About | HeinOnline Law Journal Library | HeinOnline Law Journal Library | HeinOnline
LOG IN
LOG IN

1 [1] (December 19, 2024)

handle is hein.crs/goveryk0001 and id is 1 raw text is: Informing th leg sIative dabate si nee 1914 Cybersecurity: A Primer Introduction Th The information technology that Americans use to chat with co loved ones and make purchases are the same that can be de turned against them to deny access to services, steal their su information, or compromise the digital systems they trust. ne These tools exist in cyberspace, and the security of that de environment is a vast endeavor involving government, the D private sector, international partners, and others. res This In Focus provides an overview of cybersecurity for policymaking purposes, describes issues that cybersecurity T affects, and discusses potential actions Congress could take. Th -an The Nature ofCybersecurity dir The term cyber is frequently attached to a variety of da security issues, underscoring the fact that issues el surrounding the management of cyberspace and its security are immense and complicated. Fo To highlight how complicated it is, consider that the federal ha government does not have a single definition of cyberspace pa or cybersecurity. The Cyberspace Solarium Commission an defined cyber as als Relating to, involving, or characteristic of pa computers, computer networks, information and ha communications technology (ICT), virtual systems, tar or computer-enabled control of physical ne components. Th While this definition may be suitable for a broad discussion It about information technology, it does not account for Co relevant policymaking considerations concerning Re cybersecurity. Essentially, cybersecurity is the security of Re cyberspace. K As an example, consider a single smartphone. An American ca company may have designed the device, but the device may be built by a different company abroad using material from C yet another country. The phone runs on software built by ca one company but modem operating systems borrow code in from other companies and developers. Once a user has the to device it will likely be connected to a variety of networks ag such as a home wireless network, a corporate network, and ne a cellular network. Each of these networks has its own ste infrastructure, but also share common internet co infrastructure. The user will also install applications that att contain code and use infrastructure by yet other myriad of companies. Imagining users at the center, one can see large cy and intricate systems on one side and the other to create th these devices and ensure their operation. The entire infrastructure and all those services that are part of In cyberspace exist to deliver an experience to a user, a vu human. Updated December 19, 2024 us, from a policymaking standpoint cybersecurity can be nsidered the security of cyberspace-which includes the vices, infrastructure, data, and users that make it up. To pport cybersecurity policymaking, adjacent fields also ed consideration. Education, workforce management, investment, entrepreneurship, and research and velopment are necessary to get a product to market. evelopers, law enforcement, intelligence, incident ponse, and national defense are necessary to respond when something goes awry in cyberspace. hreats e nation faces many threats (manmade and not) with an array of capabilities to carry out attacks. Threat actors may ectly target the elements of cyberspace (e.g., networks, ta, services, and users). However, they may also use these ements to attack industry through cyberspace. r instance, a hacker operating independently or under a nation-state's instruction may target a hospital system. The cker may send ransomware to a hospital to extort yment before the hospital can regain access to its files d devices. However, during that attack the hacker may o install a tool on the hospital's network, providing persistent access they will use to steal data, including tient information or other sensitive information. The cker can then use that information to identify additional gets. In this scenario the hacker has attacked the hospital twork, networked medical devices, and patient data. e Director of National Intelligence (DNI) delivers the elligence Community's Worldwide Threat Assessment to ngress. In 2024, the DNI highlighted The People's public of China, the Russian Federation, the Islamic public of Iran, the Democratic People's Republic of orea (North Korea), and criminals as the greatest concerns. These actors have demonstrated a growing pability and capacity for attacks against U.S. interests. hina is the most active actor conducting espionage mpaigns and also has the capability to disrupt frastructure. Russia seeks to use disruptions in cyberspace bolster its military and foreign policy goals. Iran's gressiveness in using cyber capabilities threatens tworks and data. North Korea uses cyberspace to spy, al, and disrupt. Transnational criminal organizations will ntinue to conduct phishing, fraud, and ransomware acks for their own economic gain and under the direction a nation-state. The more these adversaries engage in berattacks, the more their expertise and willingness to use eir capabilities grow. addition to threat actors, users face threats from inherent lnerabilities in software. The Log4j vulnerability is one

What Is HeinOnline?

HeinOnline is a subscription-based resource containing thousands of academic and legal journals from inception; complete coverage of government documents such as U.S. Statutes at Large, U.S. Code, Federal Register, Code of Federal Regulations, U.S. Reports, and much more. Documents are image-based, fully searchable PDFs with the authority of print combined with the accessibility of a user-friendly and powerful database. For more information, request a quote or trial for your organization below.



Short-term subscription options include 24 hours, 48 hours, or 1 week to HeinOnline.

Purchase Access

Already a HeinOnline Subscriber?

Log In

profiles profiles most