четверг, 21 февраля 2019 г.
Government Enforced Cyber Security, a Public Good? Essay
We altogether survive that cyber warrantor measure is roughthing of great importance to of every sentencey(prenominal)one exhausting to nurture their profits assets, customer assets, and personal assets. The list of possible risks associated with neglecting to en hurl well-be contr flirtd cyber warranter surgical incision be endless, and the dangers lurking break in cyber set as well as legion(predicate) to imagine bothone who is controlling any type of company net give to ignore tho the question here is whether or non the organization should become the cyber tri excepte go forr not only at heart in its sustain authorities empyrean except also within the privy empyrean as well as a world levelheaded. in the lead we get into the discussion of whether or not the presidential term should play this role, I believe we should boast a short discussion on what public technical actually means. Generally spe equivalentg public well-be countenanced is a loose term apply to bonnyify ab appear kind of sue one is taking, by saying that it is in the best following of the command cosmos to do so.The implications behind the exercising of the term public good is that 1 the bodily function is beneficial to a majority of the population and 2 that the majority of the population is either too ignorant, or incapable for some reason of performing the action for themselves. The utilise of the term is also expert because it is non-specific as to WHO is actually benefiting from the actions is it the ecumenic consumer, the small businesses, big businesses, the political sympathies activity, a limited bet group, all of the above, none of the above, Who? Who is actually benefiting from the act? By exploitation the term the public good one does not have to posting for who is actually benefiting. Nor do they have to identify who might be harmed or negatively affected by the action either. Additionally by victimisation the term that it is for the public good, by default the concept of how oft will it speak to, and who is going to pay for it, is seemingly automatically a non-concern.So by the rattling nature of the term for the public good the exploiter of said term has attempted to write themselves a blank check, quantifying and justifying any and all actions they mean to implement and enforce. The term public good has been used by various entities through with(predicate) out(p) history to accomplish some of the close to horrendous iniquitys against their people, and to extort unimaginable amounts of wealth and goods from their populations. Anytime the term public good is used to ask for justification for an action from any entity it should be at once critically examined with a truly find tooth comb to find what the motivations for such(prenominal)(prenominal) a kind gesture might be, as well as analyzed by a staunch accountant to find out where the money is, and where it leads in the proposition. Th e term public good more than any different term I end think of, is more very much(prenominal) than not the very term used to lead more sheep to their declare quiet slaughter wherefore any war cry ever has. It should always be approached with skeptism and caution when used, especially in conjunction with the countersignature governance.Is Enforcement of Cyber Security a Public Good?Should the enforcement of cyber guarantor measures measure be considered a public good? This is a very difficult question to answer. In theory, on the surface, enforcement of cyber security seems corresponding it might be a very viable public service. As viable as new(prenominal) security segments offered as a public good such as the services of army and police protections. But then you begin to look a slim deeper into the subject and you realize that enforcement of cyber security protections has many more layers then the enforcement of strong-arm protections such as military and police. I n order to enforce cyber security an entity would have to do much more than simply provide, train, and fund forces to guard the physical areas that are in danger. Enforcing cyber security is much more akin to forcing a draft of military service on the general population and forcing them to pay for their own room, board, training and service expenses while they are in the military to boot.In order to enforce cyber security you must force each person who has any interaction with the cyber world, into becoming a cyber security guard, whether they wish to be one or not. Additionally you force any entity whether its a multi-billion dollar corporation, a single person rivulet a business out of their basement, or a member of the general population at large trying to access the net profit, into funding not only the physical equipment and software required to be a good cyber security guard, but the endless training and education expenses associated with it as well. It would be like an ent ity not only suggesting that people should have locks on their doors, but enforcing it with requirements for double steel enforced 12 inch wide doors with a minimum 3 locks on it.One of which had to be specialty ciphers lock, and penalizing those that do not have said door, by taking away their accurate house. This public good if done the way it would be required to be done to actually be minimally rough-and-ready, has now become a universal burden just like taxes, whos only biotic community quality