attack share concerns with the deficiency of this
counterintelligence campaign that have not been
answered or addressed (Nakashima, 2015).
245
Virginia Greiman
Based on empirical research this paper explores the unique
characteristics of cyber espionage under the laws of
four major powers and the existing legal concepts and doctrines
for national intelligence and cybersecurity and
organizes a conceptual legal structure that frames the
convergence and divergence in espionage laws and legal
practice, and the areas for harmonization and agreement among
nations.
2. Espionage under international law
Espionage, commonly known as spying, is the practice of
secretly gathering information about a foreign
government or a competing industry, with the purpose of
placing one's own government or corporation at some
strategic or financial advantage. In the United States, federal
law prohibits espionage when it jeopardizes the
national defense or benefits a foreign nation (18 U.S.C.A. §
793). Criminal espionage involves betraying U.S.
government secrets to other nations. Importantly, espionage
does not reach the level of use of force under the
U.N. Charter. According to the International Group of Experts

that authored the Tallinn Manual 2.0 on the
international law applicable to cyberspace, cyber espionage is
distinct from the underlying acts that enable the
espionage (NATO, 2017).
The definition of a cyber-attack varies widely. For example, the
United States definition of a cyber-attack does
not include espionage as the U.S. has a separate Espionage Act
(Espionage Act of 1917), while Germany makes
no distinction between cyber-attack and probe or espionage
(Germany CSS, 2011, pp. 14-15). However,
espionage’s permissibility under international law remains
largely unsettled; no global regulation exists for this
important state activity (Pun, 2017). The contradiction of
espionage is evident as states deem their own
espionage activities legitimate and essential for national
security, while aggressively pursuing criminal actions
against foreign espionage activity. "The law of espionage is,
therefore, unique in that it consists of a norm
(territorial integrity), the violation of which may be punished by
offended states, however, states have
persistently violated the norm” … (Scott, 1999).
Although it is unclear under international law whether states in
general have a lawful right to spy on other states,
the disallowance of certain activities within espionage is clearer
(Pun, 2017). The treatment of those involved in
spying activities as well as the use of torture to extract
information has been held unlawful by Courts in many
nations (Forcese, 2011). In 2013, fifteen countries, including
the United States and China, agreed that
international law, in particular, the United Nations Charter
applies in cyberspace and explicitly highlighted the
need to elaborate confidence-building measures and norms,
rules, or principles of responsible behavior of States
(UN Report, 2013).

3. The United States Espionage Act, Foreign Intelligence
Surveillance Act, and Economic
Espionage Act
More than one hundred years ago, President Woodrow Wilson
signed the Espionage Act. Enacted soon after the
United States entered World War I in 1917, the Espionage Act
prohibited individuals from expressing or
publishing opinions that would interfere with the U.S. military’s
efforts to defeat Germany and its allies.
Specifically, the Espionage Act made it a crime willfully to
interfere with U.S. war efforts by conveying false
information about the war, obstructing U.S. recruitment or
enlistment efforts, or inciting insubordination,
disloyalty, or mutiny. Ironically, this tension between national
security and free speech rights still exists today.
To be convicted under the 1917 Act, the law requires proof of
intent for the information to be used to injure the
United States or to advantage any foreign nation or reason to
believe that the information will be used for either
of these purposes. Section 794(b) applies “in time of war” and
prohibits the communication of this information
to the enemy or attempts to elicit any information relating to the
public defense. The offenses contained in
sections 794(a) and (b) are punishable by death or imprisonment
for any term of years or for life. Courts have
held that the statute requires the government to prove four
elements under §793 : (1) the defendant lawfully
or unlawfully had possession of, access to, or control over, or
was entrusted with (2) information relating to the
national defense that (3) the defendant reasonably believed
could be used to the injury of the United States or
the advantage of a foreign nation and (4) that the defendant
willfully communicated, delivered, or transmitted

such information to a person not entitled to receive it ( §793).
The U.S. Department of Defense tracks the 1917
Espionage Act and defines "espionage" in its Joint Publication
2-01.2 as "[t]he act of obtaining, delivering,
transmitting, communicating, or receiving information about the
national defense with an intent, or reason to
believe that the information may be used to the injury of the
United States or to the advantage of any foreign
246
Virginia Greiman
nation (JP 2-01.2). Espionage is a violation of 18 United States
Code 792-798 and Article 106, Uniform Code of
Military Justice.
The Espionage Act is far from a paradigm of clarity. Scholars
have described it as “incomprehensible if read
according to the conventions of legal textualism, while paying
fair attention to legislative history” (Edgar and
Schmidt, 1986). A major problem that arises from the lack of
clarity is to whom exactly the Espionage Act applies.
The plain meaning of the Espionage Act appears to apply to
everyone including government employees, leakers,
whistleblowers, and members of the press alike. For example,
Section 793(e) prohibits the willful communication
of confidential information by someone who is not authorized to
possess it.
To address with more clarity the role of National Intelligence
and Foreign data collection, the United States

passed the Foreign Intelligence Surveillance Act in 1978 (FISA)
with major Amendments in 2007 and 2008 to
ease restrictions on surveillance of terrorists suspects where one
party (or both parties) to the communication
are located overseas (FISA, 1978). Despite the ample evidence
that FISA has led federal investigators to
significant victories in the apprehension of terrorists and the
conviction of conspirators passing U.S. secrets on
to foreign nations, it has been criticized for not maintaining the
proper balance between national security and
the protection of individual privacy (Breglio, 2003; Correia,
2014).
Following the end of the Cold War, in the West there was a
noticeable shift of concern about espionage from
that which is political and military in nature to economic
espionage, especially when carried out by cyber means
(U.S. Strategy, 2011). In 1996, Congress passed the Economic
Espionage Act (EEA), to help reduce the theft by
foreign entities of proprietary information and trade secrets of
U.S. businesses. Economic espionage occurs
when a foreign government seeks information to advance its
own technological or financial interest against
another government, foreign company or an individual.
The weaknesses of the Economic Espionage Act has been a
subject of scholarly research. With some finding that
the Act has been difficult to prove with minimal sentences
under para. 1831, while others argue that the
government has taken a hands off approach in helping private
industry, and a lack of support from other nations
assisting in international investigations (Reid, 2016). Notably,
since the inception of the EEA in 1996 there have
been fewer than 10 convictions to date under the law. Walter
Liew, was the first person to be convicted of
economic espionage by a U.S. jury in March 2014 and was

sentenced to 15 years in prison.
4. China’s National Intelligence and Trade Secrets Law
China passed its new National Intelligence Law on June 27,
2017 by the 28th meeting of the Standing Committee
of the 20th National People's Congress. Article 1 of the Law
states its broad purpose under the Constitution …
“to strengthen and safeguard national intelligence work and to
preserve state security and interests” (China,
2017b). The Law further specifies its purpose by providing that
"National Intelligence work adheres to the overall
national security perspective, provides intelligence as a
reference in major national decision-making, provides
intelligence support for the prevention and mitigation of threats
endangering national security, and preserves
the national political power, sovereignty, unity, and territorial
integrity, the welfare of the people, sustainable
social and economic development and other major national
interests” (Art. 2). Consistent with China’s
governance of national security, the Law stipulates that "The
Central Military Commission uniformly leads and
organizes military intelligence efforts” (Art. 3). To address
respect for the law and human rights, the Law states
“that the National intelligence efforts shall be conducted in
accordance with law, shall respect and protect
human rights, and shall preserve the lawful rights and interests
of individuals and organizations” (Art. 8).
The United States Intelligence Community in their 2017 Threat
Assessment Report ranked China as the number
one threat against U.S. interests in cyberspace noting that
Beijing will continue actively targeting the US
Government, its allies, and US companies for cyber espionage
(Coates, 2017). As noted in the Report, The
Chinese government continues to conduct pervasive industrial
espionage against U.S. companies, universities,

and the government and direct efforts to circumvent U.S. export
controls to gain access to cutting-edge
technologies and intellectual property in strategic sectors (U.S.-
China, 2017). According to the Intellectual
Property Commission Report by the National Bureau of Asian
Research (NBAR) the scale of international theft
of American intellectual property (IP) is in the hundreds of
billions of dollars per year, on the order of the size of
U.S. Exports to Asia (NBAR, 2013, p. 1).
247
Virginia Greiman
China’s espionage laws like the United States encompass both
trade secret protections and national security.
China first enacted trade secret “protections” in 1993 with the
passage of Article 10 of the Unfair Competition
Law, which prohibits businesses from the following: a)
obtaining the trade secret of the rightful party by theft,
inducement, duress or other illegal means; b) disclosing, using
or allowing others to use the trade secrets of the
rightful party obtained by illegal means; or c) disclosing, using
or allowing others to use trade secrets in breach
of an agreement or the confidentiality requirement imposed by
the rightful party (China, 1993).
5. The United Kingdom’s Espionage and Trade Secrets Law
From the earliest days of the British intelligence community,
which was established in the early twentieth
century, there was a close connection between intelligence-
gathering and empire (Walton, 2013). Intelligence
played an essential role in the administration of the empire,

which by the 1920s had grown to encompass one -
quarter of the world’s territory and population. The formation
of the two services that would later become
known as MI5 and SIS commonly called MI6 represented a
fundamental break with all British intelligence-
gathering efforts up to that point. For the first time, the
government had professional, dedicated peacetime
intelligence services at its disposal (Walton, 2013, p. 5).
Historically, the United Kingdom embraced a stronger culture
of secrecy than the United States (Donahue, 2005).
The Official Secrets Act of 1989 is the key statute that prohibits
the unauthorized disclosure of government
information. The law criminalizes “secondary disclosures,” that
is, the publication by journalists or members of
the public of protected information received from government
employees in contravention of the law (OSA,
1989).
The Official Secrets Act 1889 (52 & 53 Vict. c. 52) was an Act
of the Parliament of the United Kingdom. It created
offences of disclosure of information (section 1) and breach of
official trust (section 2). It was replaced in the UK
by the Official Secrets Act 1911. The Official Secrets Act 1989
(c. 6) replaced section 2 of the Official Secrets Act
1911, thereby removing the public interest defense created by
that section. The Official Secrets Bill was enacted
to give increased powers against offences of disclosing
confidential matters by officials, and to prevent the
disclosure of such documents and information by spies, and/or
to prevent breaches of official trust, in order to
punish such offences of obtaining information and
communicating it, against the interests of the British State.
Unlike the U.S., Russia and China, the United Kingdom (UK),
has not criminalized the misappropriation of trade

