eBook - ePub
Cybersecurity Public Policy
SWOT Analysis Conducted on 43 Countries
Bradley Fowler, Kennedy Maranga
This is a test
Compartir libro
- 188 páginas
- English
- ePUB (apto para móviles)
- Disponible en iOS y Android
eBook - ePub
Cybersecurity Public Policy
SWOT Analysis Conducted on 43 Countries
Bradley Fowler, Kennedy Maranga
Detalles del libro
Vista previa del libro
Índice
Citas
Información del libro
Since 2000, many governments, parliaments, and ministries have worked diligently to define effective guidelines that safeguard both public and private sector information systems, as well as information assets, from unwanted cyberattacks and unauthorized system intrusion. While some countries manage successful cybersecurity public policies that undergo modification and revision annually, other countries struggle to define such policies effectively, because cybersecurity is not a priority within their country. For countries that have begun to define cybersecurity public policy, there remains a need to stay current with trends in cyber defense and information system security, information not necessarily readily available for all countries. This research evaluates 43 countries' cybersecurity public policy utilizing a SWOT analysis; Afghanistan, Australia, Bermuda, Canada, Chili, Croatia, Cyprus, Czech Republic, Dubai, Egypt, Estonia, European Union, Finland, Gambia, Germany, Greece, Hungary, Iceland, Ireland, Italy, Japan, Kenya, Kosovo, Kuwait, Luxemburg, Malaysia, Nepal, Netherlands, New Zealand, Norway, Poland, Samoa, Singapore, Slovakia, South Africa, Sweden, Switzerland, Thailand, Trinidad, Uganda, United Arab Emirates, United Kingdom, and Vietnam; to transparently discuss the strengths, weaknesses, opportunities, and threats encompassing each of these 43 countries' cybersecurity public policies.
The primary vision for this title is to create an educational resource that benefits both the public and the private sectors. Without clarity on cybersecurity public policy, there remains a gap in understanding how to meet these needs worldwide. Furthermore, while more than 43 countries have already enacted cybersecurity public policy, many countries neglect translating their policy into English; this impacts the ability of all countries to communicate clearly and collaborate harmoniously on this subject matter. This book works to fill the "gap", stop the spread of misinformation, and become the gateway to understanding what approaches can best serve the needs of both public and private sectors. Its goals include educating the public, and, in partnership with governments, parliaments, ministries, and cybersecurity public policy analysts, helping mitigate vulnerabilities currently woven into public and private sector information systems, software, hardware, and web interface applications relied upon for daily business activities.
Preguntas frecuentes
¿Cómo cancelo mi suscripción?
¿Cómo descargo los libros?
Por el momento, todos nuestros libros ePub adaptables a dispositivos móviles se pueden descargar a través de la aplicación. La mayor parte de nuestros PDF también se puede descargar y ya estamos trabajando para que el resto también sea descargable. Obtén más información aquí.
¿En qué se diferencian los planes de precios?
Ambos planes te permiten acceder por completo a la biblioteca y a todas las funciones de Perlego. Las únicas diferencias son el precio y el período de suscripción: con el plan anual ahorrarás en torno a un 30 % en comparación con 12 meses de un plan mensual.
¿Qué es Perlego?
Somos un servicio de suscripción de libros de texto en línea que te permite acceder a toda una biblioteca en línea por menos de lo que cuesta un libro al mes. Con más de un millón de libros sobre más de 1000 categorías, ¡tenemos todo lo que necesitas! Obtén más información aquí.
¿Perlego ofrece la función de texto a voz?
Busca el símbolo de lectura en voz alta en tu próximo libro para ver si puedes escucharlo. La herramienta de lectura en voz alta lee el texto en voz alta por ti, resaltando el texto a medida que se lee. Puedes pausarla, acelerarla y ralentizarla. Obtén más información aquí.
¿Es Cybersecurity Public Policy un PDF/ePUB en línea?
Sí, puedes acceder a Cybersecurity Public Policy de Bradley Fowler, Kennedy Maranga en formato PDF o ePUB, así como a otros libros populares de Informatik y Cybersicherheit. Tenemos más de un millón de libros disponibles en nuestro catálogo para que explores.
