Cyberspace Security 1

Cyber Security

Cyberspace Security and Governance

Damian Shull
University of Central Florida

Cyberspace Security and Governance

Cyberspace Security 2
My overall research. The overall theme encompassing my research on cybersecurity was there is
an agreement for more effective cyberspace governance and solutions. Our politicians have as
much knowledge on cyber security and governance as does our general population. Not only is
there a lack of effective governance, there has been a lack of skill in the information technology
(IT) field of cyber security. A review by Harvard stated Many directors have openly shared
that they feel unprepared to address cyber threats because they lack necessary technical skills and
do not understand cyber risk. (Cyber Security, Cyber Governance, and Cyber Insurance) This
will be a major problem in our next generation if we don't change and ramp up education on
cyber security.
Cyber attacks. Over the past years there have been many cyber attacks against the U.S.
private sector. Hackers have breached companies such as Sony and Target, and stolen a majority of
their customer database (Cyber Attacks on U.S. Companies in 2014). We know today companies
are vulnerable to continuous breaching. A good hacker doesnt leave a footprint when carrying out
cyber attacks. A company usually finds out only when the hacker/group decides to publicly boast
of their hacking, or when the FBI informs the company of a cyber attack. What Hacktivist groups
usually want is to steal confidential information such as credit card information, for the purpose of
carding. Carding is basically credit card fraud. Hackers also desire geopolitical gains or the ability
to brag about their successes. There is a community among hackers that encourages other hackers
to initiate new and more sophisticated cyber attacks.
General solutions. A good way to defend against these threats is to provide more education on IT
cyber security early in high school, technical trade schools, and at the college level. This will
include training for our politicians and their staffs on cyberspace governance. Penalties for
companies with weak or non-existent firewalls suffering data breach will encourage compliance.

Cyberspace Security 3
Proposals. The Cyber Intelligence Sharing and Protection Act (CISPA) bill is a proposed law in
the United States which would allow for the sharing of Internet traffic information between the
U.S. government and technology and manufacturing companies. I believe if implemented, CISPA
would be a viable solution due to the fact the federal governments designated cyber security
organization (CSO) could monitor internet traffic and be able to pinpoint areas of malicious
activity. CISPA hasn't passed due to controversies of its efficacy. Some claim CISPA is written so
broadly that it allows companies to hand over large swaths of personal information to the
government with no judicial oversighteffectively creating a cybersecurity loophole in all
existing privacy laws (CISPA Is Back: FAQ). What the general public doesn't understand is that
cyberspace governance needs policies and laws like CISPA. CISPA would help the CSO track
down cyber crimes on the internet similar to how police patrol the streets. Most people don't want
to be spied on, even though the CSO will monitor and target cyber threats. In addition to
addressing problems, companies don't really get a slap on the wrist for when their data gets hacked
nor when they fail to report they have been hacked. Although the companies are the victims, they
are also supposed to be protecting our data. I believe there should be more heftier fines for when
incidents like these happen to companies in order for them to step up their security. It is not fair
that I could potentially get my information stolen all because I made a purchase, for example at a
Target because of their failure to protect our data. Another problem is the lack of knowledge
among our politicians. I think if we start electing politicians for their knowledge in cyber
governance better proposed laws would be the result with the general public in mind than the
infamous CISPA law.
What I think is missing from the research I did is the advent of new software to protect
us and companies from cyber attacks. One solution I think the articles left out is the viability of

Cyberspace Security 4
biomerics. As of today if you have a device with a fingerprint scanner, that is basically what
biometrics is using our unique body parts as passwords and keys. Implementing biometrics
instead of hard to remember passwords would in fact make a hacker's job a lot more harder. In
addition to the articles I read on cyberspace governance, the articles never touched up on the fact
that websites of companies and institutions should be heavily updating their firewalls, HTTPS
browsers and antivirus software to help prepare companies from denial of service attacks,
malware, ransomware, trojans and etc The lack of updating is what I think led to a lot of these
cyber attacks on companies.
What needs to be studied more are effective types of cyber attack defenses and how
cyber attacks are carried out. Knowing what needs to be protected such as data is important in
the cybersecurity world. Acknowledging this will help prevent cyber attacks or help establish
laws that require companies to pay more attention to their computer and network infrastructures
more carefully. We humans take the internet and its networks for granted only realizing it in our
frustration when the internet is not working anymore for whatever reason.
One possible gap that's apparent is that cyber security is not well known among the
general population. I believe that if the general public was to be more informed that internet
needs to governed and protected we would in fact have less cyber threats. I think that we have
made a gap in society in the IT field and the cyberspace world as well. As of today, there is little
education in highschool that touches up on cyber security. I feel that there is not enough
inspiration that engages students to go into IT. I think that if we were to implement cyber
security education into programming courses in high school and more in college we could in fact
fill that gap.

Cyberspace Security 5

References
Jaycox, Mark. "CISPA Is Back: FAQ." Electronic Frontier Foundation. EFF.org, 25 Feb. 2013. Web.
14 Nov. 2015.
Walters, Riley. "Cyber Attacks on U.S. Companies in 2014." The Heritage Foundation. Heritage
Foundation, 10 Oct. 2014. Web. 14 Nov. 2015.
Jolly, Ieuan. "Data Protection in United States: Overview." Practical Law. Thomas Reuters Legal
Solutions, 1 July 2015. Web. 15 Nov. 2015.

Cyberspace Security 6
Paul Ferrillo, Weil, Gotshal & Manges LLP. "Cyber Security, Cyber Governance, and Cyber
Insurance." The Harvard Law School Forum on Corporate Governance and Financial
Regulation Cyber Security Cyber Governance and Cyber Insurance Comments. Harvard, 14
Nov. 2014. Web. 15 Nov. 2015.