secrets, and has limited its remedies to civil actions including
injunctive relief, search and seizure orders and
damages (UK, 2017). Based on an extensive consultation paper
on the protection of official data, the UK Law
Commission recently recommended that the UK criminalize the
theft of trade secrets, however, the
recommendations have not been acted upon (UK, 2017). The UK
also proposed changes to the Serious Crime Bill
in order to deter hackers by increasing the penalty under the
Computer Misuse Act to a life sentence.
6. Russia’s Espionage and Trade Secrets Law
Russia's External Intelligence Service (SVR) is the current
incarnation of one of the world's oldest and most
extensive espionage agencies, known for decades as the KGB
(BBC, 2010). While China uses various methods to
steal foreign trade secrets for both political and economic
interests, Russia has recently focused its efforts on
cyber espionage to promote its national economic interests,
while also employing intelligence officers under
diplomatic cover.
The Criminal Code of the Russian Federation, Law No. FZ-190
as amended in 2012 , sets out what is termed “High
Treason,” which is defined as “espionage, disclosure of state
secrets, or any other assistance rendered to a
foreign State, a foreign organization, or their representatives in
hostile activities to the detriment of the external
security of the Russian Federation committed by a citizen of
Russia (RF, 1996, 2012). Under Article 275, of Law
No. FZ-190 high treason shall be punishable by 12 to 20 years
imprisonment with or without a fine in an amount
of up to 500 thousand roubles or in the amount of the wage or
salary, or other income of the convicted person
for a period of up to three years.

According to the Russian Federal Security Service (FSS), which
proposed the bill, the amendments are aimed at
emphasizing that state treason is a broad concept and that
espionage and disclosure of state secrets are forms
of it (RF, 2012). The FSS also stated, in its explanatory memo
to the amendment law, that previous practice in
enforcing the law in cases related to state treason and espionage
identified the necessity of prosecuting acts of
248
Virginia Greiman
cooperation with representatives of international organizations
engaged in hostile activities as state treason and
of extending the liability of persons to whom state secrets are
entrusted (Russia Code, Art. 51). The new Law
has caused concern among human rights activists, who argue
that its parameters of state treason are too broad
and that there are no firm criteria to define when cooperation
with an international organization assumes a
criminal character, thereby leaving that assessment to the
discretion of investigative and judicial authorities
(Ozerova, 2012).
Trade Secrets in Russia are protected under the Federal Law on
Commercial Secrecy, Law No. 98-FZ effective 29
July, 2004 as amended in 2006 and 2007. Such secrets are
protected from insiders to whom secrets have been
entrusted, outsiders who obtain the secrets by improper means,
and government agencies that might obtain
and release the secrets (U.S. Library of Congress, 2012).

Violating the trade secret law can entail disciplinary,
civil, administrative, or criminal liability as provided by the
legislation.
7. Challenges to harmonization of the international perspectives
on cyber espionage
As shown by each country’s approach to espionage, domestic
laws are not sufficient to negotiate the challenges
arising from trans-border issues such as those relating to
national security and human rights, the public’s right
of access to information, the individual’s right to privacy, the
corporation’s right to remain competitive, the right
to criminal process, and extraterritorial jurisdiction.
International cooperation and international laws are also
needed—both to allocate authority among political entities, and
to define and protect core substantive values
in the physical and virtual worlds (Bederman and Keitner,
2016). Powerful actors such as the United States,
Russia, the United Kingdom and the United States have not
gone far enough in addressing global inequality and
the digital divide. International laws can address these
injustices in ways that domestic laws cannot because of
each nation’s own self-interest in national security and
economic advancement.
The United Nations Charter requires that any use of force, cyber
or otherwise, must meet the requirements of
military necessity, distinction between civilians and military
targets, proportionality, and avoidance of
unnecessary suffering (UN Charter, 1945). To the extent that
cyber espionage amounts to an act of war, the
international community must recognize and monitor these
behaviors to maintain a peaceful existence.
Scholars contend that a treaty which bans the use of cyber-
attacks or limits their use is not realistic because

there is currently no way to ensure compliance. More effective
may be the establishment of norms as proposed
by NATO, the OECD and other transnational organizations to
prevent the possibility of a cyber war conducted
through the use of cyber espionage. Developing state practice
and norms relates to current international law,
and rather than prohibiting espionage outright, it might serve as
a more realistic approach. As noted by one
expert, “[i]f states want these voluntary, non-binding norms of
responsible state behavior in cyberspace to be
truly meaningful words that can achieve their desired goals,
then their actions and practice must demonstrate
those tenets. States must demonstrate that they are willing to
take the necessary steps to protect the security
and prevent the misuse of the Internet in their respective
countries” (Hathaway, 2017). This requires a calling
out of wrongful acts conducted by other states, something that
victimized states have been reluctant to do
(Hathaway, 2017, p. 5). We cannot afford to be silent anymore.
Vice Admiral Arthur K. Cebrowski, former Director, Office of
Force Transformation at the Pentagon introduced
the concept of institutionalizing transformation by innovating
faster than our opponents and advocating more
open access to information. If we are to be effective in the
digital age, new approaches must be considered for
national security that may require “less in trying to restrict
information and more in knowing what is occurring”
(Blaker, 2006).
More cooperation among states at the international level is also
clearly needed concerning economic espionage.
Legal scholars have also noted the need for accountability at the
international level when one country is
wrongfully attacked by another (Kuntz, 2013). For example, the
United States’ Cyber Economic Espionage

Accountability Act expresses the sense of Congress that cyber
economic espionage should be a priority issue in
all economic and diplomatic discussions with the People's
Republic of China, with the Russian Federation and
other countries determined to encourage, tolerate, or conduct
such cyber economic espionage (U.S., 2014).
A review of the espionage laws shows the need for the United
States to take a lead in developing better
international collaboration and clearer laws. On the national
security side, this requires stronger sanctions and
249
Virginia Greiman
cooperation from the international community, and stronger
penalties for economic espionage. Since the
enactment of the EEA in 1996 the statute has been amended to
increase the fines that can be imposed from
$500,000 to $5 million in the case of an individual and from
$10 million to not more than the greater of $10
million or three times the value of the stolen trade secret
(Economic Penalty Act, 2013). Though these fines are
severe they clearly do not go far enough in changing the
behaviors of the perpetrators.
The United States Espionage Act needs revision to remove
confusion and create a more consistent application
of the law. In order to effectively prosecute legitimate cases of
espionage, courts and prosecutors must clearly
understand what constitutes espionage. Technology and the
classification system for espionage should comport

with modern reality. International cooperation on the conduct of
espionage may take decades, but in the
interim, application of the statute to leakers, whistleblowers and
others requires amendment of this antiquated
law to better protect our nations’ interests and our competi tive
advantage in the world.
8. Conclusion
Although States may take different positions on the application,
interpretation and development of international
law, they have reached a consensus on the applicability of
international law to cyberspace. Though the prospects
of a comprehensive binding treaty on cyber espionage remains a
challenge, the existence of a multiplicity of
diverse non-binding norm initiatives, as well as several recent
bilateral agreements reached between the main
cyber powers, demonstrate that cyber norms development is
possible.
Future research must explore possible solutions for enhancing
not only the laws of espionage, but the policies
that inform these laws to meet modern realities. This requires
multilateral cooperation and an international
agreement on the rules and norms that govern cyber espionage
both at the national security and economic level
to better meet the needs of our evolving digital society.
References
Bederman, D. and Keitner, C. (2016) International Law
Frameworks, (4th ed) Foundation Press, New York.
Blaker, J. (2006) “Arthur K. Cebrowski: A Retrospective,”
Naval War College Review, spring 2006, Vol. 59, No. 2.
Breglio, N. K. (2003) “Leaving FISA Behind: The Need To
Return To Warrantless Foreign Intelligence Surveillance,” 113
Yale

L.J. 179.
British Broadcasting Company (BBC) (29 June 2010) News
Profile: Russia's SVR intelligence agency.
China’s National Intelligence Law of the PRC (Promulgated on
June 27, 2017 by 28th meeting of the Standing Committee of
the 20th National People's Congress) effective June 28, 2017.
China’s Unfair Competition Law of the PRC (September 2,
1993) promulgated by People's Republic of China Presidential
Order No. 10.
Coates, D. R. (11 May 2017) Statement for the Record:
Worldwide Threat Assessment of the US Intelligence
Community,
Director of National Intelligence Testimony, Senate Select
Committee on Intelligence.
Correia, E. R. C. (2014) “Pulling Back The Veil Of Secrecy:
Standing To Challenge The Government's Electronic
Surveillance
Activities,” 24 Temp. Pol. & Civ. Rts. L. Rev. 185.
Donohue, L.K. (2005) “Terrorist Speech and the Future of Free
Expression,” 27 Cardozo L. Rev. 233, 325-26.
Dunn Cavelty. (2012) “The Militarization of Cyberspace: Why
Less May Be Better”, IEEE Explore, 2012 4th International
Conference on Cyber Conflict (CYCON), Tallinn, Estonia, p
113.
Economic Espionage Act (EEA) (October 11, 1996) 18 U.S.C.
Sections 1831 and 1832.
Edgar, H. and Schmidt, B.C. (1986) “Curtiss-Wright Comes
Home: Executive Power and National Security Secrecy,” 21
Harvard Civil Rights-Civil Liberties Law Review, 349, 393.
Forcese, C. (2011) “Spies Without Borders: International Law

and Intelligence Collection” 5 J. Nat’l Security Law and Policy
179, 186-93.
Foreign and Economic Espionage Penalty Enhancement Act
(FEEPEA) of 2012, Pub. L. No. 112-269, 126 Stat. 2442.
(2013).
Germany. (2011) “Cyber Security Strategy for Germany.”
Federal Ministry of the Interior, February.
Hathaway, M. (2017) “Getting Beyond Norms,” CIGI Papers
No. 127, Centre for International Governance Innovation,
Ontario, Canada.
Joint Publication (JP-201). (05 January 2012) Joint and National
Intelligence Support to Military Operation, Chairman of the
Joint Chiefs of Staff, U.S. Department of Defense, Washington,
D.C.
Kuntz, R. L. (2013) “How Not To Catch A Thief: Why The
Economic Espionage Act Fails To Protect American Trade
Secrets,”
28 Berkeley Tech. L.J. 901.
Nakashima, E. (2015) “Hacks of OPM databases compromised
22.1 million people, federal authorities say.” The Washington
Post, Washington, D.C., July 9.
National Bureau of Asian Research (2013) “Intellectual
Property Commission Report of the Commission on the Theft of
American Intellectual Property,” The National Bureau of Asian
Research (NBR), Seattle Washington.
250

