In today's age, traditional warfare, though a major player as we see in the Iraq war, has in some arenas taken a back seat to information warfare.
By definition, information warfare is the offensive and even defensive utilization of information and information systems to deny, exploit, corrupt or destroy an adversary's information, information-based processes, information systems and computer-based networks while protecting one's own. Parties use information warfare to gain military, public relations or economic advantage. (www.psycom.net)
Users of information technology are most often nation-states and corporations. For instance, by gaining access to a rival company's databases, a business can get a valuable advantage on price-points and supply chains. Countries can decide how much to spend on military equipment by discovering how much in military stocks adversary nations have.
One major focus recently on information warfare has been hackers. For instance, the most recent generation of mobile phones has proven vulnerable to hackers. This is of course dangerous to anyone who conducts business over cellular telephones at any point. Information on cell lines is suddenly vulnerable to business rivals and suppliers and purchasers.
According to a recent conference in Maylasia, the warning that the latest generation of mobile phones is vulnerable to attack is quite serious. As technology has increased on mobile phones, the entry points into hacking into them has also increased correspondingly, or even exponentially. The temptation is to wonder what kind of information can possibly be intercepted on cell phone waves, but the options are limitless: First, regular business conversations happen on cell phones all the time. Then, with the advent of PDA phones and computer phones (not to mention camera phones), the amount of information interchanged over phones can even include large databases or telephone contact lists, or in the case of some law firms and blackberry-phones, even highly confidential client information.
Experts demonstrated what they say are loopholes in some of the software supplied with the phones, which allows them to be taken over by remote control. The perpetrators can get away with information that can help their clients or themselves win a civil law suit, settle a major litigation, steal a contract from under the feet of a competitor or so much more.
New software which will help tackle unwanted emails, known as spam, can be utilized to protect the mobile phones, but of course this software ups the price for the business and personal consumer. And any additional costs truly mount up, because the securities involved must be put into place for all employees, and the itinerant costs increase exponentially.
A well-known hacker known as Captain Crunch explained in an article on ABC: "There's new development out right now which can detect spam and automatically report spam back to the Internet service provider that originated the spam, pointing out to the Internet service provider the specific machine that was sending the spam," he said. "So the Internet service provider can look up in their logs and records and identify which customer it was who owned that machine and then can notify the customer that there machine is being used and hijacked."
Surely, this protection is welcome, both by mobile phone companies and by users, but is it enough? Time will tell, but if experience serves correctly, it will not be enough. In the hacking game, the old criminal adage holds even truer: Criminals are always one step ahead of law enforcement innovations. Hacker criminals are even a larger leap ahead of the forces that would stop them, given their sense of challenge and love of the game.
Hackers, of course, affect much more than mobile phones alone. Organizational hackers have the power to act as terrorist, have the power to inflict damage that may even dwarf the tragedies of September 11. According to www.csoonline.com, computer security experts have warned of an impending "Digital Pearl Harbor" in which U.S. computers will be hit hard by foreign governments or terrorists employing a variety of electronic attacks. The result will be damage to critical infrastructures, massive economic loss and perhaps worse.
Since the early 1990s, it has been clear that an organized attack over the Internet or other data networks could seriously disrupt not just civilian but military targets as well, thanks to increased interconnections on the information superhighway. In the 1980s, a group of West German hackers broke into more than 40 sensitive computer systems at the Departments of Defense and the Department of Energy, and NASA. During the first Gulf War, hackers from the Netherlands broke into 34 DoD systems -- including, most frighteningly, the computers that abort ships in the theater of operations.
In 1995, an Argentinean hacker broke into DoD, NASA and Los Alamos National Labs systems that contain information on aircraft design, radar technology and satellite control systems most integral to our military operations. In February 1998, two teenagers from California, tutored in the art of hacking by an 18-year-old Israeli, broke into other DoD systems. In each of these events, had the hackers been suitably motivated, they could have caused substantial damage to U.S. national security.
The ability of hackers to seriously disrupt our way of life has, of course, infinitely increased the cost of computer security. Leaving the arena of national security, we turn to the simple problem a small company or medium sized corporation faces in keeping its networks secure. This generally means sending their IT staff to expensive conferences.
After all, there is not only the cost of the course itself, but also the associated costs of hotels, food, and rental vehicles if the course is out of town. This quickly adds up to a rather tidy figure for managers trying to maximize their often decreasing budgets. But these costs pale in comparison to the costs of not providing training to their staff.
IT managers often have difficult decisions to choose from, and to offer training or not is certainly one of them. Do IT managers provide their analysts with regular training through accredited vendors, or decide not to do so in light of the financial cost? Quite a few managers choose not to. They believe that if they provide training for their analysts that they will lose them to other firms. While this can be a very valid argument, it is also one on the razor's edge - by that one means that one runs the risk of your employee becoming irritated at any lack of investment in them and their future, and they simply leave. Several professionals have left perfectly good companies for this very reason. All of them felt that they deserved a job which provided them with current and up-to-date training. Perhaps nowhere in IT does that ring more true than in the evolving field of security.
Those who have left a company due to training issues show that education is very valuable indeed. As a security analyst, for example, you must not only stay current with technology, but also improve your core skill set. Whether this is done by studying a programming language like C. Or PERL, or any of the many others, is immaterial. The point is that you have to stay current, else your skill set may start rusting out. The computer field is one that changes so quickly and so unpredictably, that constant updates and seminars are needed to keep in the loop; and not only in the loop, but even cognizant about how to accomplish even the simplest tasks.
Long gone are the days of cradle-to-grave employment. In our current employment environment you can pretty much count on the fact that you will be in a new job several years from now, and very likely with a new company. To that end IT managers need to keep their knowledge current. No company will hire an IT manager from another company if that IT manager cannot demonstrate that he or she has attended all the requisite seminars, or in other manners kept incredibly current on all the latest computer security developments.
According to CNN (www.cnn.com) the costs of computer security in U.S. corporations is at an all-time high. Security breaches are costing companies billions of dollars and the possibility and fear of breaches is costing billions more. And of course, there are the additional costs of hiring teams of lawyers to make sure contracts with computer security providers are airtight, staffworkers to assist the in-house IT folks who will set up the security measures, teams of IT consultants brought in to supervise or at least give second opinions on the effectiveness and efficacy of the selected computer security measures, and so many other itinerant costs.
Viruses are yet another problem. Viruses differ from hacking in that the perpetrator simply wants to create mayhem, often, without a specific goal in mind. Hackers seek to gain an advantage; virus perpetrators want to destroy for the sake of destruction. That is why viruses are even harder to combat for both governments and businesses: They cannot work with motivations…