Información
1 Introduction to Cybersecurity
DOI: 10.1201/9781003259145-2
Learning Objectives
- Comprehend the meaning of cybersecurity.
- Understand why cybersecurity is invaluable to the safety of Internet users.
- Discover the impact of cybersecurity internationally.
- Understand why cybersecurity must align with public and private sector.
Cybersecurity has been defined differently across America and around the world. In the United States, many confuse cybersecurity with information technology, network security, or information security. The United States Cybersecurity & Infrastructure Security Agency defines cybersecurity as the “artistic approach to protect networks, devices, and data from unauthorized access or criminal usage and the practice of deploying confidentiality, integrity, and availability of information assets”.1 The European Union definition of cybersecurity encompasses all activities required to protect cyberspace, cyberspace users, and all persons impacted from cyber threats.2 In India, the definition of cybersecurity is the protection of computers, networks, programs, and data from unauthorized access or attacks that are aimed at exploitation.3 Thus, the meaning of cybersecurity differs greatly around the world, but requires the same mitigation strategies and risk management approach, no matter what geographical location the subject matter is discussed. Everyone who relies on technology, mobile devices, software, hardware, and virtual cloud environments has heard of cybersecurity. So, why do so many people around the world have a nonchalant attitude about the value and importance of cybersecurity. After all, no industry is without the reliance upon technology tools, virtual cloud environments, software, hardware, artificial intelligence, Internet of Things, 3D printing, quantum computing, and cybersecurity.
In fact, today cybersecurity and technology tools, virtual cloud environments, software, hardware, artificial intelligence, Internet of Things, 3D printing, and quantum computing, impacts eleven sectors (e.g., energy, materials, industrials, consumer discretionary, consumer staples, health care, financials, information technology, communications services, utilities, and real estate). These sectors can be divided into industry groups, industries, and subindustries. The sector with the highest integration of technology is health. Second is financial. Technology is third and industries are fourth. Of all these sectors, cybersecurity strategies must align with each sector and be a pivotal component in protecting the information assets developed, stored, shared, and electronically transmitted across the Internet. Unless each sector has its own cybersecurity team of experts working closely within their daily workplace; each sector takes the chance of being victimized by cyberattacks, cyber-terrorist, cyber-criminals, cyber-bullies, cyber-espionage, and cyber-stalkers. Therefore, cybersecurity is essential.
One way to begin understanding cybersecurity is learning the difference between information security and information assets. Having knowledge on each of these subjects provides clarity on cybersecurity and the role cybersecurity plays in protecting information and information assets. In fact, when evaluating the value of information within any sector, service providers typically attain, share, and store consumer information, regardless if that information is public or private. Consumers rely on service providers to render special care for whatever reason the consumer seeks to have their needs or wants met. In many instances, the information is the value of the service being rendered. For instance, when a consumer seeks understanding of a subject matter such as the law, they turn to an attorney, legal advisor, or paralegal. The services provided are offered in the information these experts possess. The same can be applied to health care. The doctor or nurse provides the patient with information to improve health issues. The information also enables the patient to gain understanding on what is required to achieve the end results, they seek to manage their medical or health issue. The exchange of information provided by these trusted sources is what makes the information an asset of the service provider.
When a product developer designs a new product, information is developed and printed on paper and packaged for the consumer, with hopes of providing the consumer details about the design and creation of the product. This is intellectual property. The information or design model is the asset, the product developer wants to secure and keep confidential from consumers, so the product developer maintains control over the information asset and the key ingredients to produce the product. Cybersecurity practitioner’s role is to help the service and product manufacturers maintain control and security over the information assets, they own, store on information systems, and share with others, either in written format, digitally, or electronically. The information asset is what is being protected. Cybersecurity practitioners deploy a strategy that enables service and product developers and providers, to secure their information secrets and keep them safe from those who seek to steal or duplicate the information assets, the service or product provider places value on.
