Introduction
The changing global environment is presenting numerous opportunities and challenges to most of the stakeholders involved in a wide range of business and security activities. The National Cybersecurity Strategy (NCS) provides unique guidelines that compel key partners to support the United States’ mission towards dealing with cyber insecurity. However, some gaps exist that could maximize the level of attacks against private data and the current critical infrastructure systems. These key issues could explain why additional mechanisms, changes, and improvements would be recommendable. A balanced approach in the manner in which the Department of Defense (DoD) collaborates with private organizations is needed to take the war against cybercrime to the next level while protecting personal data.
Replication of the General Data Protection Regulation
The U.S. lags behind in the introduction and implementation of a policy model capable of strengthening personal data protection. In this country, only a few guidelines are in place to focus primarily on the rights of the citizens. Specifically, medical facilities, companies, and banking institutions are required to follow outlined regulations whenever handling, using, and sharing confidential personal data. Based on this understanding and the positive attributes associated with the General Data Protection Regulation (GDPR), it is agreeable that an equivalent needs to be replicated in the U.S. (Intersoft Consulting, n.d.). This provision means that most of the agencies and companies relying on personal information will have to comply and ensure that personal rights are taken into consideration.
The idea seems plausible since more people will have increased trust with most of the companies and medical institutions. The individuals would be willing to share more information and ensure that firms utilize them in a private manner to maximize their experiences. Kaur and Ramkumar (2022) believe that the effort would help more business entities to attract an increasing number of customers. This outcome is possible since the targeted beneficiaries would trust the implemented practices. The stakeholders would be empowered since they will understand that the companies care about the available information. Consequently, a positive brand name will develop, thereby making it possible for the involved businesses to record positive gains.
Protection of Critical Infrastructure
The government’s target, through the Department of Defense (DoD), has been to address the problems of cyberattacks and subsequent insecurities. The main objective is to defend the country’s critical infrastructure systems against any form of threat or attack. The DoD Cyber Strategy 2018 describes the importance of protecting the homeland and critical infrastructure systems. For private organizations, this objective would have a huge meaning since the country’s connection and telecommunication have become interlinked (Kaur & Ramkumar, 2022). Most of the corporate entities are involved in the provision of Internet support technologies and frameworks that could become the primary targets for cyberattackers. This scenario would shed more light about the complexity of critical infrastructure systems and the reason why all stakeholders, including private companies, should be part of this strategy.
The primary aim is to support and protect the country’s defense industrial base (DIB) networks since they play a significant role towards supporting the country’s functionality. The model reveals that numerous agencies, facilities, connectivity technologies, and players are involved. The wider concept of cyber environment cannot be described without taking into consideration the positions and goals of DIB entities (U.S. Department of Defense, 2018). Consequently, private companies should be involved in the proposed joint effort to support all activities and initiatives intended to address the problematic issue of cyber insecurity in the country. Private organizations will be required to become committed partners, share resources, provide timely information, and pursue collaborative efforts to deal with this predicament.
DoD Responsibility
In a scenario whereby most of the critical infrastructure systems in the country are owned by private entities or companies, the DoD would be undertake various responsibilities in accordance with the cyber security strategy. As a government agency, it will be required to apply defense capabilities to protect such systems against any form of attack. For instance, experts reveal that terrorists could choose to target and bomb most of the systems, thereby disorienting all other economic efforts (Kaffenberger & Kopp, 2019). Though military capabilities, DoD would be able to protect such systems against similar threats, thereby ensuring that they remain resilient and capable of meeting the needs of most of the stakeholders.
DoD has access to numerous resources and could mobilize them to prevent or thwart initiated attacks before disorienting the targeted critical infrastructure systems. The agency could go further to support collaborative efforts and ensure that the needs of most of the people are met. While most of the systems would be in the hands of private companies, the department will go further to formulate and set the necessary standards for pursuing cybersecurity efforts. It will offer additional guidelines for streamlining reporting and response mechanisms to incidents. The involved professionals would offer additional support and recovery strategies after the success of a given attack (Rudman et al., 2021). Such measures are essential to maximize the resilience and functionality of various critical infrastructure systems since they have the potential to destabilize the performance of the country’s economy.
Personal Data and Privacy
The current ethical dilemma in the field of cybersecurity revolves around the question of personal data and the move to share it with DoD. Over the years, the government has issued identification numbers, passports, and documentations that eventually define people as citizens of the United States (Intersoft Consulting, n.d.). However, legislators and policymakers have been keen to promote progressive laws that have the potential to limit the kind of personal information they government should request, possess, or keep. In the private business world, corporations tend to gather and update a wide range of information depending on their respective sectors (Kaffenberger & Kopp, 2019). For example, banking institutions would have financial details of their respective customers and confidential details. The same case would be applicable to medical facilities across the country.
Based on this understanding, it would be inappropriate for companies or citizens to give more than enough information to DoD. The scenario would be worse when companies are mandated to share confidential profiles containing private details to the DoD. This kind of approach would be questionable and unacceptable in accordance with the promoted personal rights in the country (Rudman et al., 2021). While the move could be intended to deliver potential benefits in the fight against cybercrime, the government could chose to collect and use the information for the wrong purpose. Consequently, the move would jeopardize the privacy and lives of Americans who expect to have constitutional liberties and be able to pursue their social and economic goals. This analysis means that DoD could go further to liaise with private companies to implement superior defense mechanisms for critical infrastructure systems without necessary having to reveal private data.
Proposed Strategy
The contentious nature of personal information in the American society calls for a better strategy to maximize cybersecurity efforts in the country. The key stakeholders should begin by focusing on the unique attributes of the GDPR and borrow some of them to take personal data protection to the next level. The government can support the introduction of additional mechanisms and policies for private companies to acquire, share, and protect personal information (Kaur & Ramkumar, 2022). A middle ground would emerge whereby most of the stakeholders will be involved to maximize protection while at the same coordinating with the relevant agencies to address the problem of cybersecurity.
DoD could expand its approaches and efforts in such a way that it cushions the computer systems different private companies utilize to serve the targeted customers. The formulated laws would shed more light on the specific details that companies and government agencies could share whenever pursuing the targeted Cybersecurity objectives. While protecting critical infrastructure systems, it becomes necessary to safeguard the rights and privacy of American citizens (Kaffenberger & Kopp, 2019). The ultimate aim should be to prevent external attacks on the country’s critical systems and ensure that all areas of the economy continue to function optimally.
Conclusion
Private organizations have a unique role to play in the war against cyber insecurity since they possess most of the critical infrastructure systems. By borrowing some lessons from the Europe Union’s GDPR, the U.S. can strike a balance between the current cyber efforts and the involvement of private entities. The introduction of additional laws to protect personal data is recommendable while improving coordination, response, and restoration mechanisms. Such measures will help protect critical infrastructures and eventually take the economy to the next level.
References
Intersoft Consulting. (n.d.). General Data Protection Regulation. Web.
Kaffenberger, L., & Kopp, E. (2019). Cyber risk scenarios, the financial system, and systemic risk assessment. Carnegie Endowment or International Peace. Web.
Kaur, J., & Ramkumar, K. R. (2022). The recent trends in cyber security: A review. Journal of King Saud University – Computer and Information Sciences, 34(8), 5766-5781. Web.
Rudman, M., deLeon, R., & Martinez, J. (2021). Redefining homeland security: A new framework for DHS to meet today’s challenges. CAP. Web.
U.S. Department of Defense. (2018). Summary: Department of Defense cyber strategy 2018. DoD.