2. Power in Information Systems
Security
What is Cyber Security? It is “the security of a
nation‟s computer and telecommunications
infrastructure” (Dhillon, 2013)
Very little research exists regarding power in
Information Systems (IS) security. However, with
new policies promulgated over the past 12 years,
resistance is bound to occur, which makes a
fantastic breeding ground for research on how
effective the IS policy can be.
3. Clegg‟s Circuits of Power
This theory “explains power relationships independent
of the particular circumstances of organizations or
their structure… [that] leads to a complete political
appraisal of the organization” (Dhillon, 2013)
3 different „circuits‟ exist:
Episodic – describes day-to-day interaction, work, and
outcomes
Social Integration – views how social structures affect power
relationships and focuses on memberships and relationships
– has 2 subunits: membership and shared norms
System Integration – looks at the technological means of
control of an organization over the social and physical
environment – has 2 sub elements: production and discipline
4. Episodic Circuit of Power
The creation of the Department of Homeland Security
(DHS) has recently become greatly affected by cyber
security policy
Between 2001 and 2007, very little occurred within policy
dealing with cyber security
In late 2007 – early 2008, several security breeches hit
the Defense, State, Homeland Security, and Commerce
Departments, NASA, Veterans Affairs, & the National
Defense University
These breeches led to HSPD 23 and NSPD 54 which in turn
created a Comprehensive National Cyber security Initiative (CNCI)
○ The CNCI was designed to combine the different federal agencies who
dealt with cyber security by developing a National Cyber Security
Center (NCSC)
○ Instead, this created power struggles and many complaints of secrecy
and too much classified data, and lacked any clear leadership roles
5. Episodic Circuit of Power
The end of 2008 saw cyber security being jointly
handled by both the DHS‟s NCSC and the
National Security Agency (NSA)
In early 2009, it was determined that the NSA would be
in charge of cyber security
The expanding role of the military in cyber security
added an extra dimension of struggle for power
6. Social Integration Circuit of Power
The DHS was originally introduced to legislation prior
to 9/11, and it was called the National Homeland
Security Agency; the bill was dropped due to
disinterest
It was passed through after 9/11 and renamed DHS,
effectively sheltering the FEMA, the Customs Service,
Border Patrol, the Coast Guard, and other
departments under its umbrella
It was brought to life under the Homeland Security Act (HSA)
in November 2002
DHS was put into existence within 60 days of passing, in
January 2003
Despite its creation, there still was not much emphasis on
the idea of cyber security
7. Social Integration Circuit of Power
A cultural phenomenon began to emerge within
both politics and the general public: a desire to
appear „patriotic‟ by supporting everything the
federal government did without question
Democrats began losing seats in Congress due to
having made reproachful remarks against provisions in
the HSA
This phenomenon went hand-in-hand with criticizing
Bush or his administration because no one wanted to
portray the administration as failing and no one wanted
to end up becoming vilified or defamed
8. System Integration Circuit of
Power
The Cyber Security Enhancement Act (CSEA) of
2002 produced the ability for companies to be able
to give their customers‟ electronic information
(such as personal email, chat conversations,
phone records, and online purchases) to any
government employee without any necessary
legal documents or court warrants
If a company felt that the information held any
“immediate threat to national security interest” (Dhillon,
2013), they were required to make a good faith effort to
turn it over – this did not have to happen only when
requests were made by the federal government
9. System Integration Circuit of
Power
The CSEA received resistance when it was
criticized for overriding personal liberty of privacy
protections of citizens based upon a very
subjective idea of what posed an „immediate
threat‟ to national security, without even a
provision for judicial review
Even the controversial US Patriot Act requires that the
courts must be notified if a federal official looks into a
US citizen‟s personal emails, but the CSEA overrode
even this protection
10. System Integration Circuit of
Power
Several other notable instances have occurred in
which cyber security legislation has incited
retaliation
The Stop Online Piracy Act (SOPA) of 2012 garnered
much attention and displeasure form both individuals
and large corporations (many companies threatened to
„black out‟ in protest)
In 2013, Edward Snowden released classified
information in regards to a clandestine surveillance
program called PRISM led by the NSA in which privately
owned companies like Verizon Wireless were required
to release customer information without customer
knowledge
11. Conclusion: Efficacy of US Cyber
Security Policy
Power relationships played a very important role in
shaping consistent cyber security policy through
territory wars, Executive Orders, legislative
processes, patriotic culture, public criticism, and major
federal government shifts in power
This struggle has ultimately weakened our position as
a cyber security power in a time of constant cyber
attacks from within our nation as well as from outside
President Obama‟s 2013 Executive Order put into
law a cyber security policy in order to set up a
framework between the federal government and
private sector companies to allow the private sector
companies to better protect themselves and their
customers from government purview
12. Reference
Dhillon, G. (2013). Enterprise Cyber Security:
Principles and practice. Washington, D.C.:
Paradigm Books.
13. Question
Why has it taken the US over 12
years to realize the significance
that cyber security plays in the
overall purpose of Homeland
Security?