Virginia Greiman
NATO Cooperative Cyber Defence Centre of Excellence (CCD
COE) (2017) “The Tallinn Manual 2.0 on the International Law
Applicable to Cyber Operations,” (Michael Schmitt and Liis
Vihul (eds.)) Cambridge University Press, Cambridge,
England.
Ozerova, M. (2012) “He Did Not Betray Himself: Putin Signed
the Law on State Treason” [in Russian], Moskovskii
Komsomolets, 15 November.
Pun, D. (2013) “Rethinking Espionage in the Modern Era” 18
Chicago Journal of International Law 353.
Reid, M. (2016) “A Comparative Approach to Economic
Espionage: Is Any Nation Effectively Dealing With This Global
Threat?” 70 U. Miami L. Rev. 757.
Russian Federation (RF) (2012) Explanatory Memo to the Draft
Federal Law on Amending the Criminal Code of the Russian
Federation and Article 151 of the Criminal Procedure Code of
the Russian Federation [in Russian], State Duma of the
Russian Federation.
Russian Federation (RF) Criminal Code No. 63-FZ of June 13,
1996 (as amended up to Federal Law No. 120-FZ of June 7,
2017).
Russia Law Nr. 190-FZ [in Russian], Rossiiskaia Gazeta, No.
5935 (Nov. 14, 2012) (official publication).
Russian Federation Article 151 of the Criminal Procedure Code
[in Russian], State Duma of the Russian Federation (June 29,

2015) Amendments to Article 183 of the Russian Criminal
Code.
Scott, D. (1999) “Territorially Intrusive Intelligence Collection
and International Law,” 46 A.F. L. REV. 217, 218.
Senate Select Committee on Intelligence (January 29, 2014)
Open Hearing on Current and Projected National Security
Threats to the U.S., 113th Cong.
The Charter of the United Nations signed on 26 June 1945.
The Foreign Intelligence Surveillance Act of 1978 (FISA)
Pub.L. 95–511, 92 Stat. 1783, 50 U.S.C. ch. 36.
The United Kingdom, Official Secrets Act 1989, c. 6 and
Official Secrets Act 1911, c. 28.
The United Kingdom Law Commission (2017) “Protection Of
Official Data,” Consultation Paper No 230, Crown Copyright,
London, England.
United Nations (2013) United Nations General Assembly Group
of Governmental Experts on Developments in the field of
information and telecommunications in the context of
international security, United Nations General Assembly, Sixty-
eighth session, 24 June.
United States Department of Defense (US DoD) (2015)
“Department of Defense Strategy for Operating in Cyberspace.”
Pentagon, Washington, D.C.
United States Cyber Economic Espionage Accountability Act
Summary: H.R.2281 — 113th Congress (2013-2014).
United States Department of Justice (2014) “U.S. Charges Five
Chinese Military Hackers for Cyber Espionage Against U.S.
Corporation and a Labor Organization for Commercial
Advantages,” U.S. Department of Justice, Office of Public

Affairs, Washington, D.C.
United States Library of Congress (2012) Russia: Espionage and
State Treason Concepts Revised, Law Library of Congress,
Washington, D.C., November 28.
United States Office of the National Counterintelligence
Executive (ONCIX) (2011) “Foreign Spies Stealing US
Economic
Secrets in Cyberspace: Report to Congress on Foreign Economic
Collection and Industrial Espionage 2009-2011,”
October 2011. Director of the National Counterintelligence and
Security Center under the Office of the Director of
National Intelligence (ODNI), Washington, D.C.
U.S.-China Economic And Security Review Commission (2017)
“Report to Congress. Executive Summary and
Recommendations.” One Hundred Fifteenth Congress, First
Session, November 2017.
Walton, C. (2013) Empire of Secrets: British Intelligence, The
Cold War and the Twilight of Empire, The Overlook Press, New
York, NY.
251
xiii
Virginia Greiman is Professor of Global Cyber Law and
Governance and Megaprojects and Planning at Boston
University
and she teaches at Harvard University Law School. She served
as a diplomatic official to the U.S. Department of State in
Eastern and Central Europe, Asia and Africa and has held

several high level appointments with the U.S. Department of
Justice.
Jeffrey Guion is a Captain in the U.S. Air Force and a graduate
student at the Air Force Institute of Technology. He has a
Computer Science B.S. from Northeastern University and
previously managed the Wing Cybersecurity Office at Edwards
AFB. His is currently working on mission relevant cyber terrain
mapping for his thesis.
Rudy Agus Gemilang Gultom, is a senior researcher at the
Indonesian Defense University (IDU), Indonesia. He finished
his
M.Sc. in Computer Science from the University of Sheffield,
United Kingdom (funded by the British Chevening Scholarship).
He finished his Doctoral Degree in Electrical Engineering from
University of Indonesia, Indonesia (funded by the Indonesian
Government).
Ginger Guzman is currently an international research fellow at
The Institute of World Politics and is a PhD candidate in the
School of Governance, Law, and Society at Tallinn University.
Her research and interests are on cyberpower, security
studies, and, international relations. More specifically her work
examines the role of ideational cyberpower for states.
Sharif Hassan has over 15 years of experience in Cyber
security, specifically adversarial Cyber testing, and is the
manager of
the Lockheed Martin corporate Red Team. Sharif is currently
pursuing his PhD in Computer Science at the University of
Central Florida.
Dr. Moniphia O. Hewling is a Cyber Security Consultant who
currently heads the Jamaica Cyber Incident Response Team, a
division in the Ministry of Science Energy and Technology.

Often described as a cyber-warrior, Dr. Hewling’s main aim at
this juncture is to drive the creation of a robust cyber security
framework for Jamaica.
Vahid Heydari received the M.S. degree in Cybersecurity and
the Ph.D. degree in Electrical and Computer Engineering from
the University of Alabama in Huntsville. He is currently an
Assistant Professor of Computer Science at Rowan University,
Glassboro, NJ, USA. His research interests include moving
target defenses, mobile ad-hoc, sensor, and vehicular networks
security.
Dr Corey Hirsch is Chief Information Security Officer of
Teledyne Technologies. He also serves as visiting fellow at both
Warwick Business School, Coventry, and Henley Business
School at University of Reading, U.K. Dr. Hirsch teaches
information security at Stevens Institute of Technology. His
practice and teaching centers around enterprise systems,
leading the ICT function, information security, operations, and
competitor intelligence. His 24-year career with Tektronix,
Inc. included overseas assignments totaling nine years, and
culminated as vice president, Europe. Both LeCroy and
Tektronix participate in the test and measurement industry. Dr.
Hirsch has research interests in information security and
enterprise risk management. He earned his doctorate in business
administration from Brunel University, London.
Michael Bennett Hotchkiss has research interests in the study of
Information Warfare, Propaganda, Disinformation, and
the History of Espionage. Michael possesses a Master of
Organization Development degree (M.O.D.) from Bowling
Green
State University (USA), and a Bachelor of Arts in Industrial
Psychology (minor Criminal Justice, Phi Beta Kappa honors)
from
University of Connecticut (USA).

Gazmend Huskaj is a PhD candidate in Cyber Operations at the
Swedish Defence University. He received his MSc in
Information Security from Stockholm University in 2015 as a
distinguished graduate. Previously, he was Director
Intelligence in the Swedish Armed Forces focusing on cyber -
related issues. He is also a ISACA Certified Information
Security
Manager (CISM).
Steve Hutchinson is a cyber security researcher with ICF
contracted to the US Army Research Laboratory. He has
research
interests in the cognitive aspects of cyber security decision-
making and human-machine interface techniques to augment
analyst capabilities. He has a MS in Instruction Science,
graduate studies in Computer Science, and BS in Electrical
Engineering.
Ehinome Ikhalia holds a PhD in Information Systems and
Computing, Ehinome possesses exceptional insight in the
application of cyber security. He keeps his finger on the pulse
of cyber security and has presented at international
Reproduced with permission of copyright owner. Further
reproduction
prohibited without permission.
EXE C U TI V E O F F I C E O F TH E P RE SI D EN T
O F F I C E O F M A N A G E M E N T A N D B U D G E T

