Research Proposal
Name
Institutional affiliation
Course
Instructor
Date
Research Proposal
Abstract
The increase in the use of the internet has created a challenge for the government and the private sectors. In this regard, there are increased cyber-attacks, often causing disastrous repercussions for the public and private sector. The primary way cyberattacks occur is through malware, where malicious individuals carry cyberspace attacks. They exploit the weaknesses that exist, or they can utilize unique characteristics of the newly developed technologies. In this regard, it creates the need to use more innovative ways to ensure defense mechanisms. It is a need for the cybersecurity community. For these goals to be achieved, there is a need to look at the current vulnerabilities in cyberspace. It is only possible when there is a sharing of information between the private and public sectors to identify the strategies to mitigate the issues. The study will employ the use of qualitative and quantitative research methods. In this regard, it will be using nonstatistical methods in understanding how privacy issues are overburdening the process of reporting and information sharing. The research proposal will also be using primary and secondary research methods for data collection.
Introduction
Goodwin et al. (2015) provide that security threats make news every day. The attacks on critical infrastructure and identity theft are some of the attacks that the DHS is prepared to handle. Individuals, governments, and companies have become interested in technological development. The desire for increased connectivity has caused increased vulnerability that has been affecting the public and private sectors. The policymaking bodies have been continuing to provide legislation encouraging the private and public sectors to share information. It is to ensure better security against cybercriminals, terrorists, and espionage (Rodin, 2015). In this regard, the government or the private sector alone are not well-prepared to deal with the various threats they are experiencing. It is the reason why President Obama directed the DHS to take a significant measure to introduce the robust and resilient cybersecurity alliance through Executive Order 13636. The establishment ensured information sharing between the private and public sectors to share information, which was critical in providing critical infrastructure protection.
Vakilinia, Tosh & Sengupta (2017) provides that various aspects of the economy and critical infrastructure rely on computer networks to ensure the protection and IT solutions. The malicious individuals have been using cyber-attacks, as dependence on information technology has been on the increase. The government and the private sector have been losing a lot of money through cyber-attacks. For instance, the government loses more than 114 billion dollars per year (Nolan, 2015). The private sector, also being a victim, has lost a staggering three hundred and eighty-five billion dollars. Individuals that are also experiencing cyber-attacks have been on the increase. It is reported that fourteen adults have been facing cyberattacks per second, with more than one million experiencing the issue per day. The malicious individuals have resorted to cyberattacks because it is convenient, less expensive, and has reduced risks than the physical ones (Gordon et al., 2015). In this regard, they only require fewer expenses to carry out the attacks. They are not affected by distance and geography, as they do not have to move from where the attack will occur. The DHS cannot quickly identify them, leading to their prosecution. It is challenging because of the anonymous nature of the internet. Because of these cyberattacks and the challenges that come with them, it is expected that the government and private sectors should involve various strategies in warding off cyberattacks (Heindrich, 2015).
Even though there has been an increasing urgency to ensure government and private sectors’ policies to share information, the two sectors have been reluctant to share information caused by cyberattacks (Haugnes, 2015). In this regard, the purpose of this research proposal will rely on a question, “To what extent do the burden of reporting cybersecurity issues and the need to secure privacy affect information sharing between the DHS and private corporations?”
Statement of the Problem
The efforts to improve the level by which the DHS and the private sector share information have been considered essential in fighting the attacks. The Executive Order 13636 and the NIST (National Institute of Standards and Technology Framework provide that the information sharing between the two sectors is just essential in the same way the government is making efforts to ensure citizens’ protection. A framework has been necessary for a resilient and courageous discussion of the practices used to protect the critical infrastructure. It is provided through the essential infrastructure cyber community volunteer program, which is critical for private businesses to use the framework for preventing cyberattacks. The use of these programs is at an infant stage, as there have been debates if these programs to be used will be effective. For example, there have been debates about the Executive Order, which only provides information from the private companies to be shared with the government and not the other way around. In this regard, the lobbyists, sector-specific agencies, and cybersecurity experts have been suggesting that there is a need for the policymakers to provide laws that will offer guidance on sharing information in the two sectors, as this will ensure facilitation and collaboration between the two sectors. Also, it will be essential for liability protection for disclosing information and dealing with cybersecurity issues. For instance, the Treasury Department has provided the private-public sector’s need to collaborate, as it occurs in the financial sector. It has been essential in improving the United States financial sector. In this regard, the previous researchers’ studies indicate that information sharing has been vital in promoting collaboration between the DHS and the private sector (Vakilinia, Tosh & Sengupta, 2017). For the sector’s challenges, the government declassification and information disclosure are the answer.
