Securing Cyberspace for the 44th Presidency: Difference between revisions
No edit summary |
No edit summary |
||
Line 32: | Line 32: | ||
(3) only a comprehensive national security strategy that embraces both the domestic and international aspects of cybersecurity will make us more secure. | (3) only a comprehensive national security strategy that embraces both the domestic and international aspects of cybersecurity will make us more secure. | ||
Details the state of the nation's cybersecurity, and the informational losses that the United States has been subjected to. The report indicates that a primary point of confusion may be found in misinterpreting the threat of cybersecurity in an industrial era mindset, and over-relying on market based solutions arising to protect vital national interests. Also identified as a key source of vulnerability is a government organized for the industrial age, a giant hierarchical conglomerate with high costs associated with making decisions and obtaining information where crossing organizational boundaries is involved. The indicated result is a porosity that leaves information that grants the U.S. strategic advantages is vulnerable and has been penetrated. | Details the state of the nation's cybersecurity, and the informational losses that the United States has been subjected to. The report indicates that a primary point of confusion may be found in misinterpreting the threat of cybersecurity in an industrial era mindset, and over-relying on market based solutions arising to protect vital national interests. Also identified as a key source of vulnerability is a government organized for the industrial age, a giant hierarchical conglomerate with high costs associated with making decisions and obtaining information where crossing organizational boundaries is involved. The indicated result is a porosity that leaves information that grants the U.S. strategic advantages is vulnerable and has been penetrated. | ||
The authors criticize CNCI as being good, but not sufficient. The initiative should not be scrapped, but should definitely be improved. Focusing only on defending government leaves abundant room for such security to be outflanked and bypassed. | The authors criticize CNCI as being good, but not sufficient. The initiative should not be scrapped, but should definitely be improved. Focusing only on defending government leaves abundant room for such security to be outflanked and bypassed. | ||
The core finding reported is that an attitude shift must take place with respect to cybersecurity; it must be treated as one of the dominant security challenges faced by the nation. However, such efforts must not come at the expense of American democratic traditions as they can and should offer the opportunity to reinforce these values. | The core finding reported is that an attitude shift must take place with respect to cybersecurity; it must be treated as one of the dominant security challenges faced by the nation. However, such efforts must not come at the expense of American democratic traditions as they can and should offer the opportunity to reinforce these values. | ||
The authors present the successful adaptation of American policy towards Weapons of Mass Destruction and non-proliferation as a powerful paradigm for success in cybersecurity. By shifting non-proliferation to a position of primacy in international activities, the U.S. succeeded in encouraging non-proliferation to be normative in state interactions. Pushing cybersecurity to a position of prominence in present and future efforts is suggested as offering significant opportunities to improve national and global security. There are also multiple possible points of contribution identified for agencies ranging from the Department of State to the Department of the Treasury. The primary emphasis is on cultivating a norm supporting cybersecurity, rather than a specific set of regulations. The authors identify the Council of Europe Convention on Cybercrime (CECC) as one of the most important efforts in cultivating exactly the sort of norms that would help protect our vital national interests. The CECC is a multilateral treaty requiring signatory nations to create the basic legal infrastructure that fighting cybercrime requires and to assisting other nations in investigating and prosecuting cyber criminals. | The authors present the successful adaptation of American policy towards Weapons of Mass Destruction and non-proliferation as a powerful paradigm for success in cybersecurity. By shifting non-proliferation to a position of primacy in international activities, the U.S. succeeded in encouraging non-proliferation to be normative in state interactions. Pushing cybersecurity to a position of prominence in present and future efforts is suggested as offering significant opportunities to improve national and global security. There are also multiple possible points of contribution identified for agencies ranging from the Department of State to the Department of the Treasury. The primary emphasis is on cultivating a norm supporting cybersecurity, rather than a specific set of regulations. The authors identify the Council of Europe Convention on Cybercrime (CECC) as one of the most important efforts in cultivating exactly the sort of norms that would help protect our vital national interests. The CECC is a multilateral treaty requiring signatory nations to create the basic legal infrastructure that fighting cybercrime requires and to assisting other nations in investigating and prosecuting cyber criminals. | ||
==Additional Notes and Highlights== |
Revision as of 09:35, 24 June 2010
Full Title of Reference
Securing Cyberspace for the 44th Presidency
Full Citation
Center for Strategic and Int'l Studies, Securing Cyberspace for the 44th Presidency (2008). Web
Categorization
- Overview: Government Reports
Key Words
National Cybersecurity Strategy (U.S.), Privacy, CNCI, federal information security management act (FISMA), Trusted Internet Connections Initiative (TIC), CERT, NIST,
Synopsis
The Center for Strategic and International Studies began this project in August 2007, after the United States suffered a wave of damaging attacks in cyberspace. Guided by our congressional cochairs, we assembled a group of individuals with experience in both government and cybersecurity. The aim of the group was to identify recommendations that are critical to the nation's future cyber objectives. The Commission's three major findings are:
(1) cybersecurity is now a major national security problem for the United States,
(2) decisions and actions must respect privacy and civil liberties,
(3) only a comprehensive national security strategy that embraces both the domestic and international aspects of cybersecurity will make us more secure.
Details the state of the nation's cybersecurity, and the informational losses that the United States has been subjected to. The report indicates that a primary point of confusion may be found in misinterpreting the threat of cybersecurity in an industrial era mindset, and over-relying on market based solutions arising to protect vital national interests. Also identified as a key source of vulnerability is a government organized for the industrial age, a giant hierarchical conglomerate with high costs associated with making decisions and obtaining information where crossing organizational boundaries is involved. The indicated result is a porosity that leaves information that grants the U.S. strategic advantages is vulnerable and has been penetrated. The authors criticize CNCI as being good, but not sufficient. The initiative should not be scrapped, but should definitely be improved. Focusing only on defending government leaves abundant room for such security to be outflanked and bypassed. The core finding reported is that an attitude shift must take place with respect to cybersecurity; it must be treated as one of the dominant security challenges faced by the nation. However, such efforts must not come at the expense of American democratic traditions as they can and should offer the opportunity to reinforce these values. The authors present the successful adaptation of American policy towards Weapons of Mass Destruction and non-proliferation as a powerful paradigm for success in cybersecurity. By shifting non-proliferation to a position of primacy in international activities, the U.S. succeeded in encouraging non-proliferation to be normative in state interactions. Pushing cybersecurity to a position of prominence in present and future efforts is suggested as offering significant opportunities to improve national and global security. There are also multiple possible points of contribution identified for agencies ranging from the Department of State to the Department of the Treasury. The primary emphasis is on cultivating a norm supporting cybersecurity, rather than a specific set of regulations. The authors identify the Council of Europe Convention on Cybercrime (CECC) as one of the most important efforts in cultivating exactly the sort of norms that would help protect our vital national interests. The CECC is a multilateral treaty requiring signatory nations to create the basic legal infrastructure that fighting cybercrime requires and to assisting other nations in investigating and prosecuting cyber criminals.