W AS H I N G T O N , D . C . 2 0 5 0 3
October 30, 2015
Executive Summary
Strengthening the cybersecurity of Federal networks, systems,
and data is one of the most
important challenges we face as a Nation. As a result, the
Federal Government is bringing
significant resources to bear to ensure cybersecurity remains a
top priority. This includes
strengthening government-wide processes for developing,
implementing, and institutionalizing
best practices; developing and retaining the cybersecurity
workforce; and working with public
and private sector research and development communities to
leverage the best of existing, new,
and emerging technology.
In furthering this mission, the Federal Chief Information Officer
(FCIO) initiated a 30-day
Cybersecurity Sprint on June 12, 2015. The Cybersecurity
Sprint Team (“Sprint Team”), led by
the Office of Management and Budget (OMB), was comprised
of representatives from the
National Security Council (NSC), the Department of Homeland
Security (DHS), the Department
of Defense (DoD), and other Federal civilian and defense
agencies. The initial Sprint memo

instructed agencies to implement a number of immediate high
priority actions to enhance the
cybersecurity of Federal information and assets. This
Cybersecurity Strategy and
Implementation Plan (“CSIP”) is the result of the Cybersecurity
Sprint, and incorporates
progress reporting and corrective actions that are ongoing.
The CSIP is the result of a comprehensive review of the Federal
Government’s cybersecurity
policies, procedures, and practices by the Sprint Team. The
goal was to identify and address
critical cybersecurity gaps and emerging priorities, and make
specific recommendations to
address those gaps and priorities. The CSIP will strengthen
Federal civilian cybersecurity
through the following five objectives:
Page 2 of 21
1) Prioritized Identification and Protection of high value
information and assets;
2) Timely Detection of and Rapid Response to cyber incidents;
3) Rapid Recovery from incidents when they occur and
Accelerated Adoption of lessons
learned from the Sprint assessment;
4) Recruitment and Retention of the most highly-qualified
Cybersecurity Workforce

talent the Federal Government can bring to bear; and
5) Efficient and Effective Acquisition and Deployment of
Existing and Emerging
Technology.
The CSIP is organized in the following manner:
• Objectives: “What we need to achieve”
• Actions: “How and where we focus our efforts to achieve
those objectives”
Specifically, the CSIP’s key actions include:
• All agencies will continue to identify their high value assets
(HVAs) and critical system
architecture in order to understand the potential impact to those
assets from a cyber incident,
and ensure robust physical and cybersecurity protections are in
place. The identification of
HVAs will be an ongoing activity due to the dynamic nature of
cybersecurity risks.
• DHS will accelerate the deployment of Continuous
Diagnostics and Mitigation (CDM) and
EINSTEIN capabilities to all participating Federal agencies to
enhance detection of cyber
vulnerabilities and protection from cyber threats.
• All agencies will improve the identity and access management
of user accounts on Federal
information systems to drastically reduce vulnerabilities and
successful intrusions.
• OMB, in coordination with NSC and DHS, will issue incident

response best practices for use
by Federal agencies, incorporating lessons learned from past
cyber incidents to ensure future
incidents are mitigated in a consistent and timely manner. The
best practices will serve as a
living document to be continuously updated.
• The National Institute of Standards and Technology (NIST)
will provide updated guidance to
agencies on how to recover from cyber events.
• The Office of Personnel Management (OPM) and OMB will
initiate several new efforts to
improve Federal cybersecurity workforce recruitment, hiring,
and training and ensure a
pipeline for future talent is put in place.
• The Chief Information Officer (CIO) Council will create an
Emerging Technology Sub-
Committee to facilitate efforts to rapidly deploy emerging
technologies at Federal agencies.
• The President’s Management Council (PMC) will oversee the
implementation of the CSIP in
recognition of the key role Deputy Secretaries play in managing
cybersecurity within their
agencies.
• CIOs and Chief Information Security Officers will also have
direct responsibility and
accountability for implementation of the CSIP, consistent with
their role of ensuring the
identification and protection of their agency’s critical systems
and information.

of 21
The remainder of the CSIP outlines key actions,
responsibilities, and timeframes for
implementation. Progress will be tracked through several
mechanisms, to include
comprehensive reviews of agency-specific cybersecurity posture
(CyberStats), the CIO Council,
and the Information Security and Identity Management
Committee (ISIMC). The PMC will
serve as the Executive Steering Committee and will oversee
quarterly performance reviews to
identify major performance gaps.
Page 4 of 21
Page 5 of 21

Introduction
Strengthening the cybersecurity of Federal networks, systems,
and data is one of the most
important challenges we face as a Nation. Every day, the
Federal Government experiences
increasingly sophisticated and persistent cyber threats. While
the Federal Government has
prioritized its efforts to address these threats, several
fundamental challenges exist which hinder
progress in eliminating cybersecurity risks. Among these
challenges is a broad surface area of
legacy systems with thousands of different hardware and
software configurations across the
Federal Government, which introduces significant
vulnerabilities and opportunities for
exploitation. Additionally, each agency is responsible for
managing its own information
technology systems, which, due to varying levels of
cybersecurity expertise and capacity,
generates inconsistencies in capability across government.
The Federal Government is bringing significant resources to
bear to ensure cybersecurity
remains a top priority and agencies are held accountable for
improving their performance in this
critical area. These efforts include strengthening government-
wide processes for developing,
implementing, and institutionalizing best practices; developing
and retaining the cybersecurity
workforce; and working with public and private sector research
and development communities to
leverage the best of existing, new, and emerging technology.
To ensure that Federal agencies are dedicating appropriate
attention and resources to address

these critical and pressing challenges, the FCIO initiated a
Cybersecurity Sprint on June 12,
2015. The Cybersecurity Sprint required agencies to take
immediate steps to further protect
Federal information and assets and improve the resilience of
Federal networks. These actions
included implementing strong user identity verification and
authentication, patching critical
vulnerabilities, scanning for cyber threat indicators, identifying
critical information assets, and
reviewing and reducing the number of privileged user accounts.
In addition to providing
direction to agencies, the FCIO established a Sprint Team to
lead a 30-day review of the Federal
Government’s cybersecurity policies, procedures, and practices.
Accordingly, the FCIO tasked
the Sprint Team with creating and operationalizing a set of
action plans and strategies to further
address critical cybersecurity priorities and recommend a
Federal civilian cybersecurity strategy.
The result of those recommendations is the CSIP.
The CSIP directs a series of actions to improve capabilities for
identifying and detecting
vulnerabilities and threats, enhance protections of government
assets and information, and
further develop robust response and recovery capabilities to
ensure readiness and resilience when
incidents inevitably occur. The CSIP is part of a broader series
of actions to bolster Federal
civilian cybersecurity, which includes the issuance of updated
guidance under the Federal
Information Security Modernization Act of 2014 (P.L. 113-283)
(FISMA); revisions to the
Federal Government’s governing document establishing policies
for the management of Federal

information resources: Circular A-130, Managing Information
as a Strategic Resource; new
guidance on implementing cybersecurity contracting language;
cyber incident response best
practices for use by Federal civilian agencies; the issuance of a
blanket purchase agreement for
Identity Protection Services designed to give Federal agencies
ready access to best-in-class
solutions and reduce wasteful and inefficient duplicative
contracts for common-use services; and
an updated Cybersecurity Cross-Agency Priority (CAP) Goal to
improve Federal cybersecurity
performance.
https://www.congress.gov/113/plaws/publ283/PLAW-
113publ283.pdf
https://www.congress.gov/113/plaws/publ283/PLAW-
113publ283.pdf
http://www.gsa.gov/portal/content/243011
Page 6 of 21
The CSIP emphasizes the need for a defense in depth1 approach
that relies on the layering of
people, processes, technologies, and operations to achieve more
secure Federal information
systems. Inherent in a defense in depth approach is the
recognition that all protection
mechanisms have weaknesses that adversaries may exploit
through several paths. Implementing
the CSIP will not prevent every cyber incident. In fact, it is
likely that agencies will discover

additional and previously unknown malicious activity as they
improve prevention and detection
capabilities. Accordingly, the CSIP incorporates procedures to
prepare agencies to respond to
and recover from incidents, secure Federal information and
assets, and ultimately strengthen
their overall security posture.
The CSIP incorporates feedback from public and private sector
subject-matter experts as well as
lessons learned from current cyber incident response and
recovery efforts affecting the Federal
Government. The CSIP builds on existing policy work,
including the Comprehensive National
Cybersecurity Initiative (CNCI); Presidential Policy Directives;
Executive Orders; legislation
such as FISMA; OMB guidance; agency performance and
incident data; and Federal Continuity
Directives. The CSIP emphasizes the government-wide
adherence to NIST standards and
guidelines and builds on the core concepts of the Framework for
Improving Critical
Infrastructure Cybersecurity, which NIST developed in
accordance with Executive Order 13636,
Improving Critical Infrastructure Cybersecurity.
Oversight
Responsibility for Federal Government cybersecurity is
distributed and shared by all agencies;
however, specific agencies have additional roles in supporting
this mission and ensuring that the
Federal Government has the tools, resources, and guidance
necessary to make the risk-based
decisions necessary to secure their systems. FISMA states that
OMB oversees Federal agency
information security policies and practices. The OMB Cyber

and National Security Unit (OMB
Cyber) was created at the beginning of FY 20152 to strengthen
Federal cybersecurity through:
1) Data-driven, risk-based oversight of agency and government-
wide cybersecurity
programs;
2) Issuance and implementation of Federal policies to address
emerging IT security risks;
and
3) Oversight of the government-wide response to major
incidents and vulnerabilities to
reduce their impact on the Federal Government.
Progress on CSIP implementation will be tracked through
several mechanisms, to include the
PMC, comprehensive reviews of agency-specific cybersecurity
posture (CyberStats), the CIO
Council and the ISIMC. The quarterly performance reviews
will be used to identify major
performance and policy gaps, which will be addressed through
regular engagement with agency
leadership and future FISMA guidance. Additionally, OMB and
NSC will work within the
1 NIST Special Publication 800-53, Security and Privacy
Controls for Federal Information Systems and Organizations,
defines defense in depth as: “information security strategy
integrating people, technology, and operations
capabilities to establish variable barriers across multiple layers
and missions of the organization.”

