Published in December 2011 and amended in August 2012, the Department of Homeland Security proposed a framework for ethical guidelines for computer and information security research. The framework was informed by the three principles of the 1979 Belmont Report for ethical research in the biomedical and behavioral sciences, Respect for Persons, Beneficence, and Justice. The Menlo Report adds the principle Respect for Law and Public Interest.
With incidence of severe cybersecurity breaches increasing, govenment and business leaders are forced to re-evaluate control computer systems and heighten defences against hackers, writes Robert O'Harrow Jr. in the Washington Post.
Government and business leaders in the United States and around the world are rushing to build better defenses -- and to prepare for the coming battles in the digital universe, writes Robert O'Harrow Jr. at the Washington Post. To succeed, they must understand one of the most complex, man-made environments on Earth: cyberspace.
Richard Clarke, former special adviser to the president for cybersecurity, says the proposed cybersecurity bill would not do much to stop Chinese cyber espionage. He suggests that the Obama administration act to stop the threat.
The Cybersecurity Act of 2012 (S. 2105) was introduced by Senator Joseph Lieberman in the U.S. Senate on February 14, 2012.
The summary states, "Directs the Secretary of Homeland Security (DHS), in consultation with owners and operators of critical infrastructure, the Critical Infrastructure Partnership Advisory Council, and other federal agencies and private sector entities, to: (1) to conduct a top-level assessment of cybersecurity risks to determine which sectors face the greatest immediate risk, and beginning with the sectors identified as having the highest priority, conduct, on a sector-by-sector basis, cyber risk assessments of the critical infrastructure; (2) establish a procedure for the designation of critical infrastructure; (3) identify or develop risk-based cybersecurity performance requirements; and (4) implement cyber response and restoration plans. Sets forth requirements for securing critical infrastructure, including notification of cyber risks and threats and reporting of significant cyber incidents affecting critical infrastructure."
In March 2011, the U.S. computer security company RSA announced that hackers had gained access to security tokens it produces that let millions of government and private-sector employees, including those of defense contractors such as Lockheed Martin, connect remotely to their office computers.
Most critical information systems in the United States are operated by the private sector and remain vulnerable to cyber attacks. Newly proposed legislation would require businesses to meet minimum standards of protection, but has raised concerns about regulatory overreach.
The Congressional Research Service reports that for more than a decade, various experts have expressed increasing concerns about cybersecurity in light of the growing frequency, impact, and sophistication of attacks on information systems in the United States and abroad. Consensus has also been building that the current legislative framework for cybersecurity might need to be revised.
The foreward of this National Science and Technology Council strategy document, written by John P. Holdren (Assistant to the President for Science and Technology and Director, Office of Science and Technology Policy) states,
"This report, Trustworthy Cyberspace: Strategic Plan for the Federal Cybersecurity Research and Development Program was developed by the NITRD agencies and directly responds to the need for a new cybersecurity R&D strategy. As recommended in the CyberspacePolicy Review's near-term action plan, Trustworthy Cyberspace replaces the piecemeal approaches of the past with a set of coordinated research priorities whose promise is to "change the game," resulting in a trustworthy cyberspace. As called for in the policy review's mid-term action plan, this plan identifies opportunities to engage the private sector in activities for transitioning promising R&D into practice. In addition, and consistent with the PCAST recommendations, it prioritizes the development of a "science of security" to derive first principles and the fundamental building blocks of security and trustworthiness.
I am pleased to commend this Federal cybersecurity R&D strategic plan as part of the Administration's comprehensive effort to secure the future of the Nation's digital infrastructure."
This report argues that the lack of sustained attention to energy issues is undercutting U.S. foreign policy and national security.
CFR Experts Guide
The Council on Foreign Relations' David Rockefeller Studies Program—CFR's "think tank"—is home to more than seventy full-time, adjunct, and visiting scholars and practitioners (called "fellows"). Their expertise covers the world's major regions as well as the critical issues shaping today's global agenda. Download the printable CFR Experts Guide.
Campbell evaluates the implications of the Boko Haram insurgency and recommends that the United States support Nigerian efforts to address the drivers of Boko Haram, such as poverty and corruption, and to foster stronger ties with Nigerian civil society.
Koblentz argues that the United States should work with other nuclear-armed states to manage threats to nuclear stability in the near term and establish processes for multilateral arms control efforts over the longer term.
The authors argue that it is essential to begin working now to expand and establish rules and norms governing armed drones, thereby creating standards of behavior that other countries will be more likely to follow.
Learn more about CFR’s mission and its work over the past year in the 2014 Annual Report. The Annual Report spotlights new initiatives, high-profile events, and authoritative scholarship from CFR experts, and includes a message from CFR President Richard N. Haass. Read and download »