2. • Subramanian (2010) defines cyber security as:
• “The security of a nation’s computer and telecommunications
infrastructure as well as the data stored within the computers from
outside attack” (Dhillon, 2013, p. 188).
• Cyber security includes protection of:
• Hardware
• Software
• Information in both public and private sectors
• Military
• Communications networks
• Electrical grids
• Power plants
3. • The history of U.S. cyber security policy is examined
through Clegg’s theory of circuits of power.
• Circuits of power “explains power relationships
independent of the particular circumstances of
organizations or their structure. The application of the
theory leads to a complete political appraisal of the
organization” (Dhillon, 2013, p. 190).
• Power circulates in three different circuits:
• Episodic circuit
• Social integration circuit
• System integration circuit
4. • Episodic power – describes the day-to-day interaction,
work, and outcomes (p. 190); can be recognized by
outcomes and actions.
• The attacks of 9/11 led to the creation of the Department
of Homeland Security (DHS); 22 separate departments
merged into one agency.
• The new position of Secretary of DHS would come with
great political power:
• Appointing responsibilities
• Directing funds and resources
• Implementing personnel policy
• Oversight
5. • Creation of DHS led to issues within Congress and other
parts of the federal government:
• Committee Chairs did not want to give up their powers.
• If one committee exercised power, it was resisted by other ones.
• Funds were misappropriated across different agencies nationwide.
• Richard Clarke, author of “National Plan to Secure Cyberspace”
was forced to resign.
• Between 2003-2005, there was no real cyber security strategy;
lack of leadership and “turf wars” kept cyber security czars from
developing cyber security strategies.
• Major cyber security breaches in 2007 and 2008 affected State
Dept., DoD, DHS, NASA and the VA.
6. • These breaches prompted directives HSPD 23 and
NSPD 54 that led to Comprehensive National
CyberSecurity Inititative (CNCI) and the National Cyber
Security Center (NCSC).
• The NSA wanted to be in charge of cyber security.
• In 2009, Obama promised to develop a national cyber
security policy and appoint a federal cyber security
coordinator.
• This position would be above NSA and DHS and
depends on the collaboration between different
organizations.
• According to Dhillon (2013), “episodic power
relationships played a crucial part in the first decade of
7. • A month after 9/11, Senator Lieberman introduced a bill
to establish a DHS that had aspects of cyber security:
• Maintaining a hub of cyber security experts
• Sharing of information concerning cyber security in the U.S.
• Establishing cyber security standards with the FCC
• Certifying national preparedness for cyber attacks
• After DHS was created, cyber security matters took a low
priority
• DHS officials and loyalists to Bush, did not criticize its
lacking cyber security initiatives as most of the country
supported the government’s national security endeavors
unquestionably.
8. • System integration has two subcomponents:
• Production
• Discipline
• The Cyber Security Enhancement Act (CSEA) of 2002
grants companies permission to release customers’
electronic info to government employees without
warrants or legal documents.
• Reports were exempt from Freedom of Information Act requests
• Companies providing info were free from being sued by customers
• Customers did not have to be notified that their info was released
• Stop Online Piracy Act (SOPA) of 2012 was met with a
huge public backlash; major internet companies opposed
SOPA.
9. • Cyber security policy was drastically affected by:
• Turf wars
• Executive orders
• Legislative procedures
• Patriotic culture
• Public backlash
• Major shifts in power within the federal government
• Obama’s 2013 executive order to put cyber security
policy into law will design a framework for the
government and the private sector to “allow intelligence
to be gathered on cyber threats to privately owned critical
infrastructure…so they can better protect themselves”
(Dhillon, 2013, p. 202).