Homeland Security Enterprise
Security, Legal and Ethical Issues
The Department of Homeland Security (DHS) has the unique role of defending the United States against foreign and domestic threats. They do this by following a set of core values and six overarching missions that involve Counterterrorism, securing borders, securing cyberspace and critical infrastructure, strengthening preparedness and resilience (Department of Homeland Security, 2019). When it comes to these mission sets, DHS must examine its policies and procedures to ensure that all its strategies preserve the civil liberties and rights of U.S. citizens while securing the home front without causing ethical and legal issues. This paper will allow the reader to understand which document is essential at this time within the homeland security field while discussing risk sectors within the critical infrastructures. The reader will also understand challenges that arise when protecting the Homeland and balancing civil liberties within the present and into the future.
As the world advances in technology and moves more into cyber-space, the threat of cyber-terrorists and cyber-crimes continues to rise. Critical infrastructures are no longer just brick-and-mortar establishments and now rely on vast networks to gather and submit data across the United States and the world. DHS considers cyberspace to be one of the most active and dynamic threats to the Homeland and states that by 2021, cybercrime is likely to exceed six trillion dollars a year (Homeland Security, 2019).
Cyber-attacks have been happening as far back as 1988 with The Morris Worm virus, created by Robert Morris from Cornell University. He was the first person to be convicted of cybercrime. In 1994 hackers Richard Pryce and Matthew Bevan attacked the U.S. Air Force military networks. The increase of cyber-attacks continues with the rise of Anonymous and their cyberattacks from 2011 to 2012 in over 250 networks to include Sony’s PlayStation network (Fell, 2017).
Now more prevalent than ever, cybercrimes have become the forefront within the Homeland. DHS has focused on four goals to increase security and decrease damages to critical infrastructures; their focus is securing federal civilian networks, strengthening the security and resilience of critical infrastructure, assessing, and countering evolving cybersecurity risks, and combating cybercrime (Homeland Security, 2019).
To combat these ongoing cyber threats, law enforcement agencies will need to provide essential roles in defeating cybercriminals, ranging from corporate breaches to social media fraud cases and identity theft. With emerging threats to Americans, it’s up to the government and law enforcement to protect the private sector and its members (Cybersecurity & Infrastructure Security Agency, 2019).
However, when it comes to combating cyber-terrorists and their attacks, a roadmap needed to be put into place. One of the more critical documents within the DHS was created, Executive Order 13636, “Improving Critical Infrastructure Cybersecurity," signed by President Obama on February 12, 2013.
This order detailed the need for improved Cybersecurity and the damage that cyber can do to the national economic and critical infrastructures. The order puts a policy that encourages and promotes efficiency and security while maintaining privacy and civil liberties. This is done through policy coordination and dispute resolutions with periodic reviews of the program, which will allow the Director of National Intelligence and the Attorney General a system to disseminate classified reporting on critical infrastructures while ensuring that privacy and civil liberties methodologies are built into the framework (Obama, 2013).
The reason that Executive Order 13636 is vital to DHS is that it laid the groundwork for improving Cybersecurity within the United States' critical infrastructures and allowed policies and procedures to be in place to protect civil liberties while increasing awareness. This order helped create the Cybersecurity Framework to align policy, business, and technology in cyber risks (Obama, 2013). In 2017, the administration was able to add to the structure provided by making Cybersecurity a national priority incorporating it into the National Security Strategy (NSS) (U.S. Government Accountability Office, 2020).
One of the biggest threats to the Homeland that affects every critical infrastructure is Cybersecurity; it is weaved into every essential critical infrastructure from banking and healthcare to transportation systems such as railways and stoplights. The damage that can happen from a cyber-attack can cause a massive catastrophe on all levels of government.
The United States Government Accountability Office ran an assessment on a high-risk report in March 2019. They were found that since the executive orders had been put into place, only twenty-four major federal agencies had failed to fully implement the requirements of the Federal Cybersecurity Workforce assessment act of 2015. Furthermore, the assessment concluded that of the ninety-six civilian agencies within DHS, seventy-six of them were high risk and not equipped to understand how malicious actors could gain or access their systems. The assessment also found that the National Cybersecurity and Communications Integration Center (NCCIC), which is responsible for the 24/7 cyber monitoring and management center for the federal, civilian government was only partially met and was found to have weaknesses within their monitoring programs (Office, 2019, March, pp. 178-180).