2 OMB launched this dedicated unit within the Office of E-
Government & Information Technology, also referred to
as the Office of the Federal Chief Information Officer, in the
Fiscal Year 2014 Federal Information Security
Management Act Report to Congress.
http://www.nist.gov/cyberframework/
http://www.nist.gov/cyberframework/
https://www.whitehouse.gov/the-press-
office/2013/02/12/executive-order-improving-critical-
infrastructure-cybersecurity
office/2013/02/12/executive-order-improving-critical-
infrastructure-cybersecurity
Page 7 of 21
interagency to ensure government-wide input and engagement
on the creation of usable, targeted
policies and guidance to help agencies continue to strengthen
their cybersecurity posture.
The CSIP will strengthen Federal civilian cybersecurity through
the following five objectives:
1) Prioritized Identification and Protection of high value
information and assets;
2) Timely Detection of and Rapid Response to cyber incidents;
3) Rapid Recovery from incidents when they occur and
Accelerated Adoption of
lessons learned from the Sprint assessment;

4) Recruitment and Retention of the most highly-qualified
Cybersecurity Workforce
talent the Federal Government can bring to bear; and
5) Efficient and Effective Acquisition and Deployment of
Existing and Emerging
Technology.
The CSIP implementation described herein is organized in the
following manner:
• Objectives: “What we need to achieve”
• Actions: “How and where we focus our efforts to achieve
those objectives”
Page 8 of 21
I. Objective 1: Prioritized Identification and Protection of High
Value Information and
Assets
Identify
To protect Federal Government information and assets, agencies
must first identify the value
and impact of the information on their systems and networks.
Agencies must also identify
the IT assets used to store, process, and transmit that

information. Further, agencies must
identify those assets and capabilities that enable mission
essential functions and ensure
delivery of critical services to the public.
Accordingly, OMB directed agencies to initiate processes to
identify their High Value Assets
(HVAs) at the beginning of the Cybersecurity Sprint. Agencies
were to review and improve
the security practices and controls around their HVAs. To
assist agencies with this process,
the Sprint Team developed a working definition of “high value
asset”3 and a list of attributes
to consider when determining whether an asset, dataset, or
repository is of high value.
Federal Information Processing Standard (FIPS) 199, Standards
for Security Categorization
of Federal Information and Information Systems, also provides
relevant guidance and
requires Federal agencies to categorize their information and
information systems to
determine the worst-case adverse impact to operations and
assets, individuals, other
organizations, and the Nation if their information or systems are
compromised.4 The effort
to identify HVAs builds on FIPS 199 and seeks to implement
lessons learned from cyber
incidents involving personally identifiable information (PII), by
asking agencies’ to give
special consideration to the capability, intent, and specific
targeting of high value data
repositories by potential or actual adversaries.
Going forward, OMB is directing the following actions to
prioritize the identification and
protection of high value information and assets:

a. The Director of National Intelligence (DNI) will identify the
appropriate interagency
resources to lead a threat assessment of Federal HVAs that are
at high-risk of targeting by
adversaries by December 31, 2015. DHS will simultaneously
lead a team, augmented by
DoD, the Intelligence Community (IC), and other agency
resources as needed, to
continuously diagnose and mitigate the cybersecurity
protections around the HVAs
identified during the Cybersecurity Sprint. The DHS-led team
will continue to conduct
proactive assessments on a rolling basis as the IC, law
enforcement, and other Federal
entities identify new threats. DHS and DNI will share the
results of these assessments
with the agencies, as necessary.
3 “High Value Assets” refer to those assets, systems, faciliti es,
data and datasets that are of particular interest to
potential adversaries. These assets, systems, and datasets may
contain sensitive controls, instructions or data used in
critical Federal operations, or house unique collections of data
(by size or content) making them of particular interest
to criminal, politically-motivated, or state-sponsored actors for
either direct exploitation of the data or to cause a loss
of confidence in the U.S. Government.
4 FIPS Publication 199 defines three levels of potential impact
(i.e., low, moderate, and high) on organizations or
individuals should there be a breach of security (i.e., a loss of
confidentiality, integrity, or availability).
http://csrc.nist.gov/publications/fips/fips199/FIPS-PUB-199-
final.pdf

http://csrc.nist.gov/publications/fips/fips199/FIPS-PUB-199-
final.pdf
Page 9 of 21
i. To facilitate this process, OMB will establish a requirement
in the Fiscal Year
2015-2016 Guidance on Federal Information Security and
Privacy Management
Requirements 5 for civilian agencies to identify and submit
their list of HVAs to
DHS for assessment.
ii. Agency leadership will direct their respective CIOs to engage
and collaborate
with DHS during these HVA assessments.
iii. To identify HVAs containing PII, the Senior Agency
Official for Privacy for each
agency shall initiate a review of their information technology
systems that
maintain PII. The Senior Agency Official for Privacy shall
evaluate the
sensitivity and quantity of the PII and recommend to the CIO
and agency head, as
appropriate, whether a specific system or systems should be
added to the agency’s
list of HVAs.
iv. In addition, for each HVA and information technology asset
identified, the Senior
Agency Official for Privacy shall review the processes for

protecting PII on the
systems and ensure that the applicable Privacy Act systems of
records notice(s)
and privacy impact assessment(s) that covers a given HVA or
information
technology asset is current, accurately addresses risks to PII,
and includes any
steps taken to mitigate those risks.
b. Per OMB M-14-03, Enhancing the Security of Federal
Information and Information
Systems and OMB M-15-01, Fiscal Year 2014-2015 Guidance
on Improving Federal
Information Security and Privacy Management Practices,
Federal agencies must
accelerate the implementation of capabilities and tools to
identify risks to their systems
and networks, to include, but not limited to, DHS’s CDM
program. CDM addresses parts
of each stated objective of the CSIP, and its implementation is
fundamental to helping
agencies develop a better understanding of the risks to their IT
systems and networks
through improved identification and detection of cyber threats.
Through CDM Phase 1,
DHS is deploying sensors and tools at agencies that will provide
a more accurate picture
of: 1) the inventory of hardware and software assets under
management, and 2) the
ongoing security posture of each of those assets. DHS
purchased CDM Phase 1 tools and
integration services for all participating agencies in FY 2015.
Implementation of these
tools will result in coverage for all Chief Financial Officer
(CFO) Act agencies and over

97% of the Federal Civilian Government.
c. During the Cybersecurity Sprint, DHS identified the need to
accelerate CDM
implementation throughout Federal agencies and has since
developed a plan to accelerate
the deployment of CDM Phase 2. In the first quarter of FY
2016, DHS has begun
purchasing tools to provide Phase 2 capabilities for
participating agencies. This
capability will help ensure all employees and contractors at
covered agencies are using
appropriately secure methods to access Federal systems. DHS
is scheduled to provide
Federal agencies with additional Phase 2 capabilities throughout
FY 2016, with the full
suite of CDM Phase 2 capabilities delivered by the end of FY
2016.
5 This guidance will be issued concurrent with the CSIP. The
guidance is referred to as the “FY 2016 FISMA
Guidance” hereafter in this document.
https://www.whitehouse.gov/sites/default/files/omb/memoranda/
2014/m-14-03.pdf
2014/m-14-03.pdf
https://www.whitehouse.gov/sites/defa ult/files/omb/memoranda/
2015/m-15-01.pdf
2015/m-15-01.pdf

of 21
Protect
Over the course of the Cybersecurity Sprint, Federal civilian
agencies increased their overall
use of strong authentication from 42 percent to 72 percent.
Specifically, Federal civilian
agencies increased use of strong authentication for privileged
users from 33 percent to nearly
75 percent. Although there is no single method by which all
cyber incidents can be
prevented, improving the access management of user accounts
on Federal information
systems could drastically reduce current vulnerabilities.
Privileged user accounts are a
known target for malicious actors but can be protected by an
existing, strong authentication
solution: Personal Identity Verification (PIV) credentials.
Implementing strong
authentication PIV credentials, as directed in Homeland
Security Presidential Directive 12:
Policy for a Common Identification Standard for Federal
Employees and Contractors
(HSPD-12) and Federal Information Processing Standard (FIPS)
201-2: Personal Identity
Verification (PIV) of Federal Employees and Contractors, is a
cost-effective and immediate
action that agencies should take to drastically reduce their risk
profiles. PIV credentials
efficiently authenticate an employee’s identity and reduce the
risk of identity fraud,

tampering, counterfeiting, and exploitation.
To build on the strong authentication progress made during the
Cybersecurity Sprint, in FY
2016 Federal agencies should continue to target the
Administration Cybersecurity CAP goal
of 100% strong authentication for all privileged users and 85%
strong authentication for
unprivileged users. While impressive strides have been made in
areas such as strong
authentication implementation, there is still more work to do.
For example, once agencies
have identified and inventoried their HVAs and high value
information technology systems,
they must protect them with a variety of policies, processes, and
tools, consistent with
applicable OMB guidance and NIST standards. Effective
protection activities can include
reducing the attack surface and complexity of IT infrastructure;
minimizing the use of
administrative privileges; utilizing strong authentication
credentials; safeguarding data at rest
and in-transit; training personnel; ensuring repeatable processes
and procedures; adopting
innovative and modern technology; ensuring strict domain
separation of critical/sensitive
information and information systems; and ensuring a current
inventory of hardware and
software components.
Furthermore, the employment of shared services is a proven
approach for providing agencies
with access to robust capabilities and can result in i mproved
consistency and security across
the Federal Government. They can also encourage the common

application of standardized
best practices, reduce costs and increases efficiencies. The
Cybersecurity Sprint Team
performed a Federal-wide inventory and assessment of current
cyber-focused shared
services. The Sprint Team assessed the maturity and
effectiveness of these offerings,
identified service gaps, and proposed additional offerings to
address critical needs.
The CSIP initiates the following protection activities to improve
Federal cybersecurity.
These actions are in addition to those already being undertaken
by Federal agencies and do
not preclude agencies from continuing complementary work to
secure their systems.
http://www.dhs.gov/homeland-security-presidential-directive-12
http://www.dhs.gov/homeland-security-presidential-directive-12
Page 11 of 21
a. Tighten privileged user policies, practices, and procedures.
i. The Cybersecurity Sprint Team required agencies to
immediately review policies
and practices for privileged users. Agencies should continue to:
• inventory and validate privileged account scope and numbers;

