Category: Cyber Attack

Introduction

Background

Cyber-attacks are becoming a major problem for government institutions, private companies, and individuals who are engaged in various online activities. According to Buchanan, emerging technologies have given rise to sophisticated cyber-threats as some techno-savvy individuals embrace hacking as their career (53). Some of them are even sponsored by their governments on intelligence-gathering missions, while others are motivated by pure greed.

The United States power grid cyber-attack was a clear demonstration of the vulnerability of important government infrastructures. Cybercriminals were able to have access to and manipulate important data, which was a clear demonstration that the threat posed by cybercriminals can no longer be ignored. As Dehghantanha et al. put it, these criminals are not only getting sophisticated but also bold and aggressive in their moves (32).

In this paper, the researcher will focus on the increasing threat of cyber-attacks that target critical government institutions, with a special focus on the recent power grid attack in the United States and how the threat can be managed.

Scope and Purpose

The scope of this study will be on analyzing the extent of the cyber-threat, institutions that are most vulnerable, the motivation of the hackers, the economic impact of the threat, and the steps that the relevant authorities can take to address the problem. The study will also look at the local and international laws that have been put in place to address the problem. The purpose of this study was to evaluate the emerging trends in cyber-attack in a way that would enable the local community to prepare for such problems.

The United Arab Emirates is one of the fastest developing economies in the region, and cybercrime is becoming a common problem. Looking at the trends in some of the countries around the world would help local stakeholders to understand and appreciate the magnitude of the problem. Such case studies may also help local firms to know how they can respond appropriately to such threats.

Report Structure

The report has several sections, each addressing different issues. The first section of the report is the introduction. It provides background information for the study, the scope, and the purpose of this research. The second section focuses on the incident analysis of the cyber threat. It provides the lifecycle of such attacks, purpose, target, and motivation of such attacks, planning process, and implementation of the plan. It also looks at the distribution of the attacks, triggers, timeline, and show of power. The next section provides a response plan for a possible attack. Other sections include cyber threat assessment and attributes, IOCs, TTPs, Cyberthreat protecting and defending mechanisms, cyber threat implications on the UAE, conclusion, summarization, and closing remarks.

Cyber Threat Incident Analysis

Incidences of cyber-attacks are becoming common not only in the developed nations such as the United States and the United Kingdom but also in developing nations of the Middle East and North Africa (MENA) region. Proper planning may help government institutions and private firms to avoid the devastating consequences of such an attack. In this section, the focus is to analyze the threat of possible incidences of an attack.

Lifecycle of the Attacks

According to Clark and Hakim, cyber-attacks have lifecycles that one needs to understand to have a plan on how to deal with it (48). As shown in figure 1 below, it starts with the initial reconnaissance, where the cybercriminal identifies a potential target and the benefit that would be accrued from a successful attack. The next step is to target an initial compromise, where they would try to have access to the database by simply hacking into the system or using a sophisticated virus to have access to the database (Kalb 39).

The criminals will then establish a foothold in the system of the target before escalating privileges where they can steal or manipulate data as they wish. They will conduct internal reconnaissance to identify what is important, move literally to have access to information they need, and maintain their presence for as long as it is necessary for them. When their mission is complete or if they are detected, the final phase is to move out of the system.

Purpose

The purpose of every cyber-attack varies significantly. Rugge argues that one of the common reasons why people target and attack specific databases is because of financial gains (59). Many cyber criminals focus on financial institutions where they can transfer huge sums of money into their bank accounts. They believe that such attacks offer them an easy way to become rich. Some of the attackers engage in this practice because of their perceived patriotism or loyalty to their government.

Radziwill explains that the attack on the US 2016 General Election was planned and executed by cybercriminals loyal to the Russian government (74). Sometimes the attack can just be out of malice, such as the recent power grid incident in the United States (Rugge 88). Others are just curious to know the information in databases of various organizations.

Target

A cybercriminal must have a clear target and what should be achieved by the end of the attack. In this case, the target was the power grid in the United States. The grid is critical in the normal running of the economy, and any form of manipulation that would interrupt its normal operations may have devastating consequences on the countrys economy. Operations of the grid have been digitized to make it easy for the officials and customers to engage. Other than a possible manipulation of the operations of this firm, hackers may have access to customers confidential messages that they can use maliciously to achieve selfish goals.

Motivation

The real motivation behind the recent attack of the United States power grid by Russian hackers identifying themselves as Dragonfly or Energetic Bear is not yet clear. However, reports show that these criminals had access to sensitive information such as login details of various individuals, passwords, and information about energy generation (Shackelford 93). The study indicates that the likely motive of these criminals is sabotage(Shackelford 93).

They may be planning to disrupt the normal operations of power generation. It was not clear if they were on a general phishing expedition or a specific purpose under the directives of the Russian government. The authorities were convinced that the intention was to plan a major attack on the power generation and supply system in the United States. The incident highlighted the vulnerability of the grid to international cybercriminals.

Actors Planning

Dragonfly, the criminal gang that planned and executed the attack, is an entity that brings together some of the Russian highly intelligent cyber-experts. These individuals have helped their government in cyber-espionage in the past, but it is not clear whether this time they were representing the interest of their government. Given that the goal of the attack was not determined, authorities assumed that they acted alone when planning and executing the attack on the power grid. However, it may be possible that they got government support to enable them to achieve their goals.

Initiation and Implemented Methodologies

The attack was initiated and implemented using conventional hacking methodologies. The criminals were able to use a sophisticated virus to override the standard procedure required of anyone having access to the database. They planted a virus into the database that enabled them to conduct surveillance on the database for some time before gaining full access to the system. The intrusion was detected before it could escalate further. Roscini argues that sometimes hackers can delete or distort data in the system, making it possible for authorized individuals to have access to information they need, as shown in figure 2 below (90).

Distribution

Cyber-attack is a widespread problem that affects firms and government entities all over the world. The chart shown in figure 3 below identifies how widespread the problem is and countries that have been the main targets of cybercriminals. The United States of America is the greatest target of these criminals, accounting for 23% of the global cyber-attacks. China is another major target, accounting for 9% of the attacks (Kaplan 24).

Germany, Britain, Brazil, Spain, and Italy accounted for 6%, 5%, 4%, and 3%, respectively (Kaplan 24). Other major targets include France, Russia, India, Canada, Russia, South Korea, Japan, Mexico, Australia, and Israel. It is evident that these criminals often target economically empowered nations around the world. As the local economy in the United Arab Emirates continues to grow, the cases of cyber-attacks are likely to increase in the coming days.

