About | HeinOnline Law Journal Library | HeinOnline Law Journal Library | HeinOnline
LOG IN
LOG IN

1 [1] (December 15, 2020)

handle is hein.crs/govdcxn0001 and id is 1 raw text is: %4¾ ~ tiE>sct~rch $3c ~ .................. Updated December 15, 2020 Cybersecurity: A Primer ird uct i n There is a continued increase in both the utility and risk from networked devices. The very tools Americans use to chat with loved ones and make purchases are the same tools which can be turned against them to deny access to services, steal their information, or compromise the digital system they trust. These tools exist in cyberspace, and the security of that environment is a large endeavor involving government, the private sector, international partners, and others. This In Focus provides an overview of cybersecurity for policymaking purposes, describes issues that cybersecurity affects, and discusses potential actions Congress could take. Te Nature ofCy r ry The term cyber is frequently attached to a variety of security issues, underscoring that issues surrounding the management of cyberspace and its security are big and complicated. As an example, consider a single smartphone. An American company may have designed the device, but the device may be built by a different company abroad using material from yet another country. The phone runs on software built by one company but modern operating systems borrow code from other companies and developers. Once a user has the device it will likely be connected to a variety of networks such as a home wireless network, a corporate network, and a cellular network. Each of these networks has its own infrastructure, but also share common internet infrastructure. The user will also install applications that contain code and use infrastructure by yet other myriad companies. Imagining users at the center, one can see large and intricate systems on one side and the other to create these devices and ensure those devices work. To highlight how complicated it is, consider that the federal government does not have a single definition of cyberspace or cybersecurity. Recently, the Cyberspace Solarium Commission-defined cyber as Relating to, involving, or characteristic of computers, computer networks, information and communications technology (ICT), virtual systems, or computer-enabled control of physical components. While this definition may be suitable for a broad discussion about information technology, it does not account for relevant policymaking considerations concerning cybersecurity. Essentially, cybersecurity is the security of cyberspace. When users go online they might work with their bank, get their email, conduct business, or get the news by accessing services. But those services don't exist independently. Those services rely on a common infrastructure of servers and switches, miles of cabling, wireless spectrum, and routers. That same infrastructure is used by other services too, such as utilities and shipping to ensure products arrive as intended-or by businesses to develop new products more efficiently and manage their operations. The entire infrastructure and all those services that are part of cyberspace exist to deliver an experience to a user, a human. Thus, from a policymaking standpoint cybersecurity can be considered the security of cyberspace which includes the devices, infrastructure, data, and users that make it up. To support cybersecurity policymaking, adjacent fields also need consideration. Education, workforce management, investment, entrepreneurship, and research and development are necessary to get a product to market. Developers, law enforcement, intelligence, incident response, and national defense are necessary to respond when something goes awry in cyberspace. Th reats The nation faces many threats with an array of capabilities and capacities to carry out attacks. Threat actors may directly target the elements of cyberspace (e.g., networks, data, services, and users). However, they may also use these elements to attack industry through cyberspace. For instance, a hacker operating independently or under a nation-state's instruction may target a hospital system. The hacker may send ransomware to a hospital to extort payment before the hospital can regain access to its files and devices. However, during that attack the hacker may also install a tool on the hospital's network, providing persistent access they will use to steal data, including patient information or hospital operations material. The hacker can then use that information to identify additional targets. In this scenario the hacker has attacked the hospital network, networked medical devices, and patient data. The Director of National Intelligence (DNI) delivers the Intelligence Community's Worldwide Threat Assessment to Congress. For the past few years the Director has addressed cyber as the first and most significant risk in the assessment. In 2019, the DNI listed threats by the risk they pose, starting with the countries of Russia, China, Iran, and North Korea: As the world becomes increasingly interconnected, we expect these actors, and others, to rely more and more on cyber capabilities when seeking to gain Mip-------------------.-,'*g-v

What Is HeinOnline?

HeinOnline is a subscription-based resource containing thousands of academic and legal journals from inception; complete coverage of government documents such as U.S. Statutes at Large, U.S. Code, Federal Register, Code of Federal Regulations, U.S. Reports, and much more. Documents are image-based, fully searchable PDFs with the authority of print combined with the accessibility of a user-friendly and powerful database. For more information, request a quote or trial for your organization below.



Short-term subscription options include 24 hours, 48 hours, or 1 week to HeinOnline.

Purchase Access

Already a HeinOnline Subscriber?

Log In

profiles profiles most