The Cybersecurity & Infrastructure Security Agency (CISA) is the nation’s risk advisor on improving cyber and infrastructure security; they work with businesses and government partners to provide training on security from federal, state, and local governments along with commercial vendors. CISA is designed to defend against cyber-attacks and provide tools to safeguard essential partners and agencies (CISA, 2020). The agency was formed on November 16, 2018, with the Cybersecurity and Infrastructure Security Act. President Trump saw cyberspace as a vulnerable infrastructure that could steam into physical and cyber hazards (Homeland Security, 2020).
When it comes to hardening Cybersecurity's infrastructure, many ethical and legal issues must be addressed that the CISA and private companies must contend with when it comes to communication and confidentiality. When it comes to finding hackers without data-breaching individuals' rights, CISA must protect data privacy. They do this by ensuring that personal information is handled in compliance with the Privacy Act of 1974, that the technologies being used are not eroded, and they conduct impact assessments (Burd, 2020).
CISA must also follow the Fourth Amendment rights; this means they can only view raw computer traffic information and contain malicious activity. If it's clean, then DHS or CISA must delete it from their systems, and only data can be collected when related to an actual cyber threat (Congressional Research Service, 2013, April, pp. 18-19). This makes the cybersecurity realm more of a reactive than a proactive system.
However, the technology landscape is always changing, and hackers are still finding new routes to destroy or steal information. This means that cybersecurity professionals must also rely on their moral compass when it comes to ethics; currently, outside of university courses and certifications, there are no standards for a cybersecurity professional when it comes to working in the field (Knowles, 2016). Granted that the government might have standard operation procedures, which doesn’t stop private businesses from following the same guidelines.
Some of the ways that the United States can increase its cybersecurity practices are through training state, local, tribal, and territorial (SLTT) law enforcement on cyber incidents and preventative measures to prevent attacks; some of these training include the FBI Cyber shield and InfraGard programs. Immigration and Customs Enforcement Homeland Security Investigations (ICE HSI) runs a cybercrime center with technical training courses on digital forensics and cyber investigations (CISA, 2020).
When it comes to protecting the Homeland against terrorist threats, both foreign and domestic DHS faces many challenges with collecting data and their abilities when it comes to civil liberties. The USA Patriot Act of 2001 was put into place to deter terrorist acts; in a nationwide poll by Gallup, 47 percent of Americans believe that the government should take steps to prevent terrorism even if it violated civil liberties.
This led to the Bush Administration in 2007, allowing law enforcement to use spy satellites, then in 2008, NSA and the CIA began to gather telephone and internet data (Grey House Publishing, 2018). Edward Snowden leaked the NSA gathering in 2013, where he showed the data-mining programs and surveillance that the administrator was conducting (Government Accountability Project, 2020). This brought the intelligence community to change policies and cause everyone to look at how domestic intelligence was being gathered. Some of the fallout included big tech companies aiding law enforcement with cases; for instance, Apple refused to help in the San Bernardino terrorist massacre. Snowden also caused the NSA to be no longer able to collect phone records and now must go to phone companies when data is needed (Hattem, 2016).
However, even in the events after Snowden, most Americans' confidence in regulations to stop terrorist attacks wound down, with only 59 percent of Americans believing that the policies in place were useful (Grey House Publishing, 2018). Even though the American people believe that regulations are not working, it is the job of DHS to prevent terrorist attacks from happening in the Homeland. According to Presidential Directive 7, a national policy identifies and prioritizes critical infrastructures from terrorist attacks. This policy ensures that Federal agencies maintain and share information regarding cyber threats, incidents, vulnerabilities, and reduce domestic terrorist threats (Presidential Directive, 2003).
This causes conflict within the Intelligence Community (IC), the job of protecting the American people and not always being transparent regarding the intelligence being gathered, which, if brought to light, could jeopardize not only cases being built but the lives of Americans. This is when an excellent moral compass comes into play; individuals have access to a vast amount of data and are trusted to keep it safe.