Triggers

The triggers of attacks, such as the one directed towards the power grid in the United States, vary. One of the main triggers is the availability of opportunity. The firm could have employed an individual who is loyal to the criminal gang. As such, they used their informant to have access to data without the approval of the relevant authorities. Major weaknesses of the security system of the database, which is easily detectable to these criminals, maybe another trigger.

When on their routine survey of targetable companies, these criminals must have noticed the weakness, which promoted them to try to gain access. Another possible trigger would be a directive from their government, if the attack were sanction by Russian authorities, to have access to the database and obtain specific information. Kosseff notes that the authorities were unable to identify specific triggers of the attack (35).

Timeline

The timeline of the plan and course of action that the Russians took when attacking the power grid is not clear. However, indications show that soon after the last general elections, these criminals shifted their focus to the grid (Kosseff 77). It means that the plan must have been initiated in late 2016, and its implementation started in 2017. However, it was not until 2018 that the government realized that the power grid was under constant monitoring by Russian cybercriminals. Measures were taken in 2018 to ensure that such events do not occur at the institution in the future. However, it is still not clear if the measures have thwarted further attacks.

Sustainability/ Show of Power

Cyberwarfare is emerging as a new battlefront for the worlds superpowers, and it is clear that the attacks witnessed in the United States and planned and executed by government operatives (Ohlin 48). The claim that Russia meddled in the last general election and thereby participated in determining the president of the United States is a show of power. It is an achievement to the Russian government as it feels it deserves to be the superpower.

On the other end, the United States has the responsibility to protect itself from such attacks as the only way of demonstrating that it has the technical capacity, financial muscle, and political will to engage in the new battle for supremacy in cyberspace (Schunemann and Baumann 38). In such an environment where cyber-attacks are considered a show of power, it may not be easy for the existing laws to help fight crime. As long as these criminals enjoy state protection, they know that they cannot be subjected to any form of punishment by foreign governments.

Response

The approach that an organization takes in case of a cyber-attack is very important. According to Roscini, an organization needs to ensure that it makes an immediate response to such an attack in a way that would discourage future attempts to breach the system (60). When the United States power grid was attacked by Russian cybercriminals, the government responded promptly to protect its integrity.

Risks/Weaknesses

When responding, it is important to understand the risks and weaknesses of the organization. The fact that these criminals managed to have access to the database of the grid was a major sign of weakness. It was an indication that the security measure put in place to protect its digital data was not capable of achieving these goals when faced with a complex problem. The risk of such a serious weakness was that unauthorized individuals could easily have access to the information considered confidential. These criminals could also sabotage the operations of this entity in case they are ordered to do so by their government.

Innovation/Payoff/Result

Innovation is the only way of dealing with the current cyber threat in the United States and other parts of the world. It is necessary for the management of the power grid and many other government institutions and private entities operating in the country to consider investing in new technologies when it comes to data protection. They need to be one step ahead of the criminals by maintaining innovative ideas in their operations (Schunemann and Baumann 68). The payoff or results of such investment would be a secured database that cannot be compromised by criminals. The government will be assured that this important institution is not sabotaged by a hostile state.

Cyber Threat Assessment and Attributes

Profiles of the Cyber Threat

It is important to conduct a cyber-threat assessment to understand their magnitude on an organization, the possible frequency of their occurrence, and the manner in which an organization can deal with them effectively. One of the first steps of the assessment is always to determine their profile. Table 1 below shows the generic threat matrix. It summarizes how a firm should profile cyber threats.

Incident Data

The power grid cyber-attack was a major indication to the American society that cyber-security is becoming one of the most important issues that can no longer be ignored. The government did not reveal the exact data about the incident stating dates and level of data compromise. However, it was established that the incident must have started in late 2016 or early 2017, and the criminals were able to have access to critical information that would sabotage the operations of the institution (Roscini 28).

Attack Vectors

The vector of the attack, as was revealed by the Federal Bureau of Investigation, was the critical database of the firm that defines the plants operations, its strategic goals, and steps that it is taking to meet the increasing demand in the country (Schallbruch and Skierka 57). The investigators revealed that once these Russians have access to the database, they focused on data explaining strategic plans and specifics about the daily operations of the entity. The fact that these hackers went for passwords and login details also demonstrates that they had the desire to manipulate the operations of the system by posing as the administrators authorized to initiate specific operations in the plant.

Target Characteristics

When conducting a cyber-threat assessment, Buchanan explains that one of the important issues that an institution has to consider is the target characteristics (43). The response team must consider the threat as a target that needs to be evaluated to determine how to respond. The significance of the threat, the possible outcomes, and the frequency of the threat are some of the factors that have to be considered. Table 1 below shows how the cyber-threat should be classified and rated.

IOCs, TTPs Cyber Threat Protecting, and Defending Mechanisms

Using indicators of compromise (IOCs) to identify potentially malicious activities in the database and tactics, techniques, and procedures (TTP) to determine the modus operandi of cyber adversaries are some of the steps that a firm should take database. In this section, the focus is to determine appropriate defense mechanisms in cyberspace.

General Protection Framework and Applying the Framework on the Attack

The FBI and the Department of Homeland Security played a major role in ensuring that data breach of the power grid was managed effectively. They used an appropriate framework to monitor and respond to the threat in an appropriate manner. They used Open-source intelligence (OSINT) to deal with the threat. OSINT allowed them to collect data automatically about irregular activities in the database without the knowledge of the attacker. The framework enabled the authorities to monitor darknets for any changes in the status quo, which symbolizes irregular activities. The approach made it possible to monitor the activities of the hackers, the information they were interested in collecting, and their primary aim.

Best Protection Model

The use of both the IOCs and TTPs is the best protection model that the power grid and many institutions that face similar threats should embrace. One of the benefits of using this model is that it allows the victim to monitor the activities of the attacker without the criminals knowledge. One can determine the primary goal of such attacks by determining the information they focus on (Kalb 58). It is easy to mislead them while at the same time protecting vital information in the company. It can also help in determining the identity of the attacker, which makes it easy to find a lasting solution to the problem.

Cyber Threat Infographic

A cyber threat infographic makes it possible to use pictures and data together to explain the nature of the problem and the manner in which one can deal with it. As shown in figure 4 below, the number of those who have been victims of cybercrime is on the rise. The respondents in the statistics shown in the figure also indicate that such attacks are becoming increasingly expensive.

Description Infographic

The description infographic on the power grid cyber-attack provides a summary of the main pillars of the threat. The analysis framework of the cyber threat, a timeline of the attack, sustain/show of power, innovation/payoff/results, response, planning/initiation, and triggers. The infographic also identifies risks/weaknesses, distribution, methods, purpose/target, and protection/mitigation plans as discussed in this paper. Figure 5 below provides the information.

