CSEC620IA1
Transcript of CSEC620IA1
-
7/24/2019 CSEC620IA1
1/12
IA#1 Cybercrime Law, Regulation, Effects on Innovation
John Doe
CEC !" ection $""
%ote& 'his (a(er was submitte) through originality chec* websites+
-
7/24/2019 CSEC620IA1
2/12
'able of Contents
1. Introduction............................................................................................3
2. Private Industry & Regulations...................................................................4
3. National Security Concerns........................................................................4
4. Methods..................................................................................................6
. I!"acts o# $overn!ent Regulation.............................................................%
6. Co!"liance.............................................................................................
%. Res"onsi'ility..........................................................................................(
. )he Real *orld.......................................................................................1+
(. Conclusion.............................................................................................11
Re#erences..................................................................................................12
2
-
7/24/2019 CSEC620IA1
3/12
1. Introduction
Cybersecurity and cybersecurity initiatives are commonplace in all aspects of our digital
lives. Personal computers are still widely used, especially in the workplace, but mobile devices
seem to be the preferred computing choice of the average person. This would include but not be
limited to; smart phones, tablets, and laptops to name a few. Mobile devices have changed the
digital landscape in a manner that could not have been predicted. This is because other than
work or school related activities, most personal computers were used to play a few games, check
email, and browse the internet. These activities eventually transitioned over to the
aforementioned mobile devices. ow we mi! in social media, and a whole new digital cyber"
world has emerged. Talk about getting your head out of the clouds. #e live in the cloud,
literally and figuratively.
#hat does this mean to the average consumer$ Perhaps not much. Most people who
operate in the digital world could probably care less about the underpinnings of cyberspace and
the digital devices that we use from the time we wake up in the morning until we go to sleep at
night. %s with many other aspects of our lives here in the &.'., there needs to be something in
place to try and protect our citi(ens from the pitfalls that await them through the use of these
devices. There is a reason for government intervention in many cases. #e citi(ens need certain
protections to ensure our safety. )egulations put in place to thwart cybercrimes are *ust as
important given the terrible conse+uences that could result. #ith that said, this may seem like a
personal issue. owever, given the threat potential that data breaches carry, this could evolve
from a simple personal issue to a national security issue.
-
-
7/24/2019 CSEC620IA1
4/12
2. Private Industry & Regulations
There is a large percentage of our population that feels that our government is too
involved in regulating our lives. There is likely an e+ually large percentage of our population
that feels *ust the opposite. s our government *ustified in its efforts to dictate to private industry
the methods in which they choose to setup, maintain, and/or improve their cybersecurity$ That
answer is two"fold. The private industry entities that provide products and services for the
federal government and/or public use in this country need to face at least some regulations. This
is especially true for those industries that service national security, our critical infrastructures, the
military, and perhaps those that have access to our personal and/or financial data. The private
industry entities that do not fall under this category probably should not be bound to such
regulations. 0)ecent trends of globali(ation, outsourcing, offshoring, and cloud computing, have
changed the structure of organi(ations and their cyberspace1, %sllani, #hite, 3 4ttkin, 256-7.
This is why it is essential to have laws and regulations in place to protect organi(ations and their
digital assets. % compromise in the confidentiality, integrity, and availability of these
organi(ations and their systems could lead to a number of different problems for the general
public, and even lead to potential national security issues.
3. National Security Concerns
Putting our nation8s national security at risk is unacceptable. Therefore, the products and
services that the federal government procures from private corporations have to follow certain
guidelines to ensure that they are relatively safe to use. %dherence to 'T ational nstitute of
'tandards 3 Technology7 standards is mandatory for federal organi(ations. 'T is a 0a non"
regulatory agency of the 9epartment of Commerce, to develop a cybersecurity framework to
:
-
7/24/2019 CSEC620IA1
5/12
help regulators and industry participants identify and mitigate cyber risks that potentially could
affect national and economic security1, ei, 256:7. aws have to be in place to ensure that the
products and services that the government procures meet these standards. #ithout such
regulations, we run the serious risk of ac+uiring products and services from companies that put
profit over +uality. f the bottom line becomes the top priority of a company then the +uality and
integrity of the product or service can come into +uestion. This is especially true as it relates to
national security and cybersecurity.