The IC is also used as a scapegoat because if they are not gathering intelligence and attempting to stop attacks when an attack happens, they didn't do enough. If an attack does not occur, they are trampling on the rights of civil liberties. Politics also comes into play when it comes to intelligence gathering as well. Some leaders tend to be afraid that if an attack occurs, they will be blamed for dialing back measures and vice versa if they increase security measures due to a potential attack (Zaffar, 2020, pp. 517-520). This causes the IC to walk a fine line between politics, presidential orders, protecting the American people, and following the red tape regarding the challenges of countering terrorism within the United States.
Within the United States, Homeland Security Enterprise is facing a crisis against a pandemic that is killing thousands of Americans a day. Not only does DHS need to be prepared for infectious diseases, but it must also be ready for any terrorist threats, threats to critical infrastructure, and climate changes. DHS must look towards the future in training programs and keep ahead of the enemy to protect the Homeland.
DHS is the third-largest Cabinet department of the government and has the most diverse mission sets. Their records in Counterterrorism as stopped almost 14,293 high-risk travelers from boarding flights, while they have increased information sharing with foreign governments (Johnson, 2017). On the Homefront, Immigration, and Border Security, they have become one of the government's largest agencies with a budget of over 3.5 billion. DHS also leads the federal government in its efforts within the cybersecurity realm and created the NCCIC.
As DHS moves forward with its goals with Counterterrorism, Cyber, and Immigration control, they must build on their relationships with their SLTT counterparts. They should review their policies within the Counterterrorism field to see what best practices are working correctly and what may be altered or removed to serve the American people.
Within cyber-realm, they need to continue to protect personally identifiable information (PII) and address cybersecurity challenges, along with emerging technologies. DHS should also focus on developing a strategy for cyberspace while making sure to improve efforts on what should be collected. DHS needs to have a vital role in Cybersecurity when it comes to protecting against cyberthreats that are aimed at critical infrastructures while increasing relationships with big tech companies to safeguard infrastructures within the United States as a whole (U.S. Government Accountability Office, 2020).
Within U.S. Customs and Border Protection (CBP), their future is towards becoming the leader in safeguarding borders and increasing economic prosperity; this will be done through law enforcement and economic competitiveness. Simultaneously, making sure that lawful trade is occurring and preventing transnational crime (U.S. Customs and Border Protection, 2019). To do this, CBP will need to work relationships with our neighbors and conduct cross-training to help find threats outside our country and those that are leaving our country. By enabling this cross-training environment, it will increase relations and allow more transparency with law enforcement.
While DHS moves into the future with these mission sets, they need to do so while preserving Americans' civil rights and liberties. DHS has moved in the right direction by creating the Homeland Office for Civil Rights and Civil Liberties (CRCL) to ensure that all individuals are treated with fairness and equality within the laws. This is done by communicating all civil liberties that may be affected by their department activities, investigating any complaints filed by the public regarding DHS policies against violations of civil rights or civil liberties. It provides leadership and guidance and enforces that all policies, laws, and regulations are maintained (CRCL, 2020).
When it comes to the U.S. Constitution, no document has stood firmly in shaping our country and values; however, our forefathers though extremely intelligent, could not have fathomed the idea of cyberspace and how the internet would play a valued role in our society. Therefore, the presidential executive order 13636 documents are just as important. It paved the way for a baseline within the cybersecurity realm while providing clear goals and guidance on how the cyber program should be set up.
Though cyber is one of the most significant risks in critical infrastructures, DHS has created the CISA to combat cyber vulnerabilities. Simultaneously, assessments are made to make any improvements and change any policies that may aid in making a strong cybersecurity branch. CISA is also in line with protecting civil liberties and maintaining fourth amendment rights, which is a strong goal for the American people wanting to feel safe and secure while maintaining their sense of freedom.
DHS and the government have many challenges they face when it comes to protecting the Homeland and gathering intelligence. Not only must they comply with their laws and regulations, but they need to be able to change within the politics of their field and maintain an excellent moral compass when it comes to ethics. At the same time, they try to protect Americans against enemies who do not follow the same moral code or believe in civil liberties.
The emerging future has many challenges for DHS and homeland enterprises. However, they have a solid mission set and clear goals for the future; if assessments are put into place to protect civil liberties, they look towards refining policies and continue to build strong relationships with their partners, DHS should be able to protect American well into the future.
Burd, J. (2020). CISA Office of Privacy. Washington, DC: CISA.
