S. Department of Defense (DOD) uses over two million computers and more than ten thousand local area networks, most of which are linked to, and vulnerable to attack from, users of the larger Internet. (2008, p. 276)
These increasing threats correspond to the growing reliance on information systems to manage the entire spectrum of modern commerce and energy resources, making the disruption of a single element in the integrated system a potential threat to the remaining components that can result in a massive disruption to a nation's economy (Jurich, 2008). Certainly, these types of trends were witnessed in a similar fashion when terrorists flew jet airliners into the World Trade Center and Pentagon in 2001, and the national economy of the United States suffered to the extent that it is still recovering. As Jurich points out, "The push towards greater reliance on information technologies in fields including energy, communications, industry, finance, transportation, and human services has produced a situation in which economic collapse could occur even if only the financial components of the information systems were crippled; a more widespread attack could lead to an even greater disaster" (2008, p. 276). With cyber attacks, though, there is no need for an expensive and massive conspiracy that involves taking flying lessons and sleeper cells.
Likewise, in sharp contrast to the conventional warfare of the past, conflicts today can exploit the vulnerabilities of cyberspace to overcome the geographic distances that have provided the United States with a modicum of protection from its enemies overseas. During World War II, with the exception of a few German submariners who were placed ashore in New York (and quickly captured) and some Japanese balloons that carried incendiary devices to America's western shores, the United States has not had to fight a war on its on shores to date. Cyberwarfare, though, changes the situation dramatically by eliminating this traditional buffer from conventional military forces. In this regard, Allen and Demchak (2003) point out that as the world's only remaining superpower, it has become the focus of cyber attacks from all corners of the globe. According to these authorities, "Because the United States is the largest player in the international political environment, it has become a lightning rod for hacking and terrorist attacks, regardless of whether the nation was involved in the initial conflict" (p. 54). The geographic boundaries that buffered the U.S. In the past simply evaporated on September 11, 2001: "Until 11 September 2001, the United States was fairly complacent about its enemies overseas. However, the distance between the United States and its enemies is dramatically reduced. The lessons from early cyber conflicts need to be learned now to properly prepare for future conflicts" (Allen & Demchak, p. 54).
Current trends indicate that the threat to the nation's security is genuine, particularly with respect to the proliferation of computer viruses which have steadily increased in recent years (Denning, 2001). According to Trendle (20020, the number of viruses increased by more 150% just between 1998 to 2002, and in more than 50,000 viruses have launched with as many of 400 viruses being active at any given time; further, as many as a dozen new viruses are placed on the Internet every day (Trendle, 2002). Indeed, by 2013, industry analysts estimate that at least 50% of all emails will be infected by viruses (Trendle, 2002). There are also growing concerns that these viruses may affect other mobile devices that are becoming increasingly popular (Trendle, 2002). As Trendle emphasizes, "Experts believe that many of the viruses and worms deployed by hackers in a new cyberwar could spread to the Internet as a whole and infect systems worldwide. There are also fears that malevolent bugs could cross over to mobile phones and personal digital assistants" (2002, p. 8). The nightmare scenario envisioned by the so-called Y2K bug would become a reality if such an eventuality occurred today, and cyberwarfare could bring down the electrical grid, air traffic control as well as the nation's banking sector among others (Trendle, 2002).
Other military analysts paint an equally grim picture of the outcome of cyberwarfare on the United States and its interests at home and abroad. In this regard, Clemmons and Brown (1999) report that an increasing amount of malicious software is being developing in the Middle East and Asia that will ultimately target U.S. interests. These authors note that, "If nations, groups or individuals in those areas have interests...
computer systems at will" (Clemmons & Brown, 1999, p. 36). The potential outcomes of such massive cyber attacks on a modern society that is highly dependent on its information systems will be devastating because of the effects such attacks will have on humans as well as the computer they rely upon (Gable, 2010). As Clemmons and Brown point out, "We can only imagine the fatalities that would result from these attacks. They would include deaths from transportation accidents, starvation from lack of cargo movement, deaths from exposure to extreme heat or cold caused by power failures, drownings from burst dams, riots, and the list goes on" (1999, p. 36).
Other trends suggest that the threat is becoming more sophisticated and state-sponsored as well. For example, according to Williams, "China, North Korea, and other countries have well-developed graduate education programs in cyber warfare" (2009, p. 22). These software experts may use their newfound skills to develop cyberwarfare capabilities that transcend current threats (Williams, 2009). While many cyber attacks are not made public, what is known is sufficiently disturbing to demand a substantive response (Cetron & Davies, 2009). In this regard, Wrights emphasizes that, "As of 2007, hackers had stolen at least 10 terabytes of sensitive data from Defense Department networks" (2009, p. 30). Industry analysts believe that these cyber attacks have been sponsored, at least in part, by China but Chinese officials consistently deny such allegations (Wright, 2009).
