Background: The Chief Technology Officer (CTO) indicated that your organization has been requested by the National Security Council (NSC) to comment on the upcoming National Cybersecurity Strategy. The NSC has asked for specific recommendations as it relates to the next cybersecurity strategy, private/public partnerships, and comments on how specific technologies should be incorporated into the assessment.
“Protecting Critical Infrastructure and the Homeland”
The Department of Defense (DoD) Cyber Strategy 2018 (attached) discusses the protection of critical infrastructure and the homeland.
1) What does that mean to private organizations such as yours?
2) If most critical infrastructure in the United States is owned by the private sector, what responsibility does the DoD have in this regard?
3) Some would argue US laws are outdated and thus the DoD has little authority to assist. Others would argue US laws were purposely established such that the private sector would defend itself and not need assistance from the military. Obviously, for the DoD to assist, it would need the private organizations’ data. Said another way, the DoD would need your data as a private citizen/customer of that organization. Those that believe our laws need to be updated argue giving up privacy for protection is legitimate.
4) Others will argue that we should not give private information of citizens to the government for any reason. As a citizen, would you feel comfortable with this? As a private organization, would you feel comfortable giving information that may contain your customers’ private data to the DoD?
5) Is there a third solution (middle ground) you would propose that enables privacy but also enables cybersecurity?