Introduction
The usage of computers has become commonplace in the world. The daily lives of people, national security and economic prosperity are all dependent on safe, stable and resilient cyberspace (Rosenzweig, 2013). Cyber intrusions and attacks have increased dramatically recently exposing sensitive personal, national and business information to unwarranted persons who disrupt operations and use such information wrongly (Goth, 2009). Cyber insecurity leads to massive economic losses and hence the creation of the cyber security section in the department of Homeland Security.
The department of Homeland security plays a key role in securing the US cyberspace for both civilians and the federal government. The department does this by partnering with owners and operators of critical infrastructure such as chemical plants, financial systems, water and electric utilities among others (dhs.gov, 2013). They also investigate and release actionable cyber alerts, as well as arrest of cyber criminals and educate the public on how to stay safe online (DHS, 2010). In order to achieve this, the department collaborates with the private, public, non-profit and any other relevant agencies to come up with workable strategies to maintain cyber security.
In spite of the above listed efforts, cyber insecurity has been on the increase. This has been due to rivalries and attempts by companies, government agencies as well as private entities to sabotage the systems of others and gain competitive edge or for other reasons. Numerous extortion attempts and malwares designed to sabotage systems and wreck havoc such as the development of Stuxnet have increased cyber insecurity (Nextgov.com, 2013). These attempts are a downside to the concerted efforts being made to maintain safe, private and secure cyberspace. Marshall (2013) notes that the situation has been compounded by the ever increasing numbers of cybercriminals who have come up with clever, effective and highly destructive ways to hack into emails, website databases and other related systems. As such there is always more that can be done by both the private and public sector to improve cyber security. The main research question in regard to the given topic is: How effective have the programs and activities of the government and private entities been in improving cyber security and protecting privacy?
Research hypothesis
In response to the research question raised above, the government through the DHS can improve cyber security by establishing programs aimed at curbing/preventing or mitigating against cyber insecurity. This strategy would be more effective as opposed to the measure that are “curative” such as imposing highly punitive measures like lengthy jail terms or heavy fines for convicted cyber offenders (Goth, 2009). Prevention is always the best way to handle any problem. In line with this, the DHS is building a world-class cyber security team by increasing its number and quality of the human resource team to handle cybersecurity issues. The government has assembled a group of cyber security professionals-computer scientists, engineers and analysts to secure the country’s digital assets and also protect the nation’s cyber infrastructure and resources against cyber threats.
Intensive prevention of cyber insecurity has helped the US maintain a relatively secure cyber space. The increment in number of cybersecurity experts The DHS through the Homeland Security Advisory Council and in conjunction with the private-public partnerships has streamlined its programs to detect threats before they occur (dhs.gov, 2013). The department has centralized cyber security functions such as the National Cyber Security Division (NCSD) and the US Computer Emergency Readiness Team (US-CERT) under the deputy secretary for national protection and programs. Centralization of cyber security operations helps the DHS to come up with the most effective preventive measures against cyber insecurity.
The government has also come up with technological innovations to mitigate against cyber crime. The EINSTEN 2 capability is a good example. The automated cyber surveillance system monitors federal internet traffic for malicious activities and provides realtime identification of malicious activities thereby enabling the relevant administrators to act fast and curb the crime (dhs.gov, 2013). The opening of a 24-hour watch and warning center (National Cyber Security and Communications Integration Center) in 2009 has further enhanced communication of cyber threats and ensured that the cyber security of the US is maintained (nextgov.com, 2013). As such, formulation and implementation of preventive programs and policies is the surest way the government and private entities can ensure sustainable cyber security and also reduce the economic losses that are associated with cyber insecurity.
Research variables for analysis and subsequent confirmation or refute of the research hypothesis
In order for the research to comprehensively address the research question raised in agreement or disagreement with the stated hypotheses, some research variables need to be established. The first research variable in this case is a comparison on the effect of the increasing cyber security professionals on the number of cybersecurity cases reported over a given period. What is the percentage decline or increment of cyber insecurity incidents when the number of cyber security professionals increased say over the last three years? The variables here are cyber security professionals and incidents of cyber crime that occurred. A decline in the number of cyber crimes following an increment in the number of cyber security professionals confirms the research hypotheses while the vice versa of that scenario refutes the research hypotheses.
