Cyber Security Strategy

Private/Public partnership with DHS NCCIC

Some of the important aspect of cyber security Act 2015 is recognition of responsibility of private sector in supporting fight against cybercrimes. Through the Act, there is challenge for the private organization to engage with government in sharing classified cyber threats (Office of the Director of National Intelligence, 2015). The timely sharing results to government possessing unclassified and classified information that relates to cyber threats. The result is a defensive approach by the government in responding to the threats thus ensuring the country and the private sector are safe. There is mitigation of adverse effects from cyber threats, which has potential to steal data from government department and private institutions (Office of the Director of National Intelligence, 2015). The partnership allows periodic sharing of targeted outreach on best cyber security practices. Through working together of private and federal government, it is possible to enhance attention and accessibilities to solutions that curb spread of cyber threat ion the country (Office of the Director of National Intelligence, 2015). Further, there is sharing of information in real time ensure that problems that relates to cyber problem are handled consistently. Therefore, it results to practical incorporation of existing roles and processes in sharing centers.  In the data centers, the information is synthesis ensure that solutions are available to handle cyber threats and prevent their adverse effects on individuals or organizations (Office of the Director of National Intelligence, 2015). Additionally, the partnership between government and private organizations allows configuration of technical capabilities that supports cyber security. 

What the DHS NCCIC Needs To Share With Private Sector Organizations

The Department of Homeland Security (DHS) needs to share different information relating to cyber security such as how to identify terrorist’s threats in the country. The government requires providing a platform for the private organization to enable them assess terror threat through cyber space (Nolan, 2015). The platform is through empowering the private sector to understand potential and actual vulnerabilities to their country and organizations. Further, the DHS NCCIC has a role in disseminating information on how to interrogate information in unclassified and classified form for the private sector. The private organizations require empowerment to understand how to handle cyber security threats information with different government agencies.  Additionally, DHS needs to share information that pertains to information systems critical to manage cyber threats (Nolan, 2015). The information guides the private organization to understand how to protect themselves against cyber terrorists. Further, there is need to share how to raise warnings that are critical in the cyber security field. Therefore, the private sector is able to actively interpret threats that have potential hot reduce the capacity of handling cyber security threat. In addition, the DHS requires providing private organization with information on how to use information that relates to cyber threats (Nolan, 2015). After analysis, the private organization requires to share such information with the federal government to help fight against cyber threat in the country. Further, the DHS NCCIC needs to share information on how to identify and monitor incidents and threat that affect cyber infrastructure. 

Type of Threat Information That Enable Private Organizations Secure Their Networks Effectively

Information pertaining to threat is important for private organization include understanding the types of threats in the cyber space. Understanding the challenge involves analyzing there threat of an organization and communicating it to all leaders in a firm. The procedure supports monitoring methods in addition to preparing of resolutions on how to report such eventualities to government agencies (Raduege, 2013). Actually, embracing risk intelligence is an essential procedure for organization in securing their business. Understanding risks that face business makes it possible to generate different approaches of dealing with such problems. Further, information on how to gather quarterly reports in cyber security threat is necessary. The information is relevant in ensuring that organizations are able to track and develop chart metrics that quantifies intrusion possibilities (Raduege, 2013). A designated leader or an executive requires serving as nexus to cyber related activities within the organization. Additionally, information about how to coordinate efforts that targets reducing cybercrime activities is necessary. The system allows the organization to work with the government in securing some critical infrastructure that is potential to cyber-attack. The information that supports this capacity is coordination of sensitive data sharing and protocols in the information and technology department (Raduege, 2013). It is also necessary that organization adopt methods of effective communication with the government to report incidences of cybercrimes. Dialogue and transparency should further characterize the coordination between government and private organization. The impact is organizations that are prepared to tackle cyber threats problems that are continually changing. 

What Private Organizations Needs to Share with NCCIC

Private organizations have responsibility of sharing information that pertains to their plans to handle cyber security threat. The management requires providing details of the mechanisms in place to ensure that cyber threats are minimal in the company. Further, it is also necessary that organizations provide the NCCIC the type of risks they identify to face their organizations (Center for Democracy & Technology, 2011). The risk establishes a link between organization capacities to handle such challenges. The information is essential in enabling NCCIC to provide framework within which organization collaborates with government to boost their preparedness to cyber threat (Center for Democracy & Technology, 2011). The organization also requires providing information that relates to policies and initiatives that they put to protect issues of cyber threat. Through this approach, information on their extent of updates of such information is necessary. It helps the firm to understand how it could incorporate its services in helping such organizations. In addition, organizations have to provide details of incidences of cyber threats in their company. The information needs to incorporate how they respond to such eventualities and challenges they faced. It is also important that firms provide details of how they enable an environment that encourages innovativeness among employees in support of tackling cyber threat (Center for Democracy & Technology, 2011). The details should provide innovativeness given to such employees to encourage them to embrace sound and acceptable security practices. Moreover, it is the responsibility of management to provide information on how they support research on changing challenge of cyber threat. The impact is progressive protection efforts that support increasing cyber security. 

