| Summary: | Approved for public release; distribution is unlimited === Following the 9/11 terror attacks, the Department of Homeland Security (DHS) was mandated to ensure the security of the nation’s cyber-supported critical infrastructure, which is predominantly privately owned and outside of the control of the U.S. government. This thesis examines the development of the government’s cyber-security policies and primary operational entities through their lawful authorities and capabilities. The thesis also examines and contrasts the effectiveness of DHS’s technology-centric, cyber-security approach, the deterrent effect realized through law enforcement cyber operations, and the suitability and effectiveness of the utilization of military or intelligence agencies, specifically the FBI, National Security Agency or Department of Defense, to fulfill the nation’s domestic cyber-security mission. Evidence suggests that DHS has consistently chosen to devote disproportionate budgetary resources to develop defensive technologies of questionable effectiveness, initiate redundant information-sharing programs, and develop cyber incidence response teams while not fully utilizing the U.S. Secret Service’s legal authorities and capabilities in furtherance of the department’s mission. Recommendations are offered to develop a whole-of-government cyber-security policy for an effective, integrated, cyber-security operation through the utilization of agency-specific authorities and capabilities, while protecting our nation’s critical infrastructure and our citizens’ civil liberties.
|
|---|