%ny compromise to the integrity of our classified information and networks puts
everyone at risk. #e honestly cannot control what types of information that is collected on us by
intelligence agencies, although many would argue that we should. ow and why that
information is collected and used is often considered a matter of national security. These
discretionary actions by the three letter agencies '%,
-
7/24/2019 CSEC620IA1
6/12
e!changes regarding government intervention and regulation of the internet for e!ample. %n
article in the nformation 3 Communications Technology aw *ournal appropriately refers to the
internet as a 0network of networks1 ?ing, 255:7. The internet essentially provides
interconnectivity between organi(ations which can inadvertently e!pose their information and
assets to the cyber"world. 'ince organi(ations operate in both public and private spaces, some
regulation is necessary to ensure that they operate at a standard that protects and safeguards data
that they access. There are different data security laws on the books to do *ust that.
-
7/24/2019 CSEC620IA1
7/12
security and protection of data are supported by both sides of the isle in congress. The problem
is that when we get past the basic premise that these proposed laws represent, the additional
provisions seem to be the source of opposition between the two ma*or political parties. C'P% is
a good e!ample given that it passed in ouse which held a republican ma*ority, but not the
senate which was dominated by democrats at the time. The part of the legislation that was most
likely the sticking point was the liability protection that both sides would not agree on.
&nfortunately, this is the reality that we face with opposing views on regulation, privati(ation,
and government intervention.
5. I!acts o" #overnent Regulation
The impacts and effects of government regulation being implemented by private industry
are debatable. owever, would argue that these regulations help since they would provide
government oversight to help deal with cyber"threats. Companies like @eneral 9ynamics,
ockheed Martin, and orthrop @rumman to name a few have government regulations that they
have to adhere to in order to do business with our government. 'ince the public sector and
defense industries are their bread and butter, they have to adapt to such regulations. This is
important since actions by cyber"criminals can precede physical attacks on critical
infrastructures, systems, and people. Monitoring terrorist recruitment activities in cyberspace is
a good e!ample of the effects of regulated cooperation between private industry and the
government. This e!ample also has global implications as well given that the internet and
cyberspace are entities that span the globe. Cybersecurity regulations, best practices, and
monitoring all have international implications as well. Thankfully, no large scale acts of
terrorism have succeeded in the &nited 'tates since the 'eptember 66 thattacks back in 2556. #e
E
-
7/24/2019 CSEC620IA1
8/12
have seen a number of cyber"attacks on private and public systems, but none that have resulted in
a ma*or disaster.
ne could also argue that we have been lucky in a sense. Considering that there are some
regulations in place by the federal government that the private industry must adhere to, there are
several seemingly good cybersecurity bills that never manage to get passed. This in my opinion
has more to do with bipartisan politics than what is good for the country. say this because one
side of the isle favors privati(ation and the other side favors government intervention. % happy
medium would suffice, but does not seem to be much of an option. The Cybersecurity %ct of
2565, The Protecting Cyberspace as a ational %sset %ct of 2565, nternational Cybercrime
)eporting and Cooperation %ct, and The Cybersecurity %ct of 2562 are all e!amples of
legislation that failed to pass, but all proposed good viable options that could not seem to
traverse the bipartisan barrier of &.'. politics, =oulee et al., 256-7.
$. Co!liance
-
7/24/2019 CSEC620IA1
9/12
cybercriminals bank on the fact that some organi(ations both public and private may try to trim
costs from their computer security budgets. This only increases the probability of a cyber"attack.
This could also serve as an e!ample of how not to actually save a dime if your organi(ation
becomes the victim of a cyber"attack that could have been prevented by simply aiming to e!ceed
the minimum cybersecurity standards and re+uirements. 0'pam, phishing, and computer viruses
are becoming multibillion"dollar problems1, @oodrich 3 Tamassia, 25667. 9epending on what
your organi(ational function and ob*ectives are, the financial implications of these types of
attacks could go a long way towards the ultimate failure of your operations or business.
%. Res!onsiility
The responsibility to protect national security should fall into the hands of our federal
government. owever, both the federal government and private industry have an obligation to
operate in a manner that protects the information and assets of our nation. This includes not only
corporate or public assets and information, but also the assets and information about our citi(ens.
Private industry8s role in protecting national security is an important one, but since regulation of
private industry has limits, the ultimate responsibility needs to fall on our federal government.
