Role of Government
in Cybersecurity in the urban infrastructure
In 2019,
cities and towns around the world experienced more than 1000 cyberattacks a day.
These took various forms including malware, multiple lines of denial of services, and ransomware. To date, the vast majority of municipalities have not yet
figured out a way to protect themselves. If things continue this way, cities
and towns may end up like the case studies in the 2025 article.
Federal
Government’s action against Cyber-Attacks
Government
passed the law in 1986 called “The Computer Fraud and Abuse Act” and according
to the act the number one thing that it criminalizes is that it is crime to
access a computer without authorization, also it is crime to exceed the use of
computer even if the user has authorized access. For e.g. you work for a
company and you are not allowed to access particular info. of the company and
if you access it then you are liable for the crime under the same act. The penalty ranges from one to 20 years. The FBI and the DHS enforce these laws.
In 2018, 3
lakhs of cases were reported out of which only 1% were found and punished. CISA
plays a key role in cybersecurity in the US. In the US there are 16 societies classified
as critical infrastructure for center-specific agencies. CISA created ISAC a Centre
for all the 16 societies to provide all information about cybersecurity,
threats, and other precautions.
Defensive Cybersecurity Practices
The federal government takes steps to encourage good cybersecurity
practices. The best Federal Agency to look after this good practice of
cybersecurity is NIST (National Institute for Standards and Technology). NIST
is an agency that's actually been around for more than 100 years. The main
objective of NIST is to establish technical standards, things like weights, and measures, and
distances, and standards for everything from knitting needles to a thread to
different kinds of chemical compounds.
NIST is made up of Scientists and Engineers who don’t
support any party, person, political party, and not interested in public policy
issues. They are just interested in
establishing good engineering and scientific baselines on which the society can
depend upon. NIST was to frame the cybersecurity framework from 2014, and this the framework would help any institutions to prepare and be ready whenever there might
be any cyber-attack. Basically, they don’t promote any software or hardware for
security. They teach the institutions would they improve standards in the
cybersecurity
NIST Cybersecurity Framework
This framework consists of five components and they
are
Identity: It consists of what needs to be protected, what
assets are to be protected from cyber-attack, what software or machines are
possible targets of attack, policies for managing risks, training employee to
make sure they delete their account after leaving the organization, making sure
that right operational policies exist, Risk Assessment, Risk Management, For example, if you're an organization that is dependent on delivering service 24
hours a day, seven days a week, then you're going to want to make sure that
your systems are available all the time, that you have backups in place in the
event of some kind of an attack.
Protect: make sure who the users are, access control and identity management,
make sure the passwords are up to date, makes sure that only authorized people
have access, Adequate training, data security practices, hardware backups, data
destruction policy, system updating, version updating, keeping track of who is
logging as users, using files, an audit of everything
Detect: Detect any malicious activity, attack and identify and shutdown the
vulnerability, so that whatever data is lost can be protected easily, and if
there is any threat setting backup mechanism on place, and then respond
Respond: fixing the vulnerability and making sure that the attack doesn’t continue
Recover: Most important part of the framework, figure out
why the attack happened, find out how these attacks happened, and why? To avoid
future attacks,
This framework is not 100% cure-all against all the
cyber-attacks, but it helps in resisting some of the attacks and responding in
other possible attacks.
0 Comments