would be the unified contempt the public would have for its enforcing entity and enforcement policies very much like the contempt the general public has for the IRS. This all cosmos said, I think it safe to say that calling the mandatory enforcement of cyber security a public good is about as accurate as calling the mandatory taxes we pay a public good. roughly people when left to speak of their own analysis as to whether or not taxes are really something that is good for the majori ty of the public would feed to beg to differ.Should politics enforce cyber security in the toffee-nosed sector?The judicature of the United States has many roles. Some of these are roles it was intended to have by the Founding Fathers, as written into the Constitution, and most others were assumed, inherited, given, or seized by some means lock unknow to me. One of the proper roles of the politics is to provide protection to its citizens by the creation and enforcement of laws that protect the people, ie..Murder is a crime punishable by death and the creation of protection entities/forces such as police, fire, and military, to physically patrol the areas our citizens inhabit to protect the lives, and property that they own, which is inclusive of the go through they occupy as a republic. These concepts were pretty cut and dry, although our congress still found a way to somehow muddy them but until lately with the invention of the cyberspace and cyber space it was pretty easy to tell where the borders of our nation ended and anothers began, and what constituted a criminal action against another persons world or property. At least(prenominal) the common man could tell these things, lawyers, judges and politicians send away be excluded from that statement.In cyberspace, there are no boundaries. The line of what to protect and what is out-of-door the part of required giving medication protection is very gray. thitherfore the political science up until now has restricted its enforcement of cyber security to its own government mesh topologys. This level of protection is the proper responsibility of the government, because it is protecting its networks in the interest of study security. The department responsible for the protection of its citizens as well as national security is the Department of Defense. The past 15 years with the explosion of Information Systems the vindication has found that its workload and responsibilities have increased dramati cally with the government use of Information Technology systems. In the past 5 years simply the cyber security workload on the DOD has more than doubled. Although the U.S. DOD is in all prob tycoon the most secure and efficient government entity in the world, it is far from high-flown on levels of security, and it escapes the manpower and resources to keep up with its own demands of cyber security implementations.I have worked in the DOD for over 10 years now, and can tell you first hand that security incidences occur daily, and the security risks to our government networks is a constant ebb and flow of action/reaction. Rarely does the department get a chance, have the time, or the resources to be pro-active or else of re-active. at long last as well, with the very best security technologies in place, heretofore the government must remain dependant on the homo elements to protect the networks, and tuition. The Wiki-Leaks internet postings are a perfect example of that depen dency gone badly. It whitethorn or may not have been a technical mis-security that allowed that government employee access to all that sensitive data, but it was ultimately several human failures that allowed for that information to be posted on the internet.The failure of the trusted government employee to keep the information he was entrusted with secret, and the failure of how many internet wind vane site owners to work at protecting sensitive national data of the body politic some of them were actual citizens of. The idea that the latest DOD could even enforce cyber security in the private sector is not only laughable, but also an extremely menacing and terrifying concept. The government enforcement of cyber security in the private sector, for the public good of coursewould be cypher more than a ruse to cover its real aim which would be regulation of the internet, or to put it bluntly the control of the last only un modulate vestige of free speech. Besides the obvious mil itary issue of lack of integrity behind its intentions there are numerous reasons why the U.S. regimen should stay out of the business of regulating the enforcement of cyber security in the private sector.The government, as stated above does not actually have the time, or the resources to manage or enforce any other security implementations right(prenominal) of itself. The government already spends most of its time in reactive musical mode on the security frontier trying to find agreeitional time to analyze or formalise the security set ups of private sector companies as well would be near impossible. The government does not have the money. Funding for such things as IT equipment hardware and software upgrades is already spread extremely thin. Many times government offices and system are trail on hardware and software that are years behind the current releases due to replacement funding issues. The government lacks the technical expertise in its ranks to be able to support or even audit / validate the security implementations