Mandatory Offering Private Information and Possible Consequences

There is need of a mandatory regulation requiring private organization providing security information to the government. Government has the responsibility of protecting the lives of people even in the private sector. Therefore, it is necessary that any information that relate to security given to government authorities. Indeed, if securities breaches occur in organizations, the government is indirectly affected (Deloitte University Press, 2017). Indeed, such issues results to the country being unattractive to investors who perceive it as insecure. Therefore, operations and threats facing any organization affect the government and thus need to sharer such details. In addition, the government needs to assure its people of security irrespective of their place of work. Organizations cannot carry on their own operations with regulations that boost such security (Deloitte University Press, 2017). Further, sharing security information allows government to remain alert and ensure that the threats that face its people are minimal. Actually, without sharing such information, terror groups are likely to use organizations as target spots for their activities.  In addition, some organization can be the breeding ground for insecurity in a country. The situation occurs if organizations employ foreigners without conducting relevant background check. Therefore, it is necessary to require all organization to report about their security efforts and threats to the government. 

However, mandatory provision of security to the government relatively interferes with employees’ rights of personal privacy. If government gets detailed data about employees, it infringes on their privacy and has potential to cause conflict between the employee and the employer. During employment, there is an agreement that employer keeps private information of his employees confidential (Deloitte University Press, 2017). Therefore, through giving of such information the relationship is broken. The situation may result to some employees unwilling to conceal some of their personal details to their employees. Despite, this challenge, the effort of getting personal information of workers enhances security for the government. The move allows the employees to know their actions are under monitoring strategy by the government. Therefore, issues of engaging in security breaches by such individuals are minimal. The resultant is a secure country and organization where people can work without fear of external attacks. The revelation of private data further boosts the working relationship of employees, employers and the government in assuring security in a country (Deloitte University Press, 2017). Nevertheless, the government needs to assure the employees that their private data remains confidential and it only aims to use it to boost their security within their organization. The efforts makes the employees feel as important stakeholders in supporting the goals of their organization. 

How to Update Cyber Security Act of 2015

In order to promote and add value to their cyber security efforts in the United States, there is need to update the 2015 Act to include mandatory training of employees on cyber threats (Heidenreich, 2015). Organization should offer training to their employees to ensure they understand their role in preventing cyber threats. There government requires providing the framework for the training to ensure that it is informed and achieves the set objectives. Further, the Act needs updating to ensure that it prohibits purchase of technological products especially services from unverified dealers (Heidenreich, 2015). The move helps in reducing incidences of spread of malware that may pass into the system through computers. The Act further needs to introduce requirement for organization to apply for licenses that show that they support fight against cyber security threat (Heidenreich, 2015). The licensing will compel the organizations to share all security information with the government agencies and this will promote protection in the cyber space. In addition, the Act should ensure that all organizations have a copy of cyber security regulations and guidelines. The policies need placing in open places in the organization to act as reminders of all employees about their role in enhancing cyber security. Further, there needs free toll numbers that supports the organization and its employees to communicate any issues of cyber threat they identify in course of their work. 

Department of Defense Cyber Strategy 

Department of Defense Role in Enhancing Homeland Security for Private Organizations

The private organizations require engaging with the Department of Defense (DOD) in understanding their role in helping achieve the objective of securing critical infrastructure. Therefore, it is the role of private organizations to establish collaboration with the DOD to protect their infrastructure (Lohrmann, 2018). The private sector should provide maps and location of their critical infrastructure and especially those that support communication. The effect will be capacity of the DOD to secure such infrastructure as they conduct their patrols. Indeed, such interests by the DOD on infrastructure offers some hope to private organizations about security of their infrastructure (Lohrmann, 2018). It further assures them of their smooth running despite challenges of cyber security facing different industries. The private organizations therefore have a role of updating the DOD of their challenge concerning securing their critical infrastructure. This provides a platform for mutual relationship where the DOD offers support and enhances workability of such infrastructures. 

