Federal Government and Cyberthreats
...urity the proper attention and focused needed. In addition, encouraging others to do the same. Federal agencies should adopt new, more secure systems and protocols where appropriate. State and local governments can have a similar effect on cybersecurity. In 2003, the Congressional Research Service (CRS) released a major study ("Creating a National Framework for Cybersecurity: An Analysis of Issues and Options") examining cybersecurity. The study discusses a variety of important public and private cybersecurity concerns. The CRS lists several broad options for addressing cybersecurity weaknesses ranging from adopting standards, certification to implementing best practices and guidelines among other possible measures. However, the most crucial and important observation in the report is that none of the options are likely to be widely adopted/implemented because of the absence of sufficient economic incentives for cybersecurity. The CRS report discusses a variety of Congressional options for potentially improving cybersecurity including: use of product liability actions; development of cybersecurity insurance; and encouraging widespread adoption cybersecurity standards and best practices as well as procurement leveraging by the federal government. There are two key challenges listed in the CRS report that will impact public and private sectors: · determining whether there really are insufficient economic incentives for sufficiently strengthening cybersecurity; · if there are insufficient incentives, determining how to craft the most efficient and effective measures for achieving needed cybersecurity improvements. The Director of Office Management and Budget is responsible for ensuring that department and agency heads carry out their legal responsibilities to secure IT systems, with the exception of classified systems of national security departments and agencies that are the responsibility of the Secretary of Defense and the Director of Central Intelligence. To overcome deficiencies in cybersecurity, the Office of Management and Budget established a government-wide IT security program, as required by law, to set IT security policies and perform oversight of federal agency compliance with security requirements. This program is based on a cost effective, risk-based approach. Agencies must ensure that security is integrated in IT system. This is designed to enable federal government business operations, not to impede those functions. In effort to access and examine current and ongoing threats OMB continuously assess threats and vulnerabilities to F...