Cyber Threat Implications on the UAE

The United Arab Emirates economy is growing rapidly, and the cities of Dubai and Abu Dhabi have been attracting international investors over the past decade. The positive economic outlook of the country means that it is also becoming a major target of cybercriminals. As Rugge notes, cybercriminals do not just target financial institutions (86). They also attack government agencies, as was the case with the power grid attack in the United States, and private entities that are not operating in the financial industry. Their goal in every attack varies, and it is important for different stakeholders in the country to be ready for such an eventuality.

Cyber Security Strategy

The government of the United Arab Emirates should promote public-private partnerships in the fight against cybercrime in this society. According to Radziwill, the biggest concern in fighting this vice is that these criminals do not have to be physically present in the country to execute an attack (40). Such attacks are often planned and executed in a remote location that may not be easy to trace.

The best strategy is for the local stakeholders to pool their resources and fight this vice as a unit. It would be necessary to identify common cyber threats and formulate a common effective plan for addressing them. Embracing international best practices, such as those used in the United States where the problem has been rampant for the last decade, can be helpful. Embracing innovation can also help local stakeholders to deal with the threat.

National Cyber Crime Law

According to Shackelford, the United Arab Emirates is one of the countries in the MENA region, which have taken major steps in enacting strict cyber-security laws (64). The amendment of Article 26 introduced a new penalty of jail time of 10 to 25 years and a fine of between AED 2-4 million for those found guilty of various forms of cybercrime (Kaplan 86). The amendment also states that those who engage in hate speech could be sentenced to five years in jail and pays a fine of not more than AED 500,000.

Article 28 of the countrys constitution also specifies that those who manage websites or use the internet to engage in inciting acts would pay 1 million Dirham as a fine. They can also face a jail term specified by the judge. Article 43 provides for immediate expulsion of a non-citizen resident of the county who engages in cybercrime within the country (Ohlin 59). The country has also embraced regional policies and regulations on how to deal with the problem of cyber insecurity.

International Cyber Laws

The international community has come to appreciate the importance of coming together of nations to fight the problem of cybercrime. One of the initial international laws on cybercrime was the Convention on Cybercrime that was drafted by European Council together with the United States, Japan, and Canada in 2001 (Kosseff 112). It defined the meaning of cybercrime and the measures that should be taken to address it. Commonwealths Convention on Cybercrime, the London Action Plan, and Cyber Security Enhancement Act (CSEA) are some of the active international cyber laws (Schunemann and Baumann 78).

Conclusion, Summarization & Closing Remarks

Cyber-security is a major concern in modern society as digital data become increasingly important to the current generation. The attack on the United States power grid in 2017 was a clear indication of the extent to which some of these cybercriminals are willing to go to achieve their interests. The government of the United Arab Emirates should be ready to deal with this threat by embracing the following recommendations:

• The government should work closely with stakeholders in the private sector to formulate effective solutions to common cyber problems;
• The stakeholders should pool their resources to further research on how to deal with the problem innovatively;
• It is necessary to embrace international best practices when dealing with the problem of cyber-security.

Lessons Learned

This project provided important lessons to the researcher that will define the approach taken when dealing with similar problems in the future. One of the most important lessons is that cybercriminals may not be necessarily motivated by monetary desires. Some are just curious, while others serve the interest of their government. The researcher also learned that every institution, including government institutions, is vulnerable to cyber-attacks.

Works Cited

Buchanan, Ben. Cybersecurity Dilemma: Network Intrusions, Trust and Fear in the International System. Oxford University Press, 2017.

Clark, Robert, and Simon Hakim, editors. Cyber-physical Security: Protecting Critical Infrastructure at the State and Local Level. Springer International Publishing, 2017.

Dehghantanha, Ali, et al., editors. Cyber Threat Intelligence. Springer, 2018.

Kalb, Marvin L. Imperial Gamble: Putin, Ukraine, and the New Cold War. Brookings Institution Press,, 2015.

Kaplan, Fred. Dark Territory: The Secret History of Cyber War. Simon and Schuster, 2016.

Kosseff, Jeff. Cybersecurity Law. Wiley, 2017.

Ohlin, Jens. Cyber War: Law and Ethics for Virtual Conflicts. Oxford University Press, 2014.

Radziwill, Yaroslav. Cyber-attacks and the Exploitable Imperfections of International Law. Brill, 2015.

Roscini, Marco. Cyber Operations and the Use of Force in International Law. Oxford University Press, 2014.

Rugge, Fabio. Confronting an Axis of Cyber: China, Iran, North Korea, Russia in Cyberspace. Ledizioni LediPublishing, 2018.

Schallbruch, Martin, and Isabel Skierka. Cybersecurity in Germany. Springer, 2018.

Schunemann, Wolf J, and Max-Otto Baumann. Privacy, Data Protection and Cybersecurity in Europe. Springer, 2017.

Shackelford, Scott J. Managing Cyber Attacks in International Law, Business, and Relations. Cambridge University Press, 2014.

Introduction

Accounting information systems (AIS) contain sensitive information that comprises an important pillar of a companys financial and organizational stability and success (Hall, 2015). The data should be kept safe and out of bound for unauthorized personnel because authorized access can have devastating outcomes. For instance, it can lead to identity theft or loss of critical data that is hard to replace (Hall, 2015). One of the effects of loss of accounting data is the crumbling of the accounting department or the entire business.

Arguments have been presented as to whether companies that are victims of AIS attackers should be held liable. Some companies manipulate accounting systems for financial gain and therefore it would be important to ascertain the main reason for cyber attacks. On the other hand, it would be important to evaluate the companys policy regarding such attacks, its response, and the security measures implemented to prevent such occurrences.

Home Depot cyber attack

In the year 2014, the largest home improvement chain in the world was attacked by hackers who stole about 53 million email addresses and compromised more than 56 million credit card accounts (Banjo, 2014). This data breach was not very severe because the data stole did not clients sensitive information such as account passwords or payment card information. The attackers used information stolen from a third party vendor to gain access to the companys system and aces the sensitive data.

The information contained a password that was used to access the companys network. In response to the breach, the company addressed a critical vulnerability in its Microsofts Windows operating system that had facilitated the intrusion (Banjo, 2014). The solution to the breach was provided by Microsoft Corporation. The company mitigated the attack by repairing a security flaw while the attack was underway. The fraudsters used custom-built malware programs to access client information in different locations (Banjo, 2014). The malware program had been collecting customers confidential information for five months before it was detected and removed.