• minimize the number of privileged users;
• limit functions that can be performed when using privileged
accounts;
• limit the duration that privileged users can be logged in;
• limit the privileged functions that can be performed using
remote access; and
• ensure that privileged user activities are logged and regularly
reviewed.
b. Complete PIV implementation for all employees and
contractors6 required to obtain a
PIV.
i. The Cybersecurity Sprint directed agencies to immediately
implement PIV for the
following targets:
• 100% of privileged users.7
• 75% of non-privileged users.8
a. The CAP Goal for FY 2016 Q1 is 85% of non-privileged
users.
ii. To facilitate this process, the Cybersecurity Sprint Team
developed a compilation
of best practices for PIV implementation and posted the
collection on the CIO
Council’s Knowledge Portal.
iii. Where necessary, GSA, in coordination with OMB, DHS,
and DOD, and in
consultation with NIST, will deploy technical resources for
defined periods to
assist agencies with remaining PIV implementation challenges.

iv. The CSIP directs NIST to publish best practices for
privileged user PIV
implementation based on lessons learned from the Sprint within
30 days.9
v. OPM, in coordination with NIST, OMB, and GSA, will
update guidance on
foreign nationals with regards to HSPD-12 applicability by
December 31, 2015.
c. Address all critical vulnerabilities10 and scan for Indicators
of Compromise.
i. Moving forward and on a rolling basis, the CSIP requires
agencies to scan for
indicators of compromise within 24 hours of receipt of the
indicators from DHS.
6 As defined by OMB Memorandum M-05-24: Implementation
of Homeland Security Presidential Directive (HSPD)
12 – Policy for Common Identification Standards for Federal
Employees and Contractors.
7 A network account with elevated privileges which is typically
allocated to system administrators, network
administrators, DBAs, and others who are responsible for
system/application control, monitoring, or administration
functions. – 2015 FISMA Metrics
8 An unprivileged network account is any account that is not a
privileged network account. – 2015 FISMA Metrics
9 All instances of “within X days” in the CSIP means the
deadline for the action is “within X days of the CSIP’s
issuance.”
10 The DHS National Cybersecurity Assessments and Technical
Services (NCATS) team identifies critical

vulnerabilities at agencies and assigns a severity score based on
an industry-standard scoring model. For further
questions contact [email protected]
https://community.max.gov/display/Egov/CIO+Council+Knowle
dge+Portal
https://community.max.gov/display/Egov/CIO+Council+Knowle
dge+Portal
mailto:[email protected]
Page 12 of 21
ii. Consistent with DHS’s Binding Operational Directive 15-01,
Critical
Vulnerability Mitigation Requirements for Federal Civilian
Executive Branch
Departments’ and Agencies’ Internet-Accessible Systems, the
CSIP directs
agencies to patch all critical vulnerabilities immediately or, at a
minimum, within
30 days of patch release. Vulnerabilities existing longer than 30
days will be
included in agency PMC reports.
d. NSC and OMB will release the EO 13681, Improving the
Security of Consumer Financial
Transactions Implementation Plan by December 31, 2015, to
require implementation of
strong authentication and effective identity proofing for
government digital services that
make personal data accessible to citizens online.

e. Drawing on the work of the Sprint Team, OMB will release a
plan for implementing new
cybersecurity shared services within 3 months. These services
will augment or
supplement existing agency services, while providing new
services for agencies without
existing capabilities. Potential service offerings could include,
but are not limited to:
i. Identity, Authentication, and Authorization Services:
• Agencies’ ability to further their mission and achieve
efficiencies by placing
high value services online requires them to be able to have
confidence in the
identities of users accessing these services. This set of shared
identity
services could enable agencies to access digital credentials
based on effective
identity proofing methodologies and user-friendly strong
authentication
technologies. In addition, agencies can obtain validated
information to
support authorization decisions so that appropriate users can
access their
resources or benefits.
ii. Mobile Security Services:
• Mobile devices have become as powerful and connected as
desktop and laptop
computers, requiring the same level of attention to
cybersecurity. Mobile
security has unique challenges that require different solutions

than existing
programs offer. This service (or services) could address
authentication,
application management, device management, and encryption,
and may
include approved tools, best practices, and implementation
support.
iii. Network Segmentation Services:
• Effective network segmentation management requires
consistent application
of best practices to limit lateral movement across networks.
This shared
service could provide network segmentation shared service
capabilities across
the Federal Government to help ensure that agencies
consistently apply best
practices to this complex management task. If operationalized,
all Federal
organizations would be asked to provide recommendations to
the network
segmentation services management offering to guide the proper
implementation of network segmentation within an
organization.
iv. Digital Rights Management:
• A digital rights management (DRM) shared service capability
could enable a
systematic approach to data-level protection across the Federal
Government
office/2014/10/17/executive-order-improving-security-
consumer-financial-transactions

office/2014/10/17/executive-order-improving-security-
consumer-financial-transactions
Page 13 of 21
and help prevent unauthorized review, redistribution, and
modification of
sensitive Government information. While protections at the
network level
remain essential, adding protection at the data level is critical to
achieving
defense in depth.
v. Encryption Services:
• Encryption as a shared service could help ensure consistent
application of
security policies and potentially provide delivery of a range of
cryptographic
capabilities. If operationalized, this shared service could also
leverage, and
may require updates to the existing Federal Public Key
Infrastructure (PKI).
Proposals for this service offering may also include new
requirements for
employing web encryption (HTTPS), digitally signed email, and
default
encryption for sensitive information held by Federal civilian
agencies.

of 21
II. Objective 2: Timely Detection of and Rapid Response to
Cyber Incidents
Detect
The Sprint Team found that Federal civilian agency threat-
detection capabilities have
improved significantly in recent years. With DHS’s EINSTEIN
program providing network
perimeter protection and the CDM program providing ongoing
awareness of assets and
activities within the network, agencies deploying these
capabilities are now in a stronger
position. Agencies have also made great strides in their efforts
to share and receive cyber
threat information, both with other agencies and the private
sector, which allows network
defenders to detect and block cyber intrusions before they cause
damage. This section of the
CSIP identifies further improvements that OMB, DHS, and
Federal agencies will take to
enhance information sharing efforts, detect cyber threats in real
time, and rapidly respond to
cyber incidents.
a. For agencies to deploy strong perimeter protections, DHS
will build on the current
EINSTEIN platform to implement advanced protections beyond

the current signature-
based approach. DHS has initiated the following efforts to
advance the EINSTEIN
program:
i. DHS is piloting behavioral-based analytics to extend beyond
the current approach
of using known signatures and begin identifying threat activity
that takes
advantage of zero-day cyber intrusion methods. DHS is
examining technologies
from the private sector to evolve to this next stage of network
defense. DHS will
share lessons learned from the pilot study and next steps with
OMB by March
31, 2016.
ii. DHS has issued a contract action that will provide EINSTEIN
3A protections to
participating agencies that are not covered by the ISPs currently
under contract.
This contract will make certain EINSTEIN 3A protections (e-
mail and domain
name system) available to all Federal Civilian Government
agencies by
December 31, 2015.
b. Agencies rely on protections deployed through their trusted
internet connection (TIC) or
Managed Trusted Internet Protocol Services (MTIPS) providers.
OMB Cyber, in
coordination with DHS, will initiate a 30-day review of current
TIC architecture and
baseline controls upon release of the CSIP with a focus on:

i. Continuous agency review of their public-facing Internet
connections for
consolidation and reduction.
ii. Ensuring all possible traffic, including mobile and cloud,
goes through a TIC.
iii. Options for where TICs can be hosted to improve bandwidth
coverage.
iv. Additional tools that can be implemented at a TIC location.
v. How external vendors who store, process, and transmit
agency data for or on
behalf of the government can have their traffic securely
encapsulated within the
TIC connectivity.
c. The CSIP emphasizes ways to advance Federal-wide
information sharing on critical
vulnerabilities and threats, indicators of compromise, and best
practices. Information
sharing is essential not only for detecting and blocking
intrusions on a specific targeted
Page 15 of 21
organization, but for understanding the broader landscape of
cyber risk. DHS analyzes
cybersecurity information from sensors deployed across the
Federal Government and
from incidents reported by Federal agencies and the private

sector. With this
information, DHS is able to identify when adversaries appear to
be targeting particular
sectors or types of organizations and share the information
proactively, helping agencies
understand emerging risks and develop effective protective
measures to block threats
before incidents occur.
i. One primary barrier to effective information sharing is a lack
of operational
speed. Information sharing must be sufficiently rapid to detect
and block threats
before targeted networks are adversely impacted. The DHS
National
Cybersecurity and Communications Integration Center (NCCIC)
has developed
an automated system to share cyber threat indicators in near
real-time and is
working aggressively to build this capability across government
and out to the
private sector. The CSIP directs all CFO Act agencies to work
with DHS to
implement automated indicator sharing by developing their own
capability,
procuring commercially available solutions, or participating in a
shared service,
once available, within 12 months.
d. Beginning in FY 2016, GSA will develop a Business Due
Diligence Information Service
that will provide agencies with a common government-wide
capability for identifying,
assessing, and managing cyber and supply chain risk throughout
the acquisition process.

