Question

Identify distinct, sometimes opposing, policy alternatives which the United States could pursue with regard to cyber weapons? What are the goals and advantages of each policy? What are the costs and risks of the different policies? In your view, what policies should the United States pursue with regard to cyber conflicts?

Answer 1

Cyber security has always been a rapidly growing area and increasingly important consideration for nearly every organization and government agency in the United States.  Legal regulations and restrictions should be followed at the start of any cyber security strategy discussion, just as a organization would consider brand failure and monitory issues. Failure to follow with the law could lead to drastic financial loss, negative brand image, and, in some cases, criminal charges.

Unfortunately, the United States does not have a law related to cyber security that can easily apply to all circumstances.

We may classify cyber security law as follows:

• Anti-hacking laws
• Government surveillance laws
• Private sector data security laws
• Public–private cyber security efforts
• Privacy law

Anti-Hacking Laws
Anti-hacking cyber law or the federal Computer Fraud and Abuse Act (CFAA) focuses to help promote cyber security. However, one may argue that these laws are old and not only fail to help safeguard private and government computers but also punishes individuals for carrying out entirely legitimate activities, such as cyber security research. Economic Espionage Act, a criminal law that organization is glowingly see as a means to sue individuals that steal trade secrets. Digital Millennium Copyright Act, which does not allow the ability of individuals to divert access controls that protect copyrighted articles, documents, and therefore imposes large limits on cyber security vulnerability research.

Government Surveillance Laws
US government surveillance laws often limits the government's ability to increase the security of cyberspace. Security also covers government efforts to control against cyber crime, such as child pornography, terrorist recruitment, and other harmful online activities and actions. Fourth Amendment's limit on unreasonable researches and seizures applies to electronic surveillance by the government. Electronic Communications Privacy Act, a substantial framework that restricts the ability of the US government to extract saved communications, documents, use wiretaps to retrieve data during transit, and obtain metadata of other sources.

Private Sector Data Security Laws
The most complicated and fast growing areas of cyber security, are the need for handling of customers' and employees' personal data. A number of state laws need organization to implement focused data security to safeguard information, and if a company faces a data violation or theft, it may be required to notify customers, regulators, and credit bureaus immediately. A concept that is known as Article III standing in the US, which is one of the most significant blocker to victim's lawsuits arising from data violation. In short, it requires that the victims demonstrate that they faced an injury-in-fact that is fairly track-able to the defendant's action and redress-able by a lawsuit.

The payment through debit or credit card has Data Security Standard imposes data security safeguards for organization that handle credit and debit card information of customers. Health Practitioners, health insurers, and other healthcare providers and their employees face stringent data security need under the Health Insurance Portability and Accountability Act of the US.

Public–Private Security Efforts
Cyber security law often is related with similar measures, such as FTC research and data breach class action lawsuits. While those requirements surely are an important component of cyber security law, the US government also has taken a number of advanced steps to work with companies to enhance cyber security throughout the public and private sector companies. National Institute of Standards and Technology's 2014 cyber security measures, which many companies voluntarily accept as the basis of their own cyber security strategy. We can also examine the U.S. military's collaboration with private sector cyber security, and the limits applied by the Posse Comitatus Act.

Privacy Law
Privacy law limits the ability of organization to use, share, retrieve, and store personal information of customers. While data security laws generally focuses on the steps that organization takes to prevent breaches to information, privacy laws limits the allowance of companies to voluntarily use or expose customers' personal information to outside world. Privacy law should be taken through data security and other cyber security laws because they form a organization overall strategy to handling personal information. As with data security, the FTC uses Section five of the Federal Trade Commission Act to bring cases against the companies that breaches their consumers' privacy rights or decline to safeguard and following their privacy policies. CAN-SPAM Act, restricts the performance of companies to send email or other electronic communication for marketing materials. Children's Online Privacy Protection Act, restricts the retrieval of data from children under 13 years old.

If the organization have employees, customers, or business partners in another country, they may also have to follow cyber laws abiding by those countries' cyber security laws. It is important that US follows the acts diligently.