National security is a top priority for the United States government, as it affects not only the safety and well-being of its citizens but also the country’s reputation and stability on a global scale. One current policy problem that American national security faces are the threat of cyber-attacks from foreign adversaries. These attacks can compromise sensitive information, disrupt critical infrastructure, and cause widespread economic damage.
The preferred solution to this problem is implementing a national cybersecurity framework. The “National Institute of Standards and Technology” (NIST) has developed a framework that outlines the necessary steps for organizations to take to secure their networks and mitigate potential cyber-attacks (Sabillon et al., 2017). This framework provides organizations with the tools and guidance to assess their current security measures, develop security policies, and implement best practices. The responsibility for implementing this framework would fall on the federal government, as it would set the standards and guidelines for organizations to follow.
The first competing solution to this problem is increased rules and regulations by creating a dedicated cybersecurity agency in the country. This agency would be responsible for developing and enforcing national cybersecurity policies and providing guidance and support to organizations (Elmaghraby et al., 2014). The responsibility for creating and managing this agency would fall on the federal government, as it would appoint the staff, establish the budget, and set the policies. The increased regulation solution calls for the federal government to impose strict regulations on critical infrastructure operators, such as utilities and financial institutions, to ensure that they implement strong cybersecurity measures.
The increased reliance on private sector security agencies is another competing solution to this problem. This solution is based on the idea that the private sector, especially technology companies, has the expertise, resources, and innovation to address cybersecurity challenges (Carr, 2016). Under this solution, the government would delegate a significant portion of its cybersecurity responsibilities to private sector security agencies, including technology companies, security consulting firms, and managed security service providers. Private sector security agencies would be responsible for providing a range of cybersecurity products and services to the government and critical infrastructure operators. These products and services could include software solutions, hardware systems, security training, awareness programs, incident response planning, and threat intelligence services. As a result, relying on the private sector to lead the charge in cybersecurity, the government would have access to cutting-edge technologies and expertise that would help it address the evolving threat of cyber-attacks.
The federal government is primarily responsible for creating a national security policy, including cybersecurity measures, through the executive branch. The Executive branch can develop strategies, allocate resources, and coordinate interagency efforts to address national security threats (Chatfield & Reddick, 2019). However, the legislative and judicial branches also play a role in forming and executing national security policy. The legislative branch can fund cybersecurity initiatives and pass laws that enhance cybersecurity. The judicial branch can interpret and enforce cybersecurity laws and provide a legal framework for the government’s cybersecurity activities (Chatfield & Reddick, 2019). On the state and local level, governments have an important role in supporting and executing national security policy and protecting citizens and critical infrastructure. Through partnerships with the private sector, state and local governments can use their resources, personnel, and technology to enhance cybersecurity. The Department of Homeland Security also supports state and local governments through its Cybersecurity and Infrastructure Security Agency.
The preferred solution of a comprehensive national cybersecurity framework strategy is preferable because it provides a comprehensive and coordinated approach to addressing the threat of cyber-attacks. This solution (NIST) addresses cybersecurity’s technical and non-technical aspects, including developing technical standards, incident response planning, and public education and awareness. This solution is preferable because it provides organizations with the tools to protect themselves from cyber-attacks without requiring the government to create a new agency (Sabillon et al., 2017). Moreover, NIST recognizes the importance of collaboration between the public and private sectors in achieving national cybersecurity objectives. Furthermore, this solution is more cost-effective, as it does not require the government to create a new organization and thus becomes more efficient. It allows organizations to quickly and easily assess their current security measures as they make changes as needed.
Critics of this solution argue that it is too complex and difficult to implement and would lead to increased government intervention and regulation. Critics argue that it does not provide organizations with enough guidance and support to protect themselves effectively from cyber-attacks (Bocetta, 2021). They argue that a dedicated agency would be better suited to providing this guidance. However, this argument is incorrect. These critics overlook that a comprehensive cybersecurity strategy is necessary to address the rapidly evolving cyber-attack threat effectively. The NIST framework provides organizations with all the tools and guidance they need to secure their networks and protect themselves from cyber-attacks while providing them with a free platform to seek additional guidance from the government if needed. Therefore, this strategy can be effectively implemented through careful planning and collaboration between the public and private sectors.
In a nutshell, a comprehensive national cybersecurity strategy is the preferred solution to the problem of cyber-attacks on American national security. This solution addresses both the technical and non-technical aspects of cybersecurity, recognizes the importance of collaboration between the public and private sectors, and provides a comprehensive and coordinated approach to addressing the threat of cyber-attacks. Despite criticism from some quarters, this solution is the best way to ensure the safety and security of the American people and the country’s critical infrastructure.
References
Bocetta, S. (2021). 3 Security Issues Overlooked By the NIST Framework. NetworkComputing.https://www.networkcomputing.com/network-security/3-security-issues-overlooked-nist-framework
Carr, M. (2016). Public–private partnerships in national cyber-security strategies. International Affairs, 92(1), 43-62. https://doi.org/10.1111/1468-2346.12504
Chatfield, A. T., & Reddick, C. G. (2019). A framework for Internet of Things-enabled smart government: A case of IoT cybersecurity policies and use cases in US federal government. Government Information Quarterly, 36(2), 346-357. https://doi.org/10.1016/j.giq.2018.09.007
Elmaghraby, A. S., & Losavio, M. M. (2014). Cyber security challenges in Smart Cities: Safety, security and privacy. Journal of advanced research, 5(4), 491-497. https://doi.org/10.1016/j.jare.2014.02.006
Sabillon, R., Serra-Ruiz, J., Cavaller, V., & Cano, J. (2017, November). A comprehensive cybersecurity audit model to improve cybersecurity assurance: The cybersecurity audit model (CSAM). In 2017 International Conference on Information Systems and Computer Science (INCISCOS) (pp. 253-259). IEEE. DOI: 10.1109/INCISCOS.2017.20
write