Cyberinfrastructure in the US.

Part 1: Leadership of Cyberinfrastructure

The United States has witnessed cyber-attacks from nation-states and other organized groups in recent years. Concerns about cyber security are continuously increasing due to increased cyberattacks on the critical infrastructure used to ensure public health and safety. Cyber security is a technical, economic, and security problem requiring technical solutions to reduce extraordinary costs on corporations and ensure corporate and personal information security. A major challenge in addressing cyber security challenges in the US is the lack of effective leadership. Leadership is critical to preparing America’s institutional leaders to face the challenges of operating in a cyber-threat era. The US needs a meta-leadership to ensure the protection of critical infrastructure. Meta-leadership entails guidance and direction across organizational lines that lead to a shared course of action to achieve a common purpose. Enhancing critical infrastructure protection requires governmental and non-governmental bodies to coordinate their planning, collaborate with other stakeholders, and respond to anticipated cyber security threats and attacks.

Meta-leaders can influence and enhance collaboration of efforts across various organizations, integrate activities of different agencies, and drive interaction necessary for effective cyber infrastructure protection and response to cyber threats. These leaders transcend their scope of authority and responsibility, creating links of purpose and activity that enhance their outcomes and impact (Comiskey, 2017). Meta-leaders envision cyberinfrastructure as a whole than its components and then strategize on how to communicate and persuade stakeholders’ participation. According to Farra et al. (2017), meta-leadership gives life to nonexistent vision by coordinating systems, personnel, and resources needed to realize a given mission. For example, a meta-leader molds actions toward the most critical cyber infrastructures needed to achieve the US’s overall goals and objectives of cyberinfrastructure protection. A meta-leader aligns core goals and redefines success as the final product of team collaboration and coordination of multiple stakeholders.

 Cyberinfrastructure in the US requires a meta-leader to collaborate with multiple agencies in unifying the goals of protecting critical infrastructure. According to Brown et al. (2017), a meta-leader is well suited to assess threats and vulnerabilities thoroughly across all infrastructure sectors to enhance national security. Meta-leadership in the US cyberinfrastructure would unify the efforts of the Department of Homeland security (DHS), Critical Infrastructure Assurance Office (CIAO), and the National Infrastructure Protection (FBI) to coordinate cyber infrastructure protection. Research by West and Zentner (2019) indicates that the federal government is divided into cyberinfrastructure responsibilities and scattered in various departments. The division of cyberinfrastructure responsibilities increases the risk of attack, and a single attack can affect many sectors. Although it is important to address the distinct security challenges of each infrastructure, it is important to have a meta-leader prioritizing the protection of cyberinfrastructure as a whole.

US cyberinfrastructure requires a meta-leader to enhance collaboration between the state, private sector, and local governments. Research by Limba et al. (2019) shows that the private sector controls the largest share of infrastructure in the US. Private organizations bear the sole and substantial responsibility of ensuring public safety by eliminating the risks caused by firms’ efforts to protect their assets and systems. Private organizations have the means and technical expertise needed to protect their control infrastructure. Meta-leadership is needed to understand the role of the private sector in the US cyberinfrastructure and encourage cooperation between the private sector and the state and local governments in protecting cyberinfrastructure. A meta-leader would give the state, local, and private agencies one responsible for coordinating cyber infrastructure protection efforts with the federal government. A meta-leader is skilled in the multi-dimensional assessment of threats and vulnerabilities and can get private, state. Local agencies on board share critical information about cyberinfrastructure and develop a strategic course of action needed to protect the US cyberinfrastructure.

Meta-leadership is needed in the US cyberinfrastructure protection to mobilize national, state, and local resources towards unprecedented cyber threats and attacks. These leaders ensure preparedness against unexpected catastrophes (Comiskey, 2017). Achieving and maintaining long-term vigilance of cyber infrastructure is challenging and often faces resistance to organizational changes and compliance to rules and conventions of preparedness. A meta-leader persists in developing a system-wide mission to build a readiness network and direct response to actual events such as the 9/11 attack. Meta-leaders accurately calculate risks and work across organizational boundaries to ensure cyber infrastructure protection.

