State government regulation

State governments have attempted to improve cybersecurity by increasing public visibility of firms with weak security.
In 2003, California passed the Notice of Security Breach Act which requires that any company that maintains
personal information of California citizens and has a security breach must disclose the details of the event. Personal
information includes name, social security number, drivers license number, credit card number or financial
information.[8] Several other states have followed Californias example and passed similar security breach notification
regulations.[9] These security breach notification regulations punish firms for their cybersecurity failures while giving
them the freedom to choose how to secure their systems. Also, this regulation creates an incentive for companies to
voluntarily invest in cybersecurity to avoid the potential loss of reputation and the resulting economic loss that can
come from a successful cyber-attack

Federal government regulation

There are few federal cybersecurity regulations, and the ones that exist focus on specific industries. The three main
cybersecurity regulations are the 1996 Health Insurance Portability and Accountability Act (HIPAA), the 1999 GrammLeach-Bliley Act, and the 2002 Homeland Security Act, which included the Federal Information Security Management
Act (FISMA). These three regulations mandate that healthcare organizations, financial institutions and federal
agencies should protect their systems and information.[4] For example, FISMA, which applies to every government
agency, requires the development and implementation of mandatory policies, principles, standards, and guidelines
on information security. But, these regulations do not address numerous computer related industries, such
as Internet Service Providers (ISPs) and software companies.[5]Furthermore, these regulations do not specify what
cybersecurity measures must be implemented and require only a reasonable level of security. The vague language
of these regulations leaves much room for interpretation. Bruce Schneier, founder of Cupertinos Counterpane
Internet Security, argues that companies will not make sufficient investments in cybersecurity unless government
forces them to do so.[6] He also states that successful cyber-attacks on government systems still occur despite
government efforts

Reasons for cybersecurity

The United States government believes that the security of computer systems is important to the world for two
reasons. The increased role of Information Technology (IT) and the growth of the e-commerce sector, have made
cybersecurity an essential component of the economy. Also, cybersecurity is vital to the operation of safety critical
systems, such as emergency response, and to the protection of infrastructure systems, such as the national power
grid [3].[2]
Cyber attacks against our nation continue to occur across networks. Based on DHS Secretary Janet Napolitanos
testimony to the Senate in 2012, in 2011 alone, the DHS U.S. Computer Emergency Readiness Team (US-CERT)
received more than 100,000 incident reports, and released more than 5,000 actionable cybersecurity alerts and
information products.[3] In January 2013, Twitter, the Wall Street Journal, New York Times, and the Department of

Energy each reported that their systems had been breached.[4] So far as we know, these attacks have only been
successful at probing our systems and compromising data. However, a successful attack on our critical
infrastructures could be devastating to the public. Richard Clarke, the former special advisor on cybersecurity to
George W. Bush, stated that within the first 48 hours of a cyber attack, the United States could experience, among
other things: classified and unclassified network failures, large oil refinery fires and gas pipeline explosions, financial
system collapse with no idea of who owns what, trains and subways derailing, and a nationwide blackout leaving
cities in the dark.[5] Defense Secretary Leon Panetta stated in October 2012 that, a cyber attack perpetrated by nation
states or violent extremist groups could be as destructive as the terrorist attack of 9/11Such a destructive cyber
terrorist attack could paralyze the nation

Pro-regulation opinions[edit]
While experts agree that cybersecurity improvements are necessary, there is disagreement about whether the
solution is more government regulation or more private-sector innovation. Many government officials and
cybersecurity experts believe that the private-sector has failed to solve the cybersecurity problem and that regulation
is needed.Richard Clarke states that, industry only responds when you threaten regulation. If industry does not
respond [to the threat], you have to follow through.[33] He believes that software companies must be forced to produce
more secure programs.[34] Bruce Schneier also supports regulation that encourages software companies to write more
secure code through economic incentives.[35] U.S. Rep. Rick Boucher (DVA) proposes improving cybersecurity by
making software companies liable for security flaws in their code.[36]In addition, to improving software security, Clarke
believes that certain industries, such as utilities and ISPs, require regulation

Cybertechnology is defined as a field of technology that deals with the development of artificial devices
or machines that can be surgically implanted into a humanoid form to improve or otherwise augment their
physical or mental abilities. Cybertechnological products are known as "Cyberware"

Types of Cyberware

Edit

There are three categories of Cyberware: headware, bodyware and cyberlimbs. Headware is any Cyberware that
installed in ones head, and bodyware is generally any Cyberware installed in the torso. Cyberlimbs are both a
Cybertechnological product and a classification of Cyberware, owing to the fact that cyberlimbs can have equipment
and additional Cyberware installed in them in bul

Cybertechnology is defined as a field of technology that deals with the development of artificial devices or machines
that can be surgically implanted into a humanoid form to improve or otherwise augment their physical or mental
abilities. Cybertechnological products are known as "Cyberware". There are many types and subclassifications of
Cyberware, and they can be found in various different grades of quality

Step 1
Secure systems with hardware and software protection, install
intrusion detection systems and respond immediately to any
intrusions. These are three key recommendations from the
Computer Emergency Response Team, which deals with computer
threats. CERT also recommends that companies keep all programs
patched when vendors supply security updates, and that they
keep logs of activity to detect any unusual events.
Step 2
Affiliate with defensive organizations such as InfraGard, a publicprivate partnership to track threats. Use the FBI as a resource to
keep up with threats and defense mechanisms. Make sure your
system or network is secured with such things as strong
passwords and effective firewalls. Install antivirus systems, keep
them updated and run regular checks to detect and remove any

Step 3
Create a firm security policy. Train employees to guard against
such things as opening email attachments or responding to
messages from unknown sources. Institute regular checks to
make sure security precautions are followed. Follow news and
computer information reports about new threats, such as a new
worm or other malware being circulated, even if it's not in your
immediate area. Apply filters to screen out suspicious material or
messages from known sources of threats such as specific
countries.
Step 4
Test your defenses regularly. Employ a testing or security service
to routinely try to invade your system or network -- and have it
report any deficiencies. Use secure encryption for any messages,

internal or external, and install a password system to regularly

change passwords; always use passwords that include a
combination of numbers, letters and other characters -- and never
store them in a computer. Change a system or network when a
vulnerability is identified.

Prevention
A basic approach is to design the system to be secure from an attack from the
beginning. If this is done properly, attacks may be prevented because they would
be perceived to be futile, or if launched, they would cause no damage. A coarse
analogy is that people armed only with rifles rarely attack heavy tanks.
For the vast majority of IT systems, security was not a major design criterion, if
it was considered at all, even with the original Advanced Research Projects Agency
Network (ARPARNET), which was developed by the U.S. Department of Defense.
If security were made a major design criterion for a new system, there is no doubt
that it could be made more secure than most of its predecessors. However, there
should be no delusion that we know how to design large, complex systems that can
be kept and guaranteed safe and secure in todays world.
Since almost all cybersystems were not originally designed with security in
mind, we have an enormous legacy of insecure systems that are used extensively.
Improving security for such systems is largely a matter of afterthoughts and
patchwork. The problem is compounded by security often being in conflict with
design criteria that best promote