Presentation is loading. Please wait.

Presentation is loading. Please wait.

The New Problem of Cybersecurity Policy. Presentation Outline I.General Principles & Definitions II.Unique Factors Affecting Cybersecurity Policy III.Brief.

Published bySilvia Gallagher Modified over 9 years ago

Similar presentations

Presentation on theme: "The New Problem of Cybersecurity Policy. Presentation Outline I.General Principles & Definitions II.Unique Factors Affecting Cybersecurity Policy III.Brief."— Presentation transcript:

1 The New Problem of Cybersecurity Policy

2 Presentation Outline I.General Principles & Definitions II.Unique Factors Affecting Cybersecurity Policy III.Brief Assessment of Bush vs. Obama Cybersecurity Policy IV.The Way Forward

3 I. General Principles and Definitions

4 Public Policy Definition: Public Policy is a collection of unofficial norms, written laws, and administrative regulations that guide and constrain the behavior of actors within a policy arena.

5 Policy Arena: Definition A functional field of action within which disparate actors are guided and obligated to abide by a common policy.

6 Policy Arena: Typical Actors & Elements 1.Traditional Political Institutions (Congress/Presidency/Courts) 2.National Administrative Agency 3.State Administrative Agencies 4.Interest Groups (Private/Public 5.Norms 6.Individuals and Organizations Subject to Norms of Policy Arena

7 Creating and Growing a Policy Arena in a Federal System is Very Difficult

8 General Rules for Creating & Growing a Federal Policy Arena  Maximize Support  Constituents: Those who be benefit disproportionately  Clients: Those who mildly benefit  Minimize Barriers  Victims: Those who suffer from or significantly coerced by the Policy

9 Federal Policy Arena Growth Must Be in Two Directions

10 Vertical Barriers  The U.S. Constitution  10 th Amendment  Diversity of State Cultures  Diversity of Local Culture  Private Property Rights  Federal Resources

11 Vertical Construction: Intergovernmental Command and Control Hierarchies Generating Support  Sense of Vulnerability  Desire to be Regulated  $$$$  The Golden Rule  Intergovernmental Monetary Transfers (NIMS)

12 Horizontal Growth: Construction of Policy Networks Barriers  Mistrust  Indifference or Unawareness of the Problem  Lack of threat or other incentives to collaborate (Ohio Dept Agriculture) Support  Strong State/Local/Regional Government Support  Strong Private Sector Support  Sense that a Regional Problem Exists that Federal Government Policy does not address (International Symposium on Agroterrorism)

13 The End Result: US Federal Policy Arenas Federal State Local

14 II. Unique Factors Affecting the Creation & Growth of a Cybersecurity Policy Arena

15 Comparing Policy Arenas Nuclear Policy: History (65 Years) Cybersecurity Policy: History (8 Years) 1946: AEC 1947: NSA 1974: NRC 1950: CDA 2003: NSSC--Bush 2009: CPR— Obama Cyber-Czar Present: 2011 2011: DSOC (July)

16 Nuclear vs Cyber Technology Nuclear Technology  Lethal  Origins: World War II  Established Opposition Groups that oppose  Regulation  Centralized  Highly Restricted Use (expensive licenses, strict supervision, extensive training Cyber Technology  Non Lethal  Origins: Peacetime  Fulcrum of Domestic Economy  Regulation  Decentralized  Unregulated Citizen Use (no license or supervision or training required)

17 The Tribble ProblemTribble

18 3 Essential Components of a Cybersecurity Policy Arena 1. Intergovernmental Authority Hierarchy 2.Voluntary Public/Private Networks 3.Citizen Acceptance & Support of Cybersecurity Policy Norms The Cybersecurity Triad. Journal of Homeland Security & Emergency Management, 2009, Vol 6, Issue 1, Article 79

19 1: The Intergovernmental Cybersecurity Hierarchy VerticalVertical ConstructionConstruction Federal Political Institutions & Administrative Agencies State Political Institutions & Administrative Agencies Local Political Institutions & Administrative Agencies Top Down Bottom Up

