Most critical information systems in the United States are operated by the private sector and remain vulnerable to cyber attacks. Newly proposed legislation would require businesses to meet minimum standards of protection, but has raised concerns about regulatory overreach.
The Congressional Research Service reports that for more than a decade, various experts have expressed increasing concerns about cybersecurity in light of the growing frequency, impact, and sophistication of attacks on information systems in the United States and abroad. Consensus has also been building that the current legislative framework for cybersecurity might need to be revised.
The foreward of this National Science and Technology Council strategy document, written by John P. Holdren (Assistant to the President for Science and Technology and Director, Office of Science and Technology Policy) states,
"This report, Trustworthy Cyberspace: Strategic Plan for the Federal Cybersecurity Research and Development Program was developed by the NITRD agencies and directly responds to the need for a new cybersecurity R&D strategy. As recommended in the CyberspacePolicy Review's near-term action plan, Trustworthy Cyberspace replaces the piecemeal approaches of the past with a set of coordinated research priorities whose promise is to "change the game," resulting in a trustworthy cyberspace. As called for in the policy review's mid-term action plan, this plan identifies opportunities to engage the private sector in activities for transitioning promising R&D into practice. In addition, and consistent with the PCAST recommendations, it prioritizes the development of a "science of security" to derive first principles and the fundamental building blocks of security and trustworthiness.
I am pleased to commend this Federal cybersecurity R&D strategic plan as part of the Administration's comprehensive effort to secure the future of the Nation's digital infrastructure."
Richard A. Falkenrath discusses how the modern American police department must balance its information technology needs--including cloud computing services--against the unique legal framework within which it operates.
Adam Segal and Matthew C. Waxman discuss the London Conference on Cyberspace and argue that progress toward a vision of cybersecurity and freedom will be incremental and achieved through multiple arrangements between state and private actors rather than through a global accord.
Paul Twomey, former president and CEO of the Internet Corporation for Assigned Names and Numbers (ICANN), discusses the challenges posed by the present state of global cyber instability for governance at both the corporate and internatinoal levels.
The steady theft of U.S. intellectual property by foreign cyberattackers could mean decreased economic growth, reduced competitiveness, and loss of jobs, says McAfee cybersecurity expert Dmitri Alperovitch.
Hackers have attacked America's defense establishment, as well as companies from Google to Morgan Stanley to security giant RSA, and fingers point to China as the culprit. Michael Joseph Gross gets an exclusive look at the raging cyber-war--Operation Aurora! Operation Shady rat!--and explains why Washington has been slow to fight back.
The Pentagon's new strategy for operating in cyberspace breaks little ground and offers few specifics, says CFR's Adam Segal. While the last six months have been busy for U.S. cybersecurity policy, he cautions that "speed is not a measure of efficacy."
Eric Beidel and Stew Magnuson of National Defense present cyber threats as the cutting edge in asymmetric warfare, and highlight the risks entailed by the U.S. military's dearth of cybersecurity expertise.