The purpose of this report is to build a line of investigation and to make a case on the proper position of the government in the regulation of cyberspace for the industry. In the light of this issue, this paper would discuss whether the government is useful in the battle against cybercrime, as well as whether the government’s policies in place are beneficial to the situation. The study will also explore the rationale and need for cybersecurity policy, as well as the obstacles that the government encounters while implementing cyberspace policies with an emphasis on the business environment. Finally, the research will examine the relationship between cyber technology companies and the government and how arising issues affect businesses. A preview of this report’s conclusion is, businesses are at the risk of attack through cyber crime and government plays a crucial role in averting cyber threats through proper regulation. To develop this argument, this report first begins by examining government cyber laws, legislations and policies. The paper continues with an analysis of the impact of proper cyber regulation on business safety, challenges to cyber security on companies and issues arising between government and cyber industry businesses.
Government Cyber Regulation, Legislation, and Policies
The growth of businesses and companies have led to extensive collaborations between different sectors of industry with each other as well as with the government. This growth has seen the need for increased networking for major United States infrastructure such as the power grid, the transport system, the mobile industry network, drinking water, trains, the energy sectors of pipeline and gas and the security organizations, etc. (National Cyber Security Alliance (NCSA), 2017). Recognizing that the United States has a critical infrastructure that is quite vulnerable to cyber-attacks, the government through various institutions has put in place regulations, legislations and policies that improve the safety of businesses in the cyberspace.Firstly, in October 2013, the Securities and Exchange Commission (SEC) proposed a cyberspace activity disclosure agreement in which the division gave guidance regarding the reporting of cyber security risk and disclosure of cyber incidents. The focus of the regulation was to distinguish between information which is at the risk of theft and the information disclosed by companies at will. According to NCSA (2017), the agreement was a move to protect investor information in businesses and to compel companies to be proactive in assessing cyber incidents both before and after they happen.
Secondly, in February 2013, President Barack Obama gave an Executive Order (EO) to improve the defense of the U S against cyber-attacks from both foreign and domestic threats. The EO was as a result of increased information sharing between different agencies in government as well as between the government and U. S companies. As directed in the order, the departments of Homeland Security, Commerce and Treasury had to create a voluntary program where information would be shared freely and discreetly between the U.S and technology companies to avert cyber incidents. The agencies passed the recommendations to the President for consideration, and they released the final framework in 2014 (NCSA, 2017).
Thirdly, Congress attempt to pass laws relating to regulating cyberspace for business had been frustrated by interests groups and minor corruption in government until November 2011. (Beauchesne, 2012). The Congress introduced the Cyber Intelligence Sharing and Protection Act (CISPA) that was stalled by discussions in the Senate but was reintroduced in 2015 to the Committee of intelligence and gained support from companies such as Facebook, Microsoft and IBM (Beauchesne, 2012).
Fourthly, the government adopted the policy of giving incentives to companies to compel them to join the various frameworks of regulation in cyberspace. For example in the President’s EO of 2013, the order mandated the tasked agencies to find ways to incentivize companies so that they would join the Voluntary Cyber Security Framework (NCSA, 2017). Other incentives are Cybersecurity insurance, grants, liability limitations, Cybersecurity research and public recognition. For a long time, government and businesses did not agree on cyberspace legislations due to fears of insider spying and information fetching. Therefore, the U.S has adopted policies that treat companies as equal partners in the fight against cyber crimes as opposed to the previous approach of government lording it over the business community (Beauchesne, 2012).
The Impact (Role) of Proper Cyber Regulation on Business Safety
The regulations allowing for increased information sharing between the government and private sectors have led the creation of shared cyberspace frameworks that incorporate high standards, best practices and maturity in business conduct thus resulting in the creation of laws governing how to deal with cyber-attacks and penalties for crimes in cyberspace (Mohr, 2012). The efforts have tremendously improved business safety since companies adopt keen security measures that cushion them from possible responsibility from attacks peddled from within their premises.
