Panel Paper: Bolstering the Cyber Resilience in the United States and Its Implications

Saturday, November 9, 2019
Plaza Building: Concourse Level, Plaza Court 3 (Sheraton Denver Downtown)

*Names in bold indicate Presenter

Do Kyung Kim, Seoul National University and Soon Yang Kim, Yeungnam University, Korea

National security can no longer be separated from cyber security, with almost all modern services heavily dependent on digitalized modes. The frequency of cyber attacks has been on the rise, as resorting to cyber weapons, unlike traditional forms of military weapons, possess low barrier to entry, low risk of potential retaliation, and advantage of relative anonymity of the attacker. Traditional forms of cybersecurity, such as building firewalls, are deemed insufficient in this digital era due to the ever-evolving nature of cyber attacks, diversity of threat actors, motivations and tactics. Accordingly, bolstering cyber resilience is deemed of utmost importance, which transcends defense against cyber attack to incorporate proactive response and recovery from a cyber incident. Although there exists a conceptual elusiveness over the exact definition of cyber resilience, generally, it refers to the overall ability of systems and organizations to withstand cyber events and, where harm is caused, rapidly recover from them (Björck et al, 2015).

Against this backdrop, the purpose of this paper is to conduct an in-depth case study into the policies, institutions and governance of the U.S. to strengthen its cyber resilience capacity. The research will be of timely use for other countries to benchmark certain aspects in the context of their unique environments and requirements. The U.S. was specifically chosen amongst other major Western powers as it has been a leading country in actively promoting cyber security on a national level, with relatively large proportion of national defense budget allocated towards cyber security.

The following are the research questions of this paper:

  • What kind of policies are pursued in the U.S. to strengthen its cyber resilience?
  • What kind of institutions are in place in support of cyber resilience?
  • How does governance, including public-private partnerships, related to cyber resilience operate in the U.S?
  • What policies, institutional, and governance implications can be drawn from aforementioned questions to strengthen the cyber resilience in other countries?

Analytical Framework of this paper


Legal and Institutional Systems

The provision of effective legal , institutional framework in support of cyber resilience, and whether they are specific and feasible.

Administrative System

The formation of cyber organization structure, linkage institutions, and personnel procurement.

Finance and Budget Systems

Whether financial resources are sufficiently secured in support of cyber resilience, and how it is financed and distributed.

Specific Programs

Whether cyber resilience programs are precise, and the means to implement them are appropriately satisfied.

Monitoring and Evaluation System

How cyber resilience is managed and evaluated, incentive system.

Public-Private Partnerships

In the process of implementation, what kind of private sector support or cooperation is available, and are there communication between government and private sector.

Key words: national cyber policy, cyber resilience, cyber risks, cyber attacks