2. Cybersecurity in the Private Sector
The nation’s businesses manage a significant share of online activity
related to national security and must play a larger role in ensuring the
overall integrity of the system.
The heavy reliance on the private sector for security, including
cybersecurity, was accentuated during the Bush administration, which
contracted out significant parts of missions that previously were carried
out in-house. This trend has been only slightly scaled back during the
Obama administration. In short, it is now almost impossible to imagine a
secure United States in which security is provided only to the computers
and Internet used by the public sector. 2
3. Cybersecurity in the Private Sector
At first blush, it might seem that the private sector would strongly support
new measures that enhance cybersecurity. Many of the crimes committed
in cyberspace, such as electronic monetary theft, impose considerable
costs on private companies. The same holds for industrial espionage,
especially from other countries, which deprives U.S. corporations of the
fruits of long investments in R&D and grants major advantages to unfair
competitors. In addition, if cyber warfare were to break out, many of the
assets that would probably be damaged belong to private corporations.
And not to be overlooked, businesses are operated by individuals who, one
assumes, have a vested interest in the nation’s security. 3
4. Cybersecurity in the Private Sector
In addition to such philosophical arguments, however, there are a
number of more practical barriers that have limited, and continue to
limit, efforts to improve private sector security.
❖ MISSING INGREDIENTS
❖ COSTS OF INACTION
❖ GOVERNMENT RESISTANCE
❖ MODEST PROPOSALS
❖ NEEDED ACTIONS
4
5. 1. MISSING INGREDIENTS
Some security experts argue that current
incentives for corporations to better secure
their computer systems are not aligned in
ways that promote voluntary actions. The
credit card system is often cited as an
example where incentives are correctly
aligned, dating from the 1970s when the
government placed limitations on consumer
liability for fraudulent charges. This change
in liability motivated the industry to develop
needed security measures. 5
6. 2. COSTS OF INACTION
The bottom line is that incentives have not been
changed much, few regulations have been
enacted, and no major public funds for private
security have been made available. The net result
is that cybersecurity is weak for work carried out
in and by the private sector, and public security is
paying the price.
6
7. 3. GOVERNMENT RESISTANCE
Many corporations shy away from cybersecurity
responsibility. As Terry Zink, program manager
for Microsoft Forefront Online Security, has
pointed out, Internet service providers (ISPs)
and individual users “don’t have the expertise or
financial motivation required to do it.
Government can recruit bright individuals to
create a program of cyber-health monitoring
and they have access to the resources necessary
to implement such a program. …And let’s face it,
government doesn’t have to have a profit motive
to support something. 7
8. 4.MODEST PROPOSALS
Several commissions have studied what
must be done to enhance cybersecurity in
cooperation with the private sector. Their
reports tend to follow the optimal design
approach: They list what ought to be
done in a world free from ideological
biases and political capture, and thus
read like the plans of someone who is
designing a building to be erected on a
heretofore empty lot.
8
9. 5. NEEDED ACTIONS
The plan features a new national data-breach
reporting policy that would require private
institutions to report security breaches to the
affected individuals and the Federal Trade
Commission (FTC) within 60 days. The FTC
would be responsible for enforcing penalties
against violators, and DHS would have a
regulatory role over the cybersecurity of critical
infrastructure, which would include defense
firms and major telecommunication and
banking institutions.
9
11. Cyber security has evolved into a central board topic and a
core business concern. Gone are the days where cyber risk
management was avoidable. Today, companies are more
informed security buyers, looking for efficient and effective
investments rather than mere silver bullets.
In a constantly-evolving world of cyber threat, what is the role
of the private sector? A panel of experts addressed the topic
at the US Chamber of Commerce 5th Annual Cybersecurity
Summit in Washington, DC.
11
12. The panel agreed that businesses of all sizes must take on the
challenges of ransomware, third party risk, and security
complacency. They must also recognize the increasing
attention regulators are placing on private sector cyber
practices and safeguards, according to panelist Natalie Lehr,
Vice President of Analytics at TSC Advantage.
12
13. Proactive Defense Requires Going on the
Offense
As the number and sophistication of threats has increased over time,
the conversation around cybersecurity has changed from educating
business leaders on why it’s important, to identifying their priority
security needs and providing them with solutions that offer the
greatest return on their security investment dollar.
13
14. Lehr recommended four ways to start.
❖ 1. Harmonize Technology, Processes and People
❖ 2. Transfer Risk!
❖ 3. Share Information
❖ 4. Get Back to Basics
14
15. New security threats pop up all the time, and IT security professionals
need to stay up to date with the latest tactics hackers are employing in the
field. In addition to the high-level responsibilities mentioned above, some
specific duties IT security teams do, include:
❖ Set and implement user access controls and identity and access
management systems
❖ Monitor network and application performance to identify and irregular
activity
❖ Perform regular audits to ensure security practices are compliant
Responsibilities of the Cyber Security
Professional
15
16. ❖ Deploy endpoint detection and prevention tools to thwart malicious
hacks
❖ Set up patch management systems to update applications
automatically
❖ Implement comprehensive vulnerability management systems across
all assets on-premises and in the cloud
❖ Work with IT operations to set up a shared disaster recovery/business
continuity plan
❖ Work with HR and/or team leads to educate employees on how to
identify suspicious activity
16
17. Cyber-security Challenges in India
India carving a niche for itself in the IT sector, dependence on technology is also
increasing. However, there are two things that set India aside from the players in
the big leagues, like the United States and China, and that is design and density.
With Indians using the internet for all their needs, ranging from shopping to
banking, studying to storing data, cyber crimes have also increased in proportion
to usage.
❖ Some of the Cybersecurity challenges in India are as follows:
❖ Lack of uniformity in devices used for internet access
❖ Lack of national level architecture for Cybersecurity
❖ Lack of separation
❖ Lack of awareness
17
18. CYBER SECURITY IN DOMESTIC USE
It’s an interesting coincidence, as cyber security, technology,
and domestic violence have only become more entangled over
time Improvements in technology are a double edged sword in
this way true, it brings more effective communication, but also
makes domestic violence much easier What is home network
security and why should I care? Home network security refers
to the protection of a network that connects devices—such as
routers, computers, smartphones, and Wi-Fi-enabled baby
monitors and cameras—to each other and to the internet
within a home.
18
19. TYPES OF DOMESTIC CYBER CONTAINS
❖ Critical Infrastructure Cyber security
❖ Network Security
❖ Cloud Security
❖ Internet of Things Security
❖ Application Security
19