in private businesses. Over 80% of the technical manpower working on government systems are contract workers, hired in because of the lack of security/technical expertise in the government employee workforce. The government does not have within its background signal the right to enforce cyber security implementation within the private sector. The government scope as describe by the constitution is to protect its citizens against foreign attack on its own sovereign soil, as well as to protect its citizens from physical attacks and close of their private property within the boundaries of its nation. There are no boundaries to cyber space therefore when a citizen of the U.S. chooses to enter into the boundary less area known as cyberspace, they are choosing to inhabit an area that is out of doors the scope of their countries ability to protect them. They do this at their own risk. If these same citizens left the sanctuary dev ice of the U.S. and put themselves willingly into the midsection of Egypt right now, they are taking their chances replete(p) well knowing that they are willingly giving up the safety and protection of the U.S. If they are suck upn captive, the U.S. will attempt to negotiate for their release, but it cannot, and will not guarantee it. If it can secure their release or do anything at all for them, it will, but many times it can do nothing so far outside its jurisdiction just ask Nicholas Berger, the American beheaded in Iraq several years ago. The governments responsibility to provide protections to its citizens is a provision of protections that are within reason. Although the government provides police, fire, medical and military services to their citizens I for one do not have my own personal police officer, or adulterate escorting and to attend to me in case I should run into a mugger on the street or get a sniffle in the middle of the night. The services provided are broad, sweeping, and for the use of the general population to both concentrate and deter its own population from being criminals as well as to protect and serve its own population. Cyberspace is not its own population. The government was never given authority to baffle business, in any way, shape, or form not for the public good or for its own expansion. non in the name of protections for its people, and not with its intent to progress to legal monopolies, or cater to interest groups. Regulation of any business interests, including the enforcement of cyber security on business networks is outside of what the government is sup exhibitd to doing, and a conflict of interest to the type of government that was originally established for the country which was a democracy. The government does not have the flexibility to efficiently enforce, and manage the cyber Security regulations and deference of the private sector, and in trying to do so, would only hinder the draw near of the cyber secu rity technologies industries, and protections implemented by the private sector. Cyber Security is a paltry target. The government is a lethargic beast. Government bureaucracy consumes easily 60% of all the time, money and resources spent by the government. Time being the biggest issue on this point. Cyber security in order to be the most effective has to be able to be tweaked, re-configured, and updated as fast as your reasonable cyber criminal can re-invent ways to penetrate. The higher value the data is that you work with as a company, the quicker and more flexible you must be to maintain a secure network status. An individual with little rich data on their system does not need to be all that concerned with the security posture of their system. Not all systems, businesses, and networks can be considered the same, and each ones security posture is going to be based on the value of what they are trying to protect. All cannot and should not be regulated the same. Creating any ty pe of tiered regulation for cyber security enforcement will add layers of bureaucracy and therefore delays in actual implementation. Once again being counterproductive to the enforcement in the first place.Who is going to pay for the government to take on this further endeavor? I dont know about you but I pay enough in taxes for fruitless programs, counterproductive government measures, misrepresented & abused government powers, and generally boilers suit government meddling in the private sector, both businesses and personal. Even if they shoot the businesses for their services the cost will ultimately end up on the general population. This is where the cost always ends up and this will be no exception.What is the point of the government enforcing cyber security regulating the portion of the internet that runs through the U.S. internet gateways and DNS servers, when it has absolutely no control, or jurisdiction to control anything outside of it. All you would be doing is creatin g a black market for foreign internet feeds creating yet another flourishing criminal market. Does prohibition the very act that gave the organized mob their greatest power and fastest wealth windfall, or the more modern war on drugs that is only serving to create some of the most vicious cartel wars seen, why because the attempt to regulate and control it only serves to make it an even more juicy smuggled industry.Shouldnt the government stay cogitate on where it should be focused? Especially since IT has the largest network, with the most valuable and sensitive