Respond
The Sprint Team identified several common challenges during
the Cybersecurity Sprint and
determined that Federal Civilian Government cyber incident
response procedures and practices
are not consistently documented or implemented. As instances
of cyber incidents simultaneously
affecting multiple Federal agencies are likely to increase, the
Federal Government requires
streamlined response efforts and enhanced procedures for
communication and coordination. The
CSIP aims to address these challenges through the creati on of
incident response best practices for
Federal civilian agencies. This new guidance will help set
expectations across all involved
parties and ensure consistency across incident response efforts
while remaining flexible enough
to guide activities under various conditions and situations.
The CSIP addresses this challenge by initiating the following
actions:
a. OMB, in coordination with NSC and DHS, will provide
Federal civilian agencies with
incident response best practices along with the FY 2016 FISMA
Guidance, which will be
issued concurrent with the CSIP, to provide a reference guide
for responding to major
incidents11 affecting Federal civilian agencies. The best
practices will address several
common challenges identified during the Sprint by formalizing
the role of an on-scene
coordinator, assigning incident response work streams, and

establishing entry and exit
criteria for the response phase. Furthermore, the best practices
will clarify existing
requirements for agencies to notify US-CERT, Congress, and
victims of a cyber incident;
11 For a definition of major incidents, please see the FISMA FY
2016 Guidance.
Page 16 of 21
will help improve agency plans and procedures to ensure that
relevant authorities are
documented and understood; and will enhance inter-agency
communication and
coordination procedures to ensure incidents are mitigated
appropriately and in a timely
manner.
b. In the FY 2016 FISMA Guidance, OMB will require that all
departments and agencies
(not bureaus or components) designate one principal Security
Operations Center (SOC),
or equivalent organization to be accountable to agency
leadership, DHS, and OMB for all
incident response activities. Agencies will provide this
information to US-CERT by
November 13, 2015.

c. Separately, within 3 months, OMB, in coordination with
DHS, will provide agencies
with best practices and use cases for Federal SOCs to ensure
consistent roles,
responsibilities, policies, and procedures are employed by SOCs
across the Federal
Government.
d. In the FY 2016 FISMA Guidance, OMB will require agencies
to have a standing Federal
Network Authorization with DHS to ensure DHS can rapidly
deploy on-site resources to
conduct incident response activities, when necessary. The
authorization should be
reviewed on a semi-annual basis and remain on file with DHS.
e. The CSIP directs GSA, in coordination with OMB, to
research contract vehicle options
and develop a capability to deploy incident response services
that can quickly be
leveraged by Federal agencies, on a reimbursable basis. The
incident response service
will be managed by the contracting agency, in coordination with
DHS and OMB. GSA
will develop requirements and deliver a detailed implementation
plan for this task to
OMB within 3 months; then complete the acquisition process
and deliver the final
capability within 6 months.

of 21
III. Objective 3: Rapid Recovery From Incidents When They
Occur and Accelerated
Adoption of Lessons Learned From The Sprint Assessment
Recovery
The CSIP defines “recover” as the development and
implementation of plans, processes, and
procedures for recovery and full restoration, in a timely manner,
of any capabilities or
services that are impaired due to a cyber event. The
Cybersecurity Sprint identified that
Federal-wide and agency-specific policies and practices for
recovering from cyber events are
inconsistent and vary in degree of maturity. In recent years, the
Federal Government has
prioritized protecting its assets and detecting threats. As an
increasing number of threats are
detected, the Federal Government must begin to improve both
its response and recovery
capabilities. Recent events have demonstrated the need for
policies or plans related to
recovery from cyber events to remain flexible to better allow
agencies to respond to and
recover from evolving and sophisticated threats.
To date, there have been a number of Federal-wide policies and
standards that provide

guidance as to how agencies should recover from cyber events.
For example, the NIST
Cybersecurity Framework for Critical Infrastructure
Cybersecurity identifies “Recover”,
which includes the sub-categories of Recovery Planning,
Improvements, and
Communications, as one of its primary Functions. Additionally,
numerous controls within
NIST Special Publication 800-53 Revision 4 address elements
of recovery controls and
capabilities that agencies should address. OMB also published
OMB M-07-16:
Safeguarding Against and Responding to the Breach of
Personally Identifiable Information,
which provides guidance to agencies as to how they should
protect against data breaches and
respond and recover when one occurs. Despite the existence of
available standards and
guidance, there remains room for improvement.
The CSIP initiates the following actions to help agencies
rapidly recover from incidents
when they occur and accelerate adoption of lessons learned
from these events.
a. The CSIP directs NIST to provide guidance to agencies by
June 30, 2016, on how to
recover from a cyber event, focusing on potential scenarios to
include, but not limited to,
a data breach or a destructive malware campaign.
b. The CSIP directs OMB to update OMB M-07-16 by March
31, 2016, to reflect current
best practices and recent lessons learned regarding privacy
protections and data breach

standards. This updated guidance regarding the collection and
disposal of PII will help
agencies ensure compliance with relevant laws and regulations
for the protection of this
sensitive information.
c. To complement these efforts, the CSIP also directs OPM
within 3 months to review
options and develop and deliver to OMB recommendations for
making Identity
Protection Services a standard Federal employee benefit.
http://www.nist.gov/cyberframework/upload/cybersecurity-
framework-021214.pdf
http://www.nist.gov/cyberframework/upload/cybersecurity-
framework-021214.pdf
http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.8
00-53r4.pdf
fy2007/m07-16.pdf
fy2007/m07-16.pdf
fy2007/m07-16.pdf
Page 18 of 21
IV. Objective 4: Recruitment and Retention of the Most Highly-

Qualified Cybersecurity
Workforce Talent the Federal Government Can Bring to Bear
Human Resources
Strengthening Federal cybersecurity is not possible without the
appropriate talent. The
Federal workforce must keep pace with the growing dependence
on technology for mission
essential activities. A well-functioning security organization
requires a blend of technical,
policy, legal, and leadership resources covering multiple
disciplines within cybersecurity. A
focus on any one skillset without an understanding of overall
organizational needs can lead to
failure. The Cybersecurity Sprint identified two key
observations related to the Federal
cybersecurity workforce: 1) the vast majority of Federal
agencies cite a lack of cyber and IT
talent as a major resource constraint that impacts their ability to
protect information and
assets; and 2) there are a number of existing Federal initiatives
to address this challenge, but
implementation and awareness of these programs is
inconsistent. The CSIP initiates the
following actions to address these challenges in recruiting and
retaining a high-quality
cybersecurity workforce. These initiatives will inform a
broader Cybersecurity Human
Resources Strategy to be published by OMB within 6 months,
which will help ensure the
Federal Government can recruit, develop, and maintain a
pipeline of cybersecurity talent
throughout the Federal Government.
a. The CSIP directs all agencies to participate in the following
efforts:

i. OPM and OMB will compile existing Special Hiring
Authorities (by agency) that
can be used to hire cybersecurity and IT professionals across
government. OPM
will clarify legal guidelines and provide guidance to agencies
on how to increase
the understanding of these Special Hiring Authorities, and how
agencies should
work with their human resources departments to implement
them, where
appropriate, and rapidly close talent gaps and accelerate hiring
by December 31,
2015.
ii. Agencies will participate in OPM’s existing Special Cyber
Workforce Project,
which provides cybersecurity job codes by specialty, so that
agency leadership
can identify the universe of their cyber talent, understand
Federal-wide challenges
for retaining talent, and address gaps accordingly. Agency
CIOs, working
collaboratively with Chief Human Capital Officers, should use
this assessment to
identify their top five cyber talent gaps, which will be due to
OPM and OMB by
December 31, 2015.
b. The CSIP directs DHS to begin piloting their Automated
Cybersecurity Position
Description Hiring Tool across the Federal Government. DHS
is also directed to develop
and report on performance and adoption metrics so that agency
leadership can better

understand how to leverage the tool. Used in concert with
relevant OPM Position
Classification Standards, the tool will assist in the
implementation of the National
Initiative for Cybersecurity Education (NICE) Framework by
consistently mapping the
NICE job codes according to selected skills and KSAs
(Knowledge, Skills and Abilities).
The tool enhances cybersecurity workforce recruitment by
decreasing the applicant time-
https://www.chcoc.gov/content/special-cybersecurity-
workforce-project
Page 19 of 21
to-hire and by ensuring cybersecurity job announcements
contain clear, technical content.
DHS must also post their own internal Cyber Workforce
Analysis results on the CIO
Council Knowledge Portal by November 30, 2015, as a best
practice for other agencies
to leverage.
c. The CSIP directs OPM, DHS, and OMB, in coordination with
NIST and other NICE
partner agencies, to map the entire cyber workforce landscape
across all agencies using
the NICE National Cybersecurity Workforce Framework and
identify cyber talent gaps
and recommendations for closing them within 6 months. The

mapping exercise and
recommendation report should focus on:
i. Existing employees and open positions, starting with the
civilian agencies, this
assessment should also consider contractor resources.
ii. Existing resources and open positions within the DoD and the
IC, this assessment
should also consider contractor resources.
iii. Changes to human resources processes and systems that not
only incorporate best
practices for retaining and incentivizing employees, but
simplify and expedite the
hiring process.
iv. Capacity building actions to assist human resource
professionals in their efforts to
implement CSIP recommendations.
v. Training and professional development opportunities for the
existing workforce in
order to address critical needs.
vi. Leveraging the National Science Foundation CyberCorps®
Scholarship for
Service and the Advanced Technological Education program to
help inform
potential educational programs to help develop a pipeline of
students from
colleges, universities, and other providers.
vii. Driving awareness of cybersecurity internship opportunities
and programs that
establish the possibility of hiring participants into permanent

positions.
viii. Creating and deploying “Tiger Teams” comprised of
subject matter experts from
across the Government to address critical workforce needs.
d. The CSIP also directs OPM, DHS, and OMB, in coordination
with NIST and other NICE
partner agencies, to develop recommendations for Federal
workforce training and
professional development in functional areas outside of
cybersecurity and information
technology that support cybersecurity efforts within 6 months.
These recommendations
should address, at a minimum, the following functional areas:
legal counsel, budget,
procurement, privacy, and civil rights and liberties.
Page 20 of 21
V. Objective 5: Efficient and Effective Acquisition and
Deployment of Existing and
Emerging Technology
Existing/Emerging Technology
As stated above, the CSIP acknowledges the need for a defense
in depth approach, or a

