Evolution of U.S. Policy Approaches to Ensuring Cybersecurity and Defense of Critical Information Infrastructure

Rapid development of the Internet technologies has brought both unprecedented opportunities for economic development and a number of dangers for international community. In the early 2000s, challenges and threats emanating from the cyberspace were prioritized by leading world powers. The United States were among the first to elaborate legal framework for cyberpolicy aiming at providing national security after terrorist attacks of 2001. As time passed, dozens of legislation acts were adopted, and a number of agencies and committees responsible for ensuring information security emerged. The article examines the evolution of the U.S. conceptual approaches to information security (cybersecurity of the U.S. official documents) during the presidency of George Bush Jr. (during his tenure in office, the first National Strategy to Secure Cyberspace was accepted), Barack Obama and Donald Trump. The author traces priority changes that took place in this area as well as analyzes U.S. relationships with other major actors in the cybersphere, especially Russia and China. A particular attention is paid to the U.S. policy directed at ensuring security of critical information infrastructures (CII). The author emphasizes that, although a set of regulating document has been adopted, the security level of CII objects remains relatively low. In general, the analysis of national policy documents allowed the author to outline several tendencies, characterizing development of the U.S. policy in cybersphere in recent years. In particular, there is an increasing tendency towards unilateralism relating to the sanctions measures against particular countries and their companies. In this context, the cybersecurity issues are often considered not as an end in itself but as means of achieving wider goals of external and internal policy. The author concludes that the U.S. cybersecurity policy is reactive in nature, which directly affects its effectiveness.

the United States of America, the U.S., information security, cybersecurity, cyberthreats, cyberstrategy, critical information infrastructure (CII), sanctions

1. Gavrilova M.S., Demidov O.V., Kozik A.L., Strel’tsov A.A. 2015. Primenenie mezhdunarodnogo prava v kiberprostranstve [The application of international law in cyberspace]. Indeks bezopasnosti, vol. 21, no. 4, pp. 99–116. (In Russ.)

2. Zinov’eva E.S. 2016. Perspektivnye tendentsii formirovaniya mezhdunarodnogo rezhima po obespecheniyu informatsionnoi bezopasnosti [Emerging trends in development of international information security regime]. MGIMO Review of International Relations, no. 4 (49), pp. 235–247. (In Russ.)

3. Karasev P.A. 2013. Strategiya informatsionnoi (kiber)bezopasnosti SShA v XXI veke [The strategy of U.S. information (cyber)security in the 21st century]. Moscow University Bulletin. Series 12. Political Science, no. 2, pp. 89–102. (In Russ.)

4. Materialy Sed’moi nauchnoi konferentsii Mezhdunarodnogo issledovatel’skogo konsortsiuma informatsionnoi bezopasnosti [Proceedings of the Seventh Scientific Conference of the International Information Security Research Consortium]. 2013. Moscow. Available at: http://www.iisi.msu.ru/UserFiles/File/publications/VII%20Forum.pdf (accessed: 02.02.2019). (In Russ.)

5. Sherstyuk V.P. (ed.). 2004. Nauchnye i metodologicheskie problemy informatsionnoi bezopasnosti [Scientific and methodological issues of information security]. Moscow, MTsNMO Publ. (In Russ.)

6. Romashkina N.P. 2018. Informatsionnaya bezopasnost’ kak chast’ problemy obespecheniya strategicheskoi stabil’nosti [Information security as a part of strategical stability maintenance problem]. Strategicheskaya stabil’nost’, no. 1 (82), pp. 8–13. (In Russ.)

7. Romashkina N.P. 2016. Problemy mezhdunarodnoi informatsionnoi bezopasnosti: kompromiss mezhdu Rossiei i Zapadom? [Issues of international information security: A compromise between Russia and the West?]. Evropeiskaya bezopasnost’: sobytiya, otsenki, prognozy, iss. 41 (57), pp. 9–12. (In Russ.)

8. Smirnov A.I. 2005. Informatsionnaya globalizaciya i Rossiya: vyzovy i vozmozhnosti [Globalization of information and Russia: Challenges and opportunities]. Moscow, Parad Publ. (In Russ.)

9. Strel’tsov A.A., Smirnov A.I. 2017. Rossiisko-amerikanskie otnosheniya v oblasti mezhdunarodnoi informatsionnoi bezopasnosti: prioritetnye napravleniya sotrudnichestva [U.S.-Russian relations in the field of international information security: Priority areas of cooperation]. International affairs, no. 11, pp. 71–81. (In Russ.)

10. Sharikov P.A. 2015. Problemy informatsionnoi bezopasnosti v politsentrichnom mire [Issues of information security in a polycentric world]. Moscow, Ves’ mir Publ. (In Russ.)

11. Ani U.D., Daniel N., Oladipo F., Adewumi S.E. 2018. Securing industrial control system environments: The missing piece. Journal of Cyber Security Technology, vol. 2, no. 3-4, pp. 131–163. DOI: 10.1080/23742917.2018.1554985.

12. Ani U.P.D., He H., Tiwari A. 2017. Review of cybersecurity issues in industrial critical infrastructure: Manufacturing in perspective. Journal of Cyber Security Technology, vol. 1, no. 1, pp. 32–74. DOI: 10.1080/23742917.2016.1252211.

13. Clark-Ginsberg A., Slayton R. 2019. Regulating risks within complex sociotechnical systems: Evidence from critical infrastructure cybersecurity standards. Science and Public Policy, vol. 46, iss. 3, pp. 339–346. DOI: 10.1093/scipol/scy061.

14. Endeley R. 2018. End-to-end encryption in messaging services and national security — case of WhatsApp messenger. Journal of Information Security, vol. 9, no. 1, pp. 95–99. DOI: 10.4236/jis.2018.91008.

15. Katzan H. 2016. Contemporary issues in cybersecurity. Journal of Cybersecurity Research (JCR), vol. 1, no. 1, pp. 1–6. DOI: 10.19030/jcr.v1i1.9745.

16. Pavlik K. 2017. Cybercrime, hacking, and legislation. Journal of Cybersecurity Research (JCR), vol. 2. no. 1, pp. 13–16. DOI: 10.19030/jcr.v2i1.9966.

17. Quigley K., Roy J. 2012. Cyber-security and risk management in an interoperable world: An examination of governmental action in North America. Social Science Computer Review, vol. 30, no. 1, pp. 83–94. DOI: 10.1177/0894439310392197.

18. Riek M., Böhme M. 2018. The costs of consumer-facing cybercrime: An empirical exploration of measurement issues and estimates. Journal of Cybersecurity, vol. 4, iss. 1. DOI: 10.1093/cybsec/tyy004.

19. Romanosky S. 2016. Examining the costs and causes of cyber incidents. Journal of Cybersecurity, vol. 2, no. 2, pp. 121–135. DOI: 10.1093/cybsec/tyw001.

20. Romanosky S., Ablon L., Kuehn A., Jones T. 2019. Content analysis of cyber insurance policies: How do carriers price cyber risk? Journal of Cybersecurity, vol. 5, iss. 1. DOI: 10.1093/cybsec/tyz002.