9espite the limited federal regulations that private industry is currently bound, there are a few
very important pieces of legislation that provide important protections and accountability
re+uirements that must be adhered to. The 'arbanes !ley %ct of 2552 'H7 re+uires that
corporate management 0assess the effectiveness of internal control measures, including
cybersecurity1 )ishikof 3 unda, 25667 by ensuring accountability, protection, and
safeguarding of financial resources and assets. Biolation of this act can result in government and
criminal sanctions.
-
7/24/2019 CSEC620IA1
10/12
to safeguarding health related information that is transmitted electronically. %lso, as mentioned
earlier, the @ramm"each"=liley %ct of 6FFF @=%7 enforces and regulates data security
re+uirements to protect financial information. 9espite all of these different laws and regulations,
again private corporations still have additional levels of responsibility when it comes to
cybersecurity and the protection of both public and private information and assets.
'. (he Real )orld
There are a number of large corporations that are allowed to operate with limited
regulations when it comes to cybersecurity and data protection. arge retailers for e!ample have
the means in which to ade+uately protect consumer data and P Personally dentifiable
nformation7. owever, many until recently sort of had a lackadaisical approach to
cybersecurity. t was only after large"scale data breaches that e!ploited millions of customer8s
personal and credit card information, did they bother to take more precautionary measures. The
problem is that the damage was already done.
n a report in the nternal %uditor *ournal it was stated that in 256: alone 0thieves have
targeted customer data at e=ay, ome 9epot, eiman Marcus, and Target1 Py(ik, 256:7. This
would account for millions of customer8s personal and credit card information. @iven the level
of financial ruin that identity theft can cause, more regulation under these circumstances is
needed, and would not leave it up to these large corporations to decide how and when to put
such regulations into effect. would make it mandatory so the only way to achieve that goal is to
put it into law.
65
-
7/24/2019 CSEC620IA1
11/12
*. Suary and Conclusion
Cybersecurity laws and regulations are a good thing. Mitigating risks that put our
national security and personal information in *eopardy is a good thing.
-
7/24/2019 CSEC620IA1
12/12
doiI65.65G5/6-D55G-5:25552FD2EE
9ennis, C. M., 3 @oldman, 9. %. 256-7. 9ata 'ecurity aws and the Cybersecurity 9ebate.
cover story7. Aournal of nternet aw, 6E27, 6"66.
=oulee, A., 9avis, #., ?antner, )., Mc9onald, ?., Metcalf, A., 3 Pae(, M. 256-, Auly 2D7. The
cybersecurity debateI Boluntary versus mandatory cooperation between the private
sector and the federal government J e!ology. )etrieved May 2F, 256>, from
httpI//www.le!ology.com/library/detail.asp!$gKE5aE2c-F"-6DG":>c-"FdaD"
>c:baadafF:b
'hackelford, '. A., 3 Craig, %. . 256:7. =eyond The ew L9igital 9ivideLI %naly(ing the
4volving )ole of ational @overnments in nternet @overnance and 4nhancing
Cybersecurity.tanfor! Journal of International Law, "#67, 66F"6G:.
@oodrich, M., 3 Tamassia, ). 25667. ntroduction. n ntroduction to computer security p. -7.
=oston, MassachusettsI Pearson.
)ishikof, ., 3 unda, ?. 4. 25667. Corporate )esponsibility in Cybersecurity. $eorgetown
Journal of International %ffairs, 167, 6E"2:.
Py(ik, ?. 256:7. 'afeguarding Customer 9ata.Internal %u!itor, '1>7, 22"2-.
n.d.7. )etrieved May 2D, 256>, from
httpsI//www.whitehouse.gov/sites/default/files/cybersecurity.pdf
62
http://www.lexology.com/library/detail.aspx?g=70a72c39-3168-45c3-9da6-5c4baadaf94bhttp://www.lexology.com/library/detail.aspx?g=70a72c39-3168-45c3-9da6-5c4baadaf94bhttps://www.whitehouse.gov/sites/default/files/cybersecurity.pdfhttp://www.lexology.com/library/detail.aspx?g=70a72c39-3168-45c3-9da6-5c4baadaf94bhttp://www.lexology.com/library/detail.aspx?g=70a72c39-3168-45c3-9da6-5c4baadaf94bhttps://www.whitehouse.gov/sites/default/files/cybersecurity.pdf