The firm should be held liable for the losses incurred by customers because of its poor security and preventive measures as well as lack of ongoing security checks that could have identified the breach. The attackers took advantage of security flows in the firms operating system and the ineffectiveness of its anti-software virus that was unable to detect intrusion and data theft. On the other hand, the company had a poor system design because it used vulnerable tags to identify the 7,500 self-checkout systems that were attacked (Banjo, 2014). The breach was estimated to cost customers and the company more than $62 million in losses. It is the responsibility of companies to protect their systems using strong and breach-free methods.

It is clear that Home Depot had put in place weak security measures that allowed hackers to attack. The firms response to the attack was to identify the hackers access point, close them, and address security flaws in their operating system (Banjo, 2014). The firm should have used stronger and more complex protection methods such as data encryption, firewalls, and virtual private networks (Gehem, Usanov, Frinking, & Rademaker, 2015). In addition, it should have isolated sensitive parts of the system that were more susceptible to attacks. The company should be held liable for its failure to prioritize the security of its accounting information system and using a weak network design. It is also important to use complex network and system designs that are impervious to external attack and intrusions.

Michaels Stores cyber attack

In 2014, an arts and crafts retailer known as Michaels Store was hacked and credit card data belonging to more than 3 million customers was stolen (Harris, 2014). Investigations into the attack began a few months after Target reported a security breach that affected more than 100 million customers (Gehem et al., 2015). Before the firm identified and stopped the breach, it had been ongoing for nine months (Jayakumar, 2014). The incident increased doubts regarding the security of customers information and the effectiveness of companies accounting information systems. According to the company, the attack involved a sophisticated malware program that its security companies described as new.

The hackers were able to attack the companys system because its security companies had never come across such a program before. The attackers targeted its point-of-sale systems and stole information associated with more than 2.6 million debit and credit cards (Harris, 2014). The company should be held liable because of its poor security measures that could not identify a security breach that went on or nine months. One of its subsidiaries (Aaron Brothers) suffered a similar attack in which 400,000 credit cards were exposed to hackers (Harris, 2014). 54 of its stores were compromised and the attack took place even after the company announced that it could have been attacked. The company responded to the breach by hiring to security firms to address the problem (Jayakumar, 2014). The attack affected many customers because they had to be reissued with new credit cards by their banks.

The company should be held liable because of its poor security measures that had been put in place. The attackers used a point-of-sale malware program and targeted payment terminals that lacked point-to-point encryption that could have prevented the attack (Jayakumar, 2014). The companys network was poorly designed because it lacked encryption that could have prevented the attack. On the other hand, weak security measures were revealed because the attack lasted nine months. The company should also be held liable because that was not the first attack.

In 2011, the firm was attacked and customers sensitive information was exposed to hackers (Harris, 2014). The company did not implement strong preventive measures after the first attack. The firm should have conducted an ongoing security upgrade on its systems. An ongoing security check and upgrade could have identified and stooped the attack in its early days. In addition, applying point-to-point encryption could have been effective in preventing the attacks. Companies are responsible for protecting their customers private information by designing networks that are less susceptible to attacks and intrusions, and that implement preventive measures (Gehem et al., 2015).

Neiman Marcus cyber attack

Neiman Marcus is a leading retailer of luxury products in the United States. It was a victim of a cybercrime attack that affected more than 1.1 million customers. The firms system was under attack for several months and the hackers stole information linked to more than 1.1 million credit and debit cards (Harris, Perlroth, & Popper, 2014). Reports indicated that the malware program sued to steal data at Neiman Marcus was the same program that was used at Target. The companys management reported that a malware program had been secretly installed into its system and had been stealing data for approximately four months before it was detected and eliminated (Harris et al., 2014).

The malware monitored the credit card authorization process and stole data during the process. The RAM-scraping malware program scraped and stole unencrypted data (Harris et al., 2014). The attack affected many customers because MasterCard, Discover, and Visa confirmed that more than 2,400 cards involved in the attack had since been used in fraudulent financial transactions at other locations (Harris et al., 2014). The firm became aware of the attack after reports from its payment processor indicated that it was encountering many unauthorized payments at the firms outlets.

The firm should be held liable for losses sustained by customers because the attacks could have been stopped had the company implemented an ongoing security check and upgrade of its systems. The firms network had security flaws because the attack went on for several months unnoticed. The company responded to the attack by hiring a digital forensics firm to investigate the issue (Harris et al., 2014). The firm found out that Neiman Marcus was a victim of cyber-security intrusion and many customer credit cards had been compromised. In addition, it informed customers who had been affected of the attack and offering credit card monitoring for a year. This response was insufficient because several credit and debit card companies reported that more than 2,400 credit cards that had been compromise din the attack had been used in illegal financial transactions after the attack (Harris et al., 2014).

Customers were not informed early enough about the attack and were therefore not able to take precautionary measures that could have prevented further use of their credit cards in fraudulent financial transactions. The companys liability was also evident from the top managements failure to tell the public about their systems security flaws that facilitated the attack (Harris et al., 2014). Companies are responsible for securing their customers confidential information by ensuring that their systems are safe and secure. The attack came after several retailers announced that they had experienced intrusions that led to theft of sensitive information belonging to their customers. The firm should have taken cautionary measures and conducted an ongoing security check and upgrade on its systems in order to avoid similar attacks (Gehem et al., 2015).

Conclusion

Security breaches of companies accounting information systems have been on the rise in the United States. In the past five years, several cases of cyber attacks have been reported among some of the largest retailers in the U.S. Firms such as Home Depot, Michaels Store, and Neiman Marcus have been targets of cyber attacks. Hackers used sophisticated malware programs to infiltrate their systems and steal sensitive customer information linked to their debit and credit cards. In all these cases, hackers took advantage of flaws in the firms systems.

The firms were all liable because the attacks went on for several months unnoticed by their system security personnel. On the other hand, poor network designs and weak security measures were responsible for the attacks. The firms responded by hiring private security firms to investigate the attacks after they had been ongoing for several months. This shows lack of initiative because conducting ongoing security checks and upgrades is necessary especially for companies that deal with sensitive information. The customers suffered great losses because many of the credit cards were used in other fraudulent financial transactions after the attacks. It is the responsibility of firms to design secure networks and systems in order to secure their customers information.

References

Banjo, S (2014). Home Depot hackers Exposed 53 Million Email Addresses. Web.

Gehem, M., Usanov, A., Frinking, E., & Rademaker, M. (2015). Assessing Cyber Security: A Meta Analysis of Threats, Trends, and Responses to Cyber Attacks. New York, NY: The Hague Centre for Strategic Studies.

Hall, J. (2015). Accounting Information Systems. New York, NY: Cengage Learning.

Harris, E. A. (2014). Michaels Stores Breach Involved 3 Million Customers. Web.

