创建“信任圈”以进一步实现数字隐私和网络安全目标

J. Kesan, C. Hayes
{"title":"创建“信任圈”以进一步实现数字隐私和网络安全目标","authors":"J. Kesan, C. Hayes","doi":"10.2139/SSRN.2135618","DOIUrl":null,"url":null,"abstract":"Cyberattacks loom over the technological landscape as a dire threat to Internet commerce, information security, and even national security. Meaningfully improving cybersecurity and ensuring the resilience of systems will require cooperation between members of the private sector and the government. To this end, we propose a framework that creates a circle of trust for the sharing of information about threats and solutions. To emphasize the importance of cooperation to enhance cyber defense, this Article presents a case study of two items: the proposed legislative regime of the Cyber Intelligence Sharing and Protection Act, and President Obama’s Executive Order 13,636 with its emphasis on a Cybersecurity Framework that would establish voluntary cybersecurity standards. Through application of our circle of trust framework, we hope to provide a solution that balances the sometimes competing concerns of privacy and cybersecurity.Our secondary focus is whether such a program should emphasize voluntary or mandatory compliance. A proper balance between the two approaches could improve the dynamics between the public and private sectors in a way that increases respective levels of trust. The Executive Order and CISPA both use a voluntary approach. Under each system as currently proposed, firms could choose to follow the program, but compliance is not mandatory and there is no penalty for noncompliance. However, mandatory programs with effective enforcement mechanisms are likely to result in higher levels of compliance than purely voluntary programs in many situations. We urge that government intervention in the free market should be kept at a low level, but because cybersecurity issues can have implications for national security, we believe that some degree of mandatory regulation would be beneficial.We believe that cybersecurity can be enhanced without creating a Big Brother world, and encourage the development of a circle of trust that brings the public and private sectors together to resolve cybersecurity threats more effectively. It is vital that these issues be addressed soon while there is still a chance to prevent a catastrophic cyber event. It would be ill-advised to rely solely on executive power or on legislation that is quickly drafted and enacted after an emergency. A careful, deliberative process aimed at protecting cybersecurity and civil liberties would ultimately be the most beneficial approach, and these steps must be taken now, before the emergence of a cybersecurity crisis that causes us to suspend reason.","PeriodicalId":18488,"journal":{"name":"Michigan State international law review","volume":"74 1","pages":"1475-1560"},"PeriodicalIF":0.0000,"publicationDate":"2014-08-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"9","resultStr":"{\"title\":\"Creating a 'Circle of Trust' to Further Digital Privacy and Cybersecurity Goals\",\"authors\":\"J. Kesan, C. Hayes\",\"doi\":\"10.2139/SSRN.2135618\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Cyberattacks loom over the technological landscape as a dire threat to Internet commerce, information security, and even national security. Meaningfully improving cybersecurity and ensuring the resilience of systems will require cooperation between members of the private sector and the government. To this end, we propose a framework that creates a circle of trust for the sharing of information about threats and solutions. To emphasize the importance of cooperation to enhance cyber defense, this Article presents a case study of two items: the proposed legislative regime of the Cyber Intelligence Sharing and Protection Act, and President Obama’s Executive Order 13,636 with its emphasis on a Cybersecurity Framework that would establish voluntary cybersecurity standards. Through application of our circle of trust framework, we hope to provide a solution that balances the sometimes competing concerns of privacy and cybersecurity.Our secondary focus is whether such a program should emphasize voluntary or mandatory compliance. A proper balance between the two approaches could improve the dynamics between the public and private sectors in a way that increases respective levels of trust. The Executive Order and CISPA both use a voluntary approach. Under each system as currently proposed, firms could choose to follow the program, but compliance is not mandatory and there is no penalty for noncompliance. However, mandatory programs with effective enforcement mechanisms are likely to result in higher levels of compliance than purely voluntary programs in many situations. We urge that government intervention in the free market should be kept at a low level, but because cybersecurity issues can have implications for national security, we believe that some degree of mandatory regulation would be beneficial.We believe that cybersecurity can be enhanced without creating a Big Brother world, and encourage the development of a circle of trust that brings the public and private sectors together to resolve cybersecurity threats more effectively. It is vital that these issues be addressed soon while there is still a chance to prevent a catastrophic cyber event. It would be ill-advised to rely solely on executive power or on legislation that is quickly drafted and enacted after an emergency. A careful, deliberative process aimed at protecting cybersecurity and civil liberties would ultimately be the most beneficial approach, and these steps must be taken now, before the emergence of a cybersecurity crisis that causes us to suspend reason.\",\"PeriodicalId\":18488,\"journal\":{\"name\":\"Michigan State international law review\",\"volume\":\"74 1\",\"pages\":\"1475-1560\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2014-08-18\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"9\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Michigan State international law review\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.2139/SSRN.2135618\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Michigan State international law review","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.2139/SSRN.2135618","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 9

