Federal and State Policy Comparison

Federal and State Policy Comparison

1. A need for better coordination

Even though the federal government makes consistent significant steps towards improving cybersecurity goals through proper funding, the considerable challenges entail a decentralized approach for numerous security agencies where each entity is accountable for its cybersecurity operations. The common characteristic of this approach by the federal government is the absence ‘one-stop shop’ of all information, yet they serve the same goal, improving local and national cybersecurity (Moore, 2019). There is a lot of government data but is scattered across several agencies. This makes it difficult for people outside the information community circle to access such data and depicts an urgent need for better coordination among various information-sharing agencies.

2. Cybersecurity budgets

Quite often, some reports criticize the state-level cybersecurity approach and have been termed a “weak link” towards building a reliable nation’s cybersecurity. Over the last decade, newspapers have given reports with headlines that indicated a severe need for more funding and staff (Hatcher et al., 2020). A study conducted by leading cybersecurity personnel from about fifty states noted that the primary issues concerning the state’s scope have remained unchanged, including a rise in cyber threats, a low supply of cybersecurity experts, and reduced budgets. The “2018 Deloitte – NASCIO cybersecurity study” (2018) noted that about 50% of the states lack an independent cybersecurity budget in the United States, and about 30% have not realized any growth in the budgets. Weighing the difference between implementing cybersecurity threat response techniques and accepting the associated risks would be cheaper to forego the latter option (Dean, 2019). It is costly to combat a cyber-attack after it has happened if the entity in question has no cybersecurity infrastructure. Atlanta, in 2017 lost about $2.6 million after failing to pay ransomware worth $52,000 (Dean, 2019). It was reported that Atlanta’s intrusion detection systems were obsolete but would have cost only $100,000 to upgrade. Budget constraints were associated with the delayed upgrade.

3. Internal Threats

Regardless of how good cybersecurity infrastructure for federal or state may seem, no one is immune to new threats. Bisson (2018) published a report on the possibility that data belonging to about 240,000 Department of Homeland Security workers may have been exposed in a data breach attack. In 2017, the lead privacy officer for DHS indicated that a former employee had an unauthorized copy of the DHS’s investigations management system. According to their initial assessment, the employee had data about employment information, dates of birth, and social security number for 247,167 employees and other former employees in 2014 (Bisson, 2018). Additionally, the ex-employee had phone numbers, social security numbers, physical addresses, email addresses, and names for all people involved in federal case investigations from 2002 to 2014. This isolated event raises the question of employee privileges and national policies.

4. Workplace policies

In the case detailed above, it seems employees are granted rights beyond what they should have. It is reasonable that all employees be given the least or minimum privileges that can enable them to perform their roles. If one employee could access over 240 000 pieces of information yet had already stopped working for the federal government, what kind of policies should be implemented to prevent a repeat of the same? Both federal and state cybersecurity policies should retrieve all equipment from personnel who no longer work for them (Bisson, 2018). This will prevent federal and state information exposure that could affect ongoing investigations or leak data about persons involved in the inquiry. There must be more stringent confidentiality agreements that ex-employees will not expose information they may have acquired from various agencies. For instance, after the 2017 data breach event, the DHS was forced to collaborate with local law enforcement agencies to technically evaluate elements of data exposed, conduct risk assessments for people whose data was leaked, and conduct a thorough forensic investigation of the data leaked while ensuring that ongoing investigations were not compromised (Bisson, 2018). Additionally, authentication systems should restrict all login credentials from containing dates of birth and personal information that could otherwise be obtained in case of a data breach. To combat a potential cybersecurity threat, state and federal agencies must review policies on who access leaked data and watch for suspicious access.

5. Cybersecurity expertise versus federal and state readiness

With the exponential rise in cybercriminals, private industry and government agencies have continued hiring more personnel to maintain cybersecurity readiness and mitigation measures. It is anticipated that globally, there will be a shortage of about 3.5 million cybersecurity personnel by 2021 (Moore, 2019). In the past, this shortage has pressured federal and state levels to hire only the best cyber-ops experts. Their policies on hiring such talent entail people with commendable competence in software assurance, digital forensics and forensics analysis, networks and systems engineering, intelligence and investigation, vulnerability detection and assessment, cyber risk and strategic analysis, and cyber incidence response (Moore, 2019). According to Chris Krebs, the cybersecurity and infrastructure agency noted that the federal and state agencies ought to innovate hiring techniques since a significant proportion of the top cybersecurity expert talent goes to the well-paying private industry (Johnson, 2020). There is a need to redirect government cybersecurity personnel into the military, the skillset required and mission objectives are closely aligned (Johnson, 2020). Some of the critical ways to hire more talent entail having a cyber talent management system for enhanced recruitment and paying competitive recruit salaries. Such a move is essential for maximizing national security.

