Defense Media Network

IT and Cybersecurity

Growing threats and complex issues for homeland security

“Of all the threats America faces, the integrity of our cyber infrastructure demands special attention. These are no longer emerging threats. They are with us now and are happening every day. Over the past two years, for example, cyber crime has cost Americans more than $8 billion,” Napolitano wrote in the DHS Leadership Journal. “Any victim of identity theft understands the damage and permanent harm this can cause to personal finances, credit and reputation.

Control room of a Russian nuclear power generation plant. The Stuxnet virus, thought to have been designed to attack Iran’s nuclear facilities, spread to computerized control systems in China, Germany, and elsewhere. Photo by Georgijus Pavlovas

“Cyber threats also pose clear national security risks to major public and government networks and systems – from banking and energy to communications and transportation. For this reason, President Obama made cyber security the object of one of his first executive actions, declaring our nation’s cyber infrastructure as a strategic national asset and outlining a comprehensive plan for how our nation will prepare for and respond to cyber threats.”

That included the White House’s June 2010 announcement of a National Strategy for Trusted Identities in Cyberspace to “create options for enhanced online security and privacy.”

“Cyberspace – the interdependent network of information technology components that underpins many of our communications – is a crucial component of the nation’s critical infrastructure. We use cyberspace to exchange information, buy and sell products and services and enable many online transactions across a wide range of sectors, both nationally and internationally,” the Strategy’s Executive Summary stated.

“As a result, a secure cyberspace is critical to the health of our economy and to the security of our nation. In particular, the federal government must address the recent and alarming rise in online fraud, identity theft and misuse of information online.”

Similar efforts are under way across the globe, as both the benefits and vulnerabilities of an integrated, networked world in cyberspace now stretch from even the poorest nations and communities to the wealthiest and most powerful.

“In a world more dependent on information and communication technology than ever, the increase in cyber capabilities [has] implications on defense and security. The U.K.’s new Cyber Security Strategy outlines governmental response to these new threats. The policing of cyber systems will prove to be an integral part of the strategy, as the U.K. will work closely with international networks to identify and prosecute a new brand of ‘e-criminal,’” Elizabeth Quintana, head of Technology & Acquisition at the Royal United Services Institute (RUSI), wrote in a June 2010 report.

“Central to the [British] government’s strategy is the formation of the Cyber Security Office, which will be based within the Cabinet Office and headed up by a Cyber Czar, much along the same lines as its U.S. counterpart. Its job will be to analyze trends, provide contingency planning and to coordinate national situational awareness and a response to emerging threats … If information is the currency of the 21st century, there are likely to be more than a few skirmishes in the fringes of cyberspace.”

New capabilities and technologies – such as the rise and seemingly instant ubiquity of social media, from Facebook to Twitter – also add new threats and vulnerabilities. That is heightened by the simultaneous spread of smartphones – beginning with the BlackBerry and iPhone, but now including the Droid and numerous others – and new Internet-connected digital readers (i.e., the Apple iPad and Amazon.com Kindle). All of those are rapidly becoming commonplace everywhere, from coalition forward operating bases in Afghanistan to corporate offices in Tokyo, classrooms in Australia, clinics in Africa, and even to the Oval Office.

It has been reported that more people now have Facebook accounts than email, using it, rather than traditional email, to send both private and public messages to Facebook “friends” – a large percentage of whom they really don’t know and who often are not even real people. As a result, such sites have replaced email as the preferred mode of transport for viruses as well as “phishing” attacks, in which fraudulent communications, masquerading as coming from trusted sources (friends, banks, online stores, etc.), con the recipient into revealing sensitive information, such as usernames, passwords, and credit card details.

“The ongoing conflict between BlackBerry makers Research in Motion (RIM) and certain nation-states, unhappy with restrictions on their ability to monitor and access information transmitted by the devices, highlights a number of issues that are at the forefront of the cyber security debate,” RUSI Head of Emergency Management Jennifer Cole reported in August 2010. “These include the governance of cyberspace, international compliance, legal frameworks surrounding cloud computing and, ultimately, who owns and controls both cyberspace itself and the information contained within it.