When deploying cybersecurity for public or private sector, the approach is always the same. No matter the value of information, the strategies, assessments, plans, and mitigation strategies do not change. After all, cybersecurity practitioners protect the information created, stored, and shared online across the Internet. Cybersecurity co-exists with information security, information technology, virtual cloud environments, software, hardware, artificial intelligence, Internet of Things, 3D printing, and quantum computing. Today, many sectors rely on information technology to conduct workplace activities. These activities include transmitting trade secrets, sending money via electronic transmission with the assistance of technology payment terminals. For example, banks enable account holders to establish banking accounts and save their personal authentication log-in information in an encrypted format, with assurance their banking data will be secure once they log offline and during all online transactions. Cybersecurity practitioners deploy effective methods that provide the security to protect technology and the information assets, exchanged and transmitted via the Internet.
If any sector or industry relies on technology, there is a need for cybersecurity. The two support each other. After all, technology is a primary component of cybersecurity. The keyword is cyber. Cambridge Dictionary defines cyber as “involving, using, or relating to computers, especially the Internet”.4 Thus, without effective mitigation methods to secure the information assets of the enterprise, the enterprise’s daily workplace operations and information systems can experience catastrophic impact. This can be costly, especially if damage impacts the reputation of the enterprise, its services, or product (s). It can also be damaging to the technology tools (e.g., virtual cloud environments, software, hardware, artificial intelligence, Internet of Things, 3D printing, and quantum computing) relied upon and cost tremendously to restore the technology damaged.
Recent events in cyberattacks have cost some sectors more than $500 million. In fact, The Home Office Science Advisory Council in the United Kingdom reported in its Research Report 96 titled Understanding the Costs of Cybercrime: A report of key findings from the Costs of Cyber Crime Working Group, that a “top-end estimate of £27 billion for economic cost to the UK”.5 In India, cybercrime cost on average $20 million. In Asia, it was reported that “cyberattacks on Asian Ports could cost as much as $100 billion”.6 Thus, it is time to take a closer look at understanding cybersecurity and its role in helping thwart unwanted cyberattacks.
In fact, cyberattacks have grown exponentially and now bridge several landscapes of international crime. Cyber terrorism is the use of technology and the Internet to deploy threats and conduct attacks that often result in the loss of large monetary units, property, or human life. Cyber terrorism is a form of cyberattack that can be orchestrated from any geographical location worldwide and deployed with the use of technology, including software, hardware, virtual cloud environments, artificial intelligence, Internet of Things, 3D printing, quantum computing, and satellite. When former President George W. Bush sought to locate Saddam Hussein, not only were drowns deployed, but satellites were utilized to help canvas the geographical location in search of this terrorist. Cyber terrorists can launch attacks from beyond international borders without legal retaliation from many legal territories. Due to this growing phenomenon, there is a need to increase the penalties for cyber terrorism and develop and implement effective cybersecurity policy that helps deter and hopefully, decrease the number of successful cyber-terrorist attacks. However, due to many countries’ inability to effectively communicate with other countries, attain, train, and educate citizens within their countries, there remains a huge gap in the development and implementation of effective cybersecurity law and public policy.
Thus, many countries are implementing strategies to overcome the seemingly endless attacks deployed against their citizens and public/private sectors. This has helped enable a growth of communication between governments, Parliaments, Ministries, and political leaders, in search of defining an effective approach to govern and control cybercrime, cyberterrorism, cyberbullying, cyberstalking, cyberattacks, and cyber espionage. One way that has proven successful in bridging the gap of communication, is establishing a treaty on cybersecurity. This has been initiated by The International Law Commission and the International Telecommunication Union. However, when considering the enactment of a Treaty encompassing cybersecurity, it is important to also consider the lack of authority international law may have. Thus, to achieve a Treaty on cybersecurity, requires an international agreement defined by the authorities who enact international laws. Even though international efforts to implement effective cybersecurity law and policy continue being evaluated, developed, implemented, and managed. A successful approach to enacting cybersecurity policy has fallen into the hands of each country; rendering control over the development, implementation, and management of cybersecurity policy as the force to govern all cybersecurity incidence. As a result, tremendous research has been deployed to provide the public with clarity on cybersecurity and cybersecurity policy. In rendering this quality of enlightenment, the public can gain essential knowledge of their role and responsibilities in helping deter and thwart cyberattacks.