layering of people, processes, procedures, and tools, to achieve
a more secure Federal
landscape. This section describes the steps the Federal
Government must take to provide
agencies with the appropriate technological toolset to
adequately secure the functions,
systems, and information enabling their missions. The
Cybersecurity Sprint Team observed
that the Federal Government has made strides in the incubation
and adoption of emerging
technology for cybersecurity purposes through innovation and
incubator programs, to include
the Defense Advanced Research Projects Agency’s Information
Innovation Office (I2O), the
DHS Homeland Security Advanced Research Projects Agency
(HSARPA), in particular the
Transition to Practice (TTP) program, and the NSF Secure and
Trustworthy Cyberspace
(SaTC) Transition to Practice (TTP) program. Furthermore,
Federal agencies have adopted
existing commercially available off-the-shelf (COTS)
technology through programs like
EINSTEIN and CDM. In addition to these incubators, the NIST
National Cybersecurity
Center of Excellence (NCCoE) is a public-private partnership
that fosters innovation and
accelerates the adoption of secure technologies for the public
and private sectors.
However, the connection between these programs and the
agencies in need of existing and
emerging technology must be strengthened. The Cybersecurity
Sprint identified a need for a
Federal-wide technology assessment followed by a
comprehensive program to assist agencies
with the procurement, assessment, certification and

accreditation of existing and emerging
technology. The CSIP initiates the following actions to address
the challenge of acquisition
and deployment of existing and emerging technology:
a. OMB, in coordination with NSC, and OSTP, will convene a
working group comprising
representatives, as appropriate, from DHS, GSA, NIST, DOD,
and the CIO Council, to
develop recommendations for strengthening and better
coordinating the collective ability
of Federal civilian departments and agencies to identify,
acquire, and rapidly implement
innovative commercially-available cybersecurity products and
services. The working
group will deliver its recommendations to the Federal CIO and
NSC Coordinator for
Cybersecurity by March 31, 2016.
b. The CSIP directs GSA to develop a procurement capability to
allow Federal agencies to
access the technology at any known Federal technology
incubator, to include, but not
limited to, the NCCoE, I2O, and DHS HSARPA by December
31, 2015.
c. The CSIP directs the Federal CIO Council to create an
Emerging Technology Sub-
Committee under the ISIMC by December 31, 2015 that will be
responsible for
facilitating efforts to expediently deploy emerging technologies
at Federal agencies. This
group will provide requirements, challenges, and feedback to
both incubators and

agencies.
http://www.darpa.mil/about-us/offices/i2o
http://www.dhs.gov/science-and-technology/hsarpa
https://www.nsf.gov/funding/pgm_summ.jsp?pims_id=504709
https://www.nsf.gov/funding/pgm_summ.jsp?pims_id=504709
https://nccoe.nist.gov/
https://nccoe.nist.gov/
Page 21 of 21
d. The CSIP directs GSA and DOE, in coordination with the
Federal CIO Council, DOD,
ODNI, DHS, and the NCCoE, to establish a working group that
will identify and connect
current testing environments for new technology solutions and
submit recommendations
for establishing new testing environment solutions to OMB no
later than December 31,
2015. Additionally, GSA will establish formal protocols for
agencies to utilize these
shared testing capabilities and share results broadly for
promising technology solutions
with potentially broad applicability.
e. The CSIP directs the DHS CDM Program to work with the
NCCoE to develop solutions
and guidance related to CDM including providing technical
guidance, best practices,
sample implementation plans, and capability assessment
methodologies within 2

months.
f. The CSIP directs the NCCoE, in addition to their existing
priorities, to focus on derived
credentials solutions and other strong authentication solutions
for mobile devices as a
critical component of a broader effort to improve mobile device
management.
STUDIA UBB. EUROPAEA, LXII, 2, 2017, 5‐ 15
CYBERSPACE AND THE NEW WORLD ORDER
Melania‐ Gabriela Ciot∗
DOI:10.24193/subbeuropaea.2017.2.01
Published Online: 2017-06-30
Published Print: 2017-06-30
Abstract

The present article is trying to bring into attention the new conc
ept of cyberization of
IR, by argumenting the importance of cyberspace and the instru
ments that it provides
for the scholars and practitioners for a new international
relations typology. The
constructivist approach is used for the notion of state responsibi
lity, for underlying the
behavior of a state in cyberspace. The necessity of an internatio
nal cyberspace policy is
evidenced, as well as the proposed international norms for assur
ing the cybersecurity.
The open international cyberspace will challenged national sove
reignty and the state
leaders will have to find ways of responding to this
continuous and sophisticated
threats that appeared recently.
Key words: cyberspace, cybersecurity, digital world,
international policy,
world order
1. Introduction
The challenge of the process of cyberization of the

International
Relations opens a sophisticated debate that ask for an
interdisciplinary
approach. This debate will invite scholars and practitioners fro
m different
fields of activity to join the exploration of the relation between
cyberspace
and international relations.
PhD, Associated Professor, Department of European Studies and
Governance, Faculty of
European Studies, Babeș‐ Bolyai University, Romania. Contact:
[email protected]
Melania‐ Gabriela Ciot
6
The idea of this article and of coordinating this number of
journal
Studia Europae under the topic Cybersecurity and the
restructuring of the
international system came from the observation of the
lack or insufficient
contributions in discussions and/or debates (not mentioning the
research)
from scholars and experts from academic community on the topi
c of the
influences that cyberspace exerts nowadays on the world
order and the
impact that it will have on restructuring of the international syst
em or on

the approaches of various subjects from the IR field, such
as: decision‐
making, international policies, international politics, internation
al security,
peacemaking, conflict, cooperation, negotiations, diplomacy.
Our dynamic society brought into attention new challenges for o
ur
daily life, as terrorism, emotional implications of decision‐ mak
ing process,
the increasing role of behavioral international relations,
the threats of
cyber‐ attacks and their increasing occurrence. We can say that
we are living
in a cyberworld and that we need cyber mechanisms to
convert to this
frame and tempo and to develop a sort of resilience to new threa
ts coming
from this new sort of non‐ state actor from international
cyberspace that
changes the perceptions of reality, our attitudes, and knowledge
processes.
The present article will present the implications of the cyber di
mension
in the restructuring of the international system, the research opp
ortunities
for the scholars from academic community and some possible de
velopments
of the international relations’ topology.
2. The cyberization of IR
Pablo A. Mazurier1 (2015) proposes a division of the social wor

ld in
four areas:
a. international arena – with state actors searching for power.
b.
transnational dimension ‐ developed after the last wave of glob
alization,
based on multinational corporations (MNCs) searching for
economic
benefits.
c. global community –
facilitated by the work of international organizations,
NGOs and social networks.
d.
cyberspace ‐ all the actors from the other fields behave searchi
ng for
cyberpower.
1 Pablo A. Mazurier, Facebook in Cyber Politics, 2015,
[http://www.cyberpolitics.eu/cyberpolitics_art_04_facebook.ht
ml], 4 June 2017
Cyberspace and the New World Order
7
The author believes that cyberpowers are managed by cyber‐ act
ors
depending on the knowledge and on the control of the infrastruc

ture and
of networks. Cyberspace is connected with the other three
areas. The
“cyber‐ actors exercises cyberpower in order to secure their ow
n interests,
not exclusively related with the cyberspace”2.
Fig. no. 1: The dimension of social world (after Mazurier, 2015,
http://www.cyberpolitics.eu/cyberpolitics_art_04_facebook.html
)
As we can see from above figure, the cyberspace
represents one
dimension of social world, characterized by multiplayers
which exerts
cybpowers by knowledge, infrastructure and networks3.
Bruner4 (2014) refers to the cyberspace as an
international, special
environment, in which is hard to attribute some actions to a spe
cific actors – and
this brings novelty to the world order, because we cannot
establish the
responsibility. In his article, the author presents different model
s of state
responsibility and applies it to the cyberspace dimension, focusi
ng on the
behavior of a state in cyberspace.
By using a constructivist perspective for approaching the notion
of state

responsibility as basis for prospecting it
in cyberspace, Bruner5 identifies
two models: vertical – communitarian model and horizontal –
bilateral model:
2 Ibidem
3 Ibidem
4 Tomáš Bruner, 2014, States in cyber‐ space: perspectives
of responsibility beyond attribution,
[https://ecpr.eu/.../f1874dac‐ 6e16‐ 4d9c‐ b936‐ 723754fcc869.
...], 23 June 2017
5 Ibidem, p. 3
Cyberspace
dimension
Multiplayer
Cyberpower
International
dimension
States
Power
Transnational
dimension
MNCs
$$

Global dimension
Global civil society,
NGOs, Global
institutions,
Individuals
Social Values
Melania‐ Gabriela Ciot
8
Fig. no. 2: Models of state responsibility (after Bruner, 2015, p.
4).
The vertical model states that the state responsibility
toward the
international community and to its citizens and demands
that the state
responsibility should express the
interest of people, rather that the states
and serves to
their protection6. The horizontal model underlines that the
state’s responsibility is understood in terms of bilateral
relationships of
states7.
The constructivist approach could be used by connecting
these
models with the constructed levels of anarchy proposed
by Alexander
Wendt8, as Bruner proposed9. He mentioned the three

ECON 202 Written AssignmentDue April 28th Submitted through Blac

ECON 202 Written AssignmentDue April 28th Submitted through Blac

Recommended

Recommended

More Related Content

Similar to ECON 202 Written AssignmentDue April 28th Submitted through Blac

Similar to ECON 202 Written AssignmentDue April 28th Submitted through Blac (11)

More from EvonCanales257

More from EvonCanales257 (20)

Recently uploaded

Recently uploaded (20)

ECON 202 Written AssignmentDue April 28th Submitted through Blac