Table of Contents
Final Report on National Cybersecurity Policy
Information security is critical in any country to protect information against unauthorized users. The United States government has introduced frameworks to guard the country against cyber-attacks, which include the Federal Information Security Management Act (FISMA) and the National Institute of Standards and Technology (NIST). Both frameworks have yielded benefits in the country but open room for improvement. This assignment will explore the current and previous tenets, as well as their advantages and disadvantages. A comparative analysis of current and previous tenets is explored and it is clear that the national cybersecurity strategy introduced in 2018 is an advancement of President Obama’s Presidential Policy Directive No. 28. . The national cybersecurity strategy, however, should concentrate more on securing computer systems, data and networks to increase the impact of cybersecurity as its impact is felt more by soft civilians.
President Trump government introduced the national cyber strategy in 2018 to deter malicious actors to launch digital attacks against the U.S., as well as harden federal cybersecurity. The national cyber strategy also aims to authorize invasive cyber operations against foreign antagonists. One strategy employed in the tenets includes allowing the military to apply their advanced hacking tools without the State Departments controlling them. The national cyber strategy objective is to make the authority as the chief commanders to introduce more aggressive cybersecurity tools (White house gov., 2018). No right off is required by the national cybersecurity strategy from the White House.
During the disclosure of Edward Snowden, the U.S. administration was facing varying challenges on privacy, cybersecurity, and surveillance. These revelations by Snowden led to a deficit in terms of international trust, which led the executive branch under President Barack Obama to consider soft laws and agency discretion (Geller, 2018). The first alternative was the soft law, which provides non-binding police entry and positions with other stakeholders following non-binding agreements. Comparatively, the agency’s discretion requires the federal agencies to follow unilateral action. Geller (2018) explains that the challenges led to the introduction of Presidential Policy Directive No. 28, which addressed global privacy rights. In the same period, many countries complained about the U.S. surveillance program, which led the executive branch to form the Privacy Shield agreement governing U.S.-EU. However, although the two strategies brought benefits, they created risks due to a lack of clearly stated norms, as well as an enforcement mechanism.
The national cybersecurity strategy introduced by President Trump in contrast to the Presidential Policy Directive 20 requires consultation of varying stakeholders before making decisions. The process during the PPD-2 slowed the Cyber Command. The national cybersecurity strategies have set clear objectives unlike the PPD-2 (Geller, 2018). However, the failure to include stakeholders, especially the Commerce and State in the new strategy may result in economic and diplomatic consequences, an element that is absent in the PPD-2. The national cybersecurity strategy, however, should be more careful not to concentrate more on offensive cyberattacks approach for defensive purposes until the cybersecurity level in the country is stronger, as the response is not observed by the government or the militants, but by the soft civilians.
Information security is a significant element to the national and economic security of the United States. This calls for the Federal Information Security Management Act (FISMA), which is operated by the federal government to formulate, document, and implement programs that ensure all agencies operate under safe information. One aspect that requires all agencies to follow is continuous monitoring in systems, where organizations are more inclined to compliance and report any issues affecting cybersecurity. For an organization to comply with FISMA standards, they require to identify minimum standard control, identify information requiring protection, conduct risk assessment, documentation on the security plan, implementation, identify the effectiveness of the plan, identify the information risk at the agency level, authorization of processing, and continuously control the information systems.
The Department of Commerce in the United States introduced the National Institute of Standards and Technology (NIST), which is a non-regulatory federal agency that aims at promoting the industrial and innovation competitiveness through the advancement of technological, standard, and science measurements. This framework aims at improving the Critical Infrastructure Cybersecurity where private organizations formulate strategies for the prevention, detection, and response to cyber incidents. The workforce is educated on strategies to secure data and maintain configurations. The NIST works towards regulating the17 activities introduced by the Federal Information Processing Standards 200. To identify the effectiveness of NIST in cybersecurity, periodical assessment is critical (NIST, 2013).
Although the national cybersecurity is working towards cybersecurity, its achievements are based on Obama’s prior accomplishments. The advantage of the prior tenets is that it laid a foundation for the current where it allowed the Treasury Department to introduced sections that respond to malicious cyber activities. The Trump administration has employed the foundations to impose sanctions on Iraq and Russia over hacks towards the U.S. However, the decision-making process of the prior tenets prohibited such advancement. Nonetheless, the current tenets provide the military with the freedom to fight cyber-attacks.
The question surrounding FISMA regulation is whether the country has the required resources to mitigate the threats. The major issue is role conflict between DHS and OMBA on which is more authoritative than the other. Besides, the digital change continues to challenge FISMA attempts on cybersecurity calling for more improvements. Nonetheless, FISMA has greatly fought the issue of cybersecurity and critical infrastructure in the U.S.
The NIST security in the U.S. has both some strengths and weaknesses. One disadvantage of the NIST framework according to Shen (2014), is that it follows version 1.0 of a living document, which calls for a need for specifics. Worse, the framework remains voluntary and money plays a vital factor in determining the results of the assessment. However, it follows a risk-based strategy where its focus is more on outcomes rather than the controls only. Although version 1.0 is disadvantageous, its relevance is on the aspect of vulnerability disclosure, use of supply chain to manage cybersecurity, self-assessment on cybersecurity, and authentication and identity. These elements plus crowdsourcing drives the NIST framework.
In conclusion, I agree with the statement, “Not all federal agencies need to follow FISMA or NIST recommendations for maintaining cybersecurity. After all, if the cyberinfrastructure of a government agency is attacked, no real harm is done to anyone except the complainants.”
Geller, E. (2018). Trump scraps Obama rules on cyberattacks, giving military freer hand. POLITICO. Retrieved from https://www.politico.com/story/2018/08/16/trump-cybersecurity-cyberattack-hacking-military-742095
National Institute of Standards and Technology (NIST) (2013). Security and Privacy Controls for Federal Information Systems and Organizations. National Institute of Standards and Technology (NIST).
Shen, L. (2014). The NIST cybersecurity framework: Overview and potential impacts. Scitech Lawyer, 10(4), 16.White house gov. (2018). The National Cyber Strategy of the United States of America. White House Gov..
Delivering a high-quality product at a reasonable price is not enough anymore.
That’s why we have developed 5 beneficial guarantees that will make your experience with our service enjoyable, easy, and safe.
You have to be 100% sure of the quality of your product to give a money-back guarantee. This describes us perfectly. Make sure that this guarantee is totally transparent.Read more
Each paper is composed from scratch, according to your instructions. It is then checked by our plagiarism-detection software. There is no gap where plagiarism could squeeze in.Read more
Thanks to our free revisions, there is no way for you to be unsatisfied. We will work on your paper until you are completely happy with the result.Read more
Your email is safe, as we store it according to international data protection rules. Your bank details are secure, as we use only reliable payment systems.Read more
By sending us your money, you buy the service we provide. Check out our terms and conditions if you prefer business talks to be laid out in official language.Read more