IT-Web Research Paper on Cyber Security Legislative needs

Cyber Security Legislative needs

Executive Summary

This paper provides a summary of Cilluffo’s position on legislative needs, and why his position should be or not be supported. Cilluffo has experience working with the Department of Homeland Security and currently works with the U.S. Homeland Security Policy Institute. Cilluffo’s position is that there is need for legislation to be passed on the country’s cyber security. Despite being a “super power”, the U.S still lags behind in terms of preventing, detecting and dealing with cyber attacks. This poses a danger to all sectors of the country especially when other countries such as Russia, Iran, China and North Korea have in the past launched cyber attacks on various companies and agencies in the United States.

Cillufo also emphasizes the need for government agencies and private companies to form ventures that will work towards facilitation of high levels of cyber security for the country and its institutions. If proper legislation is put in place, a greater amount of funds will also be invested in cyber security initiatives, which the U.S. needs so as to maintain a competitive edge over other countries in the world.

Cyber Security Legislative Needs

Frank Cilluffo has worked with the Department of Homeland security under President George W. Bush, and currently directs operations and strategy at the George Washington University Homeland Security Policy Institute. Cilluffo feels that there is a gap between existing government agencies and private enterprises in the country that deal with cyber security. A majority of private entities can be able to easily identify security threats or breaches that have taken place within networks, and immediately inform concerned government agencies.

            I agree with Cilluffo that more support should be given to the House of Representatives to pass further legislation that would require U.S. government to share information with the private sector. One of the reasons is that some of the best and most talented individuals in relation to the cyber security work in the private sector (McCallister, Grance, Scarfone, 2010). Such an arrangement that requires sharing of information might lead to creation of collaborations such as working on a program or software that would lead to easy detection and setting of a system of alarms and control measures. A system attack or an attempt (no matter how trivial) would trigger a series of control measures to bar the enemy from accessing the network and/ or information (Cilluffo, 2012).

The passing of legislation to allow sharing of information between the government and private sector is a major positive step in upgrading cyber security. However, further and immediate action is needed if the United States is to achieve a high level of cyber security and hinder attacks on its information and network systems. China, Russia and Iran have launched several cyber attacks on the United States to both military and private sector companies. These enemy countries have already formed strong partnerships with the private sectors in their respective countries so as to gain a high level and complex network of cyber security.

One of the major challenges that would be faced with the sharing information legislation is putting up and maintaining boundaries between the government and the private sector information systems. For security purposes, the government agencies would not be ready to share all the information that they might have. On the other hand, private security agencies might be of the opinion that the information at hand was not entirely security related and if shared would not pose a threat in terms of breaching security (Thoehary, 2010).

It is for this reason that Cilluffo proposes that an intermediary should sit down with the two sectors’ representatives and assist in establishing and enforcing of laid down guidelines. Many private sector companies have the potential and capability of strengthening the United States cyber security. The government should motivate such private sector players by giving them incentives, tax reliefs and other better and efficient business performance related enhancements. The government should also play a big part in training and recommending up to date courses on the necessary staff members in the Information technology department on cyber security. Although members of the private sector might be willing to protect themselves against cyber attacks, they might not have the capacity to do so (McCallister, Grance, Scarfone, 2010).

 The U.S. government should therefore emulate foreign governments such as China, Iran, North Korea and Russia in putting up cyber security systems to protect its nationals. The current cyber security legislature should be modified so that it accommodates aggressive action by the government. Over 75 % of the government’s effort should address blocking of enemy efforts before they are initiated (Cilluffo, 2012). According to Cilluffo, the current government is only spending 10% on offense, but should spend a higher percentage. Countries like China make use of the U. S. vulnerable cyber security to steal development plans, which they use in private companies. If the United States is to remain a top player in various sectors of the economy, then cyber security is a major area that will require investment of major resources.

If the government was to perfect the details of the legislature on cyber law, then specific policies could be formulated and funds directed towards their implementation. The government could collaborate with institutions of higher learning as the earlier planned partnership between Carnegie-Mellon University and government security agencies Federal Bureau Investigation and the Central Intelligence Agency (Cilluffo, 2012).

Countries such as China and Russia already pose a security threat through their cyber related activities of trying to steal information from the United States government and the country’s private organizations. It is also feared that China and Iran have the ability to cause a gridlock should these countries ever engage in war and want to avoid the U.S from interfering and assisting these countries’ allies (Theohary, 2010). These attempts are geared towards trying to remain competitive when benchmarked against other countries in terms of social, political and economic development. The U.S. government has a mandate to start thinking like the enemy and come up with control measures against cyber attacks. Cilluffo’s recommendations on cyberspace legislation should be implemented if the U.S government is to prevent cyber attacks and uphold national security (McCallister, Grance, Scarfone, 2010).


The paper has discussed Cilluffo’s position on cyber security legislation and why it should be supported. Globalization and development of the Information technology sector has resulted in emergence of many computer and internet related threats. In the past, countries such as China and Russia have come up with cyber threats that have interfered with operations or information of the U.S. government and private institutions. In the future, the consequences of such cyber attacks might be detrimental to the country and to other nations especially U. S. allies. The private sector can be an important player in ensuring better cyber security for the United States especially in comparison to other nations in the world that would want to harm its agencies; both public and private. The government should pass legislation that promotes mediated collaboration between government security agencies and private companies to share information and come up with up to date cyber security strategies.


Cilluffo, F. (2012). American Foreign Policy Council. Washington. 4: 1-29.

Retrieved September 4, 2014 from

McCallister, E.,  Grance, T., Scarfone, K., (2010). Guide to Protecting the Confidentiality of

Personally Identifiable Information (PII) Recommendations of the National Institute of Standards and Technology, Special Publication 800-122.  Retrieved September 4, 2014 from

Theohary, C. (2010). Cyber security: Current legislation, executive branch initiatives and

Options for Congress. Washington: Congressional Research Services.