Meta-leadership is critical to conflict management and resolution among various agencies protecting US cyberinfrastructure. The different agencies involved in protecting cyber infrastructure possess distinct cultural, procedural, and operational differences, leading to conflicts. These differences can intensify during the coordination of efforts needed to face cyberinfrastructure threats and risks. In such cases, a meta-leader needs to resolve emerging conflicts and influence involved agencies to focus on the main goal of protecting the cyberinfrastructure (McNulty et al., 2021). Conflicts of jurisdictional authority are resolved through consensus building, whereby the meta-leader collaborates with stakeholders to identify common interests and mutually beneficial solutions and develop a common solution.

Protection of the US infrastructure requires leaders to acknowledge the country’s vulnerability points and the influences of governments and private agencies’ behavior on cyber security. Meta-leadership encourages cyber security agencies to transcend the traditional scope of protection and security to create new, innovative, and adaptive strategies. Future research should focus on smart policies and procedures that can drive meta-leaders to protect cyberinfrastructure proactively.

                                                                         Part 2            

Stakeholders in the US Cybersecurity

Cyber security in the 21^st century has evolved as an immersive conglomerate integral to national security. Cyber security was initially regarded as a sole obligation for software engineers but has expanded to include various stakeholders. Stakeholders refer to bodies with a mandate or responsibility in cyber security and possess the skills and expertise to inform policy formulation and operationalization (Karahan, Wu, and Armistead, 2019). Cybersecurity stakeholders include government departments, the judiciary and law enforcement agencies, academic institutions, civil society organizations, the private sector, the technical community, international and regional organizations, and civil society organizations. Government stakeholders include the Department of Defense, DHS, and the Intelligence Community. The Department of Defense’s role in cybersecurity is to defend the military’s networks, protect the companies that manufacture weapons, foster US weapon integrity, and protect the department’s information and systems against cyber-attacks (Chatfield and Reddick, 2019). The Defense Department ensures cyber security through a joint cyber force involving entities such as the Cyber National Mission Force, Cyber Combat Mission Force, and the Cyber Protection Force. These forces focus on defending the US critical infrastructure against cyber-attacks and threats that could threaten national security. The DHS participates in the National Cybersecurity Protection System by designing, developing, and deploying systems to detect threats, share information, and risk aversion (Shackelford and Brady, 2017). DHS also conducts Continuous Diagnostics and Mitigation to identify Cybersecurity concerns and prioritize them based on their impacts on national security. DHS also encourages federal agencies to strengthen information security and reduce the risk of systemic cybersecurity.  

Private sector stakeholders include private firms that develop innovative technologies and provide services that enhance cybersecurity or are vulnerable to cyber threats. These firms include Deloitte and PricewaterhouseCoopers. Private sector stakeholders offer cyber security services such as incident response, penetration test, and compliance auditing required ensuring efficiency of federal government regulations such as ensuring the security of users’ data. Academic institutions involved in the US cyber concerns include research institutes, universities, researchers, and independent experts. Civil society organizations possess information about human rights and engage with various groups and communities in the US vulnerable to cyberattacks.

Decision-making in Cybersecurity

Increased prevalence of cyberattacks requires strategic decision-making to inform cyberspace investment and resources to enhance cybersecurity resilience. Research by Jalali, Siegel, and Madnick (2019) shows that cybersecurity in the US requires proactive decision-making focused on eliminating feedback delays and making optimum decisions. Decision-makers in the US include the Cybersecurity and Infrastructure Security Agency (CISA). According to Sedenberg and Dempsey (2018), CISA makes the decisions about managing and reducing the risk of attack on US cyberinfrastructure. Other decision-makers include the Department of Defense and intelligence community and Information Sharing and Analysis Centers (ISACs).

Cyber 911 Response

In a cyber-911 event, the first incident response would be disconnecting the affected from the network, enabling airplane mode, and invoking the incident response plan. The second step is to engage professionals, certified and experienced, to handle the cyber incident. The professional will provide valuable insight into the incident and propose a framework that can be used to avert the incident (Santos et al., 2020). The third step is to develop a reporting and communication channel involving all parties requiring knowing the incident details and progress. The channel will have an expert updating other members regularly. Regular updates will keep the involved parties engaged and establish a health alliance with each other. The fourth step involves documenting the incidents and describing the actions that have been performed. The documents will be used as a reference point if new stakeholders are added to the existing team. The fifth step is to secure evidence in the investigation process. It is also important to secure pertinent logs to understand the incident. The sixth step is to interview all the users involved in the cyber incident. These include the people that used the device before the incident. Lastly, it is important to measure the impact of the incident and initiate strategies to resolve the problem.