What Can Be Done?
Six centuries ago, the response to new threats would be the "bigger castle walls and deeper moat" approach, but new threats demand new responses and the United States has not been idle in this area. In fact, the federal government and the private sector in the U.S. have had an official program in place for data sharing about cyber attacks since 1991, known as the Network Security Information Exchange (Wright, 2009). When private sector organizations experience cyber attacks, they report this information to the information exchange which then disseminates this information to other members so they can develop countermeasures in response (Wright, 2009).
Based on their analysis of recent cyber attacks, Allen and Demchak (2003, p. 53) report that there are four fundamental national and international policy needs that need to be addressed as soon as possible:
1. To decide who will provide security on the Web;
2. To provide legal responses to rapid horizontal escalation;
3. To enforce legal responsibility for hacker citizens responsible for international incidents; and,
4. To halt proliferation of cyber arms.
In the meantime, the DOD has implemented a software-security package designed by McAfee to provide a "last line of defense against external threats and as a first line of defense against hardware threats" (Wright, 2009, p. 30). In addition, the Department of Homeland Security has conducted a series of exercises called Cyber Storm that are design to evaluate the nation's ability to respond and recover from massive cyber attacks (Wright, 2009). Further, the Defense Department has established the U.S. Cyber Command, which is a centralized effort to protect military networks that became fully operational in 2010 (Wright, 2009).
The research showed that cyberwarfare is becoming a growing threat to the national security of the United States and the threat remains better described than understood in many ways. By definition, cyberwarfare uses the Internet to achieve its goals by damaging or disrupting information systems, but such attacks have the potential of adversely affecting other elements of a nation's infrastructure as well because of the highly integrated aspects of modern society. The research also showed that the threat continues to increase, with countries such as China and North Korea training software engineers who will be capable of launching even more sophisticated cyber attacks in the future. In the final analysis, such cyber attacks will likely not be a matter of if but when.
Allen, P.D. & Demchak, C.C. (2003). The Palestinian-Israeli cyberwar. Military Review, 83(2),
Cetron, M.J. & Davies, O. (2009, September-October). World War 3.0: Ten critical trends for cybersecurity. The Futurist, 43(5), 40-41.
Cimbala, S.J. (2002). Military persuasion in war and policy: The power of soft. Westport, CT:
Clemmons B.Q. & Brown, G.D. (1999). Cyberwarfare: Ways, warriors and weapons of mass destruction. Military Review, 79(5), 35-37.
Denning, D. (2001). Cyberwarriors. Harvard International Review, 23(2), 70.
Gable, K.A. (2010). Cyber-apocalypse now: Securing the Internet against cyberterrorism…
Role of Time in Information Assurance The society at large is on the verge of a new era. This new era is the information age which is marked with a major paradigm shift in the area of information assurance. Information assurance has three main attributes: confidentiality, integrity, and availability. All the three tenants of information assurance must be well guarded and maintained in order to bring a marked improvement of both
The various e-businesses therefore depend upon various ISP's as well as the internet infrastructure in order to achieve an improved level of convenience as well as unparalleled availability. The merits associated with e-commerce has therefore resulted to rapid adoption of the concept with a heavy reliance on various encryption techniques such as SLL as well as username and password based authentication techniques that rely on authentication files contained within
Federal Plans NICE Plan Development and Research Challenge Future Plan This paper discusses what is referred to as the Federal Plan is for Cyber Security and Information Assurance (CSIA- R&D) Research and Development. Details of the federal government's plan will be discussed as well as what is expected and can be done about cyber security in the long-term. In this federal plan, the terms 'information assurance' and 'cyber security' refer to measures put in place to
Migrate off of any individualized content management systems and processes not integrated to a single portal platform for greater cost and time savings in administration. Olson (32) provides an excellent case study on how universities are making use of open source portal applications to alleviate redundant and often conflicting data in multiple portals on an IBM WebSphere platform Define and build out a portal development plan that encompasses all shared processes
Assurance Program Why/How to create an Information Assurance Just as paramount as the availability and access to information is significant in every company or business outfit, certain concerns always come to the fore: the kind of information is to be made. How the information is going to be organized? How will it be possible to ensure that the information released represents the judgment of the management of the company and gives
IT Governance lays special emphasis on the system of information technology, along with the performance and risk management of the IT infrastructure in an organizational context. The primitive focus of IT Governance is the assurance of the fact that investment in the Information technology infrastructure is contributing to generate business value and at the same time lessen the potential risks pertaining to the Information Technology. This objective is attained by