About | HeinOnline Law Journal Library | HeinOnline Law Journal Library | HeinOnline
LOG IN
LOG IN

1 [1] (December 14, 2018)

handle is hein.crs/govyab0001 and id is 1 raw text is: Cogesoa Reeac Seric Cybersecurity: An Introduction Introduction The past decade has seen a rapid increase in both the utility and risk from networked devices. The very tools Americans use to chat with loved ones and make purchases are the same tools which can be turned against them to deny access to services, steal their information, or compromise the digital system they trust. These tools exist in cyberspace, and the security of that environment is a large endeavor involving government, the private sector, international partners, and others. This In Focus provides an overview of cybersecurity for policymaking purposes, describes issues that cybersecurity affects, and discusses potential actions Congress could take. The Nature of Cybersecurity The term cyber is frequently attached to a variety of security issues, underscoring that issues surrounding cyber management and security are big and complicated. To highlight how big it is, consider a single smartphone. An American company may have designed the device, but the device may be built by a different company abroad using material from yet another country. The phone runs on software built by one company but modern operating systems borrow code from other companies. Once a user has the device it will likely be connected to a variety of networks such as a home wireless network, a corporate network, and a cellular network. Each of these networks has its own infrastructure, but also share common Internet infrastructure. The user will also install applications that contain code and use infrastructure by yet another myriad of companies. Placing users at the center, there are large and intricate systems to create these devices and others to ensure those devices work. To highlight how complicated it is, consider that the federal government does not have a consensus definition of cybersecurity. One entity-the Commission on Enhancing National Cybersecurity-defined cybersecurity as The process of protecting information and information systems by preventing, detecting, and responding to unauthorized access, use, disclosure, disruption, modification, or destruction in order to provide confidentiality, integrity, and availability. While this definition may be suitable for system administrators and other information technology professionals, it does not account for relevant policymaking considerations. Essentially, cybersecurity is the security of cyberspace. Therefore, it is equally important to understand cyberspace. Updated December 14, 2018 When users go online they might work with their bank, get their email, conduct business, or get the news by accessing services. But those services don't exist independently. Those services rely on a common infrastructure of servers and switches, miles of cabling, wireless spectrum, and routers. That same infrastructure is used by other services too, such as utilities and shipping to ensure products arrive as intended-or by businesses to develop new products more efficiently and manage their operations. The entire infrastructure and all those services that are part of cyberspace exist to deliver an experience to a user, a human. Thus, from a policymaking standpoint cybersecurity can be considered the security of cyberspace-which includes the devices, infrastructure, data, and users that make it up. To support cybersecurity policymaking, adjacent fields provide valuable insight. Education, workforce management, investment, entrepreneurship, and research and development are necessary to get a product to market. Developers, law enforcement, intelligence, incident response, and national defense are necessary to respond when something goes awry in cyberspace. Threats The nation faces many threats with an array of capabilities and capacities to carry out attacks. Threat actors may target the elements of cyberspace (e.g., networks, data, services, and users). However, they may also use these elements to attack industry through cyberspace. For instance, a hacker operating independently or under a nation-state's instruction may target a hospital. The hacker may send ransomware to a hospital to extort payment before the hospital can regain access to its files and devices. But during that attack the hacker may also install a tool on the hospital's network, providing persistent access they will use to steal data, including patient information and their transactions. The hacker can use that information to identify additional targets. In this scenario the hacker has attacked the hospital network, networked medical devices, and patient data. Each year the Director of National Intelligence (DNI) delivers the Intelligence Community's Worldwide Threat Assessment to Congress. For the past few years the Director has addressed cyber as the first and most significant risk in the statement. In 2016, the DNI listed threats by the risk they pose, starting with the countries of Russia, China, Iran, and North Korea before describing all manner of non-state actors (such as criminal organizations, lone-wolf(s) and terrorists) in a single group. This order considers the actor's technical capability, willingness to conduct cyber operations, and effectiveness as a threat to national security. https://crsreports.congress go 0

What Is HeinOnline?

HeinOnline is a subscription-based resource containing thousands of academic and legal journals from inception; complete coverage of government documents such as U.S. Statutes at Large, U.S. Code, Federal Register, Code of Federal Regulations, U.S. Reports, and much more. Documents are image-based, fully searchable PDFs with the authority of print combined with the accessibility of a user-friendly and powerful database. For more information, request a quote or trial for your organization below.



Short-term subscription options include 24 hours, 48 hours, or 1 week to HeinOnline.

Purchase Access

Already a HeinOnline Subscriber?

Log In

profiles profiles most