About | HeinOnline Law Journal Library | HeinOnline Law Journal Library | HeinOnline
LOG IN
LOG IN

1 [1] (January 8, 2025)

handle is hein.crs/goveryx0001 and id is 1 raw text is: Informing the Iegislative debate sinee 1914 Updated January 8, 2025 Cybersecurity: A Primer Introduction The information technology that Americans use to chat with loved ones and make purchases are the same that can be turned against them to deny access to services, steal their information, or compromise the digital systems they trust. These tools exist in cyberspace, and the security of that environment is a vast endeavor involving government, the private sector, international partners, and others. This In Focus provides an overview of cybersecurity for policymaking purposes, describes issues that cybersecurity affects, and discusses potential actions Congress could take. The Nature ofCybersecurity The term cyber is frequently attached to a variety of security issues, underscoring the fact that issues surrounding the management of cyberspace and its security are immense and complicated. To highlight how complicated it is, consider that the federal government does not have a single definition of cyberspace or cybersecurity. The Cyberspace Solarium Commission defined cyber as Relating to, involving, or characteristic of computers, computer networks, information and communications technology (ICT), virtual systems, or computer-enabled control of physical components. While this definition may be suitable for a broad discussion about information technology, it does not account for relevant policymaking considerations concerning cybersecurity. Essentially, cybersecurity is the security of cyberspace. As an example, consider a single smartphone. An American company may have designed the device, but the device may be built by a different company abroad using material from yet another country. The phone runs on software built by one company but modem operating systems borrow code from other companies and developers. Once a user has the device it will likely be connected to a variety of networks such as a home wireless network, a corporate network, and a cellular network. Each of these networks has its own infrastructure, but also share common internet infrastructure. The user will also install applications that contain code and use infrastructure by yet other myriad companies. Imagining users at the center, one can see large and intricate systems on one side and the other to create these devices and ensure their operation. The entire infrastructure and all those services that are part of cyberspace exist to deliver an experience to a user, a human. Thus, from a policymaking standpoint cybersecurity can be considered the security of cyberspace-which includes the devices, infrastructure, data, and users that make it up. To support cybersecurity policymaking, adjacent fields also need consideration. Education, workforce management, investment, entrepreneurship, and research and development are necessary to get a product to market. Developers, law enforcement, intelligence, incident response, and national defense are necessary to respond when something goes awry in cyberspace. Threats The nation faces many threats (manmade and not) with an array of capabilities to carry out attacks. Threat actors may directly target the elements of cyberspace (e.g., networks, data, services, and users). However, they may also use these elements to attack industry through cyberspace. For instance, a hacker operating independently or under a nation-state's instruction may target a hospital system. The hacker may send ransomware to a hospital to extort payment before the hospital can regain access to its files and devices. However, during that attack the hacker may also install a tool on the hospital's network, providing persistent access they will use to steal data, including patient information or other sensitive information. The hacker can then use that information to identify additional targets. In this scenario the hacker has attacked the hospital network, networked medical devices, and patient data. The Director of National Intelligence (DNI) delivers the Intelligence Community's Worldwide Threat Assessment to Congress. In 2024, the DNI highlighted The People's Republic of China, the Russian Federation, the Islamic Republic of Iran, the Democratic People's Republic of Korea (North Korea), and criminals as the greatest concerns. These actors have demonstrated a growing capability and capacity for attacks against U.S. interests. China is the most active actor conducting espionage campaigns and also has the capability to disrupt infrastructure. Russia seeks to use disruptions in cyberspace to bolster its military and foreign policy goals. Iran's aggressiveness in using cyber capabilities threatens networks and data. North Korea uses cyberspace to spy, steal, and disrupt. Transnational criminal organizations will continue to conduct phishing, fraud, and ransomware attacks for their own economic gain and under the direction of a nation-state. The more these adversaries engage in cyberattacks, the more their expertise and willingness to use their capabilities grow. In addition to threat actors, users face threats from inherent vulnerabilities in software. The Log4j vulnerability is one

What Is HeinOnline?

HeinOnline is a subscription-based resource containing thousands of academic and legal journals from inception; complete coverage of government documents such as U.S. Statutes at Large, U.S. Code, Federal Register, Code of Federal Regulations, U.S. Reports, and much more. Documents are image-based, fully searchable PDFs with the authority of print combined with the accessibility of a user-friendly and powerful database. For more information, request a quote or trial for your organization below.



Short-term subscription options include 24 hours, 48 hours, or 1 week to HeinOnline.

Purchase Access

Already a HeinOnline Subscriber?

Log In

profiles profiles most