The second variable would be what has been the relationship between the number of cyber crimes reported and some specific preventive programs. Has the establishment of more cybercrime preventive programs reduced the numbers of cyber insecurity incidents? The variables in this case are the number of programs and the incidents of cyber insecurity. A reduction in the number if cyber insecurity incidents following establishment of more programs confirms the hypotheses while the vice versa refutes the research hypotheses.
The third variable is the cost or economic effects of cyber-security prevention policies as opposed to intensive counter-active measures such as the punishment of cyber offenders. In this case, the variables are the incidents of cyber insecurity and the amounts of money spent in curbing cyber insecurity. In case the research shows that increased government expenditure on cyber insecurity has actually reduced the numbers of cyber insecurity incidents, then the research hypotheses will be confirmed to be true. If the research comes up with a conclusion that is to the contrary regarding these variables, the reserch hypotheses will be refuted and a plausible explanation sought.
Results of research, informing the proposed research variables
The first research variables are increments in the number of cyber crime prevention professional and the numbers of cyber insecurity incidents. In 2007, the US-CERT which coordinates all programs aimed at preventing cyber crime reported that 12,000 incidents of cyber crime were reported (Goth, 2009). In 2009, reports by the Government Accountability Office stated that cyber crime incidents had increased to about 24,000 and predicted that the cyber security incidents will have quadrupled by 2012 (Marshall, 2013). Since 2010, the DHS has increased the number of professionals dealing with cyber insecurity by more than 500%. According to Rosenzweig (2013) this increment has managed to reduce the percentage of successful hackings and cyber security breaches from by about 60%. Although thousands of attempts to hack into various systems each minute, the professionals have come up with secure and safe systems that are able to withstand intrusions.
In response to the second variable it is important to note that numerous programs have achieved considerable success in preventing successful cyber intrusions. Since the DHS launched the Stop.Think.Connect program in 2010, there has been increased outreach and awareness among the general public and private as well as public companies on ways to remain secure from cyber crime (dhs.gov, 2013). The government has worked with national Crime Prevention Council, Boy’s and Girls Clubs of America, Drug Abuse Resistance Education (DARE) among others. Although an increasing number of cyber crime attempts continue to be made, fewer successful cases of cyber crime are reported. The government has reached American throughout the country through academic institutions, non-profit organizations and businesses. People are now able to make safe online decisions.
The DHS has enhanced its capability to respond appropriately to cyber security incidents. The department responded and prevented the occurrence of more than 100,000 cyber security incidents in the year 2011 (Rosenzweig, 2013). This was a 68% increase in the number of cyber security incidents the department detected early enough and prevented from happening. The government also issued more than 5,000 alerts, bulletins and advisories that provided information on potential cyber threats (Rosenzweig, 2013). The DHS shared this information with the private sector, other government departments and the general public.
According to Marshall (2013) the US government spent more than $60 billion in 2011 combating cyber insecurity. The figure was estimated to grow by 10% every year over a period of five years. In 2011, President Obama was seeking $500 million for research into cyber security with great emphasis on industrial control systems for power, water and transportation systems (nextgov.com, 2013). This shows that programs aimed at improving cyber security take huge chunks of the national budget. Due to the dynamism of computing and technology, cyber insecurity is evolving. Loopholes through which cyber security incidents can be propagated continue to emerge hence requiring the government and private institutions to pump in lots of money to prevent the intrusions (Nextgov.com, 2013). As such, investment in cyber security does not seem to bear the desired results which would be the decline in cyber attacks and a subsequent decline in amounts spent on the exercise.
Analyzing the research question and supporting hypothesis
The research question posed in this study was: How effective have the programs and activities of the government and private entities been in improving cyber security and protecting privacy? Generally, programs aimed at improving cyber security have been successful. Although there have been constant increments in the number of cyber crime attempts that are made, there are fewer successful cases of intrusions recorded.
