Cyberspace Policy Review: Assuring a Trusted and Resilient Information and Communications Infrastructure

FAS, the Federation of American Scientists, published a paper in which they reviewed and assessed U.S. cybersecurity policies and steps forward. While they ultimately concluded that the United States needs to step up its policies both internally and abroad, they developed an action plan for the short-term future on steps for the United States to take. Notably, they define cyberspace as “interdependent network of information technology infrastructures, and includes the Internet, telecommunications networks, computer systems, and embedded processors and controllers in critical industries” (National Security Presidential Directive 54/Homeland Security Presidential Directive 23 (NSPD-54/HSPD¬ 23). Based on their analysis of the United States’ policies, they come up with a few important claims. First, their needs to be an “in charge” person or sector of the government that addresses who remains in authority. They recommend that someone specifically in the White House leads the charge, rather than many independent efforts. While an Information and Communications Infrastructure Interagency Policy Committee (run by the National Security Council and Homeland Security Council) already exists, there should be a specific cybersecurity policy official in the White House to chair the committee and serve as a liaison to the president. FAS recommends that the official not have operational authority, but rather will make sure the budget reflects the actions of the United States. This official will help spearhead two of the other recommendations: Increasing legislative interest in cybersecurity policies and holding corporations responsible for ensuring their network security. The second overall goal lies in “building capacity for a digital nation”, a goal that the FAS hopes to do through education to the government, training of officials, providing awareness to all citizens, and helping organizations shore up their cybersecurity. Goals three and four, which including sharing responsibility for cybersecurity and creating effective information sharing and incident response, both discuss how the United States needs to collaborate with the private sector and investors abroad to make sure policies extend beyond governmental borders. During major cyberattacks, only the White House can coordinate the response. However, without a strong cyber leader, it renders the response ineffective. Therefore, the White House needs to allow their policy official to coordinate with other sectors of the government, both nationally and locally. As an overarching recommendation, FAS hopes to “improve cybersecurity across all infrastructures” by creating a framework that both the public and private sector need to follow. All of these goals and recommendations work towards ensuring a sustainable and cyber-forward future.