Harris, E., Perlroth, N., & Popper, N. (2014). Neiman Marcus Data Breach Worse Than First Said. Web.

Jayakumar, A. (2014). Michaels Says 3 Million Customers Hit by Data Breach. Web.

Less than two years ago the film studio Sony Pictures Entertainment experienced a cyber-attack, which affected the organization greatly. The hack happened in November 2014. The criminals informed the employees that they are Guardians of Peace (GOP), placing their name on the computer screens along with the picture of a skeleton. During this attack, a wide range of confidential information was stolen. It was claimed that all received data would be released if the company refuses to satisfy the request, which was not explained at that time and remained unknown. In the next month, GOP threatened the company and urged it to cancel the release of the film The Interview.

GOP said its release would be the same as a terrorist attack. Sony accepted the demand and did not let the film run on the cinema screens but allowed the representatives of the general public to see this comedy about the intention to kill the leader of North Korea in theaters and online. Intelligence officials who worked on this case tried to find out who the members of GOP were and who sponsored their actions. The research showed that North Korea was involved, but the country denied its responsibility (Peterson, 2014).

The media represents this cyber-crime as hacking. Mainly, it happens because GOP broke into the employees computers and received access to the personal information. However, it was not only found but also stolen, which proves that the group wanted to exploit the weaknesses of the system. It was also a theft of data with the intention of further release (in case of not meeting the request). Thus, from the very beginning, the purpose of GOP was to steal information.

The target of the discussed cyber-crime was the film studio Sony Pictures Entertainment. GOP hacked its computers with the concrete desire to steal information about the employers, employees, and their families. They even informed the victims of the act of hacking for them to realize that it was more than an assessment of vulnerability. The group was paid to stop the release of the film that was made by Sony Pictures Entertainment, and no other organization could be addressed with the same demand. Thus, there were no doubts about GOP getting to the right target.

The fact that GOP communicated their request to the employees of the company proves that hacking was committed in order to make Sony meet the demand. Except for that, the data were stolen to threaten the organization and make the request to cancel the release of The Interview even more critical. Thus, this firm was selected as a target, and its abolition was the only thing that could satisfy the demand. In particular, Sony made a film and was going to release it while GOP wanted to stop the process and hacked the company.

Sonys system was not efficient enough, which allowed the attack to be successful. Alvarez (2014) paid attention to the security vulnerabilities in the service, particularly after Sony failed to act on multiple warnings from the culprits (par. 3). Such opinion was supported by numerous professionals, including Sanchez (2015). It was stated that Sony had not paid enough attention to Internet security and left significant data hardly protected. Its firewalls and system of intrusion detection failed to work efficiently and effectively (Martin-Vegue, 2015).

The attackers did not try to hide. They left their name  GOP  on the screens of Sonys computers. Still, the only information initially available was that they were a group of hackers. However, it was found that they worked under the sponsorship of some individuals or organizations, but intelligence officials did not know who or what it was. The investigation showed the connection with the North Korean government, and the content of the film makes such opinion look well-grounded and decent (Peterson, 2014).

However, with the course of time, other versions were also developed. For example, Paganini (2015) reported that at the beginning of 2015 Russian hackers claimed that the attack was made by them. As North Korea does not admit their responsibility, and no authoritative evidence regarding Russia exists, the issue remains unsolved.

The fact that Sony experienced the cyber-attack and its confidential information were disclosed affected the organization adversely. First of all, it had to meet GOPs demand and alter the designed plan of action regarding the film. It dealt with the negative impact on workers and clients perceptions of the company. It had to restore the brand and re-attract customers. The organization had to implement changes in the security system. It was supposed to assess the situation and cope with vulnerabilities.

Sony had to be able to prove its efficiency and security after the attack always because workers, clients, and suppliers would not be likely to cooperate with the organization that could not ensure the safety of the important information. The company needed to find a practice in which it exceeded the competitors to prove that it was still not only good enough to remain in the market but also was one of the leaders in the industry.

Sanchez (2015) believes that the attack could have been prevented if Sony implemented Critical Controls that provide an opportunity to reduce such risks. The organization should have conducted Gap Assessment to see its vulnerabilities and then select and implement specific controls. The attention should have been paid to data protection and encryption, wiper malware, use of administrative privileges and audit logs, and implementation of secure network engineering.

References

Alvarez, E. (2014). Sony Pictures hack the whole story. Web.

Martin-Vegue, T. (2015). The Sony Pictures Entertainment hack: Lessons for business leaders. Web.

Paganini, P. (2015). Sony Pictures hacked by Russian blackhats, it now emerges. Web.

Peterson, A. (2014). The Sony Pictures hack explained. Web.

Sanchez, G. (2015). Case study: Critical controls that Sony should have implemented. Web.

Introduction

The recent attack on Dyn shows clearly that cybercrime still remains a major threat that can affect the effectiveness of many online systems. The increasing number of internet users and online-based transactions continue to threaten the sustainability of different servers. Hackers are monitoring these changes in order to attack their victims. The case of Dyn attack presents powerful insights that should be taken seriously in order to minimize the chances of being attacked by cybercriminals (Perlroth, 2016).

Existing Vulnerabilities Prior to the Attack

The nature of this attack shows clearly that some vulnerabilities or gaps existed before the incident. To begin with, the firm had failed to monitor and screen various software threats. Some software programs are used by hackers to command different internet-connected devices (Perlroth, 2016). Failure to screen suspicious online activities and software programs must have led to the attack. Dyn must have also failed to implement appropriate security measures to prevent cybercriminals from carrying out Distributed Denial of Services (DDoS). The firm lacked an adequate program to monitor every unsecured Internet of Things (IoT) device. These devices are usually ignored by internet users despite the fact that they are used to execute cybercrimes.

The service provider had not informed or guided different clients to use patched and properly-secured websites. This strategy could have played a positive role in averting the attack. This attack shows conclusively that Dyn’s system did not encourage subscribers to use strong passwords and patched servers. Issues such as spam zombies and DDoS bots had been ignored (Torrisi, 2016). Firms receiving services from Dyn were not guided to embrace various strategies capable of strengthening the security of the system. These vulnerabilities made it easier for responsible cyber-crooks to attack the system.

Countermeasures

Several countermeasures should have been considered in order to mitigate the vulnerabilities. It is agreeable that the attack made it impossible for many firms and customers to achieve their potentials (Perlroth, 2016). The attack could have been averted if Dyn had “supported the clients to set up a Secondary DNS environment” (Torrisi, 2016, para. 1). A “redundant DNS strategy can be helpful whenever there are DNS-directed DDoS attacks” (Torrisi, 2016, para. 3). This countermeasure could have prevented the attack from happening. The concept of zone management has been observed to strengthen the effectiveness of many systems. These infrastructures can be used to monitor and conquer attacks in a timely manner.