“The row between the UAE and RIM is primarily a debate about the right of the state to be able to intercept communications between its citizens. However, on a global scale, it plays into the larger debate on how a country might exert control over a domain that has no geographical borders, regardless of its reasons for wanting to do so. What right of access should governments have over a message that has originated in one country, been sent to a smartphone in another and is ultimately stored on a server somewhere else entirely? Without international convention and ratification, this is a question that has no easy answer, but it is going to become increasingly important in the future,” Cole said.

New capabilities and technologies – such as the rise and seemingly instant ubiquity of social media, from Facebook to Twitter – also add new threats and vulnerabilities. That is heightened by the simultaneous spread of smartphones – beginning with the BlackBerry and iPhone, but now including the Droid and numerous others – and new Internet-connected digital readers (i.e., the Apple iPad and Amazon.com Kindle). All of those are rapidly becoming commonplace everywhere, from coalition forward operating bases in Afghanistan to corporate offices in Tokyo, classrooms in Australia, clinics in Africa, and even to the Oval Office.

“Cloud computing” is another fast-evolving online technology raising new concerns. Basically, it involves the Internet-based sharing of dynamically scalable and often virtualized resources, software, and information, stored on multiple virtual rather than dedicated servers and accessed by Web browser on demand, much as individual users pull only the power they need at any given moment from the electricity grid.

“As cloud computing grows – and reliance on geographically dispersed clouds increases – control of that cloud will become ever more complex,” Cole added. “Politically, it seems, there is a will to ground the control of cyberspace, if not the domain itself, within existing geographic boundaries. This is the area upon which debates on future governance will increasingly need to focus.”

It has been estimated that the U.S. government alone will spend more than $55 billion during the next five years on new and continuing efforts to safeguard mission critical systems and data from cyber threats. But the technology of cyberspace – and those who prowl its dark alleys with malicious intent – is expected to continue to outpace whatever measures the United States or any other government can put in place.

“Former CIA Director James Woolsey has been warning us for years about the vulnerability of our computer networks to attacks – not only from abroad, but tech-savvy teens. Jim calls many of our present security measures ODAV, for ‘Ostrich Designed, Awesomely Vulnerable,’” Lieberman said in a speech to the U.S. Chamber of Commerce Cyber Security Task Force.

“And if they are vulnerable to teenage hackers, Jim asks, how do we intend to keep out graduate students in China who are given better grades if they can prove they made a difficult hack into what was thought to be a secure American industrial or government computer?”

In a recent edition of its online Q&A column “The Stand,” Washington Technology magazine interviewed two of the nation’s leading cyber security experts – Edward Swallow, vice president for Civil Systems Division Business Development and lead for civil cyber programs at Northrop Grumman Information Systems, and Symantec Public Sector chief technology officer John Bordwine.

“In the 30 years we’ve been working in cybersecurity, the situation has never been more dangerous. The threat from nation-states has become more sophisticated and well-financed and our critical infrastructure has become more dependent on cyberspace,” Swallow told the publication. “Threats will be increasingly targeted at particular organizations, types of systems and services, even individuals.

“Today’s cyber aggressors are going after valuable intellectual property, sensitive information and money. In some cases, the threats start with espionage and become part of warfare campaigns. We saw this in the Russia-Georgia conflict in 2008. These types of cyber attacks will become more common. The targets will also become more diverse. In the past, PCs and computer networks were the most common targets. In the future, the target list will also include infrastructure networks, like the power grid and transportation systems.”

Prev Page 1 2 3 Next Page

By

J.R. Wilson has been a full-time freelance writer, focusing primarily on aerospace, defense and high...

    li class="comment even thread-even depth-1" id="comment-377">

    This is a very interesting article, especially considering all the media time the WikiLeaks situation has been receiving. It is also interesting that the Protecting Cyberspace as a National Asset Act of 2010 was passed just months before WikiLeaks starting releasing the newest wave of information. This is definitely a technology field will grow exponentially in the future!