The Threat of Cybersecurity

cybersecurity webWithout the wireless networks surrounding us, the local networks of universities and hospitals, the heavily secured military and intelligence networks, and the ever-growing World Wide Web, the life we know would cease to exist. The world is more connected than ever, and although this is crucial to progress, it is this same interconnection that creates the greatest threat to our generation: cybersecurity.

This threat is all encompassing. The privacy of one’s own computer is threatened as much as the security of scientific research and business. In 2009, President Obama declared that the “cyber threat is one of the most serious economic and national security challenges we face as a nation”, and that the future of America’s economic prosperity hinges on the effectiveness of cybersecurity.  The 2009 Cyberspace Policy Review looked at the federal government’s work on the defense of the nation’s information infrastructure, outlining two major strategies for improvement in the country’s preparedness to manage and defend itself against a cyberattack. Since the publication of the review, there have been numerous failed bills, such as the Cyber Intelligence Sharing and Protection Act of 2011 and the more recently debated Cyber Security Act of 2012. With time as a key factor, the threat only becomes more real. Each day, technology’s grasp on society tightens with the release of new computers, software, and other products that inevitably have security flaws within.

On August 15, 2012, the threat was actualized in a full-fledged cyber attack against one of the world’s most valuable companies, Saudi Aramco, a Saudi state-owned oil company. While over 55,000 Aramco employees were home preparing for one of Islam’s most sacred holidays — Lailat al Qadr, or the revelation of the Koran to Muhammad — a computer virus was unleashed into the company’s network. The virus erased data on 75% of Aramco’s corporate computers, and replaced the documents with the image of a burning American flag.  Although not named publically, Iran has been named the culprit of this attack by U.S. intelligence and defense officials. Three months later, Aramco is still feeling the effects.

Throughout the week of September 19th, several more attacks we launched directly against the U.S. Iran was also blamed for cyberattacks against The Bank of America, JPMorgan Chase, PNC Bank, U.S. Bank, and Wells Fargo.  High-powered applications directed towards the targeted banks overwhelmed their servers. They were affected by slowdowns and were periodically unavailable for many customers. Although these attacks were relatively minor, not all are. The ease with which these servers were infiltrated has shown our vulnerabilities to the world, and few will hesitate to exploit them.

What must be kept in mind is that these attacks were relatively simple to execute. Instead of the typical perceived technological threat of China or Russia, it is continually Iran who threatens the U.S. Despite having relatively elementary informatics abilities, Iran has still been able to execute two of the largest cyberattacks in history over the past five months. In addition to attacks led by states themselves, there is one international group that cannot be ignored: Anonymous. The “hactivist” group is not tied to one entity at large, but rather numerous websites and communities around the world. They often work to defend against internet censorship and surveillance. In January 2012, Anonymous briefly shut down the websites of the US Justice Department and the Federal Bureau of Investigation. The following month they successfully hacked the Central Intelligence Agency’s website, with denial of service attacks.

This month, Anonymous has wielded its influence against the ongoing Israeli military operation in Gaza. Since the start of Israel’s current operation on November 14, there have been more than 44 million cyber attacks to impede the efforts of various Israeli government websites. Anonymous claimed to have attacked 10,000 Israeli websites, and one was successful. Chief Information Officer at the Finance Ministry stated that the attack shut down a small unit of one of the ministries, but did not report further. Over the past few years Israel has developed a strong computerized defense system, and the investment has clearly paid off with only minor disturbances thus far. However, if such precautions had not been taken, the results could have been disastrous. Thousands of governmental databases would have been liable for disruption.

Across the globe, the rising threat is taking hold in the minds of government.  Europe simulated cyber war in an exercise named Cyber Europe 2012 on October 4th. The European Network and Information Security Agency ran the test two years after their 2010 cybersecurity exercise. What has changed is that they are no longer only testing in the public arena, but also in the finance sector, internet service providers, and governmental sectors that operate online, all of which are private. Like Europe, the U.S. is testing defense capabilities, but it is lacking in the actual implementation of regulations. The U.S. is testing, researching, and gathering data. But, what should be done is acting on the real and growing threat with legislation that can make a substantial difference.

