Cyber defense: Who's in charge?
| Author | Thomas, Teka |
| Position | VIEWPOINT |
* Defense Secretary Ashton Carter stated in April that his department had a role in defending "other parts of society" from cyber attacks "of significant consequence." Since the country's founding, the role of state governments in national security has never been fully defined. Since 2001, state, local and tribal governments have seen their function increase in the domestic aspect of security. Their primary roles are in the area of responding to an attack. But a few jurisdictions, notably New York City, are very proactive in intelligence collection.
Internationally, cyber security represents unique technical and administrative challenges. Malicious actors can be anywhere in the world, and malicious software can scale rapidly. American democracy, holding layers of government together through law, presents an especially difficult challenge for security services. Government, at all levels, is struggling to protect itself, as well as the public at large. This public framework must be looked at in a federalist context.
In general, the federal government cannot mandate that states adhere to a regulatory process or scheme. The leading Supreme Court cases are Printz v. U.S. from 1997, and New York v. U.S. from 1992. They hold that Washington cannot "commandeer" states and their officers into federal regulatory schemes.
Had Printz been written after 9/11, there would have been a better articulation of federal power in emergency situations. In 2014, the White House released its Cybersecurity Framework as a guideline for organizations, private and public, to follow. The Commerce Department's National Institute of Standards and Technology is the lead agency for cyber security standards. Adherence to NIST standards by states is voluntary, so far.
Printz and New York deal with regulatory programs and schemes. The dissent in the Printz case immediately raises the specter of national emergencies. In essence, there must be the constitutional authority and administrative mechanism for the federal government to do what needs to be done if a state government were overwhelmed, such as during Hurricane Katrina or the 9/11 attacks. By now, almost every citizen is aware of the threat that cyber attacks pose to national security and economy. Handling this as a problem management issue, and not with an emergency mindset, seems to trigger the notion that this is a regulatory scheme. Concentrated attacks against state and local governments could force this issue.
If...
To continue reading
Request your trialCOPYRIGHT GALE, Cengage Learning. All rights reserved.