Responsibility of Department of Defense in securing Private Critical Infrastructure

Though private organizations own majority of critical infrastructure, the DOD has responsibility of securing them. Indeed, the government and the private sector work as partners in promoting the welfare of a country (Lohrmann, 2018). The incidence is majorly evident in the communication that the private sector mostly owns.  However, the public and some government agencies rely on these infrastructures for their communication. Therefore, any destruction on such infrastructure has potential to limit the communication in a country. The impact is negative influence on the economic stability of a country. Therefore, DOD has responsibility of securing such infrastructure to support progressive growth of a country (Lohrmann, 2018). The DOD further protects such infrastructure from external tracks through securing borders of a country. The protection covers land, air and sea entries to a country. Therefore, the DOD supports continual economic activities of the population through providing security to the private infrastructure (Lohrmann, 2018). The role of protecting the public and their property lies with the government thus need DOD to support such infrastructure. 

Opinion of Individuals and Organization Sharing Private Information

There is discomfort that relates to sharing private information with the government because it reduces the privacy space for the public. Individuals feel intimidated when their personal information gets in hand of the government (Heidenreich, 2015). People feel that the government can use such information against them implicating them in different crimes. Further, it denies individuals potential to conduct their personal activities in secrecy. The thought that communication monitoring takes place, makes people uncomfortable to share information across different networks. Further, individuals have the ideas about right to privacy, which the government breaks through getting their personal information. It is the role of the government to uphold constitution provisions and contradicting them results to confusion to the public (Heidenreich, 2015). Private information needs upholding by owners without coercion to provide such details to any government agency. Indeed, people need empowerment to make decision what information to give or withhold from the authorities. As organizations, giving private information about employees is challenging and breaches the trust that workers have on their employer (Heidenreich, 2015). Therefore, unless a consensus with the employees is available, employers are unwilling to give private information. 

A Recommendation to Offer Privacy but Enable Cyber Security

It is the responsibility of the government to offer security to its citizens and further help them embrace the right to personal privacy concerning information. The government requires enlightening its people on the importance of sharing their private data (FTI Consulting Inc., 2018). However, the move should only target individuals who are suspects of cybercrimes. The situation will build confidence in the public who will not worry about government intercepting their communications. Further, the government should assure people that such information helps boost their security. When collecting private information, the government should do it targeting data that relates to cybercrimes (FTI Consulting Inc., 2018). Achieving the objective is through highlighting certain words that relates to cybercrimes which when used in communication sends signals to the government authorities. Therefore, individuals in general communication via internet or phones who do not engage in cyber related threat are free.  Such approach assures the public of their privacy and boosts cyber security. 

References

Center for Democracy & Technology. (2011). Improving our Nation’s Cybersecurity through the Public‐Private Partnership. Retrieved December 11, 2018, from: https://www.cdt.org/files/pdfs/20110308_cbyersec_paper.pdf

Deloitte University Press. (2017). Augmented Security: How Cognitive Technologies Can Address The Cyber Workforce Shortage. Retrieved December 11, 2018, from: https://www2.deloitte.com/content/dam/insights/us/articles/3992_Augmented-security/DUP_Augmented-security.pdf

FTI Consulting Inc. (2018). Cyber Security: The Balance between Security and Privacy. Retrieved December 11, 2018, from: https://fticommunications.com/2016/04/cyber-security-the-balance-between-security-and-privacy/

Heidenreich, J. (2015). The Privacy Issues Presented By the Cybersecurity Information Sharing Act. North Dakota Law Review, 91(395), 396-410

Lohrmann, D. (2018). New National Cyber Strategy Message: Deterrence through U.S. Strength. Government Technology. Retrieved December 11, 2018, from: http://www.govtech.com/blogs/lohrmann-on-cybersecurity/new-national-cyber-strategy-message-deterrence-through-us-strength.html

Nolan, A. (2015). Cybersecurity and Information Sharing: Legal Challenges and Solutions. Retrieved December 11, 2018, from: https://fas.org/sgp/crs/intel/R43941.pdf

Office of the Director of National Intelligence. (2015). Cybersecurity Act of 2015. Retrieved December 11, 2018, from: https://www.dni.gov/index.php/ic-legal-reference-book/cybersecurity-act-of-2015

Raduege, H. D. (2013). The Public/Private Cooperation We Need In Cyber Security. Harvard Business Review. Retrieved December 11, 2018, from: https://hbr.org/2013/06/the-publicprivate-cooperation