Internationally, it seems that there is more progress as of late. On November 8th, the International Multilateral Partnership Against Cyber Threats (IMPACT) and the cybersecurity organizations of the United Nations, the International Telecommunication Union (ITU) and the General Secretariat of the International Criminal Police Organization (INTERPOL), joined forces in an unprecedented step forward in cybersecurity by signing a “Cooperation Agreement” at the 81st INTERPOL General Assembly.  With the Agreement, IMPACT and INTERPOL are able to freely exchange information and expertise in the enhancement of the organizations’ understanding, as well as implement strengthening activities for the public and private sectors and civil society to create a more secure global population.  This is a monumental commitment in contrast to the long-standing tradition of private, separated, and withheld information maintained by the organizations at hand. The positive advancements with such a treaty is great, but the possible negative repercussions should not be ignored. Although the idea of working together toward a common good is rational, it could feed the cybersecurity problem. With the interconnection of so many states, it may only make it easier for one hacker to access the information of not one, but hundreds of countries’ private information.

The U.S. will benefit from this treaty alongside nearly 150 other countries, but for the U.S. it is not enough. They cannot only do what everyone else is doing; the country must do more. As expressed through the sentiments of the National Security Agency (NSA), despite the technological capabilities the U.S. has to protect national networks, it is useless until Congress moves on critical cybersecutiy legislation, such as the Cyber Security Act of 2012, which calls for enhanced security and resiliency of cyber and communications infrastructure. In May, the Department of Defense expanded their pilot program first instituted in June of 2011. It is now a permanent program that runs on a purely voluntary basis, offering its resources to only 8,000 eligible firms of the hundreds of thousands in America. Of those, it is estimated that only 1,000 will be attracted.  The failure in public awareness of the problem feeds the threat of cybersecurity, as seen through this ineffectual sharing program. Director of the NSA and commander of U.S. Cyber Command, Gen. Keith Alexander, stated that the largest obstacle in improving the nation’s cybersecurity is the nation’s insufficient knowledge regarding the actual size of the threat and how networks operate.  Hopefully, with the end of the election season, the government can turn its attention to the passage of bills that will improve the nation’s security by implementing mandatory security standards and educating the public of the real and growing threat of cybersecurity.

References

  1. Barack Obama, Remarks by the President on securing our nation’s cyber infrastructure (The White House, Washington, DC, May 29, 2009).
  2. Nicole Perlroth, “Cyberattack on Saudi Oil Firm Disquiets U.S.,” The New York Times, October 4, 2012, A1.
  3. David Goldman, “Major banks hit with biggest cyberattacks in history,” CNNMoney, September 27, 2012.
  4. Kala Pakiri and Philip Victor, “Interpol Partners with ITU-IMPACT Landmark Cooperation Agreement signed at INTERPOL’s General Assembly in Rome,” (PRWeb, Rome, Italy, November 9, 2012).
  5. Kala Pakiri and Philip Victor, “Interpol Partners with ITU-IMPACT Landmark Cooperation Agreement signed at INTERPOL’s General Assembly in Rome,” (PRWeb, Rome, Italy, November 9, 2012).
  6. Department of Defense, “Fact Sheet: Defense Industrial Base (DIB) Cybersecurity Activities” (May 11, 2012).
  7. Jared Serby, “On cyber defense, U.S. ‘stuck at the starting line,’ “ Federal News Radio, (November 8, 2012).
  8. Image credit (Creative Commons): UK Ministry of Defence, “Cyber Security at the Ministry of Defence” (February 17, 2012).

Leslie Sibener is a first year student majoring in neuroscience and writing seminars at Johns Hopkins University. Follow The Triple Helix Online on Twitter and join us on Facebook.

 

You May Also Like

  • Jack

    NIP