Government Cybersecurity Regulation of the Private Sector
University of Maryland University College

Abstract
Unlike other countries, the line between the public and the private sector in the United States is not finite, and ideally the two should collaborate toward a common goal of increased cyber security to protect national interests. The future of US cyber security legislation is not without obstacles, as private industry resents increased government intervention, and the government assesses the private sector fails to provide the level of security commiserate with the potential damage caused by compromise to national critical infrastructure. Current legislation often focuses on milestones rather than the end-state and offers little in the way of incentives for increased private industry cost and effort to employ better Cybersecurity.

Government Regulation of Private Industry Cybersecurity Standards Introduction

The line between the public and the private sector is not as finite as it once was. The September 11, 2001 terrorist attacks in New York City and Washington DC solidified the need for emphasis on national security, and globalization has effected the way the government and commerce interact in regulatory, financial and security matters. There are numerous examples of the confluence of government and private industry; defense contractors, financial institutions, and equipment and service providers (arms, computers, internet and telecommunications). None are of greater national security significance than critical infrastructure. United States critical infrastructure is defined as electrical, hydrological, nuclear, and chemical. In the last three years attacks against US infrastructure have increased exponentially, and there have been 82 of attacks on the electrical grid in the last year alone (Goldman, 2013). Private industry resents increased government intervention in the form of regulations, laws and rules, and the United States government assesses the private sector is not providing the level of security commiserate with the potential damage caused by system compromise. As in all things, ideally the public and private sector should come together and conduct a national vulnerability assessment, discuss subsidies for critical infrastructure cyber-security upgrades, and provide incentives for businesses to invest the time and money in protecting those items deemed significant to national security. Unfortunately, it is more likely the issue of government intervention into private industry will continue to be a contentious one, and failure to take proactive steps secure critical infrastructure and information may have disastrous effects. Globalization Globalization has affected nearly every major discipline: sociology, psychology, economics and politics to name a few. No matter the area affected, the impetus remains the same: exponential growth in technology, greater ability for international travel and increased availability of information via mediums such as telephones, media, and the Internet. Globalization, accelerated by the world-wide proliferation of the internet, has had a profound effect upon United States politics and commerce, and has resulted in a imprecise distinction between the public and private domain. Like traditional commerce before it, e-commerce has expanded beyond US borders, and as such is subject to both national and international regulations and laws. It is illogical to think companies would be allowed to operate with complete autonomy, without some leve...