20 2: The Horizontal Network Horizontal Construction: Policy Networks No Hierarchy: Voluntary Coordination Private Corporations Public Agencies Example: Infragard

21 3: Citizen Acceptance of Policy Arena Norms  Essential for Survival of Policy Arena  Facilitated by  Educational Campaigns  Crisis that Shapes public opinion  Citizen Awareness of Threat/Danger

22 The Components of a Cybersecurity Policy Arena

23 III. A Brief Assessment of the Differing Bush and Obama Approaches to Cybersecurity Policy

24 Bush Era Cybersecurity Initiatives  National Strategy to Secure Cyberspace (2003)  National Infrastructure Protection Plan  NIPP 2006  NIPP IT Sector Specific Plan 2007  NIPP 2009  Comprehensive National Cybersecurity Initiative 2008

25 The Bush Soft Management Cyber Approach Managing and Coordinating Sector Responsibilities: As described in HSPD-7, the DHS is responsible for managing and coordinating IT Sector CI/KR protection activities, including leading the development of an SSP for the IT Sector. Within the department, this responsibility has been delegated to NCSD. Sector responsibilities include maintenance and update of the SSP, annual reporting, resources and budgets, and training and education. Public and private sector security partners have common and unique roles and responsibilities NIPP Information Technology Sector Specific Plan, 2007, p 4

26 The Bush Era Approach

27 The Obama Era Approach

28 Obama Era Cybersecurity Initiatives  Appointment of Cyber Coordinator, January 2009  Cyberspace Policy Review, March 2009  Legislative Initiative, May, 2011 (déjà vu)  Reinsertion of DHS into Cybersecurity Loop  Emphasis of Public/Private Networks

29 The Obama Top Down Approach I. Leading from the Top Ensuring that cyberspace is sufficiently resilient and trustworthy to support U.S. goals of economic growth, civil liberties and privacy protections, national security, and the continued advancement of democratic institutions requires making cybersecurity a national priority. Accomplishing this critical and complex task will only be possible with leadership at the highest levels of government. Cyberspace Policy Review, March 2009

30 Finding a White House Cybersecurity Coordinator The Nation’s First Cyber-Czar December 22, 2009 February to April 2009 Produced Cyberspace Policy Review, March, 2009 Melissa Hathaway Howard A. Schmidt

31 The GAO Assessment of CNCI: December 2008 Through March 2010  Agency Roles not Defined  No Effectiveness Measures  Little Leadership/Transparency  Little Progress in Public Education GAO-10-338

32 IV. The Way Forward

33 Combine Incrementalism & Strategic Vision

34 Incrementalism Accept Limitations  Lack of Resources  Public Lacks Appreciation for Cyber Threat  The Outline of the Intergovernmental Hierarchy is barely recognizeable

35 Strategy  Build the Cybersecurity Triad  Intergovernmental hierarchy  Public/Private network  Citizen Awareness

Download ppt "The New Problem of Cybersecurity Policy. Presentation Outline I.General Principles & Definitions II.Unique Factors Affecting Cybersecurity Policy III.Brief."

Similar presentations

Disaster Risk Reduction and Governance. Ron Cadribo.

Disaster Risk Reduction and Governance. Ron Cadribo.
GOOD GOVERNANCE AND REGULATORY REFORM Dr. Panagiotis Karkatsoulis Policy Advisor, Ministry of Interior, Public Administration and Decentralisation.

GOOD GOVERNANCE AND REGULATORY REFORM Dr. Panagiotis Karkatsoulis Policy Advisor, Ministry of Interior, Public Administration and Decentralisation.
AFCEA DC Cyber Security Symposium Military Joint Cyber Command Panel Harry Raduege Lieutenant General, USAF (Ret) Chairman, Center for Network Innovation.

