Cyber-Security Challenges for National Security
Cyber-security threats have now emerged as the defining security challenges of the global Internet economy. National Security operatives are now seized by the issue of Cyber-security. They are actually now more worried and concerned about security threats on computers and information resources than a physical terrorist attack that can be easily detected and disrupted in an airport. Sharing advanced passenger information on airline passengers for example between the United States and European countries will make it more difficult for a terrorist to board an airline flying between Europe the USA. Moreover, increased and more efficient traditional spying has helped security and anti-terrorism agencies to more accurately identify and prevent terrorists from carrying out their wicked plans, but the identity of cyber-warriors remain very much anonymous, and pinpointing their exact geographical location remains a major technical challenge.
In a recent Euronews interview reported on 12th October 2012, Ms. Janet Napolitano, the United States Secretary of Homeland Security stated that: "It would be virtually impossible to have a replication of 9/11", but accepted that two areas now deserve the sustained attention of security agencies, namely, aviation and cyber. In her own words: "The different styles and the sheer numerocity (sic) of attacks occurring via cyber now… It's the fastest-growing area that we're dealing with." She further cited DDoS (Distributed Denial of Service) Attack, against the financial system or the takeover of the control system of "an electric utility, to major theft and theft of intellectual property or secret information, to child exploitation via the Internet" as good examples of how such cyber attacks could be perpetrated.
Cyber-Security Concerns for the Private Sector
Such cyber-warfare will be conducted against computers and network resources owned and operated by the private sector who own the utilities, financial corporations, and a lot of intellectual property. The cost of Internet Security protection is bound to sky-rocket in the coming years. An independent security audit and certification process is a costly effort to undertake and accomplish. Private sector organizations that have their information resources compromised as a result of cyber-security attacks will not only suffer huge financial losses, and loss of business good-will, but their stock value could be affected and plummet and suffer degradation of overall market value. Investors stand the risk of losing their money invested in such companies. The new threats make the virus infection problems of the past puny in comparison, and seem designed by the cyber-warriors to completely cripple the operations of an organization. Global corporations are indeed over-exposed to these emerging security threats and would be forced to now implement corporate-wide Cyber-Security Emergency Response Strategies, perhaps based on a certification scheme that will be set (or required) by National Security & Defense agencies. The private sector would really need help to enable it adapt to these new realities and cope effectively with the emerging Cyber-Security risks.
No doubt, in a Post-9/11 globalized world that has become more and more integrated through inter-connected computer networks and global telecommunications infrastructure, there are now new security vulnerabilities. An attack on private sector-owned information resources affects the millions of users of such information and data resources — private lives are also directly impacted by the emerging cyber-security threats.
National Security operatives believe that as a result of (aftermath) measures taken by the U.S. Government in reaction to 9/11, the likelihood of another 9/11-type attack has decreased tremendously, but now worry more about the threat to Aviation and the threat to Information and Communication Technology resources that are linked via the Internet and also connected to other highly secure, government-owned networks operated by national security agencies.
The day before Ms. Janet Napolitano gave the interview to Euronews, U.S. Secretary of Defense, Mr. Leon Panetta was engaging with the private sector to stress the urgency of private sector support for pending Cyber-Security legislation in the U.S. Congress, and used the example of recent cyber-attacks on private sector computer networks owned by the Saudi ARAMCO and another oil and gas company in Qatar — both countries in the Middle-East — to buttress his assertions that the private sector is equally at great risk of coordinated cyber-warfare launched by cyber-warriors with advanced capabilities based in enemy territory. In the cyber-attacks against the Middle-East oil and gas companies, up to 30,000 computers were affected. Mr. Panetta painted more destructive and rather apocalyptic frightful scenarios by citing examples of escalated cyber-threats such as train derailments, the shutdown of power grids, and the contamination of water supplies. This is no longer the stuff of video fantasy games! Secretary Panetta explained to his largely private sector audience in New York that according to the new Rules of Engagement and National Security Doctrine, the US Department of Defense would be required to also defend the private sector against cyber attacks. (See for example, http://www.voanews.com/content/panetta-appeals-for-stepped-up-cyber-security/1525450.html) Mr. Panetta is now pushing for greater collaboration in information sharing between the private sector and government, and this would be aided by passage of the pending Cyber-Security legislation by the U.S. Congress.
A New Cyber-Hygiene Regimen
Thus, for successful Strategic Cyber-Security collaboration efforts to be established with governments, private sector organizations will now be pushed towards practicing more or safer 'cyber-hygiene', a new term that was used by U.S. Homeland Security Secretary Janet Napolitano during her Euronews interview, which would now be used more frequently in our collective ICT vocabulary when Cyber-Security issues are being discussed: "How hygienic is your cyber environment?"; "How sanitary is your cyber-security environment and what healthy safeguards have you implemented against cyber-attacks?" "Could you kindly outline your cyber-hygiene policies?" "To what extent are your staff practicing safe cyber-hygiene habits within the organization?" would now become standard pertinent questions asked by those evaluating the strategic cyber-security policy implementation of organizations.
This now explains why the private sector should pay more attention to the emerging cyber-security threats. Cyber-Security is also now a mainstream issue in Internet Governance, and the private sector needs to increase the level of its interest and the overall relevance of its involvement in Global Internet Governance. Implementing a new Cyber-Hygiene Regimen within an organization will now prove more costly to private sector operatives in the foreseeable future, and this will in turn increase the overall cost of strategic ICT implementations and the cost of doing business in the Internet age.
