The document outlines the timeline of key US cybersecurity policies and initiatives from 2003 to 2013, including the establishment of the Department of Homeland Security and the National Cyber Security Division. It discusses how power relationships within the US government have affected cybersecurity policy, and the effects of episodic, social, and system power circuits. Issues identified with US cybersecurity efficacy include a lack of clear leadership, competing priorities, an unurgent threat perception, and insufficient private sector support and resources. The document proposes improvements such as designated cybersecurity leadership, increased regulation and training, improved information sharing, and public-private partnerships.

1. By Sandy Suhling

2. US Policy Timeline
 Department of Homeland Security established 2003
 National Cyber Security Division created 2003 (Bayuk
et al., 2012)
 National Strategy to Secure Cyberspace 2003
 Comprehensive National Cybersecurity Initiative 2008
(Office of Inspector General, 2010)
 Cyberspace Policy Review 2009
 International strategy for Cyberspace 2011
 PPD 23 2013

3. Discussion of how power relationships in the US government
have affected our cyber security policy

4. Circuits of Power: Episodic power
 Creation of DHS and its evolution (Dhillon, 2013)
 Effects on episodic power
 Cyber security not considered urgent
 Problem with Cyber Security leadership
 Executive Order 2013

5. Circuits of Power: Social Integration
 September 11th Terrorist attacks (Dhillon, 2013)
 Creation of Department of Homeland Security
 Homeland Security Act 2020
 Competition among DHS missions
 Desire to appear patriotic and loyal

6. Circuits of Power: System Integration
 Cyber Security Enhancement Act of 2002 (Dhillon, 2013)
 Resistance: privacy protection for citizens
 Stop Online Piracy Act of 2012

7. US Cyber Security Efficacy
 Lack of strong leadership
 Competition with other missions
 Threat not seen as visibly
 Keep coming up with strategies
 Need support of private sector
 Backing with resources

8. Possibilities for improvement
 Need for clear leadership
 Support from administration and private sector
 Regulations for government agencies and contractors
holding sensitive and classified information (OIG, 2012)
 Information security training program for government
employees relevant to varying roles, make available to
private sector
 Regulate government use of firewalls and physical server
security, recommendations for private sector
 Improved information sharing and cyber threats (Fischer et
al., 2013)
 Focus on private-public partnerships, incentives for private
sector adoption of cybersecurity measures

9. References
 Bayuk, J.L., Healey, J., Rohmeyer, P., Sachs, M. H., Schmidt, J.,
and Weiss, J. (2012). Cyber security policy guidebook. Hoboken,
NJ: John Wiley & Sons. Retrieved from
http://site.ebrary.com.proxy.library.vcu.edu/lib
/vacommonwealth/docDetail.action?docID=10630610
 Dhillon, G. (2013). Interprise cyber security: Principles and
practice. Washington, DC: Paradigm Books.
 Fischer, E.A., Liu, E.C., Rollins, J., and Theohary, C.A. (2013).
The 2013 cybersecurity executive order: Overview and
considerations for Congress. Congressional Research Service.
Retrieved from https://www.fas.org/sgp/crs/misc/R42984.pdf
 Office of Inspector General. (2010). DHS needs to improve the
security posture of its cybersecurity program systems.
Department of Homeland Security. Retrieved from
http://permanent.access.gpo.gov/gpo11236/OIG_10-
111_Aug10.pdf