AFCEA DC Cyber Security Symposium Military Joint Cyber Command Panel Harry Raduege Lieutenant General, USAF (Ret) Chairman, Center for Network Innovation.
Organization Management

Organization Management
Government’s Role in Economy

Government’s Role in Economy
INTERNATIONAL UNION FOR CONSERVATION OF NATURE. 2 Implemented in 12 countries of Africa, Asia, Latin America and the Middle East, through IUCN regional.

INTERNATIONAL UNION FOR CONSERVATION OF NATURE. 2 Implemented in 12 countries of Africa, Asia, Latin America and the Middle East, through IUCN regional.
Marco de Referencia para orientar la Formulación de la ECADERT Proceso de Consultas Primera Fase Julio – Agosto, 2009 Proceso de Consultas Primera Fase.

Marco de Referencia para orientar la Formulación de la ECADERT Proceso de Consultas Primera Fase Julio – Agosto, 2009 Proceso de Consultas Primera Fase.
Recommendations on Designing a Valuable and Relevant Course on Cybersecurity Tuesday, June 3, 2014 16 th Emergency Management Higher Education Program.

Recommendations on Designing a Valuable and Relevant Course on Cybersecurity Tuesday, June 3, th Emergency Management Higher Education Program.
The new Hungarian cybersecurity landscape Dr. Ferenc Suba Vice-Chair, European Network and Information Security Agency Chairman, National CERT Working.

The new Hungarian cybersecurity landscape Dr. Ferenc Suba Vice-Chair, European Network and Information Security Agency Chairman, National CERT Working.
“Measuring Water Security Progress” 2008 Water Policy Conference AMWA Security Committee March 3, 2008 By Billy Turner, President, Columbus Water Works.

“Measuring Water Security Progress” 2008 Water Policy Conference AMWA Security Committee March 3, 2008 By Billy Turner, President, Columbus Water Works.
National Infrastructure Protection Plan

National Infrastructure Protection Plan
DHS, National Cyber Security Division Overview

DHS, National Cyber Security Division Overview
Session 6 Integrated Emergency Management. Objectives of the Session Students will be able to 6.1 Define the principle of integration. 6.2Discuss the.

Session 6 Integrated Emergency Management. Objectives of the Session Students will be able to 6.1 Define the principle of integration. 6.2Discuss the.
Natural Choices Greening the Gateway Kent & Medway 11 June 2011.

Natural Choices Greening the Gateway Kent & Medway 11 June 2011.
SECR 5140-FL Critical Infrastructure Protection Dr. Barry S. Hess Spring 2 Semester Week 3: 1 April 2006.

SECR 5140-FL Critical Infrastructure Protection Dr. Barry S. Hess Spring 2 Semester Week 3: 1 April 2006.
Managerial Flexibility in the Department of Homeland Security R. Steven Daniels, CSUB & Carolyn L. Clark-Daniels, Bakersfield, CA.

Managerial Flexibility in the Department of Homeland Security R. Steven Daniels, CSUB & Carolyn L. Clark-Daniels, Bakersfield, CA.
PPA 573 – Emergency Management and Homeland Security Lecture 9b - Department of Homeland Security Strategic Plan.

PPA 573 – Emergency Management and Homeland Security Lecture 9b - Department of Homeland Security Strategic Plan.
United Nations Workshop on Principles and Recommendations for a Vital Statistics System, Revision 3, for African English-speaking countries Addis Ababa,

United Nations Workshop on Principles and Recommendations for a Vital Statistics System, Revision 3, for African English-speaking countries Addis Ababa,
Session 121 National Incident Management Systems Session 12 Slide Deck.

Session 121 National Incident Management Systems Session 12 Slide Deck.
Stakeholders and Food Security: Managing Interfaces José Filipe Fonseca FANRPAN Policy Dialogue on Regional Strategies for Addressing the Global Food Crisis.

Stakeholders and Food Security: Managing Interfaces José Filipe Fonseca FANRPAN Policy Dialogue on Regional Strategies for Addressing the Global Food Crisis.

Similar presentations

Ads by Google