-
Notifications
You must be signed in to change notification settings - Fork 0
/
Final_Draft1.0
21 lines (21 loc) · 7.38 KB
/
Final_Draft1.0
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
#With the advancement of technology and the further digitalization of every bit of information; the need for a more secure cyberspace is becoming ever more apparent. The disparity in cybersecurity, between various organizations in both the public and private sectors, presents a cause for alarm in how unregulated cybersecurity is. The most immediate effect of this lack of regulation here in the U.S. is the economic impacts of cyberespionage due to foreign countries and how it can cost businesses upwards of billions of dollars. The threat on the nation’s cyberspace is dynamic and therefore, requires as dynamic an answer. A complete solution to cybersecurity is far from being an immediate reality, but one short term solution that can have an impact now and in the future is information sharing. I hope to show how information sharing and cybersecurity as a whole is a current problem that requires attention now if we are to help secure the future.
#
#The Threat on Our Cyberspace
#Today every organization from every sectors stores/sends information through online means due to its ease of use and access. The key problem here being the access of this information by outside sources. This causes sensitive information from bank accounts to corporate secrets being privy to individuals that were never meant to view such information. According to Kenneth Corbin’s news article on the economic impact of cybercrimes, the annual loss that can be attributed to these crimes range around $300 billion from U.S. companies alone. Corbin’s article goes on state that “the defenses of U.S. companies vary widely by sector”. (Corbin, 2013) Corbin’s article shows how much money is to be lost with a lack of security, and how there seems to be no precedence set for how to deal with crimes of this nature. Going forward I will present how information sharing, though far from a fix-all solution can help pave the path towards a more secure cyberspace.
#
#How Information Sharing Can Help
#To give some context the idea of information sharing, and how it can improve cybersecurity is a simple idea. Information sharing is the sharing of information between companies throughout the private and public sectors in regards to cybersecurity. In an ideal situation information sharing would help security teams collaborate. This would allow solutions to more threats than would be possible without the help of outside information. Steven Bucci, Paul Rosenzweig, and David Inserra in their write up about cybersecurity laws outline seven steps toward a more secure cyberspace. The first step they outline is information sharing where they talk about the biggest barrier to information sharing being how “critical data on threats and vulnerabilities often remains locked within each company or organization due to different concerns and fears”. (Bucci, Rosenzweig, & Inserra, 2013) They go on to outline these “concerns and fears” such as, how companies are paranoid of the liability that could come with spreading misinformation, amd how the sharing of information has the potential to reveal company secrets that could be exploited by competitors. The article presents how the almost simplistic idea of information sharing is being stunted by fear of retribution due to the giving the information up in the first place. Bucci, Rosenzweig, and Inserra go on to outline some possible steps that would help facilitate information sharing and stop the stigma behind giving up information. In short the four steps they outline are:
#• Removal of legal barriers to voluntary private-sector sharing
#• Legal protection of entities who divulge information on cyber threats
#• Exemption of shared information from FOIA
#• Immediate and full cooperation of government entities with the private sector
#If those who share information can be insured protection by any possible backlash then this will help the flow of information between groups giving more complete data on possible threats and potential solutions to said threats. I hope you can see how these steps would lead to a more secure cyberspace as I go on to show why information sharing out of other possible short term solutions is the solution I am advocating for.
#
#Effectiveness of Information Sharing
#The reason behind why I believe information sharing is an effective tool to combat cyber threats is due to the nature behind the threats themselves. Pamela Jones in her write up on information sharing writes how “companies know that they cannot eliminate all cybersecurity risk because the threats are too diverse and dynamic” (Jones, 2015). To elaborate, threats from hackers are dynamic in that the hackers are always finding new ways to break through security systems. Akin to a biological virus the threats keeps adapting making a permanent solution an impractical if not impossible venture. Our response to these threats must be as dynamic in nature to stay ahead of potential threats, for even one kink in an organization’s security could spell a loss of billions of dollars. Jones gives a prime example of information sharing by referencing IBM’s X-Force Exchange. IBM opened up their company’s library of security information to the public allowing many organizations the access to the information and data needed to make decisions on their own security. This shows the effectiveness of information sharing as a solution to present day threats and a continual preemptive force to combat future threats in cyberspace.
#
#Future Implications
#Information sharing is not a complete solution to the threat U.S. businesses face, but it can help create the steps for better more complete protection of our nation’s cyberspace not from just espionage and thefts but all threats. By assisting the spread of information between various organizations and sectors, this information can be compiled into a vast nexus of risk-threat assessments that can produce data to be acted upon now, as opposed to after the fact. Similar to IBM’s X-Force Exchange this would allow organizations to have access to available information that would allow immediate action against threats. With an insight into the security methods of many different organizations, regulations can be enacted to mandate stronger security in all sectors as opposed to the disparity seen today. Stronger regulations can in turn lead to more effective legislation on cybersecurity, such as a system of insurance as outlined by Bucci, Rosenzweig, and Inserra. In their article they propose a form of cybersecurity insurance based off of a risk-threat assessment that could also use the information gathered by information sharing. Information sharing first and foremost is a tool that can lead to better far-reaching solutions. While the barriers preventing proper information sharing could be troublesome to overcome the gains to be had by setting up ways to share information will be invaluable down the road.
#
#Closing Thoughts
#Our nation’s business and organizations faces an issue today that puts our economy as well as overall security at risk. Through the convenience of cyberspace we have left ourselves open to theft and espionage as well as a slew of other threats. In short we need to overcome the legal barriers preventing the sharing of information. Information that is vital to improve the security of all U.S. businesses and prevent the loss of money. I hope I have convinced you to consider the importance of cybersecurity and its economic impact on our businesses here in the U.S.