Introduction
It is important to note that the problem of cybersecurity is a complicated and intricate matter, which is comprised of a wide range of conflicting interests in regards to individual freedom and privacy, national security, and the allocation of responsibilities between governmental institutions and corporate entities. Therefore, in order to properly assess and analyze the given issue, one should assess the brief historical background of the subject at hand. The arms race in the field of cybersecurity began during the cold war with the emergence of the first computers, but the key turning point in recent American history was the 9/11 attack (Middleton, 2017). In other words, the event jumpstarted a cascade of actions, which led to a higher degree of prioritization of national security compared to individual privacy. The early 2000s was also the period of the internet boom, where the first major tech companies began to emerge, which meant that user data collection was massively increased (Middleton, 2017). These major shifts in both legislative and political arenas took place under the Bush Administration.
Under the Obama Administration, the highlight event in regards to conflicts between national security and cybersecurity was initiated by a controversial figure, Edward Snowden, who leaked the key documents and evidence about mass surveillance being undertaken in the United States. The incident caused a major backlash from Europe, where it was stated that many French and German communication channels were under the surveillance of the National Security Agency or NSA (Buchanan, 2016). However, the most relevant piece of information for the given critical analysis is the cooperation of corporations with the NSA (Buchanan, 2016). In other words, the NSA was conducting mass surveillance and data collection from both its own sources and corporate entities.
The Trump Administration mostly followed the latest directions of the previous administration by focusing on consumer privacy and improving cybersecurity for critical infrastructure and federal networks. In other words, the efforts aimed to “deepen the federal cybersecurity bench, accept recent bipartisan recommendations for policy improvement and strategic direction, and continue U.S. leadership in public-private and international partnerships” (Howard & Arimatéia da Cruz, 2017, p. 276). The Biden Administration’s focus is put on cybersecurity in the private sector in order to protect corporate entities from external cyberattacks, which are becoming more prominent in the modern age (CITE2). Therefore, there was a major shift in prioritization towards cybersecurity in the private sector after the necessary legislative adjustments were made for user data privacy protection under the Obama and Trump Administrations.
What Problem(S) The Issue Involves or Could Involve
The first problem of the given issue is the privacy of product users of corporate or private entities. For example, Apple is in a conflict with the FBI in regards to the accessibility of Apple consumers’ data, which demonstrates how individual privacy rights can outweigh national cybersecurity interests (Ahlam, 2020). Considering the fact that major critical infrastructure elements are becoming targets of external cyberattacks, the government and private enterprises are interested in increasing the cybersecurity of the private sector. However, such cooperation might require a higher degree of authorization for the use of data from private entities, which is in conflict with user data privacy interests. Therefore, this is the problem of prioritization of national cybersecurity interests against individual privacy ones.
The second problem is centered around the fact that cyberattacks on individuals as well as enterprises are on the rise, which prompts a major discussion and perspective changes from the users themselves. Client data security is becoming more critical and important in the current environment of cyberspace, which is why the concerns of security are becoming more of a priority than individual privacy (Ameen, 2021). The main reason is that the latter might require the former in order to be effective and exist at all. The real-world example is the fact that small businesses are becoming a prime target of cyberattacks, which means that the attackers are not only focusing on large corporations or entities but also individual entrepreneurs and businesspeople (Rosenbaum, 2021). One cannot demand to have user data privacy without ensuring security first, and security requires a strong, resilient, and impenetrable infrastructure, which is capable of protecting the private sector and consumers. Therefore, there is a possibility that absolute user data privacy cannot exist without some form of sacrifice of such privacy rights for government agencies in order to reduce the threat from external attacks.
List of Best Practices
- A triangular relationship framework between customers, agencies, and businesses;
- The 12-point vulnerability model to identify and eliminate product vulnerabilities;
- The corporate cybersecurity model is comprised of recognition of indirect and direct policy costs, institutionalizing of cross-vector collaboration, threat articulation, information sharing in a candid manner, and engagement in complex simulation exercises to identify and eliminate the key vulnerability points.
- Education and self-education as individual cyber protection measures;
- The redundant protective measures against intentional cyber threats and attacks.
Explanation of the Practices
It is important to point out that there are a number of measures, which can be undertaken in order to minimize the risk of cyber threats. Cybersecurity threats are various actions that can lead to breaches of the information security state. In other words, these are potentially possible events, processes, or actions that can harm the information or cyber environment. The goal of cybersecurity is to protect data and to predict, prevent and mitigate the consequences of any harmful influences that could harm information. Methods of protection include the means, measures, and practices that must protect cyberspace from threats, including accidental or malicious, external, and internal.
The first and most important measure in order to ensure the highest degree of cybersecurity revolves around a triangular relationship framework. It is stated that “the threat posed by cyber attacks requires corporations to form partnerships with customers and law enforcement” (Guiora, 2017, p. 93). However, such a relationship is difficult to achieve, and thus, the main catalyzer needs to the common interest alignment of all parties. The triangular relationship is required to minimize the risk of cyber threats, but it is not designed to eradicate them. Therefore, the second practice is the implementation of the 12-point vulnerability model aimed at improving the security of corporations’ products. Such a model is necessary in order to comprehensively assess a product’s vulnerability to attacks (Guiora, 2017). In other words, each product, including both software and hardware, needs to undergo strict and systematic examination for potential cyber vulnerabilities.
