Cyber Threats: Executive Summary it Is Important

Cyber Threats: Executive Summary

It is important to note, from the onset, that even before the personal computer became as popular and as widely used as it is today, vandals still compromised computerized phone systems either for fun or for economic benefit. During the very early decades of IT, computer attacks were mostly committed by insiders, i.e. disgruntled employees of an entity (de Leeuw and Bergstra, 2007). The said attacks in this case were largely limited to physical damage to computing devices. At the time, "the systems were not networked with other systems…" (de Leeuw and Bergstra, 2007, p. 706). This was, however, until vandals discovered new ways of making use of computer systems to turn a profit or register protests. During these early days of technology, criminals would commonly modify data after subverting security systems via mostly authorized access. With the spread of telecommunications technology during the 1960s, computer criminals started learning how penetrate networks and systems. Vandals would often subvert phone systems with their intention being theft of services or just for amusement purposes.

The appearance of ARPANET, defined by de Leeuw and Bergstra (2007, p. 706) as "the world's first packet switching network," is seen by many as having set the stage for cyber attacks. In linking computers in numerous universities and other companies, ARPANET effectively "linked hackers all over the country…" leading to the emergence of more sophisticated cyber attacks (de Leeuw and Bergstra, 2007, p. 706). It was, however, not until the 1980s that vandals with varying levels of programming expertise begun to write malicious software designed to self-replicate and interfere with the normal functioning of personal computers.

The early 1990s, as Casey (2011) notes, saw the introduction of the World Wide Web and hence greater connectivity across the world. With the increased utilization of the internet, computer criminals developed ways of gaining unauthorized access to systems that were poorly protected. The motivation for this was in most cases financial or political. As the decade progressed, penetration as well as subversion of computing devices became a common avenue for the perpetration of crimes of a financial nature. With operating systems being strengthened further in the mid 90s so as to limit the occurrence of computer crimes, vandals shifted to new attack vectors and retired earlier versions of malware (de Leeuw and Bergstra 2007). It was also at around this time that criminals started making use of new attack avenues -- email, with torrents of fraudulent and unsolicited emails being sent out to target corporations and individuals. Continued utilization of email as a method of corporate and individual communication and networking of computer systems gave rise to more serious forms of cyber attacks and criminal behavior that persist to date. These include identity theft, credit cart fraud, data diddling, etc.

Recent years have seen an unprecedented growth in both the frequency and severance level of cyber threats. Threats such as DoS attacks have evolved from just a typical interruption of access to a war tool. Today, DoS attacks are designed to not only cripple financial networks but to also bring down websites and make them virtually inaccessible.

Today, threats to the United States cyber infrastructure are not only increasing but also evolving. Since the early 90s, there have been concerns regarding the utilization of the components of telecommunications and the internet to launch widespread attacks and harm the interests of target governments and corporations. Of key concern has been the utilization of the said components to compromise the security interests of the country, especially given that the nation, as the Center for Strategic and International Studies -- CSIS (2014) points out, lacks effective protections against cyber attacks.

According to de Leeuw and Bergstra, (2007), there is a high likelihood that cyber crime and attacks are firmly on the path to professionalization. The authors support their assertion by pointing out that gone are the days when cyber crime was a province of idle and creative computer enthusiasts. Today, cyber crime, as the authors further point out, is big business. As a result, organized crime gangs are likely to show significant interest in this new 'opportunity' going forward.

One of the current forms of cyber threats most individuals fear could in future be modified is extortion attack, which has in the past been used against casinos by vandals. In this case, hackers attack casinos by launching what is referred to as Distributed Denial of Service (DDoS). This particular form of attack as de Leeuw and Bergstra (2007) point out takes this form: attack an online casino once, wait for the recovery of the entity, attack again and demand that the affected entity remits protection fees so as to halt future attacks. In the words of de Leeuw and Bergstra (2007, p. 713), there are those who are concerned that this kind of attack "will eventually be directed at government agencies, e-commerce sites, financial institutions and any entity with online presence."

Yet another key threat/trend having the potential to be a cyber threat in the future is the desire by crooks or even rogue states to either steal critical information or cripple the operations of a target government or entity. Last year, Michael Hayden, a retired Air force General, predicted that in less a decade, it is highly likely that hackers will have such capabilities as "being able to conduct online sabotage of industrial control systems that run power plants, factories and utilities" (Waterman, 2013). Should Hayden's prediction turn out to be accurate, we could in the future encounter situations where the critical services of an entire nation are brought to standstill by deranged hackers up to no good. As Waterman (2013) further points out, intelligence and security chiefs have in the past expressed concern over the vulnerability of the nation's communication networks, financial systems, as well as industries to such attacks. Currently, terrorists, criminal cells, and individual hackers who may want to harm the U.S. do not possess the capability to launch cyber attacks such as the ones defined above. However, if Hayden's assertions are anything to go by, these groups could acquire such cyber attack capabilities. The consequences should this happen are unimaginable.

One of the most worrying trends, however, is state involvement in cyber attacks. Rogue hackers and cyber criminals, as I have already pointed out elsewhere in this text, lack the resources and knowhow to launch large scale cyber attacks. State-sponsored cyber attacks on the other hand, as Kiss (2013) points out "come with all the resources and technological sophistication of James Bond." As the author further points out, this means that detection and resistance is either impossible or very challenging. Attribution in this case is also quite challenging. This effectively means that the thought of a rogue state launching an attack of catastrophic proportions is not far fetched at all.