摘要

网络攻击作为对互联网商业、信息安全甚至国家安全的可怕威胁,笼罩着技术领域。有意义地改善网络安全并确保系统的弹性将需要私营部门和政府成员之间的合作。为此,我们提出了一个框架,该框架为共享有关威胁和解决方案的信息创建了一个信任圈。为了强调加强网络防御合作的重要性,本文对两个项目进行了案例研究:《网络情报共享与保护法案》的拟议立法制度,以及奥巴马总统的13636号行政命令,其重点是建立自愿网络安全标准的网络安全框架。通过应用我们的信任圈框架,我们希望提供一种解决方案,平衡隐私和网络安全有时相互竞争的担忧。我们关注的第二个问题是,这样的项目应该强调自愿遵守还是强制遵守。两种方法之间的适当平衡可以改善公共和私营部门之间的动态,从而提高各自的信任水平。行政命令和CISPA都采用自愿方式。在目前提出的每一种制度下,企业都可以选择遵守该计划,但遵守不是强制性的,不遵守也不会受到惩罚。然而,在许多情况下,具有有效执行机制的强制性计划可能比纯粹的自愿计划产生更高的合规水平。我们敦促政府对自由市场的干预应保持在低水平,但由于网络安全问题可能对国家安全产生影响,我们认为某种程度的强制性监管将是有益的。我们相信,网络安全可以在不创造一个老大哥世界的情况下得到加强,并鼓励建立一个信任圈,将公共和私营部门聚集在一起,更有效地解决网络安全威胁。在仍有机会防止灾难性网络事件发生时,尽快解决这些问题至关重要。仅仅依靠行政权力或在紧急情况发生后迅速起草和颁布的立法是不明智的。一个旨在保护网络安全和公民自由的谨慎、审慎的过程最终将是最有益的方法,这些步骤必须现在就采取,在网络安全危机出现之前,导致我们暂停理性。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
Creating a 'Circle of Trust' to Further Digital Privacy and Cybersecurity Goals
Cyberattacks loom over the technological landscape as a dire threat to Internet commerce, information security, and even national security. Meaningfully improving cybersecurity and ensuring the resilience of systems will require cooperation between members of the private sector and the government. To this end, we propose a framework that creates a circle of trust for the sharing of information about threats and solutions. To emphasize the importance of cooperation to enhance cyber defense, this Article presents a case study of two items: the proposed legislative regime of the Cyber Intelligence Sharing and Protection Act, and President Obama’s Executive Order 13,636 with its emphasis on a Cybersecurity Framework that would establish voluntary cybersecurity standards. Through application of our circle of trust framework, we hope to provide a solution that balances the sometimes competing concerns of privacy and cybersecurity.Our secondary focus is whether such a program should emphasize voluntary or mandatory compliance. A proper balance between the two approaches could improve the dynamics between the public and private sectors in a way that increases respective levels of trust. The Executive Order and CISPA both use a voluntary approach. Under each system as currently proposed, firms could choose to follow the program, but compliance is not mandatory and there is no penalty for noncompliance. However, mandatory programs with effective enforcement mechanisms are likely to result in higher levels of compliance than purely voluntary programs in many situations. We urge that government intervention in the free market should be kept at a low level, but because cybersecurity issues can have implications for national security, we believe that some degree of mandatory regulation would be beneficial.We believe that cybersecurity can be enhanced without creating a Big Brother world, and encourage the development of a circle of trust that brings the public and private sectors together to resolve cybersecurity threats more effectively. It is vital that these issues be addressed soon while there is still a chance to prevent a catastrophic cyber event. It would be ill-advised to rely solely on executive power or on legislation that is quickly drafted and enacted after an emergency. A careful, deliberative process aimed at protecting cybersecurity and civil liberties would ultimately be the most beneficial approach, and these steps must be taken now, before the emergence of a cybersecurity crisis that causes us to suspend reason.
求助全文
通过发布文献求助,成功后即可免费获取论文全文。 去求助
来源期刊
自引率
0.00%
发文量
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信