Cybersecurity

"“No single official oversees cybersecurity policy across the federal government, and no single agency has the responsibility or authority to match the scope and scale of the challenge. Indeed, when it comes to cybersecurity, federal agencies have overlapping missions and don't coordinate and communicate nearly as well as they should—with each other or with the private sector.”"

Definition
Cybersecurity (also called cyberspace security and cyber security) refers to the prevention of damage to, unauthorized use of, or exploitation of, and, if needed, the restoration of electronic information and communications systems and the information contained therein to ensure confidentiality, integrity, and availability. Cybersecurity includes protection and restoration, when needed, of information networks and wireline, wireless, satellite, public safety answering points, and 911 communications systems and control systems. Cybersecurity is a major concern of both the government and the private sector.

Cybersecurity is intertwined with the physical security of assets &mdash; from computers, networks, and their infrastructure to the environment surrounding these systems. Cybersecurity is a major concern of both the federal government and the private sector.

Discussion
Cybersecurity must address not only deliberate attacks, such as from disgruntled employees, industrial espionage, and terrorists, but inadvertent compromises of the information infrastructure due to user errors, equipment failures, and natural disasters. Vulnerabilities might allow an attacker to penetrate a network, gain access to control software, and alter load conditions to destabilize a network in unpredictable ways.

Cybersecurity has been called “one of the most urgent national security problems facing the new administration." In a speech during his presidential campaign, President Obama promised to “make cyber security the top priority that it should be in the 21st century . . . and appoint a National Cyber Advisor who will report directly” to the President.

Cybersecurity is a cross-cutting field that affects many government and non-governmental stakeholders. As such, one of the most basic concerns, but most difficult to address, is that the term itself can carry different connotations for the various entities. For example, the U.S. military views cyberspace as a warfighting domain as well as a force enabler, enhancing troops’ ability to operate in real-time and with improved situational awareness. For the Department of Defense, cybersecurity takes on an offensive or defensive national security role. For other government stakeholders, cybersecurity means information security, or securing the information that resides on cyber infrastructure such as telecommunications networks, or the processes these networks enable. And for some, cybersecurity means protecting the information infrastructure from a physical or electronic attack.

Another cybersecurity difficulty for the government is balancing the protection of civil liberties and individual privacy protections with the desire for comprehensive security of networks and information. It is difficult to secure information infrastructures and their content without tradeoffs between security and the freedoms associated with the Internet. Many concerned about civil liberties fear that the executive branch will use its national security powers and national defense mandate as justification for encroaching on privacy without adequate oversight. Others regard security measures, such as network traffic monitoring, as a violation of the Universal Declaration of Human Rights, which states that “no one shall be subjected to arbitrary interference with his privacy, family, home or correspondence.” Complicating the issue is a lack of consensus on the definition of “privacy” in the context of the Internet, and a lack of consensus on what sort of government resolution may be necessary as a network security measure.

Consumer acceptance
Cyber security has largely failed to gain wide adoption in many consumer products for a variety of reasons, including a lack of appreciation for consequences of insecurity, the difficulty of developing secure products, performance and cost penalties, user inconvenience, logistical problems for organizations in implementing and consistently maintaining security practices, and the difficulty of assessing the value of security improvements. But consumer and enterprise concerns have been heightened by increasingly sophisticated hacker attacks and identity thefts, warnings of “cyber terrorism,” and the pervasiveness of IT uses.

Consequently, many in the computer industry have come to recognize that the industry’s continued ability to gain consumer confidence in new, more capable applications will depend on improved software development and systems engineering practices and the adoption of strengthened security models.

ITU definition

 * “Cybersecurity is the collection of tools, policies, security concepts, security safeguards, guidelines, risk management approaches, actions, training, best practices, assurance and technologies that can be used to protect the cyber environment and organization and user’s assets. Organization and user’s assets include connected computing devices, personnel, infrastructure, applications, services, telecommunications systems, and the totality of transmitted and/or stored information in the cyber environment. Cybersecurity strives to ensure the attainment and maintenance of the security properties of the organization and user’s assets against relevant security risks in the cyber environment. The general security objectives comprise the following: Availability; Integrity, which may include authenticity and non-repudiation; Confidentiality.”