Dyn should have empowered and guided its clients to use preventative measures such as antivirus and monitoring systems. These security measures would have denied crooks access to the systems. Monitoring practices can ensure every system operates optimally (Perlroth, 2016). Strong passwords and patched-websites could have averted the attack. The service provider should have guided different subscribers to monitor different devices such as printers and cameras. This countermeasure could have played a positive role in making the systems less vulnerable.

Issues Associated with the Attack

The “Dyn has servers that reroute and monitor internet traffic” (Perlroth, 2016, para. 3). The targeted attack resulted in denial-of services thus making many websites inaccessible. The hackers are believed to have targeted thousands of internet-of-things (IoT) in order to execute the attack. Some of the devices connected to the internet included printers, home routers, cameras, and baby monitors. After the attack, experts have indicated conclusively that the increasing number of IoTs will present a major security issue. This is the case because hackers are presently targeting these devices to execute their internet-based attacks.

Some firms used a number of countermeasures to prevent similar attacks in the future. For instance, Dyn embraced the power of multiple DNS environments. The use of redundant DNS was supported because of its effectiveness in minimizing DDoS attacks (Torrisi, 2016). Additionally, many companies decide to push their systems to cloud computing providers. The move was undertaken in order to make the systems less accessible and hard to attack (Torrisi, 2016). The attack affected business-wide system security thus making it impossible for many companies to execute their functions.

The government focused on new measures to protect different systems. The Department of Homeland Security was also investigating the attack in order to come up with better regulatory measures. Although these countermeasures remain critical towards dealing with similar threats in the future, the most agreeable fact is that the increasing number of IoTs presents numerous challenges that must be addressed from a cyber-security perspective (Sarate, 2016). This is the case because more hackers are coming up with new strategies thus increasing the risk of cyberattacks.

Recommended Mitigation Procedures

The best approach towards dealing with cybercrime is embracing the most appropriate mitigation procedures. This means that companies and individuals using the internet should be on the frontline to implement the most effective and sustainable mitigation procedures (Sarate, 2016). The cyberattack on Dyn is a clear indication that cybercrime is a reality and can affect the effectiveness and performance of many organizations. That being the case, appropriate mitigation procedures can be critical towards preventing similar attacks.

The first thing is through the use of complex authentication procedures. Such procedures can be characterized by codes, passwords, and fingerprints to ensure unauthorized persons do not have access to the targeted systems. Companies should ensure their systems and websites are supported by improved access controls (Torrisi, 2016). This practice will ensure only authorized persons have access to targeted websites or devices.

Malicious codes can be combated using patched software. Once such codes are combated, it will be possible to improve the level of security. Effective firewall configurations can improve the security of different programs, operating systems, and computer applications. Companies and individuals should ensure compromised hardware is identified within the shortest time possible. The comprised hardware system can increase the level of vulnerability (Skyrius, Kazakeviciene, & Bujauskas, 2012). This fact explains why such hardware should be replaced immediately.

Users should “turn off remote access to the internet of things (IoT) devices like cameras and printers” (Ducklin, 2007, para. 7). This strategy will make it hard for hackers to use devices to pursue their malicious goals. Firmware updates should be installed immediately in order to maximize protection (Ducklin, 2007). Individuals whose computers and devices are connected to the internet should engage in constant scanning in order to monitor security holes.

When such holes are identified, it will be easier to fix them before the hackers use them to pursue their missions. Some devices are characterized by risky settings. Users should ensure such settings are turned off before using the gadgets. Organizations and computer users should go further to use updated antivirus software (Sarate, 2016). Combining these strategies can play a positive role in averting different cyber attacks. The approach will support the needs of many internet users.

References

Ducklin, P. (2016). Dyn DDoS – what can we do right now to help prevent the next attack? Naked Security. Web.

Perlroth, N. (2016). Hackers used new weapons to disrupt major websites across U.S. The New York Times. Web.

Sarate, F. (2016). Hackers used new weapons to disrupt major websites across U.S. Proteja Sua Familia. Web.

Skyrius, R., Kazakeviciene, G., & Bujauskas, V. (2012). From management information systems to business intelligence: the development of management information need. International Journal of Artificial Intelligence and Interactive Multimedia, 2(3), 31-37.

Torrisi, M. (2016). Advanced secondary DNS for the technically inclined. Dyn Blog. Web.

Introduction

Every major player is working on this technology of artificial intelligence. As of now, it is benign…….but I would say that the day is not far off when artificial intelligence as applied to cyber warfare becomes a threat to everybody.

Ted Bell

Cyber threats are threatening to tear apart the American fabric. Right from the emergence of heightened cybercrime, fears of criminal such as terrorists taking advantage of digital platforms, corporate and even state cyber surveillance systems, the matter of cyber security has generally become extremely important not only American issue but also global issue (The NIS 2009, 2-4).

In the United States, there have been some concerted efforts to dealing with the issue of cyber threats (The NIS 2009, 12-14). Some of these efforts include establishing strong surveillance systems. Other efforts include enactment of tough laws around the issue of cyber security (US Congress 2009, 2-3).

Yet these endeavors have not been any successful in dealing with cyber security as most of government databases, state databases and organizational databases have continued to falling to hackers (US Department of Justice 2010, 2-7). Thus, this paper will be guided by the following research question:

“What is the reason behind the continued threats of cyber attacks in the United States of America?”

Even though cyber threats are borderless and also an international phenomena, different countries have their national mechanisms to protect their institutions from being susceptible to cyber attackers. Based on the fact that cyber criminals have no specific place that they can come from, this paper will also touch on close and systematic global cooperation between United States and internal partners specifically in terms of monitoring, tracking, restricting and disciplining those who take part in this heinous act.

Thus, in order to fully answer this research question, the paper will also look at approaches (such as task forces or agencies), undertakings (programs and missions), agreements (treaties, conventions.) as well as challenges (the issues that hinder creation of preventive mechanisms).

Thus, the paper will briefly review existing literature particularly on the topic of cyber security in the USA, outlining the main hypothesis, study variables as well as core parameters. The paper will also explain what cyber threats really are and for purposes of elucidation give some specific examples and the existing variations. It must be understood that in order to understand the cyber issues in the USA, it is also good to relate it to international framework as cyber threat is an international phenomenon.

Hypothesis

This paper will show that diverse values or considerations directly cause a lack of concerted efforts to stem the issue of cyber threat in the United States. As such, the main hypothesis to this study is that when values or concerns of a nation with other partners are similar, the higher the agreement on common agenda towards dealing with cyber attacks or threats.

