2. CRITICAL THINKING #3
US Cyber Security Policy
This week’s Critical Thinking exercise asks
students to comment on the efficacy or
effectiveness of US Cyber Security Policy.
3. CRITICAL THINKING #3
Cyber Security – “The security of a
nation’s computer and telecommunications
infrastructure as well as the data stored
within the computers from outside attack.”
4. CRITICAL THINKING #3
National Cyber Security Policy:
• Presidential Executive Order 13636 – 12 Feb 2013
• Presidential Policy Directive-21- 12 Feb 2013
• Homeland Security Presidential Directive / National
Presidential Directive-23 (HSPD-23/NSPD-23)- Jan
2008 (Classified)
5. CRITICAL THINKING #3
Executive Order 13636: Improving Critical Infrastructure
Cybersecurity. Directs the Executive Branch to:
• Develop a technology-neutral voluntary cybersecurity
framework.
• Promote and incentivize the adoption of cybersecurity
practices.
• Increase the volume, timeliness and quality of cyber threat
information sharing.
• Incorporate strong privacy and civil liberties protections into
every initiative to secure critical infrastructure.
• Explore the use of existing regulation to promote cyber
security.
6. CRITICAL THINKING #3
Presidential Policy Directive-21: Critical Infrastructure Security
and Resilience: Directs the Executive Branch to:
• Develop a situational awareness capability that addresses both
physical and cyber aspects of how infrastructure is functioning in
near-real time.
• Understand the cascading consequences of infrastructure
failures.
• Evaluate and mature the public-private partnership.
• Update the National Infrastructure Protection Plan .
• Develop comprehensive research and development plans.
7. CRITICAL THINKING #3
HSPD-23/NSPD-23 – Launched the Comprehensive National
Cybersecurity Initiative (CNCI) which consists of a number of
mutually reinforcing initiatives to help secure the United States in
cyberspace: It has the following goals:
• To establish a front line of defense against today’s immediate threats
by creating or enhancing shared situational awareness of network
vulnerabilities, threats, and events within the Federal Government and with
state, local, and tribal governments and private sector partners to act quickly
to reduce current vulnerabilities and prevent intrusions.
• To defend against the full spectrum of threats by enhancing U.S.
counterintelligence capabilities and increasing the security of the supply
chain for key information technologies.
• To strengthen the future cyber security environment by expanding
cyber education; coordinating and redirecting research and development
efforts across the Federal Government; and working to define and develop
strategies to deter hostile or malicious activity in cyberspace.
8. CRITICAL THINKING #3
FINAL QUESTION
Which one of the 3 Cyber Security
Policy directives presented do you
feel will be the most effective?