data in the country on it. Protection of this data actually falls within the scope and responsibility of the government, in the interest of national security. The data on its network actually does have life and death consequences to people.Very few other enterprises exercise data with such importance and consequence. So shouldnt the government worry about its own house and worry about maintaining it instead of trying t o regulate the private industry which is not only outside of their scope of responsibility, but is also a project with so much less importance then their own. It seems insane to wish them to focus on anything other than their own networks, and data. The one exception would be for them to have a level of standards required of any business network that was allowed to connect presently to them. I am happy to report, these are relatively few.What would be the trespass of government enforced cyber security in the private sector?There would be numerous impacts to the private sector if government tried to enforce cyber security regulations. Many I can name right now, and numerous I am sure would be unexpected results. The price for such regulation would ultimately fall on the average citizen to bear. The price for such regulation would drive numerous smaller companies unable to bear the cost (and also processing information not much worth hacking) out of business. The overall security posture for the private sector as a whole would be reduced- business that needed increased security then government standards would even out with businesses needing very little security carrying all kinds of security they dont need. The rights of a business and the people to use their own judgment to decide the amount of security needed on their enterprises is once again diminished, and compromised, as well as them to suffer the consequences of misjudgments nullified. make dependency on the government for critical thinking and analytical skills as well as basic survival skills is continued. A flourishing and profitable black market for non-regulated internet feeds is created. The integrity of the biased lean of the information being regulated through to the general population is immediately nether question resulting in further distrust of the regulating entityie government. boilers suit to both the businesses being regulated and the businesses that produce technology instrumen ts and devices the impact would be negative.Should private industry have the responsibility to protect national security? Private industry has a duty to protect national security when its a situation that is a direct action to do so. For example, a company that processes government information has a duty to protect that information. A company that sells porcelain dolls has no responsibility to protect the national security. scarcely as they would not load up their employees with camouflage and weapons and send them out to a base to somewhere to assist the troops for a daytime every week, they dont have a duty or responsibility to practice cyber security out on the internet like some kind of mercenary.It is good business sense for them to practice some level of cyber security that is appropriate to the sensitivity and value of the data they process but that is an act of self interest and a show of good business intelligence. Not only does private industry not have a responsibility to protect the national interest by practicing cyber security, but once again should protect their own interests and leave the national interest to the appropriate experts. Only companies that process government information, or connect to government systems should be attempting to apply cyber security in the name of national interest. Those are the only people who have that duty and the only people decently schooled in the expertise to do so, and should have an interest to. Any other business or entity should remain concerned with their own business interests, or be brought under suspect for spying or espionage they have no business being concerned with the national defense and should stay out of it.ReferencesTuutti , C. (2010, September 13). Cyber expertsespionage, apts, malware among most dangerouscyber terrors. Retrieved from http//www.thenewnewinternet.com/2010/09/13/cyber-experts-espionage-apts-malware-among-most-dangerous-cyber-threats/Stenbit, John.P. Department of Defense, Command,Control communications and Intelligence. (2003).Information assurance implementation (8500.2).Washington, DC DISA.Bavisi, J. (2010, July 26). Biggest national security threat cyber attack. Retrieved from http//www.foxbusiness.com/personal-finance/2010/07/26/biggest-national-security-threat-cyber-attack/Dhamankar, Dausin, Eisenbarth, King, Kandek, Ullrich, Skoudis, Lee, R., M.,M.,J.,W.,J.,E.,R. (2009, September 09). The top cyber security risks. Retrieved from http//www.sans.org/top-cyber-security-risks/Aitoro, J. (2010, August 17). Employees still pose biggest security threat, survey finds. Retrieved from http//www.nextgov.com/nextgov/ng_20100817_1347.phpBishop, M., & Irvine, C. (2010). Call in the cyber national guard IEEE calculator and Privacy, 8(1), Retrieved from http//www.computer.org.ezproxy.umuc.edu/portal/web/csdl/abs/html/mags/sp/2010/01/msp2010010056.htmClarke, R.A. (2010). Cyber war the next threat to nationalsecurity and what to do about it. New York, NY Ecco.
Подписаться на:
Комментарии к сообщению (Atom)
Комментариев нет:
Отправить комментарий