6. Collaboration

The DHS has a holistic view of cybersecurity preparedness, which is commendable. The cybersecurity and infrastructure security agency protects the US’s vital infrastructure from cyber and physical threats (“CISA”, 2020). This function demands reasonable collaborative efforts between private industry and government agencies. To realize its mission, the significant cybersecurity policies in place consist of engaging global cybersecurity experts in improving resilience and security in cyber systems, nurturing international teamwork to combat malicious software, and facilitating research into building a more efficient cyber workforce (“CISA”, 2020). However, in the US, a typical obstacle in the state and federal cybersecurity policy flaws is the lack of uniform threat intelligence sharing. Federal agencies have issues related to organizational politics and how they feel they can better attain more optimal cybersecurity measures. This has lowered the possibility of fluent federal-state cybersecurity collaboration.

Conclusion

From the above discussion, federal agencies are leading in implementing better state-level cybersecurity policies. This implies that there is much room for improvement concerning the states’ cybersecurity readiness. Overall, states must: collaborate with research universities and the private industry to develop better cyber-operations talent, be given more funding from federal governments, and advocate for more state-level funding to improve cybersecurity operations. Furthermore, states should create cybersecurity readiness simulations and exercises, issue research grants for cybersecurity studies, generate appropriate cyber incidence response policies and measures and do more analysis and outreach.

References

2018 Deloitte-NASCIO Cybersecurity Study – States at Risk: Bold Plays for Change – NASCIO. (2018). Retrieved 17 October 2020, from https://www.nascio.org/resource-center/resources/2018-deloitte-nascio-cybersecurity-study-states-at-risk-bold-plays-for-change/

ABOUT CISA | CISA. (2020). Retrieved 17 October 2020, from https://www.cisa.gov/about-cisa

Bisson, D. (2018). 240,000 Federal Employees’ PII Potentially Exposed in DHS Data Breach. Retrieved 17 October 2020, from https://www.tripwire.com/state-of-security/latest-security-news/240000-federal-employees-pii-potentially-exposed-in-dhs-data-breach/

Dean, A. T. (2019). The Growth of Ransomware and Its Impact on City Governments (Doctoral dissertation, Utica College).

Hatcher, W., Meares, W. L., & Heslen, J. (2020). The cybersecurity of municipalities in the United States: an exploratory survey of policies and practices. Journal of Cyber Policy, 5(2), 302-325.

Johnson, D. (2020). CISA chief wants younger, more experienced hackers in the federal government — FCW. Retrieved 17 October 2020, from https://fcw.com/articles/2020/08/03/johnson-krebs-younger-cyber-staff.aspx

Moore, M. (2019). Inside the Government Cybersecurity Landscape: Federal vs. State. Retrieved 17 October 2020, from https://www.tripwire.com/state-of-security/security-data-protection/cyber-security/government-cybersecurity-federal-state/

ORDER A PLAGIARISM-FREE PAPER HERE

We’ll write everything from scratch

Federal and State Policy Comparison

Instructions

Write a 4 page paper on Federal and State cyber security Policy Comparison. Use the attached video and PDF for review and as needed.

Step 2: Preview ELITE

To prepare for the fast-paced cyber battles in ELITE, the first step is to watch the introductory video titled “ELITE Overview.” This is the first of three videos that will prepare and guide you in completing the tabletop exercise.

Federal and State Policy Comparison

Once you have viewed the video, begin familiarizing yourself with the contents of both the Application Model Reference and the ELITE Student Manual. Begin to learn about ELITE and your assigned sector by reading sections in the student manual: “2.1. Themes” through “2.5.2. Team Goals.” This will give you an overview of the exercise and your team’s objectives and perspectives. For an idea of decisions that will need to be made relevant to your sector, see the appropriate table in “3. Decision Reference” in the Application Model Reference.

After you finish the video and reading, proceed to the next step, in which your team will address policies in your sector at the federal and state levels.

Step 3: Compare Federal and State Policies

In the previous step, you were provided with a video and reference materials that gave you an overview of the tabletop exercise and the sector assigned to you. Now, each team will need to prepare a brief, itemized list of cybersecurity policy issues as it applies to the team’s assigned sector. After completing the list, with the same industry-specific focus, each team will write a two- to three-page Federal and State Policy Comparison report that compares federal policies with individual state standards that might exist.