CISA. (2020, October 28). About CISA. Retrieved from Cybersecurity & Infrastructure Security Agency: https://www.cisa.gov/about-cisa
CISA. (2020, October 28). Law Enforcement Cyber Incident Reporting Documents. Retrieved from Law Enforcement Cyber Incident Reporting Documents: https://www.cisa.gov/sites/default/files/publications/Law%20Enforcement%20Cyber%20Incident%20Reporting.pdf
Congressional Research Service. (2013, April). Cybersecurity: Selected Legal Issues. Washington, DC: Congressional Research Service.
CRCL. (2020, September 8). Office for Civil Rights and Civil Liberties. Retrieved from Homeland Security: https://www.dhs.gov/office-civil-rights-and-civil-liberties
Cybersecurity & Infrastructure Security Agency. (2019, February 27). Cyber Safety. Retrieved from Cybersecurity: https://www.cisa.gov/cyber-safety
Department of Homeland Security. (2019, July 3). Mission. Retrieved from Homeland Security: https://www.dhs.gov/mission
Fell, J. (2017, March 13). Engineering and Technology. Retrieved from Hacking through the years: a brief history of cybercrime: https://eandt.theiet.org/content/articles/2017/03/hacking-through-the-years-a-brief-history-of-cyber-crime/
Government Accountability Project. (2020, May 7). Edward Snowden. Retrieved from Edward Snowden: https://whistleblower.org/whistleblower-profiles/edward-snowden/
Grey House Publishing. (, 2018). Privacy Surrenders to Patriotism: The Patriot Act (2001). Grey House Publishing.
Hattem, J. (2016, December 25). The Hill. Retrieved from Spying after Snowden: What's changed and what hasn't: https://thehill.com/policy/technology/310457-spying-after-snowden-whats-changed-and-what-hasnt
Homeland Security. (2019, October 24). Secure Cyberspace and Critical Infrastructure. Retrieved from Homeland Security: https://www.dhs.gov/secure-cyberspace-and-critical-infrastructure
Homeland Security. (2020, October 28). Cybersecurity. Retrieved from Cybersecurity: https://www.dhs.gov/topic/cybersecurity
Johnson, J. (2017, January 5). DHS Record of Progress and VIsion for the Future. Retrieved from Homeland Security: https://www.dhs.gov/archive/DHSInReview
Knowles, A. (2016, October 12). Tough Challenges in Cybersecurity Ethics. Retrieved from Security Intelligence: https://securityintelligence.com/tough-challenges-cybersecurity-ethics/
Obama, B. (2013, February 12). Executive Order-- Improving Critical Infrastructure Cybersecurity. Retrieved from The White House President Barack Obama: https://obamawhitehouse.archives.gov/the-press-office/2013/02/12/executive-order-improving-critical-infrastructure-cybersecurity
Office, U. S. (2019, March). HIgh-Risk Series: Substantial Efforts Needed to Achieve Greater Progress on High-Risk Areas. Washington, DC: United States Government Accountability Office.
Prseidential Directive. (2003, December 17). HOMELAND SECURITY PRESIDENTIAL DIRECTIVE 7: CRITICAL INFRASTRUCTURE IDENTIFICATION, PRIORITIZATION, AND PROTECTION. Retrieved from HOMELAND SECURITY PRESIDENTIAL DIRECTIVE 7: CRITICAL INFRASTRUCTURE IDENTIFICATION, PRIORITIZATION, AND PROTECTION: https://www.cisa.gov/homeland-security-presidential-directive-7
U.S. Customs and Border Protection. (2019, May 21). Vision and Strategy, 2020. Retrieved from U.S. Customs and Border Protection: https://www.cbp.gov/document/publications/vision-and-strategy-2020
U.S. Government Accountability Office. (2020, October 28). Cybersecurity Challenges Facing the Nation- High-Risk Issue. Retrieved from GAO: https://www.gao.gov/key_issues/ensuring_security_federal_information_systems/issue_summary#t=0
U.S. Government Accountability Office. (2020, October 28). GAO. Retrieved from Ensuring the Cybersecurity of the Nation: https://www.gao.gov/highrisk/ensuring_the_security_federal_government_information_systems/why_did_study
Zaffar, E. (2020). Civil Rights, Civil Liberties, and Privacy. In E. Zaffar, Understanding Homeland Security (pp. 516-523, Chapter 10.). Routledge.