Critical Infrastructure and Homeland Protection
Name
Institutional Affiliation
Date
Critical Infrastructure and Homeland Protection
The United States’ national welfare and prosperity are, in no small extent, dependent on the country’s critical infrastructure. While most of the conventional security threats have mitigated, more is required of public and private organizations in the critical infrastructure sectors to protect their cybersecurity domain. For further improvement of the security and resilience of critical infrastructure, more coordination between the government and private sector in the implementation of stringent cybersecurity strategies to detect and close risky gaps in the cyberspace (Department of Defense, 2018). Currently, there is a need for comprehensive federal legislation to guide government collaboration with the private sector through the DoD on the use of private consumer data for analytics to secure our critical infrastructure.
What this partnership means to the private organizations such as mine is that while the US Department of Defense is on the frontline in studying, detecting and deterring the country’s strategic competitors’ activities on the cyberspace, more support is required from organizations such as mine. In essence, each of these organizations has significant roles to play in the security and resilience of critical infrastructure by implementing the recommended strategies and improving their current efforts. Notably, the private organization has an essential responsibility of conducting a review of their Information and Communication Technology (ICT) infrastructure as these have been soft targets of cyber-attacks posing a substantial risk to the nation’s critical infrastructure.
According to the Federal Emergency Management Agency (FEMA), private organizations own 85% of the national critical infrastructure and vital resources (FEMA, 2011). The DoD has a responsibility of partnering up with all of the key players in the private sector in ensuring that this critical infrastructure is secured. The roles of the DoD in securing critical infrastructure include the following. First, the DoD has a vital role in providing first-line defense from external state and non-state attackers. The department has the responsibility of monitoring, detecting, and blocking malicious cyber traffic before it reaches the target in the private or public sector in the country (DHS, 2019).
Second, the Department of Defense has the responsibility of providing training to public and private organizations on securing the critical infrastructure networks in cyberspace. This can be carried out through activities like collaborative training between government officials and key players in the government partners of critical infrastructure. These training sessions can be arranged through specialized government portals where training material can be shared with these organizations.
Thirdly, through collaboration with private organizations as national security partners, the DoD can provide periodic susceptibility assessments on the critical infrastructure. This should be made possible based on the newest knowledge obtained by observation of the potential national security threats and the country’s strategic competitor activity on the cyberspace. As a result, the DoD can identify the strengths and vulnerabilities of the private organization’s resources and provide a recommendation on areas of improvement (DHS, 2019). Based on this information, the DoD should be able to fully document the security and resilience of a critical infrastructure facility.
Finally, the DoD has the responsibility of facilitating private organizations with free tools and resources such as specialized antimalware software, Firewall, and hardware resources. Further, these tools can be used by the partners for sharing information regarding new trends, malware, potential software, and network weak-points that may require improvement.
However, the most important responsibility of the Department of Defense to ensure that the above collaborations and activities are done within the confines of the law. Whereas there is no comprehensive federal law concerning private data protection, several state-level regulations have been enacted to guide consumer data protection and safeguarding of private data. Cybersecurity and critical structure protection being an emerging threat, having a central federal law clearly defining individual data protection and an authority ensuring its compliance is a necessity. It is, therefore, accurate to state that the US laws on private data are outdated. Currently, the DoD does not have any power over private organizations in terms of collaboration and is unable to enforce any rules regarding collaboration to secure critical infrastructure. As it stands, the government, through the department of homeland security, is only able to conduct vulnerability assessments based on voluntary invitation by private organizations (DHS, 2019).
The premise that the establishment of US laws intended for the private sector to be independent and not need the military is debatable as there is no evidence to suggest as much. Data protection, especially when it comes to national security and stability of critical infrastructure from both state and non-state actors were unforeseeable at the time when the current state-level regulations were being enacted (Sloane, 2018). It is crucial to consider the circumstances under which these regulations were enacted. For instance, at the state level, laws such as the California Consumer Privacy Act protects consumer data from businesses with the intention of selling or disclosing private data for profits without the user’s consent. At the same time, it may not be practical to sacrifice privacy for whatever reason, even protection. It would, therefore, be appropriate for experts and legislators to find the perfect balance between protecting data privacy and protecting private organizations owning critical infrastructure from threats of data breach and operations disruption.
Personally, having government agents going through my private data for whatever reason will feel tremendously uncomfortable. As a private organization, one of our main objectives to maintain customer trust and keep a working relationship. Sharing consumer data to the government via DoD will most likely violate this trust, ruin the organization’s reputations, and cause several other businesses and consumers to cut their relationships with us. Protecting the consumer data will, therefore, be within the company’s legal and moral rights. As such, the company will not put consumers’ private data in jeopardy by sharing it with the department of defense.
In hindsight, the current era of the fourth industrial revolution calls for new perspectives to pertinent issues such as national security, civilian privacy, and legislation on data processing. Cybersecurity is a new threat that needs a change in public viewpoints concerning what was regarded as data privacy. As a golden rule, the policymakers should formulate the legislation in such a way that it will enable users to be able to trust the data that is being collected, stored, processed, and shared by private organizations as doing so in the best of their interest (Kerry, 2019). To enable this policy, public participation combined with civic education regarding the new threats and new requirements will go a long way to make the citizens understand the requirements and be able to give their consent.
As opposed to completely sacrificing personal privacy for protection, only the relevant data can be shared with the DoD. However, the legislation mentioned above should explicitly define the type of data that can be shared with the government and the assurances that the owners of this data have in terms of its usage. For instance, the data can be superficially skimmed then narrowed down to a specific individual only when suspicious traffic and activities on the internet. For instance, the user data for a particular IP address or email can only be requested once there is a justifiable cause. In this way, only the users suspected to be involved in a particular activity can have their information requested from the companies instead of the DoD having access to all user information without probable cause.
In conclusion, cybersecurity is a relatively new component of national security as more strategic competitors have resorted to launching attacks on the country via cyberspace. The government, through the DoD, policymakers, private organizations, and civilians, have a collective responsibility of working together to bring come up with solutions that can give the depart of defense a competitive advantage against threats to critical infrastructure. This will involve coming up with a joint federal law governing data privacy and protection and providing guidance on situations where the DoD can request private organizations for private data.
References
Department of Defense. (2018). Cyber Strategy. Retrieved May 1, 2020, from https://media.defense.gov/2018/Sep/18/2002041658/-1/-1/1/CYBER_STRATEGY_SUMMARY_FINAL.PDF
DHS. (2019, October 23). Critical Infrastructure Security. Retrieved May 1, 2020, from https://www.dhs.gov/topic/critical-infrastructure-security
FEMA. (2011). Critical Infrastructure. Long-term Trends and Drivers and Their Implications for Emergency Management
Kerry, C. F. (2019, October 25). Why protecting privacy is a losing game today-and how to change the game. Retrieved from https://www.brookings.edu/research/why-protecting-privacy-is-a-losing-game-today-and-how-to-change-the-game/#_edn4
Sloane, J. N. (2018). Raising Data Privacy Standards: The United States’ Need for a Uniform Data Protection Regulation. J. Marshall LJ, 12, 23.