Cyber Strategy and Policy
Cyber Strategy and Policy is a course that combines my major, Cybersecurity, with my minor, Political Science, which introduces strategy development and policy-making in the world of cybersecurity.
The first week gave an overview of cybersecurity fundamentals and principles by introducing key concepts like vulnerabilities in cyberspace, actors in cyberspace, and the CIA triad. The second week followed by giving an overview of national cybersecurity strategy and how it has changed over time.
The first assignment was to respond to the questions:
Where should the power and responsiblity of national governments begin and end in cyberspace?
Where does the responsibilty of private firms begin and end in cybersecurity?
My response:
The responsibility of national governments in cyberspace is to protect their country’s major industries and critical infrastructure from foreign and domestic interference. One way the US does this is by cataloging known exploited vulnerabilities through CISA, which are open to the public. It is also the responsibility, and power, of national governments to create laws and regulations surrounding new applications and services that are introduced to the public; this helps to create the terms of use and ensures that all distributed applications or services are following the government’s laws. National governments also have military powers in cyberspace, as the US military considers cyberspace to be the fifth domain. The powers of national government over cyberspace can be dominant as governments normally hold the ultimate authority when it comes to legislation; however, at least in the US, those powers can be limited to give some responsibility to private firms and individuals.
Private firms hold the responsibility of creating their own frameworks that protect the confidentiality, integrity, and availability of their own systems. While the governments create legislation that is the groundwork for private firms, it is the responsibility of private firms to expand on the government’s regulations to further protect their systems in a more personalized way. Private firms also have the responsibility of creating, and upholding, layered security processes to help limit vulnerabilities; for example, limiting employee privileges and continuously monitoring endpoints. The overall power private firms have is in their terms of service and how the employees are managed. The terms of service let users know how to appropriately use their application or services, and that the firm has the power to suspend use if the terms of service are not followed. Firms also hold power over their own employees regarding what information they are allowed to have access to, how often they are subjected to training, and any repercussions that may come if employees do not follow company policy.
Week three provided an overview of national security strategy guidelines
The assignment for this week was Policy Analysis Paper #1, where the objective was to research one of the approved cybersecurity policies/strategies and provide an overview.
Assignment details:
Write a paper focusing on a cybersecurity policy. What is the cybersecurity policy/strategy you have selected? Why did you choose this particular cybersecurity policy/strategy?
The focus should be on an overview of the policy, why it was developed, how it is applied, how the policy fits within a national (even international) cybersecurity policy.