By Sophia Bekele
http://www.euronews.com/2012/10/12/us-security-chief-never-satisfied
http://www.circleid.com/posts/20121013_emerging_cybersecurity_threats_and_implications_for_private_sector/
Cyber-security threats have now emerged as the defining security challenges of the global Internet economy. National Security operatives are now seized by the issue of Cyber-security. They are actually now more worried and concerned about security threats on computers and information resources than a physical terrorist attack that can be easily detected and disrupted in an airport. Sharing advanced passenger information on airline passengers for example between the United States and European countries will make it more difficult for a terrorist to board an airline flying between Europe the USA. Moreover, increased and more efficient traditional spying has helped security and anti-terrorism agencies to more accurately identify and prevent terrorists from carrying out their wicked plans, but the identity of cyber-warriors remain very much anonymous, and pinpointing their exact geographical location remains a major technical challenge.
In a recent Euronews interview reported on 12th October 2012, Ms. Janet Napolitano, the United States Secretary of Homeland Security stated that: "It would be virtually impossible to have a replication of 9/11", but accepted that two areas now deserve the sustained attention of security agencies, namely, aviation and cyber. In her own words: "The different styles and the sheer numerocity (sic) of attacks occurring via cyber now… It's the fastest-growing area that we're dealing with." She further cited DDoS (Distributed Denial of Service) Attack, against the financial system or the takeover of the control system of "an electric utility, to major theft and theft of intellectual property or secret information, to child exploitation via the Internet" as good examples of how such cyber attacks could be perpetrated.
Cyber-Security Concerns for the Private Sector
Such cyber-warfare will be conducted against computers and network resources owned and operated by the private sector who own the utilities, financial corporations, and a lot of intellectual property. The cost of Internet Security protection is bound to sky-rocket in the coming years. An independent security audit and certification process is a costly effort to undertake and accomplish. Private sector organizations that have their information resources compromised as a result of cyber-security attacks will not only suffer huge financial losses, and loss of business good-will, but their stock value could be affected and plummet and suffer degradation of overall market value. Investors stand the risk of losing their money invested in such companies. The new threats make the virus infection problems of the past puny in comparison, and seem designed by the cyber-warriors to completely cripple the operations of an organization. Global corporations are indeed over-exposed to these emerging security threats and would be forced to now implement corporate-wide Cyber-Security Emergency Response Strategies, perhaps based on a certification scheme that will be set (or required) by National Security & Defense agencies. The private sector would really need help to enable it adapt to these new realities and cope effectively with the emerging Cyber-Security risks.
No doubt, in a Post-9/11 globalized world that has become more and more integrated through inter-connected computer networks and global telecommunications infrastructure, there are now new security vulnerabilities. An attack on private sector-owned information resources affects the millions of users of such information and data resources — private lives are also directly impacted by the emerging cyber-security threats.
National Security operatives believe that as a result of (aftermath) measures taken by the U.S. Government in reaction to 9/11, the likelihood of another 9/11-type attack has decreased tremendously, but now worry more about the threat to Aviation and the threat to Information and Communication Technology resources that are linked via the Internet and also connected to other highly secure, government-owned networks operated by national security agencies.
The day before Ms. Janet Napolitano gave the interview to Euronews, U.S. Secretary of Defense, Mr. Leon Panetta was engaging with the private sector to stress the urgency of private sector support for pending Cyber-Security legislation in the U.S. Congress, and used the example of recent cyber-attacks on private sector computer networks owned by the Saudi ARAMCO and another oil and gas company in Qatar — both countries in the Middle-East — to buttress his assertions that the private sector is equally at great risk of coordinated cyber-warfare launched by cyber-warriors with advanced capabilities based in enemy territory. In the cyber-attacks against the Middle-East oil and gas companies, up to 30,000 computers were affected. Mr. Panetta painted more destructive and rather apocalyptic frightful scenarios by citing examples of escalated cyber-threats such as train derailments, the shutdown of power grids, and the contamination of water supplies. This is no longer the stuff of video fantasy games! Secretary Panetta explained to his largely private sector audience in New York that according to the new Rules of Engagement and National Security Doctrine, the US Department of Defense would be required to also defend the private sector against cyber attacks. (See for example, http://www.voanews.com/content/panetta-appeals-for-stepped-up-cyber-security/1525450.html) Mr. Panetta is now pushing for greater collaboration in information sharing between the private sector and government, and this would be aided by passage of the pending Cyber-Security legislation by the U.S. Congress.
A New Cyber-Hygiene Regimen
Thus, for successful Strategic Cyber-Security collaboration efforts to be established with governments, private sector organizations will now be pushed towards practicing more or safer 'cyber-hygiene', a new term that was used by U.S. Homeland Security Secretary Janet Napolitano during her Euronews interview, which would now be used more frequently in our collective ICT vocabulary when Cyber-Security issues are being discussed: "How hygienic is your cyber environment?"; "How sanitary is your cyber-security environment and what healthy safeguards have you implemented against cyber-attacks?" "Could you kindly outline your cyber-hygiene policies?" "To what extent are your staff practicing safe cyber-hygiene habits within the organization?" would now become standard pertinent questions asked by those evaluating the strategic cyber-security policy implementation of organizations.
This now explains why the private sector should pay more attention to the emerging cyber-security threats. Cyber-Security is also now a mainstream issue in Internet Governance, and the private sector needs to increase the level of its interest and the overall relevance of its involvement in Global Internet Governance. Implementing a new Cyber-Hygiene Regimen within an organization will now prove more costly to private sector operatives in the foreseeable future, and this will in turn increase the overall cost of strategic ICT implementations and the cost of doing business in the Internet age.
By Sophia Bekele
http://www.euronews.com/2012/10/12/us-security-chief-never-satisfied
http://www.circleid.com/posts/20121013_emerging_cybersecurity_threats_and_implications_for_private_sector/