Literature Review
Summary of literature
Cybersecurity involves only two companies of organizations that will be attacked by cybercriminals and those that have been. They are closer to converge into one point, as there is an increased number of organizations facing attacks and will be attacked again. Government and private business organizations have become dependent on information technology. The desire to ensure increased connectivity has caused them to become vulnerable, as the public-private depends on the critical infrastructure for operations. Even though the government and private companies have taken significant measures to ensure the protection of critical infrastructure and intellectual property,- In the present times, no state or company can be stated to be impervious to cyberattacks. The list of private and public agencies experiencing cyberattacks has been increasing since the start of this century. In the past two decennia, there has been an increased cyberattack in the United States, where the Department of Homeland Security provides that there were more than fifty thousand cyber incidences experienced from 2011-2012. It has increased cyberattacks on various networks (Luijf & Klaver, 2015).
The increased attacks created the need for policymakers to provide regulations that could have prevented the attacks. The 1977 Federal Computer Systems Protection Act provided ways of dealing with cyberattacks even though it was never passed. In the next decennia, the government tried enacting policies that could have ensured the protection of the critical infrastructure and the private companies (Bhatia et al., 2016). In 1987, President signed the Computer Security Act to help protect the public sector databases against cyber attackers. After the Morris worm between 1989 and 1990s, it was clear that the policy signed by the President was not significant. In the 1990s, there was a Y2K attack, prompting the Clinton government to establish PCCIP in 1996, which was critical in protecting the databases from malicious individuals (Skopik, Settanni & Fiedler, 2016). In this regard, billions were used to ensure the protection of the databases against cyberattacks. The government experienced criticism for creating the Y2K hype, making the public and private sectors concerned. Since the turn of the century, there has been an increased number of cybersecurity incidents. The policymakers have also tried providing policies to ensure the protection of the private and public sectors against cyberattacks because of the increased attention from the two sectors. The increased attacks have made the federal government take oversight into the sectors and created more stringent policies to ensure the hardening of cyber structures. It also showed that all countries around the world needed to take measures to reinforce cybersecurity. The inability to deal with the cybersecurity attacks has been overburdening the DHS. For instance, Congress has enacted laws, superseded, and abolished others. The primary way that it is being considered to ensure the protection of the public and private sector is through information sharing information in the public-private sector even though the government has always wanted the private sector to be the ones sharing their data (Reybok et al., 2015).
Conceptual Framework
The study’s proposed conceptual framework will involve using the Plan do Check-Act Cycle, which is also known as the PDCA (Venter et al., 2019). It is a four steps strategy that is essential in analyzing the research questions and providing relevant findings. The planning process will involve establishing objectives and procedures necessary for providing the study outcomes. The second step of doing will include implementing the required plan, which will consist of the analysis of literature and obtained findings. The third step will involve extracting the relevant findings from the literature, as various articles can be used in research questions analysis. However, only reliable and valid ones are to be used for the research proposal, creating the researcher’s need to use the analytical and critical skills for selecting only suitable ones. The last step for the conceptual framework will involve taking the required actions, including providing findings. These will be similar to when writing reports. The conceptual framework used for the research proposal is strategic and tactical layers, which reflect on the stakeholders’ vision in ensuring the protection of cyberspace and how information sharing between the public-private sector could be essential. The use of the Plan Do-check-Act framework will enable the researcher to define the level of awareness between the private and public sectors, as proposed by iWise Mzansi. It is a campaign essential for providing the public and private sector with prerequisite information on the need for information sharing and address challenges experienced in the sector to ensure an envisaged culture (Lejaka, Da Veiga & Loock, 2019).
Research Design and Methodology
Operationalization of Variables
The two variables include the burden of reporting and the impact of sharing privacy. The first variable refers to challenges being experienced by the private and public sectors in sharing data. The second one involves the positive and negative issues that will arise after data sharing between the two sectors.
Sampling Plan
The study will employ the studies that have been conducted previously to look at how it is essential to secure information share between the DHS and the private companies and look at the burden of reporting cybersecurity issues. Studies that touch on the key variables will be used for searching into the databases and the findings of the reviews provided. There will be an analysis of various literature that touches on information sharing between the public and private sectors. The relevant articles will be used for data extraction to answer the primary research question. As a result, the study will be using secondary primary sources for analysis and providing relevant findings.
Justification of Case Studies
Case studies are critical in analyzing how information sharing could be critically important to the private and public sectors. The use of case studies is essential in generating hypotheses and validating the methods used for the study. Even though there will be extensive use of the case studies for the research proposal, there are no accepted systematic studies accepted for the case study method used in designing studies. There is a need to use suitable methods for carrying out this study, which will involve selecting studies that are only relevant to the research study. The research will confront questions and use valid cases, providing relevant results.