The third practice is focused on the corporate cybersecurity model, which is comprised of five main parts. It includes recognition of indirect and direct policy costs, institutionalizing of cross-vector collaboration, threat articulation, information sharing in a candid manner, and engagement in complex simulation exercises to identify and eliminate the key vulnerability points (Guiora, 2017). These measures will ensure that each member of the private sector is capable of minimizing the threat from cyberattacks. The dynamics of technology development in recent years are progressing, and thus, new technologies and equipment are being created and introduced that require a quick response and ensure maximum protection. By keeping abreast of the latest trends in cybersecurity and understanding the severity of potential problems, organizations can protect against threats and be confident that information and cybersecurity are up to date. Information protection should be carried out in a comprehensive manner, in several directions at once. The more methods are used, the less the likelihood of threats and leaks.
The fourth practice is centered around individual protection, which heavily emphasizes education, especially self-education. The major problem with individual attacks is not the lack of instruments to eliminate cyber threats but rather the lack of knowledge and skills among the public in regards to the use of these available tools (Guiora, 2017). In other words, the most vulnerable populations, such as older adults, need to be guided and aided by younger generations as well as governmental campaigns.
The fifth practice is focused on the reduction of cost and loss as the core elements of risk management, which is a combination of redundant protective measures. The main threat comes from artificial and deliberate threats. Given the ever-increasing computerization of all spheres of business and the increase in the number of electronic transactions, these threats are also rapidly developing. It is stated that “some set of potentially redundant protective measures are combined with designs that are less susceptible to faults to design composites that are relatively less susceptible to failures out of components that are individually more susceptible to faults” (Johnson, 2015, p. 88). In other words, the introduction of additional redundant steps in the security framework enables increased protection and risk reduction against intentional attacks. The latter needs to be used in combination with resilience-based methods, which are focused on protecting against random or natural threats.
Biblical Foundations
In the case of biblical foundations, the Bible supports the practices mentioned above. The Bible states: “two are better than one; because they have a good reward for their labour. For if they fall, the one will lift up his fellow: but woe to him that is alone when he falleth; for he hath not another to help him up. Again, if two lie together, then they have heat: but how can one be warm alone?” (Holy Bible, King James Bible, 1769/2017, Ecclesiastes 4:9-11). The verses emphasize the importance of a cooperative and collaborative approach towards the common goal.
Since the majority of the previously mentioned practices involve such cooperation, it is important to point out that the Bible promotes and facilitates these efforts in the face of a greater danger, which includes external cyber threats aimed to weaken all essential pillars of American society. For example, corporations, agencies, and customers need to work in unison in order to substantially reduce the risk of cyberattacks. Similarly, younger generations should lead the educational efforts against internet illiteracy among older adults in order to prevent individual cyberattacks. Two different protective measure frameworks require a proper combinatory structure to build both resilience from natural risks and redundant defense against intentional dangers.
Conclusion
In conclusion, the issue of individual user data privacy and national security is a conflicting problem, which was the result of questionable actions from the NSA. The narrative improved with the subsequent efforts to protect individual privacy from such activities, which were primarily done through the legislations of the Obama and Trump Administrations. However, the recent evidence presented in the critical analysis shows how the nature of cyberattacks shifted to be a serious concern for the private sector as well. Thus, the current measures and efforts are no longer the question of choosing between individual privacy protection or national security since the former is impossible without the latter. On the basis of the most effective practices as well as the Bible, it is critical for all parties to unite against the given common threat.
References
Ahlam, R. (2020). Apple, the government, and you: Security and privacy implications of the global encryption debate. Fordham, 44, 771.
Ameen, N. (2021). Keeping customers’ data secure: A cross-cultural study of cybersecurity compliance among the Gen-Mobile workforce.Computers in Human Behavior, 114, 106531.
Buchanan, B. (2016). The cybersecurity dilemma: Hacking, trust, and fear between nations. Oxford University Press.
Guiora, A. N. (2017). Cybersecurity: Geopolitics, law, and policy. Routledge.
Howard, T. D., & Arimatéia da Cruz, J. de. (2017). Stay the course: Why Trump must build on Obama’s cybersecurity policy. Information Security Journal: A Global Perspective, 26(6), 276–286. Web.
Johnson, T. A. (2015). Cyber-security: Protecting critical infrastructures from cyber attack and cyber warfare. CRC Press.
King James Bible. (2017). King James Bible Online.
Middleton, B. (2017). A history of cyber security attacks. Auerbach Publications.
Rosenbaum, E. (2021). Main Street overconfidence: America’s small businesses aren’t worried about hacking. CNBC.
Scott, S. (2021). Biden orders Endpoint Detection and Response (EDR) Initiative. Calhoun: The NPS Institutional Archive, 1, 1-7. Web.