In the United States, the U.S. Department of Homeland Security, the National Security Agency, as well as the White House, have assessed, developed, and implemented national security cybersecurity policy that educates Americans on the strategies being deployed to effectively protect the liberty of Americans who rely on technology and the Internet for economic stability and personal growth. In fact, former President Donald J. Trump signed the revised version of the National Security Cyber Strategy in January 2018, confirming an alliance between the U.S. Department of Homeland Security, National Security Agency, and the White House, as well as both public and private sector. This National Cyber Strategy continues being the bedrock of America’s effective approach to combating unauthorized access of public information systems securing federal information data. Such policy can be an effective model for private sector to mirror and international governments, Parliaments, Ministries, and political leaders to assess, revise, and implement in alignment with the current national security cybersecurity policy, they have developed and are relying on. However, for national security cybersecurity policy to be effective, it requires teamwork. This teamwork encompasses country political leaders, ambassadors, governments, educators, private and public sector managers, CEO, CTO, CIO, COO, and VP, as well as citizens to work in concert, to achieve the end goal…defending the privacy rights of all who rely on the Internet as their primary gateway to connect with the world and share their business and personal information worldwide.
To achieve this goal requires understanding why cybersecurity is essential. Research compiled by the United States Council of Economic Advisors convey that
scarce data and insufficient information sharing impede cybersecurity efforts and slow down the development of the cyber insurance market. Cybersecurity is a common good; lax cybersecurity imposes negative externalities on other economic entities and on private citizens. Failure to account for these negative externalities results in under-investment in cybersecurity by the private sector relative to the socially optimal level of investment.7
Thus, to effectively protect the information assets of both public and private sector, the installation of clearly conveyed cybersecurity policy is required.
Today, 43 countries have already taken steps to develop and implement clearly written cybersecurity public policy, in the universal English speaking and writing language. However, due to the differences in the type of cyberattacks, cyber terrorism, cyberbullying, cybercrime, and cyber espionage deployed against each country, one national security cybersecurity policy does not meet the needs of all 43 countries. Even worse, due to the low level of experienced and knowledgeable cybersecurity experts within these 43 countries, the tasks of effectively implementing cybersecurity and staying current with trends encompassing cybercrime, cyber terrorism, cyber espionage, cyberattacks, and cyberbullying, countries are desperately seeking help. This book is a resource of help that will enable these 43 countries to gain clarity on the importance of cybersecurity policy and how to define a clearly written cybersecurity policy that will be instrumental in educating both public and private sector.
According to the 2019 Official Annual Cybercrime Report developed by Steve Morgan, Editor and Chief of Cybersecurity Ventures, “cybercriminal activity is one of the biggest challenges that humanity will face in the next two decades”.8 There is no doubt that cybercriminals are taking the lead in controlling the dark market and dark web technology to launch their nefarious acts against public and private sector. To a degree that eventually will cost more than $30 trillion annually to combat. Thus, the race to define effective cybersecurity policy is on, and this race cannot be set aside. In fact, looking back to July 2015 when the United States Congress passed the Cyber Intelligence Sharing and Protection Act, it was perceived that this bill would facilitate the sharing of information security, especially information being transmitted across the Internet, between the federal government and private sector. Congress hoped this legislation would improve “information flow about information security threats and reduce risk to public infrastructure”.9
This bill aligns with the Cybersecurity Information Sharing Act that requires the Director of National Intelligence, the Secretary of National Security, the Secretary of Defense, and the U.S. Attorney General, to define and promulgate procedures for classified and declassified cyber threat and vulnerability indicators in possession of the federal government, to be disseminated with private sector entities; non-government agencies, state, tribal, and local governments.10 In the same year, former President Barack Obama signed the Cyber Sanctions Program into effect, to deploy an economic sanction, specifically on the seizure of U.S. based funds, against overseas attackers and organizations that willfully gain from cybercrime and cyber espionage.
This encouraged the establishment of the European Council of Cybercrime, who ...