Review of the Literature

There are two types of cyber threats: cyber warfare and cybercrime. Cyber warfare is not common but it mainly involves people who target the key infrastructural facilities of other countries (Colbaugh and Glass 2012). Cyber crime is the most common type of cyber threat and usually done with the intention of hacking into or accessing private information for their own use. For instance, criminal can target bank details of people so that they can steal money from those accounts.

Nearly all of the available literature on cyber threats or security emphasizes the contribution of communication and information technologies to virtually all societal sectors (Colbaugh and Glass 2012). Obviously, the import of information in today’s changing times cannot be underestimated.

At the same time, the increasing digitalization of most systems, has made it easier to access information and at the same time these systems has become more predisposed or susceptible than in any other times in human history. In other words, now more than ever the potential destruction of cyber attacks in the United States is beyond measure.

In fact, one of the greatest cyber threats is the potential attacks on various vital infrastructural facilities, such as military, financial services, power, transport sector and even telecommunication (Cooper 2005, 2-4). Even though it is hard to quantify the likely cost of these threats, the fact is that cyber attacks can be disastrous and damaging in terms of economics. In international domain, cyber attackers have directed their efforts towards major infrastructures such as the banking sector.

A number of scholars who have significantly contributed to cyber security topic seem to indicate that cyber threat is a new wave of war. In fact, this might be one of the major reasons why many countries have been developing strategies on how to develop systems that counter the danger associated with cyber attacks.

In 2009, for instance, the United States president declared digital infrastructure a strategic element of national interest (Clark 2012, 2-3). In 2010, the United States of America followed by setting up a Cyber Command center in order to protect the most targeted American military infrastructure as well as attacks on other systems in the country (George 2008, 3-7).

However, even with the endeavors to develop protective cyber capabilities by individual countries, on international platform this has not been considerably addressed. It has been acknowledged that one of the problems of having concerted effort at international level is the lack of vivid and generally accepted definitions on relevant concepts and terms to cyber threats (Clark 2012, 5-9).

In fact, there exist many conventions that give contradictory definition on cyber threat. For instance, under Article 51 of the United Nations Charter provides for the right of individual countries to take part in self-defense, including joint effort in self-defense, against any attack. The Lisbon treaty espouses a solidarity clause that provides for the shared responsibility in dealing with threats that emanate from outside.

This clause provides that in the event that a Member State has been attacked, other Member States shall provide the much needed help in line with Article 51 of UN charter. These clauses and articles do not mention cyber attacks as a form of aggression. Therefore, it is not very clear on how to collectively approach the issue. If it can be viewed as such, then cyber attacks could possibly merit an international response.

Over and above everything else, to-date despite being informational age, it is hard to believe that there is reliable no literature that directly relate or connect cyber security aspects to international relations which is key to managing the implications that are associated with cyber attacks (George 2008, 7-13).

A large percentage of existing literature relates to policy making and not aim at theoretical advancement. This is a huge set back as it is likely that the solution to cyber attacks could also involve power changing games and theoretical considerations in terms of powers of leaders and countries.

In conclusion, cyber threats are real. However, the literature on this issue is still not sufficient as the existing literature is only sponsored by government agencies and its aim is not to advance the existing theory but specifically for policymaking. The amount work in this field though is encouraging but has only been as a result of the growing interest in the issue of cyber attacks.

In other words, the academic works that have been done so far are as a result of populist views and not aimed at delving deep into theoretical framework of the issue in a way that advances or challenges the existing literature. Because of this, most of existing literature is more experimental and lacks the theoretical gist.

However, the good thing is that there is an overwhelming agreement on the different types of cyber threats. Furthermore, as it has been through different conventions, there is a near worldwide concurrence regarding the need for a shared response or participation in order to sufficiently deal and completely contain the issue of cyber attacks and associated threats.

Methodology and Research Strategy

Largely, this will be a retrogressive study heavily reliant on existing secondary and primary published studies. To begin with, the study will examine different existing cyber threats and their implications (George 2008, 7-13). To illustrate the diverse nature of cyber attacks in the United States of America, the paper will examine a number cyber attacks or threats.

Since cyber threat is not just a local affair, the study will also provide pertinent statistics in relation to the scale of cyber incidents, related trends as well as their connotations in terms of economics largely in the United states but will also touch on international platform briefly. All these consideration are important particularly in showing the degree and extent of cyber threat in order to show that it is second to none for all actors if a cyberspace that is secure in the USA has to be achieved.

In answering the research question, the paper will make use of several different sources of data or information. For instance, whilst evaluating the United Nations, the paper will mainly look at the different strategies agreed upon by member countries to enhance the issue of cyber security. In this context, the aim will be to examine whether resolutions by United Nations support the United States in improving security of its targeted infrastructures (George 2008, 7-13).

In addition, when looking at the UN, the emphasis will be on the participants, their participation level, degree of concurrence, where they come from as well as their concerns. In the end, the paper will underline challenges that the United States face in connection to cyber attacks. As such, this will help in relating other major preventing factors to values espoused by United States in terms of cyberspace and cyber protection.

Variables

In exploring threats to cyber attacks in the United States of America, the independent variable will be the diverse societal and political values. This will be in relation to support, preferences, or concerns to cyber threats. The dependent variable is that there is no concerted effort to stem the issue of cyber threats in the United States of America. Mostly, this issue stems from the fact that there are no tangible unilateral agreements on dealing with this issue.

Analysis and Findings

Cyber Threats

For the purposes of simplicity and clarity, cyber threats faced in the United States are classified into two major classes, that is, cybercrime and cyber warfare (Clark 2012, 2-7).

Cyber warfare is an aberrant cyber undertaking that directly endangers the national security, the capability of defense systems and critical infrastructural systems of a country. Espionage is an act of cyber warfare. It involves accessing of information that is highly sensitive, manipulation of defense systems, as well as making sure that critical infrastructural systems are disrupted.

These forms of attacks are carried out by criminal elements, or terrorists. On the other hand, cybercrime are criminal or heinous activities carried out using hand held devices or internet enabled computers (Colbaugh and Glass 2012, 4-7). Unlike cyber warfare, cybercrimes is associated with things such as unauthorized access or stealing of private information. This particularly involves people who want to access bank details of other people.

Business espionage and hacking of personal accounts and websites are examples of cybercrime. Whenever cyber warfare is committed there is usually a political connotation to it especially the drive for self determination. Cybercrime, on the other hand, is mainly done in groups and for fun just to test the security of certain websites or personal accounts.

