the new problem of cybersecurity policy n.
Skip this Video
Loading SlideShow in 5 Seconds..
The New Problem of Cybersecurity Policy PowerPoint Presentation
Download Presentation
The New Problem of Cybersecurity Policy

Loading in 2 Seconds...

play fullscreen
1 / 35

The New Problem of Cybersecurity Policy - PowerPoint PPT Presentation

  • Uploaded on

The New Problem of Cybersecurity Policy. Presentation Outline. General Principles & Definitions Unique Factors Affecting Cybersecurity Policy Brief Assessment of Bush vs. Obama Cybersecurity Policy The Way Forward. I. General Principles and Definitions. Public Policy.

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation

PowerPoint Slideshow about 'The New Problem of Cybersecurity Policy' - hertz

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
presentation outline
Presentation Outline

General Principles & Definitions

Unique Factors Affecting Cybersecurity Policy

Brief Assessment of Bush vs. Obama Cybersecurity Policy

The Way Forward

public policy

Public Policy

Definition: Public Policy is a collection of unofficial norms, written laws, and administrative regulations that guide and constrain the behavior of actors within a policy arena.

policy arena definition

Policy Arena: Definition

A functional field of action within which disparate actors are guided and obligated to abide by a common policy.

policy arena typical actors elements

Policy Arena: Typical Actors & Elements

Traditional Political Institutions (Congress/Presidency/Courts)

National Administrative Agency

State Administrative Agencies

Interest Groups (Private/Public


Individuals and Organizations Subject to Norms of Policy Arena

general rules for creating growing a federal policy arena

General Rules for Creating & Growing a Federal Policy Arena

Maximize Support

Constituents: Those who be benefit disproportionately

Clients: Those who mildly benefit

Minimize Barriers

Victims: Those who suffer from or significantly coerced by the Policy

vertical barriers

Vertical Barriers

The U.S. Constitution

10th Amendment

Diversity of State Cultures

Diversity of Local Culture

Private Property Rights

Federal Resources

vertical construction intergovernmental command and control hierarchies

Vertical Construction:Intergovernmental Command and Control Hierarchies

Generating Support

Sense of Vulnerability

Desire to be Regulated


The Golden Rule

Intergovernmental Monetary Transfers (NIMS)

horizontal growth construction of policy networks

Horizontal Growth: Construction of Policy Networks



Indifference or Unawareness of the Problem

Lack of threat or other incentives to collaborate (Ohio Dept Agriculture)


Strong State/Local/Regional Government Support

Strong Private Sector Support

Sense that a Regional Problem Exists that Federal Government Policy does not address (International Symposium on Agroterrorism)

the end result us federal policy arenas
The End Result: US Federal Policy Arenas










comparing policy arenas
Comparing Policy Arenas

Nuclear Policy: History

(65 Years)

1946: AEC

1947: NSA





Present: 2011

Cybersecurity Policy: History

(8 Years)







DSOC (July)

Present: 2011

nuclear vs cyber technology
Nuclear vs Cyber Technology

Nuclear Technology

Cyber Technology

Non Lethal

Origins: Peacetime

Fulcrum of Domestic Economy



Unregulated Citizen Use (no license or supervision or training required)

  • Lethal
    • Origins: World War II
    • Established Opposition Groups that oppose
  • Regulation
    • Centralized
    • Highly Restricted Use (expensive licenses, strict supervision, extensive training
3 essential components of a cybersecurity policy arena

3 Essential Components of aCybersecurity Policy Arena

1. Intergovernmental Authority Hierarchy

2. Voluntary Public/Private Networks

3. Citizen Acceptance & Support of Cybersecurity Policy Norms

The Cybersecurity Triad. Journal of Homeland Security & Emergency Management, 2009, Vol 6, Issue 1, Article 79

1 the intergovernmental cybersecurity hierarchy
1: The Intergovernmental Cybersecurity Hierarchy




Top Down

Federal Political Institutions & Administrative Agencies


State Political Institutions & Administrative Agencies

Bottom Up

Local Political Institutions & Administrative Agencies

2 the horizontal network
2: The Horizontal Network

Horizontal Construction: Policy Networks

Public Agencies

Private Corporations

No Hierarchy: Voluntary Coordination

Example: Infragard

3 citizen acceptance of policy arena norms

3: Citizen Acceptance of Policy Arena Norms

Essential for Survival of Policy Arena

Facilitated by

Educational Campaigns

Crisis that Shapes public opinion

Citizen Awareness of Threat/Danger

bush era cybersecurity initiatives

Bush Era Cybersecurity Initiatives

National Strategy to Secure Cyberspace (2003)

National Infrastructure Protection Plan

NIPP 2006

NIPP IT Sector Specific Plan 2007

NIPP 2009

Comprehensive National Cybersecurity Initiative 2008

the bush soft management cyber approach

The Bush Soft Management Cyber Approach

Managing and Coordinating Sector Responsibilities:

As described in HSPD-7, the DHS is responsible for managing and coordinating IT Sector CI/KR protection activities, including leading the development of an SSP for the IT Sector. Within the department, this responsibility has been delegated to NCSD. Sector responsibilities include maintenance and update of the SSP, annual reporting, resources and budgets, and training and education. Public and private sector security partners have common and unique roles and responsibilities

NIPP Information Technology Sector Specific Plan, 2007, p 4

obama era cybersecurity initiatives

Obama Era Cybersecurity Initiatives

Appointment of Cyber Coordinator, January 2009

Cyberspace Policy Review, March 2009

Legislative Initiative, May, 2011 (déjà vu)

Reinsertion of DHS into Cybersecurity Loop

Emphasis of Public/Private Networks

the obama top down approach
The Obama Top Down Approach

I. Leading from the Top

Ensuring that cyberspace is sufficiently resilient and trustworthy to support U.S. goals of economic growth, civil liberties and privacy protections, national security, and the continued advancement of democratic institutions requires making cybersecurity a national priority. Accomplishing this critical and complex task will only be possible with leadership at the highest levels of government.

Cyberspace Policy Review, March 2009

finding a white house cybersecurity coordinator
Finding aWhite House Cybersecurity Coordinator

Melissa Hathaway

Howard A. Schmidt

February to April 2009

Produced Cyberspace Policy Review, March, 2009

The Nation’s First Cyber-Czar

December 22, 2009

the gao assessment of cnci december 2008 through march 2010

The GAO Assessment of CNCI: December 2008 Through March 2010

Agency Roles not Defined

No Effectiveness Measures

Little Leadership/Transparency

Little Progress in Public Education


  • Accept Limitations
  • Lack of Resources
  • Public Lacks Appreciation for Cyber Threat
  • The Outline of the Intergovernmental Hierarchy is barely recognizeable
  • Build the Cybersecurity Triad
    • Intergovernmental hierarchy
    • Public/Private network
    • Citizen Awareness