The theory of policymaking as it is spelled out within the American constitution has not led to meaningful cybersecurity laws due to a variety of reasons. One of which is that fact that there is a delay in the enactment of laws. Many factors control the process of legislation in different countries, so their establishment is dependent on various things such as political issues or other factors that affect local initiatives, or adherence to international laws that advocate for the same level of development for cross border collaboration. The laws are also outdated as they do not conform to current changes. In the same line as the delay in its enactment, it can be inferred that technology is developing at a fast rate. It is possible that standards may fall far behind advances in technology. Organizations constantly improve their standards as risks and new technologies emerge so the laws also must be at the forefront. This is more important when it comes to emergent and present matters which may need regulation. To address this concern, the question the following question must be addressed: how can cybersecurity systems of institutions be improved against cyber attacks?
It is important that the government of the United States ensure that their information is safeguarded from the public with ulterior motives and those who may be expecting to get various information for malicious use. As a result, the federal information system security management act legislation, commonly known as the federal information system security management act legislation was formed. The federal information system security management act legislation is a law in the United States that defines a comprehensive framework designed to ensure the protection of the operations, assets, and government information from the man-made and natural threats. According to Laudon, and Laudon, federal information system security management act legislation was signed in the United States as part of the electronic government act law of 2002 and is responsible for assigning various mandates to different agencies that ensure the safety and security of the federal government data and information system (Laudon & Laudon, 2015).
The legislation defines information security as the means of protecting unauthorized access for any information relating to the government, distortion, disruption, destruction and any other form of manipulation to maintain confidentiality, availability, and integrity. Federal information system security management act legislation has various requirements that each of the agencies must abide with, one of which is that the program officials and the heads of the agencies to engage in annual reviews of the information security schedules. These continuous reviews enable the agencies to keep the risks of government operations, assets and information being misused at acceptable levels while remaining cost-effective and less time-consuming.
The implementation of the federal information system security management act legislation is not easy especially because the government must abide by various factors. One of the challenges is the authorization of the information system for processing. As Rosenbach and Peritz claim, access to the information system reveals all the data about the government, their operations, and how they are to be implemented (Rosenbach & Peritz, 2018). The data, if accessed by the wrong personnel, can lead to corruption and money losses that are unnecessary.
Another issue imminent in the implementation of the federal information system security management act legislation is the controls and risk assessment procedure. Giving access to the information system raises the chances of risks occurring and information leakage. The issue is that the risks are not easily solved especially if many individuals have the mandate to control the system and alter most of the settings. Constant monitoring promotes the chances of malicious attempts to get the national information and use it in a bad way if the individuals assigned the duties of assessing the system are either hired or forced to do so without their consent.
Organizations such as the National Security Telecommunications Advisory Committee (NSTAC) have much interest in cybersecurity policy proposals because the policies that are in place could greatly impact their operations or could impact on whether they will be able to access information from other people or organizations. Therefore, every organization fights to have the policy proposals favorable to them depending on the operations. Therefore, each organization will also prepare their argument while these policies are being formulated to try to fight for these policies to be in line with what they want or their interests (Oliver, Marion, & Hill, 2014).
There are also private-sector entities that work on cybersecurity. The most common issue from the private sector entities on the development of cybersecurity policies and rules is the issue of privacy. There have been many times that the private sector has complained about the government or government bodies spying on them by accessing their private information from the internet. The private sector does not seem to agree with the government on the regulations that should be put in place on the protection of information because the government seems to be taking advantage of this by placing regulations that allow them to access private information (Tatar, Gokce, & Gheorghe, 2017). The interests of the private sector are to have their information safe where it cannot be accessed or used by other entities or people. The security vendors have a duty to keep the data secure wherever it is stored or as it moves along the internet but the regulations sometimes do not give them such powers especially where the government comes in and wants to use that data or information.
Cybersecurity has been stated to be one of the most pressing national security issues facing new business management. Comprehensive National Cybersecurity Initiative (CNCI) was introduced by the Bush administration in January 2008 to make the United States safer against cyber threats (Rollins, 2009). A few details of the initiative have been made in general departmental media releases, vocalization by executive branch commander, analysis, and perception by people who trail cybersecurity and terrorism associated problems. The CNCI forms the policy, plan, and rules to safeguard federal systems. The CNCI also demark an approach that forecasts future cyber threat and developments and demands the national government to restore many of its technical and organizational ability to better discourse complicated threat and vulnerabilities. Following the issuing of the grouped directives, the congressional association had held discussions concerning the CNCI and perceived testimonies from a group of people formed to discourse necessary cybersecurity amendments. CNCI have formed a front line of protection against today’s instant threat. This through designing or improving shared condition awareness of network susceptibility, danger and occasions within the national government to surpass intrusion. Through enhancing U.S. counterespionage abilities and raising the safety of provision chain for fundamental knowledge development CNCI have been able to defend against full spectrums of danger. Also, CNCI has been able to strengthen cybersecurity environment by enlarging cyber imparting of knowledge and skills, synchronizing and redirecting investigation and growth endeavor throughout the national government (Rollins, 2009).
- Laudon, K. C., & Laudon, J. P. (2015). Management information systems: managing the digital firm plus mylab mis with pearson etext — access card package. New Jersey: Prentice Hall Press.
- Oliver, W. M., Marion, N. E., & Hill, J. B. (2014). Introduction to Homeland Security. Sudbury: Jones & Bartlett Learning.
- Rollins, J. (2009). Comprehensive National Cybersecurity Initiative: Legal Authorities and Policy Considerations. Pennsylvania: DIANE Publishing.
- Rosenbach, E., & Peritz, A. J. (2009). Congressional Oversight of the Intelligence Community. Belfer Center for Science and International Affairs. Retrieved February 1, 2019 from, https://www.belfercenter.org/publication/congressional-oversight-intelligence-community
- Tatar, U., Gokce, Y., & Gheorghe, A. V. (2017). Strategic cyber defense: A multidisciplinary perspective. Amsterdam: IOS Press.