Data Collection
The study will be involving the use of secondary and primary sources to collect data. The government departments, published books, records from organizations, and the relevant articles will be used for data collection. In this regard, various sources touching on information sharing will be used. The study’s findings will be revolving around the need to secure privacy, the burden of reporting cybersecurity issues, and the issues affecting the information sharing process between the public and private sectors. The relevant literature from the published books, government agencies, articles, and records will be essential in collecting findings.
Analysis of Procedures
The used articles will be analyzed for validity and reliability. In this regard, the author’s qualification, reviews of reports, dates by which the articles were written, and valid methods used in analyzing the articles will enable the researcher to use only valid and reliable sources.
Limitation
There are different challenges in using strategies to counter the challenge. The collaboration between the private and public sectors has never been an easy task, and it does not occur automatically. In this regard, stakeholders have always been concerned about maintaining trust between the two sectors (Deljoo et al., 2018). Also, for ensuring protection to be achieved, there is a need for proper funding, limiting factor. Besides, cybersecurity is a large sector and cannot be covered fully.
Conclusion
In summary, the need for securing cyberspace against malicious individuals started from humble beginnings. After more than four decennia, there has been immense progress, as the government has taken measures to protect against cyberattacks. Even though there are opportunities to prevent the attacks, there are risks that compromise the government and the private sector’s ability to ensure adequate protection through information sharing. The public is not aware of the risks facing the government and the private sectors. There is a need for them to promote a culture of information sharing to enhance their ability to deal with cyber threats even though the governments have been looking for private sectors to share their data. Hence, it creates the need for information sharing to be carried in two ways, promoting trust between the public and private sectors.
References
Bhatia, J., Breaux, T. D., Friedberg, L., Hibshi, H., & Smullen, D. (2016, October). Privacy risk in cybersecurity data sharing. In Proceedings of the 2016 ACM on Workshop on Information Sharing and Collaborative Security (pp. 57-64).
Deljoo, A., van Engers, T., Koning, R., Gommans, L., & de Laat, C. (2018, August). Towards trustworthy information sharing by creating cybersecurity alliances. In 2018 17th IEEE International Conference On Trust, Security And Privacy In Computing And Communications/12th IEEE International Conference On Big Data Science And Engineering (TrustCom/BigDataSE) (pp. 1506-1510). IEEE.
Goodwin, C., Nicholas, J. P., Bryant, J., Ciglic, K., Kleiner, A., Kutterer, C., … & Storch, T. (2015). A framework for cybersecurity information sharing and risk reduction. Microsoft.
Goodwin, C., Nicholas, J. P., Bryant, J., Ciglic, K., Kleiner, A., Kutterer, C., … & Storch, T. (2015). A framework for cybersecurity information sharing and risk reduction. Microsoft.
Haugsnes, A. S. (2015). U.S. Patent No. 9,137,258. Washington, DC: U.S. Patent and Trademark Office.
Heidenreich, J. (2015). The privacy issues presented by the cybersecurity information sharing act. NDL, Rev., 91, 395.
Lejaka, T. K., Da Veiga, A., & Loock, M. (2019, March). Cybersecurity awareness for small, medium, and micro enterprises (SMMEs) in South Africa. In 2019 Conference on Information Communications Technology and Society (ICTAS) (pp. 1-6). IEEE.
Luiijf, E., & Klaver, M. (2015, March). On the sharing of cybersecurity information. In International Conference on Critical Infrastructure Protection (pp. 29-46). Springer, Cham.
Reybok, R., Haugsnes, A. S., Zettel, I. K. J., Rhines, J., Geddes, H., Osypov, V., … & Manning, M. (2017). U.S. Patent No. 9,710,644. Washington, DC: U.S. Patent and Trademark Office.
Rodin, D. N. (2015). The cybersecurity partnership: A proposal for cyberthreat information sharing between contractors and the federal government. Public Contract Law Journal, 44(3), 505-528.
Skopik, F., Settanni, G., & Fiedler, R. (2016). A problem shared is a problem halved: A survey on the dimensions of collective cyber defense through security information sharing. Computers & Security, 60, 154-176.
Vakilinia, I., Tosh, D. K., & Sengupta, S. (2017, July). Attribute-based sharing in cybersecurity information exchange framework. In 2017 International Symposium on Performance Evaluation of Computer and Telecommunication Systems (SPECT) (pp. 1-6). IEEE.
Vakilinia, I., Tosh, D. K., & Sengupta, S. (2017, July). Privacy-preserving cybersecurity information exchange mechanism. In 2017 International Symposium on Performance Evaluation of Computer and Telecommunication Systems (SPECT) (pp. 1-7). IEEE.
Venter, I. M., Blignaut, R. J., Renaud, K., & Venter, M. A. (2019). Cybersecurity education is as essential as “the three R’s.” Heliyon, 5(12), e02855.