The Internet has greatly transformed our everyday lives and is an integral part of our national security. Nowadays communications systems are the mainstay for much of the national infrastructure. The communications sector creates the foundation for vital informational exchange, including audio, video and data connectivity, but with greater openness, interconnection and dependency comes greater vulnerability. Computer-based systems frequently face cyber attacks, which vary from pure innocent curiosity to critical intrusions. The consequences of these actions can be disastrous to the overall service of control and communications systems. It is clear that it now represents one of the most serious economic and national security challenges we face as a nation. So with the growing volume and sophistication of cyber attacks, ongoing attention is required to protect sensitive business and personal information, as well as safeguard national security.
The Communications Act of 1934 was the initial governmental document that generated interest in cyber security. It stated the need of a national system for the defense and promotion of the communications sector security. Along with the development of electronic data processing machine and realizing the critical vulnerability of the latter, the National Bureau of Standards set the initial foundations for cyber security. They were declared in the Brooks Act of 1965. The National Bureau of Standards started the development of automatic data processing standards and guidelines for Federal computer systems and what is much more important - for computer security.
The First Decision
President Bill Clinton realized that communications sector was under serious risk, so in 1998 he signed Presidential Decision Directive 63, which stated that in order to «to ensure the orderly functioning of the economy and the delivery of essential telecommunications, energy, financial and transportation services», USA set two-stage national goal — achieve an initial operating capability no later than 2000 and «achieve and maintain the ability to protect the nation's critical infrastructures from intentional acts» no later than 2003. The year of 2001 was a significant year in USA history: the country declared 2 «wars» against traditional terrorism and cyber-terrorism. The latter was represented by the President's Critical Infrastructure Protection Board, chaired by the Special Advisor to the President for Cyberspace Security within the National Security Council. Electronic Government Act followed this effort by the following requirement: every Federal agency was to report the progress in fulfillment of the Federal Information Security Management Act.
- President Bush succeeded Clinton’s course, stated in PDD-63. Despite of objectives not been achieved, the interest and focus on cyber issues didn’t wane. The situation happened to be absolutely opposite: cyber security raised its popularity. In February 2003 George Bush released a National Strategy to Secure Cyberspace, which established three major objectives:
- Prevent cyber assaults;
- Reduce national vulnerability;
- Decrease potential damage and recovery time from cyber attacks, if they do happen
and in cooperation with private industry set 5 national priorities:
- A National Cyberspace Security Response System;
- A National Cyberspace Security Threat and Vulnerability Reduction Program;
- A National Cyberspace Security Awareness and Training Program;
- Securing Governments' Cyberspace;
- National Security and International Cyberspace Security Cooperation.
Homeland Security Presidential Directive 7 (HSPD-7) set certain responsibilities on the Department of Homeland Security. Now it became in charge of analyzing, warning, vulnerability reduction and aiding national information systems. Also Federal agencies had to " develop plans for protecting the physical and cyber critical infrastructure and key resources that they own or operate». As a result of HSPD-7, the National Cybersecurity Division was founded, which was «to build and maintain an effective national cyberspace response system». The Division fulfills the responsibilities with the help of the the US Computer Emergency Response Team (US-CERT) and Cybersecurity Preparedness and National Cyber Alert System. Nowadays the US-CERT is the war front against the cyber terrorism. In 2008 President Bush continued his course against cyber attacks by signing HSPD-23, which established a new initiative - Comprehensive National Cybersecurity Initiative. It set new objectives to develop and manage single operation center, which would create a government-wide cyber intelligence plan.
The United States of America met a new president in 2009 - Barack Obama. The 44th President made cyber security one of his top priorities. President Obama declared that the “cyber threat is one of the most serious economic and national security challenges we face as a nation” and that “America's economic prosperity in the 21st century will depend on cybersecurity.” To implement the results of this review, the President has appointed Howard Schmidt to serve at the U.S. Cyber security Coordinator and created the Cybersecurity Office within the National Security Staff, which works closely with the Federal Chief Information Officer Steven VanRoekel, the Federal Chief Technology Officer Todd Park, and the National Economic Council. Also the President supervised a 60-day comprehensive study and adopted a new definition of cyberspace, set in National Security Presidential Directive 54/Homeland Security Presidential Directive 23 (NSPD-54/HSPD-23), as:
The interdependent network of information technology infrastructures, and includes the Internet, telecommunications networks, computer systems, and embedded processors and controllers in critical industries.
The President’s study features a number of major recommendations for critical actions:
- Appoint an official responsible for coordinating the Nation's cyber security policies and activities.
- Develop a system of national education campaign to promote cyber security.
- Create Government positions for international partnerships in the sphere of cyber security.
Recommendations from IBM
In 2012 world-famous IBM released an informational booklet «Best practices for cyber security in the electric power sector», which gives several practical recommendations:
- Protect your networks: «The more you monitor your networks and the more you know about what has previously occurred to them, the better prepared you are for breaches»;
- Train end-users about phishing: «If your organization knows that it could potentially be targeted, employees are more likely to report something suspicious instead of ignoring it»;
- Search for bad passwords: constantly make efforts «to find and fix bad employee passwords»;
- Integrate security into every project plan: «Security must be applied to new projects from the beginning»;
- Have a solid incident response plan: «Managing sophisticated, targeted attacks is an ongoing process that involvesbeing able to respond and investigate, learn and adapt».
In conclusion, through out the whole history of electronic communications and computerized processing, the United States of America made considerable efforts to prevent and minimize the cyber attacks on national infrastructure. When it comes to cyber security, government recognizes that everyone – governments, manufacturers, owners and operators – are in this fight together, with common interests to solve a problem that concerns all. The U.S. Government and Presidents of the United States have always been deeply concerned about the security of the national infrastructure and making innovative steps towards the safe cyberspace.
Lane, Bill. Tech Topic 20: Cyber Security And Communications. Retrieved February 18, 2014, from http://transition.fcc.gov/pshs/techtopics/techtopics20.html
E-Government Act of 2002. Retrieved February 18, 2014, from http://www.archives.gov/about/laws/egov-act-section-207.html
National Cyber Space. Retrieved February 17, 2014, from http://www.dhs.gov/xlibrary/assets/National_Cyberspace_Strategy.pdf
Rollins, J., Henning A.C.. (2009, March 10). Comprehensive National Cybersecurity Initiative: Legal Authorities and Policy Considerations. Retrieved February 19, 2014, from http://www.fas.org/sgp/crs/natsec/R40427.pdf
The White House. (1998). Presidential Decision Directive/NSC-63. Retrieved February 17, 2014, from https://www.fas.org/irp/offdocs/pdd/pdd-63.htm
The White House. Cyber Security. Retrieved from http://www.whitehouse.gov/issues/foreign-policy/cybersecurity
IBM. (2010, August). Best Practices for Cyber Security in the Electric Power Sector. Retrieved from http://public.dhe.ibm.com/common/ssi/ecm/en/euw03064usen/EUW03064USEN.PDF