The Internet has forever changed the way the world does business, communicates, and shares information. Because the Internet and computers provide a convenient, fast method to communicate, do business, and share information, there are a growing number of businesses, individuals, and governments that have shifted its functions and activities to the Internet. Like all other important structures, it is very vital that nations and businesses develop cybersecurity systems to protect the information stored on its information technology (IT) infrastructures. As a result of globalization, it has become exceedingly difficult to maintain one’s competitive edge. Because much of the intellectual property and personally identifiable information are stored online, U.S. industries and government agencies must keep up-to-date on cybersecurity so as to protect its IT infrastructures from intrusion and, by doing so, maintain its competitiveness and innovations from competing nations. As the world becomes more globalized, invisible or physical borders have become nearly impossible to safeguard. The Internet is no exception. Because the Internet is a globalized construction, the laws and regulations pertaining to one nation do not transcend into that of another nation. As a result, individuals or nations may attack the IT infrastructure of other individuals, industries, or nations with little to no repercussions.
In addition to the challenges of enforc...
ing and implementing regulations, the Internet is constantly evolving. Despite the many challenges faced by industries and nations in implementing and enforcing regulations, the convenience of the Internet has influenced more and more industries, individuals, and government agencies to move towards expanding its presence on the Internet. Therefore, it is essential that industries and governments advance and keep up-to-date its cybersecurities as the Internet evolves in order to protect its intellectual property, personally identifiable information, and IT infrastructures. Even though there are challenges in enforcing and regulating cybercrimes, governments and industries can strengthen and improve its cybersecurity and IT infrastructures through the implementation of cybersecurity standards and procedures to better protect intellectual property, personally identifiable information, and assets from cybercrimes.
The basis of this paper is influenced by the attacks against the U.S. Office of Personnel Management (OPM). The OPM is a civil service agency that recruits applicants seeking employment in the U.S. government. In addition to recruitment, the OPM is responsible for the security clearances of government employees, and, therefore, the OPM handles the investigations and background checks into government employees. In June 2015, the OPM had found that there was a breach in the background investigation records of current, former, and potential federal employees and contractors. According to the U.S. Office of Personnel Management (2016) report, 21.5 million Social Security Numbers (SSNs), which included 19.7 million people who applied for a background investigation, as well as, 1.8 million non-applicants that were spouses, partners, or co-habitants.
In addition to the stolen SSNs, the attackers obtained around 5.6 million fingerprint records of applicants, as well as, the usernames and passwords of the applicants (U.S. Office of Personnel Management, 2016). Before this incident occurred, another breach of the OPM’s I
infrastructure was reported. During this breach, attackers took the personnel data (full name, birth date, addresses, and SSNs) of current and former government employees (U.S. Office of Personnel Management, 2016). The OPM neglected to take simple steps to secure its IT infrastructure that may have prevented the breaches. According to the Office of the Inspector General (OIG), the OPM has had a long history of negligent security and has continually ignored the recommendations of the OIG (Davidson, 2015). As a result of the insufficient cybersecurity in place at the OPM, millions of current, former, and prospective government employees’ careers have been impacted and their personally identifiable information has been taken.
Regulations and Enforcement Challenges
Because the Internet transcends borders and allows for anonymity, it is very difficult to enforce and regulate cyber attacks. Laws and regulations are exceedingly hard to enforce because the attacks can come from any person from anywhere in the world and the different perspectives of cyber crime and enforcement in each sovereignty. The European Convention on Cybercrime (ECC) is the first and only international accord that addresses the problems of cyber attacks and the need for cooperation between state actors to enforce and regulate cyber crime within each nation’s borders (Introduction and Overview – Legal & Law Enforcement Challenges). This agreement indicates the policies and standards that each signatory must adopt. The ECC also indicates the duty each state has in preventing cyber attacks of non-state actors on other signatories in its jurisdictions and that each signatory adopts the responsibility to criminalize culprits of cyber crime (Introduction and Overview – Legal & Law Enforcement Challenges). Without cooperation and consensus on cyber crime between nations, the enforcement and implementation of regulations against cyber crime and criminals would be nearly impossible. Due to the different viewpoints and regulations adopted in each nation, consensus and cooperation in the enforcement and regulation of cyber crimes has been insufficient.
This cooperation and consensus can also be beneficial within a nation between the private and public sectors. Because many government agencies rely on contractors and other private industries, it is important that both the private and public sectors work together to secure its IT infrastructures. According to the Cyberspace Policy Review by the Department of Homeland Security (DHS) (2015), there needs to be shared information between the private and public sectors on cybersecurity, detection methods of threats, breaches and attack methods, remediation practices, and digital forensic capabilities. Information sharing between the private and public sectors could greatly improve the cybersecurity of the U.S. However, there are some challenges faced by a private-public sector partnership. Industry is concerned that some federal laws may prevent a complete collaboration due to the perceived collusion between industry and the government, fear of releasing proprietary information, and the reputational harm resulting from publicized attacks, as well as, the lack of trust in sharing information by the federal government and the necessity to maintain secrecy on intelligence sources and methods used by the federal government (Department of Homeland Security, 2015). These barriers create a lack of full commitment to partake in the private-public sector partnership.
As a result of the concealment
- Business Law
- Common Law
- Community Policing
- Consumer Protection
- Contract Law
- Copyright Infringement
- Criminal Law
- Employment Law
- Family Law
- Individual Responsibility
- Marijuana Legalization
- Private Sector
- The juvenile
- Tort Law
- United States Constitution
- War on Drugs