Government policy on cyberspace has reduced the cost of business security due to the provision of frameworks and incentives for dealing with cyber incidents. According to Mohr (2012), a survey conducted in 2005 by the National Computer Security Survey (NCSS) found that 67 % of businesses in America had experienced a form of cyber-crime and they had no means to fund for effective security measures. The involvement of the government through proper regulation has seen the reduction of cyber attack statistic to less that 50 % and, the money invested cater for cyber research and testing for new modes of security (Mohr, 2012).
During the role out of various regulations, legislations, and policies, many private businesses, especially technology companies, are reluctant to join forces with the government for fear of secret corporate espionage and spying (Mohr, 2012). Therefore, the government laid out stringent measures regarding the responsibility costs of companies concerning attacks due to weak security protocols in their products, especially technology based products such as software. Businesses have invested heavily in high quality and secure devices that are not easily penetrable through hacking or malicious software to avoid liability. In the long run, the citizens benefit the most from such policy.
The increase in sale and revenue at the expense of reduced losses due to cyber incidents is another impact of government regulation on business cyberspace. For example, before the government intervened and brought about better security for the cyberspace, most businesses had closed their online stores citing security concerns. The government’s entrance into the security transformation agenda has led to the revival of closed businesses and booming of previous ones prone to cybercrime (Mohr, 2012).
Challenges to Cyber Security for Businesses
There are numerous challenges to attempts by the government and stakeholders to resolve the menace of cyber terrorism in businesses. Firstly, the time between a breach of data and detection is significantly long and, it due in part to the failure of firms to be proactive in security checks and maintenance and instead they only react to the situation when the damage is already done (LeClair, 2016). Secondly, while the government continues to invest heavily in cyberspace to enhance security, specialized Cybersecurity groups continue to rise with new methods of devastating economies and businesses. Thirdly, it is evident that money invested does not equal security and even when there is a lot of money to spend, the executives of organizations do not know how to go about it. For example in 2010, a well-financed company, PayPal, was attacked when the hackers attempted to shut down the company’s operations to expose their business practices. There was massive loss of revenue as a result of lost sales. Other challenges are few skilled professionals to enhance cyber security and increased global connections which are a breeding ground for hackers (LeClair, 2016).
Issues arising between Government and Cyber Industry Businesses over Cyberspace Regulation
First, government and technology companies disagree on the sharing of data and information for security reasons. Business executives have thwarted attempts by some legislatures to institute mandatory compliance of firms with all cyberspace regulations through lawsuits. Secondly, there is a deep mistrust of private companies towards government over the discretion and privacy of information shared and how the government might use such information to spy on civilians. Thirdly, technology firms that command a global audience in their operations have major economic motivations and therefore, they keep Washington legislators at a distance to avoid any hindrances. Fourthly, most business executives are of the opinion that while government regulations are helpful to some extent, they only restrict their ability to improve Cybersecurity. Thus, most remain anti-regulation.
Clearly, businesses are prone to cyber-attacks and attempt to secure their businesses without adequate financing, proper collaborative frameworks and top notch security standards will only frustrate their efforts. Therefore, government plays a vital role in regulating the cyberspace by reducing the risk of attacks to enable businesses to conduct their operations in a conducive environment.
Beauchesne, A. M. (2012). “More regulation isn’t the answer.” The New York Times. Accessed5 May 2017.
LeClair, J. (2016). “Critical cybersecurity challenges for 2017 and beyond.” Thomas EdisonState University. Web. Accessed 6 May 2017.
Mohr, A. (2012). “3 ways cyber-crime impacts business.” Investopedia. Web.[www.investopedia.com/financial-edge/0112/3-ways-cyber-crime-impactsbusiness.aspx]. Accessed 5 May 2017.
National Cyber Security Alliance. (2017). “Cyber regulation, legislation and policy.” Stay SafeOnline. Web. [www.staysafeonline.org/re-cyber/cyber-regulationlegislation-policy/].Accessed 5 May 2017.