Owing to the increment in the numbers of cyber security professional and the programs to fight cyber insecurity, the US-CERT has managed to significantly reduce cyber intrusions. Thousands of attempts at intruding into companies and government agencies are made each day with nearly all of them being unsuccessful. For instance, pentagon is said to record 10 million attempts per day while 50,000 attempts are made at BP oil company (Marshall, 2013). Almost all of the them are either detected early enough and neutralized or the systems put in place are able to the deny the criminals any loophole.
In 2011, the DHS Industrial Control Systems Computer Emergency Response Team (ICS-CERT) assessed 78 control systems targeted at helping the US business community to indentify cyber security threats (dhs.gov, 2013). The department also put in place mitigation measures such as educating the business people on ways to identify cyber threats, how to secure their systems, how to verify genuine, quality and approved softwares among other issues aimed at preventing the occurrence of cyber crimes. In addition, the DHS also provided a cyber security tool which was used by more than 1,000 companies. As such it is safe to state that increment in the number of programs aimed at improving cyber security has had its fair share of success although numerous attempts at hackings and intrusions continue to be reported.
The government as well as private companies has managed to handle the commonest types of cyber attacks through the development of effective antiviruses and firewalls as well as secure emails that can detect and effectively handle intrusions. These common cyber attacks include viruses, malware and worm attacks which account for 50% of all cyber attacks, phishing and SQL injections which account for about 15% of all attacks and other crimes propagated through intrusions requiring less human interventions (Rosenzweig, 2013). Criminal insider information, social engineering are some of the biggest avenues that modern cyber criminals use since they are less hard to detect. The DHS and private companies are sufficiently aware of this strategy and have maintained utmost privacy policies to their systems including usage of a series of passwords and maintenance of organizational secrets among few trustworthy individuals.
Conclusion
The daily lives of people, national security and economic prosperity are all dependent on safe, stable and resilient cyberspace and hence the need for effective cyber security measures. The federal government in conjunction with private agencies has several programs and measures such as increasing the number of cyber security professionals in order to address cyber security concerns. This paper evaluated effective the programs have been. The US Computer Emergency Readiness Team (US-CERT) which coordinates other smaller programs such as the stop.think.connect, has recorded massive benefits. The numbers of attempts at intruding into some cyber space have increased but the preventive measures put in place by the government have endured the attacks. In 2007, the US-CERT reported that 12,000 incidents of cyber crime were reported. In 2009, reports by the Government Accountability Office stated that cyber crime incidents had increased to about 24,000. These incidents are few and isolated given thet millions of attempts to intrude into government websites and databases are made each day with pentagon recording millions of attempts per day. Two of the three sets of variables (increments in the numbers of cybersecurity professionals and increment in the numbers of programs to fight cyber insecurity) have managed to achieve significant benefits through the development of antiviruses, secure websites, and other means to secure the cyber space. The third variable which is the economic investment in cyber security has not achieved any meaningful returns because more money is invested to curb evolving cyber crime activities.
References
DHS needs to improve the security posture of its cybersecurity program systems. (2010). Washington, DC: Dept. of Homeland Security, Office of Inspector General.
Goth, G. (2009). U.S. Unveils Cybersecurity Plan. Communications of the ACM, 52(8), 23.
Homeland Security. (n.d.). Cybersecurity Overview. Retrieved January 17, 2014, from https://www.dhs.gov/cybersecurity-overview
Madsen, W. (2002). Industry's Attitude To US Cybersecurity Plan. Network Security, 2002(12), 2-3.
Marshall, P. (2003). Cybersecurity. Washington, D.C.: CQ Press.
Nextgov. (n.d.). How Many Cyberattacks Hit the United States Last Year?. Retrieved January 17, 2014, from http://www.nextgov.com/cybersecurity/2013/03/how-many-cyberattacks-hit-united-states-last-year/61775/
Rosenzweig, P. (2013). Cyber warfare: how conflicts in cyberspace are challenging America and changing the world. Santa Barbara, Calif.: Praeger.
U.S. Computer Emergency Readiness Team makes progress in securing cyberspace, but challenges remain. (2010). Washington, DC: U.S. Dept. of Homeland Security, Office of Inspector General.