Memorandum Addressing Key Issues of Cyber Policy (Research Paper Sample)

MEMORANDUM ADDRESSING KEY ISSUES OF CYBER POLICY
Name
Course
Date
Introduction
The United States continues to record a significant increase in cyber threats. While the history of cybersecurity in the US dates back to the 1970s, the present-day continues to record a measurable increase in cybercrime issues – the issue of cybersecurity in the United States has found its way into the US newsrooms and news headline daily. Over the recent past, the United States has been exposed to an array of cyber threats, including nation-state hackers, which is the most serious cyber threat, which demands the heightening of cybersecurity policies. Cybersecurity policy sets clear standards of behaviors for every activity that might pose a cyber threat to a country, an organization, or an individual. Such standards include the restriction of social media content and encryption of email attachments. Thus, cybersecurity policies are essential not only for the safety of private data of the organization but also for the security of the States.[Peter Dombrowski and Chris Demchak, "Cyber war, cybered conflict, and the maritime domain." Naval War College Review 67, no. 2 (2014): 70 -74.] [Jan Kallberg "A right to cybercounter strikes, The risks of legalizing hack backs." IT Professional 17, no. 1 (2015): 30-32.]
A cybersecurity issue can be considered as a crime, espionage, or an act war based on the predominant factors surrounding the issue at hand. A cyber issue can be regarded as a crime (cybercrime) when the actual activity violates a state's privacy, an organization, or an individual or the security of their data. This often involves hacking, identity theft, and other offenses against state or individual that entails revealing private information, messages, images, or videos without the consent of the owners of the information. On the other hand, espionage is the act of spying or using spies, particularly by governments, to get military or political information without the consent of the holder of the information. An "act of war" refers to one country's activity against another nation to provoke a war between military forces from different origins.[Kristin Finklea and Catherine Theory. "Cybercrime: Conceptual issues for congress and US law enforcement." Congressional Research Service, Library of Congress, 2015.]
The case provided depicts that the attack should be considered as espionage rather than an act of war or crime. The fact that the cyberattack targeted a major US defense firm implies that the perpetrators aimed to discover confidential military secrets or information of the US defense firm, which is one of the potential approaches to instigating a war between defense militaries. The attack, therefore, depicts the actual features of espionage. Similarly, the fact that the attack was routed through Bluelandia, which is an ally of the United States, is an evidence that the attack was a cyber-espionage since the perpetrators planned to instigate conflict between the US and its allies, majorly the Bluelandia.
The most feasible response that the US should consider without inflicting is to work on strategies to safeguard their secret military information. With reference to this, the United States can defend itself from such incidence by developing a proactive approach to security, which is deemed the most effective protection strategy. The proactive approach means that the US will have to hack back, but instead of indulging directly into the hacking, the country should let the US Cyber Command to revenge the attack on their behalf. However, for the proactive strategy to materialize, the US should first identify the techniques used to carry out the cyber-espionage. Having in-depth knowledge about the possible technique the hackers might have used can extend the ideas of the US on how to protect themselves from the possible reoccurrence of the attack or any other attack closer to the one witnessed.
From a security perspective, it will be appropriate for the United States to assign the US Cyber Command with the responsibility of protecting certain private companies. The United States Army Cyber Command plays an integral role in integrating and conducting cyberspace electronic warfare, as well as information operations to ensure freedom and dominance of action for friendly within and through the information environment and cyber domain. Ideally, the move to assign the US Cyber Command with the task of protecting some private institutions will help in reducing the rate of cyberattacks in the country, which might risk the safety and effective operations of the companies as well as the country. The action will enable the United States Government to successfully preempt, defeat, and deter any malicious cyber activities rooted through private organizations close to the government but targeting the United States’ crucial infrastructure that could result in detrimental cyberattacks. Overly, the most appropriate approach the US government can adopt to improve cybersecurity in the entire nation is to implement a more robust security posture that provides cyber protection not only to the government organizations, but also various private organizations vulnerable to cyber threats. However, in order to ensure that the government offers protection to the right private companies, the following standards should be taken into consideration.[Knake, Robert. K. "Instead of Hacking Back, US Companies Should Let Cyber Command Do It for Them" (2018). Retrieved from: https://www.cfr.org/blog/instead-hacking-back-us-companies-should-let-cyber-command-do-it-them] [Barrera, Mark A. The Achievable Multinational Cyber Treaty: Strengthening Our Nation's Critical Infrastructure. Air University Press, Air Force Research Institute, 2017.]
1 The private company must be vulnerable to cyber threats. The government can obtain information pertaining to the vulnerability of private companies from ISACs (Information Sharing and Analysis Centers) created by the US government objectively to enable the sharing of information regarding cyber threats and vulnerabilities to the sector. The standard is to ensure that protection is granted only to the private entities that are at high risk of cyberattack.[Paul Rosenzweig, "The organization of the United States Government and private sector for achieving cyber deterrence." DETERRING CYBER ATTACKS: INFORMING STRATEGIES AND DEVELOPING OPTIONS FOR US POLICY, National Research Council, Forthcoming (2010).]
2 The companies must be direct partners to the government. The fact that a private company may be a close partner to the government or key stakeholder in government operations, either as a supplier or consultant, implies that the company may have some private information in its database pertaining to government activities. In this case, a cybersecurity threat to such a company may also subject the government cyberattack, thus explaining the need of the government to intervene and ensure that such companies are protected.
3 The cyberattack risks faced by the private company must be detrimental to the safety of the nations. While several private companies may be exposed to cyberattack risks, it is doubtless that some of them may not have any influence on the performance of the government or the safety of a nation. In such conditions, the private companies should be left to take responsibility for their risks and to sort for applicable cybersecurity approaches that would ensure their systems are safe and free from cyberattacks. However, the government should consider providing protection to a private company if there is a possibility that an attack on the company may tamper with the safety of the entire nation or the operations of the government.
Finding a long-lasting solution to the increasing incidences of cybersecurity issues globally should be the priority of every government. The international cyber agreement is a plausible approach that can ensure every nation is free from cyber threats – it is a strategy that would ensure that norms are proposed to aid in improving stability in cyberspace and international security. The United States, being one of the destinations highly hit by the incidences of cybersecurity threats, should lead the effort at an international cyber agreement. The fact that the United States continues to record a significant escalation in the prevalence of cybersecurity threat is a predominant reason as to why it should be the forefront of the fight for international cyber agreement. Leading the effort of other states toward the agreement is a sure approach to reducing the rate of cybercrimes in the nations because, in order to successfully address cybersecurity threats, a multi-stakeholder kind of commitment is needed. Nevertheless, there are chances that the efforts made by the US government to lead international cyber agreements may not be successful due to a series of challenges that the US president my face in the process.[Mark Barrera, The Achievable Multinational Cyber Treaty: Strengthening Our Nation's Critical Infrastructure. Air University Press, Air Force Research Institute, (2017): 42]
1 The opposition of the International Cyber Agreement by other countries with the claim of lack of civil liberties and protection. While the United States' intention and effort toward reaching an agreement may be good and effective, some targeted members may not sign the agreement with the notion that the surveillance powers the treat would hand over to the police might not be properly balanced out by civil liberties and privacy restraints. With such notions at stake, the President may have a rough time trying to persuade the targeted countries into the treaty. Consequently, this may ...