-6 /2013/01/09/technology/security/infrastructure-cyberattacks/index.html /article/20120703/it01/307030004/report-cyber-attacks-critical-infrastructure-jump-383-2011 /article/2013/02/26/cyberwar-stuxnet-idusl1n0bq5zw20130226?type=companynews /article/2013/02/26/us-cybersecurity-obama-idusbre91p02120130226 /br34.4/morozov.php /commentary/private-sector-neglects-cyber-security-6196 /posts/2012/12/13/langevin_to_reintroduce_cyber_security_legislation_in_2013 /rahn/georgegilder-peterthiel-freedomfest-telecosm/2011/07/19/id/404101 1 11 1986 1999 20 2001 2005 2006 2007 2008 2009 2010 2011 2012 2013 249 29 383 4 41 52 60 82 abil abl absorb abstract abus acceler accomplish accord account achiev act activ actual addit address administr adopt advanc advers affect afghanistan ag age agenc aircraft alleg allow alon also although altogeth american anoth appear appli applic arabia area argument arm articul assert assess attack attempt author autonomi avail avoid b back balanc basic begin believ best better beyond bidgoli bill boe border boston bottom branch breach bring broadhurst broken burden bureau busi cannot case caus center central chemic china chines ci cia cite citi claim classif classifi clear cnn code collabor collect colleg combat come command commerc commiser commiss committe common compani complet complianc compliant compris compromis comput concern conclus conduct confid confluenc congress consequ consid consider consum contenti continu contractor control corp corpor cost could counterpoint countri cover cox craft creat creativ critic csis current cyber cyber-attack cyber-intrus cyber-scar cyber-secur cyber-threat cybercrim cybercrimin cybersecur d daili damag data date day dc declar deem defens defin delin demand denver depart deploy deter determin devast develop devic dictat die difficult digit direct disastr disciplin disclos discoveri discuss disrupt distinct dod domain dos draft due duqu dyamic e e-commerc earli earlier econom ed effect effort egypt either electr emphasi employ enabl encount end end-stat energi enforc ensur environ equip especi espionag essenti etzioni even everi evolv exagger exampl except execut exist expand expens exponenti extrem facil fail failur faith fall fbi fear februari feder feel final financi fine finit finkl first fisma fix flame focus forc foreign form format forward foster found foundat framework fraud freedom fund futur gauss general generat glanc global go goal goldman govern greater grid group growth grummon h hacker hand handbook hardwar hart heavi help high high-profil higher hit homeland hope hous howev hydrolog ideal illog impact imped imper impervi impetus implic import imprecis impun inappropri incent incorpor increas indic industri infanc inform information-shar infrastructur innov inspir institut integr intellig interact interest intern internet intervent introduc introduct intrus invest investig involv iran iraq issu item j john johnson journal jump keep key killerapps.foreignpolicy.com killerapps.foreignpolicy.com/posts/2012/12/13/langevin_to_reintroduce_cyber_security_legislation_in_2013 known langevin last later law lax lectur left legal legisl let level liabil lieberman like limit line list littl maintain major make malici manag mandat mani manipul margin market maryland matter may mcdougal measur media medium meet methodolog mileston militari military/commercial mitig money money.cnn.com money.cnn.com/2013/01/09/technology/security/infrastructure-cyberattacks/index.html morozov much must n name natanz nation national-level nationalinterest.org nationalinterest.org/commentary/private-sector-neglects-cyber-security-6196 natur near necessari need neglect neither network new newsmax non non-compli none northrup noth notif novemb nuclear number numer ny obama obstacl occur offer often one oper opposit order organ over-regul over-zeal overregul oversight p.1 pace panel paramount parti pay penalti peopl per period place plan pleas point polici polit portion potenti power practic premis presid presum previous price primarili prior prioriti privaci privat proactiv product profil profit profound prolifer propos prosper protect provid provis psycholog public push r rahn raid rapid rather raytheon re re-introduc reactor real realm recent recommend reed refer refus regard regardless regul regular regulatori reintroduc relat releas remain report repres requir research resent resid resist resourc respect respons restrict result retriev reuter review reviv reward right role rose rule rutherford s.w sabotag saudi save say scare se sector secur see select sell senat separ septemb serv servic set sever share sharehold siemen sign signific silenc sociolog softwar sole solidifi son soon sovereignti space spike sponsor standard start state state-sponsor statement statut step stifl stole stolen strateg strategi stress studi stuxnet subject subsidi suffer suggest support survey symantec system tactic take target task technolog telecommun telephon tenant tend terabyt terrorist thermonuclear thing think third though thought threat threaten three time togeth took tout toward trade tradit transport travel treatment two type u.s unclassifi undetect unfortun unfund unit univers unlik unreport unveil updat upgrad upon us use vagu version via view virus vol voluntari vulner waleski war warfar warhead warrior washington water way white whole whose wide wiley within without work world world-wid would www.bostonreview.net www.bostonreview.net/br34.4/morozov.php www.federaltimes.com www.federaltimes.com/article/20120703/it01/307030004/report-cyber-attacks-critical-infrastructure-jump-383-2011 www.newsmax.com www.newsmax.com/rahn/georgegilder-peterthiel-freedomfest-telecosm/2011/07/19/id/404101 www.reuters.com www.reuters.com/article/2013/02/26/cyberwar-stuxnet-idusl1n0bq5zw20130226?type=companynews www.reuters.com/article/2013/02/26/us-cybersecurity-obama-idusbre91p02120130226 year york zealous