Different forms of cyber attacks in the USA are committed through various methods or ways. DDoS or simply Denial of service attack (DoS) is one way of committing cyber attacks (The NIS 2009, 2-17). These types of cyber attacks are very common in the US as they are easy to commit, as they do not even require advanced skills in computer programming. Cyber criminals usually take advantage of network tools such as LOIC to access or hack a particular website or personal account.

Malware is the method that is widely used for committing cyber attacks. In fact, as it has been established, it accounts for about seventy percent of all cybercrime related attacks. Though still under research, what is known about malware is that it may entail the use of computer viruses (Cooper 2005, 34-42).

This leads to replication of programs making it hard for owners to access their information or making it easier to read any information fed in the computer for easier retrieval of information needed. In other words, viruses can actually be made or programmed in a way that makes it easier to perform diverse actions. They can alter other programs or delete files in targeted websites thus permitting access to unauthorized persons.

In the United States of America, Cyber criminals have also been targeting private entities and companies. For instance, Citigroup was in 2011 attacked and personal information including credit cards was stolen. Still in 2011, another attack was reported on the United States defense system as well as Aerospace Corporation, which produces US military choppers (Clark 2012, 15-23).

Though it was reported that the attack caused minimal damage, the gist of the issue is that it took several day to completely restore the services and process to normalcy. These effects are not just specific to United States. For instance, it has been established that these cyber threats and attacks in the USA has been offering some insight into the increased cyber attack activities globally. For instance, over the last five years or so, cyber threats particularly in United States federally run organizations have grown by over six hundred percent.

This trend is attributed to the increasing advancement of hackers in terms of skills and sponsoring bodies. In fact, a number of reports show that in 2011 alone cybercrime claimed over three hundred billion USD globally (Colbaugh and Glass 2012, 23-27). Furthermore, in 2010 it was reported that cybercrime cost US medium scale companies close to thirty six million USD each.

This when put together, let’s say, fifty companies were affected then it become an issue that cannot be ignored. Some companies spent this money on protective mechanisms while others used the money to compensate clients or partners who lost their investments in the process (Colbaugh and Glass 2012, 28-34).

The United Nation

The cyber security issue has also been the main concern for United Nations. In fact, the main endeavor in responding to cyber threats started when Russia introduced a resolution to deal and manage the developments in the domain of information but in relation to international security in 1999 (Cooper 2005, 7-9).

However, ten years later the United States of America has not supported the resolution despite the incressing number of sponsors to the resolution. The reason behind the move by the US is possibly on differing values. When taking into consideration the likelihood of an accord on international cyber security the United States has a number of considerations that are very specific in its own context (George 2008, 34-38).

Being the most advanced country in terms of technology, entering into external deals on cyber threats would not be a well thought strategic deliberation, as it would likely limit the capability of its highly supported cyber protection program (US Department of Justice 2010, 34-56). what’s more, the fact that it was fronted by Russia as well other dictatorial leadership across the globe, the United States considers it as a well orchestrated attempt to limit the superiority of United States as well as its strategic advantage in the area of cyber security.

Conclusion

From the discussion, particular on international effort, a number of divisions seem to emerge that are the main reason as to why it is hard to agree on the way forward on comprehensive international response to the issue cyber threat.

However, there seem to be a common consensus across the planet on the costs associated with cyber threats as well as the expediency needed to manage the issue. Nearly, all parties involved in the field of cyber security ranging from scholars to leaders, concur that since it is an international issue, the only way forward is to come up with solutions that are fundamentally international in nature.

Most of the global endeavors to avert threats associated with cyber attacks have been so experimental in nature. This therefore means that they only aim at enhancing consciousness, offering suggestions on best practices, keeping an eye on cyber activities, supporting the development of local or national laws on cyber security.

It is no doubt these endeavors have actually been successful on various levels, however, they seem not to make attempts in terms of developing an inclusive international platform for combating cyber crimes. Instead, they only attempt to support petite answers for countrywide, governmental, private entity or companies to manage the issue. This as it has been seen stems from the difficulty of reaching a bipartisan international agreement due to differing values of individual countries such as the United States.

In this case, for the mind of all players to be ad idem, a range of deliberations need to considered first before thinking of agreements that viable, significant and functional in terms of enhancing cyber security. This comprises globally accepted definitions of cyber threats, which have also been found to be a major issue hindering advances on cyber security. This is basically espoused in Lisbon treaty and article 51 under UN charter.

Due to varying values of different countries, conflicting laws as well as strategies to the issue of controlling cybercrimes can subsist on diminutive levels. For instance, most countries have agreement on sharing information relating to cyber security, however there are concerns that some legal protection may not be given to them (United States).

The United States also does not consent to such international agreements due to the fear of additional procedures, which would contradict the US constitutional provision on freedom of expression. Thus, what ails or makes it difficult for international players to agree on the way forward on matters relating to cyber security, is purely because of the differences in existing legislations stemming from their fundamental values.

However, these challenges can be surmounted through effective collaboration as well as the development of an all-inclusive international response to threats associated with cyber attacks. Though the US has mechanisms for dealing with the issue, it cannot be able to win the war on cyber threats alone, as it is an international phenomenon.

As it has been established, a disconnection exists in literature in relation to theoretical conceptions especially the theory of international relations, future studies should emphasize these aspects. Mainly this is based on the fact that cyber threats are increasing an international affair and not restricted with borders and certain organizations. In addition, more research is needed to find out the best approaches controlling of cybercrimes, as this is one of the points where most countries differ on collective approach to cyber security.

Reference List

Bell, Ted. “Ted Bell Quotes”. Web.

Clark, Robert M. Intelligence Analysis: A Target-Centric Approach, 4th Edition. Washington, D.C.: CQ Press. 2012.

Colbaugh, Richard, and Kristin Glass. “Proactive Defense for Evolving Cyber Threat.” Sandia Report: (2012). Web.

Cooper, Jeffrey. 2005. “Curing Analytic Pathologies: Pathways to imprived intelligence analysis.” Center for Study of Inteligence, (December 2005). Web.

George, Roger. Analyzing Intelligence: Origins, Obstacles, and Innovations. Washington: Georgetown University Press. 2008.

The NIS. 2009. “The national Intelligence Strategy.” NIS Report, (August 2009). Web.

US Congress. 2009. S. 1438. A bill presented at 111TH CONGRESS 1ST SESSION, Washington Dc: US Congress.

US Department of Justice. 2010. “Solutions and approaches for a cohesive plan to improve our nation’s ability to share criminal intelligence.” The National Criminal Intelligent Program, May 20. Web.

Introduction

Background information

In the 21^st century, most countries are focused towards becoming a part of the global economy. Consequently, one of the aspects that governments are concerned about touches on world trade. In a bid to position themselves in the global market, governments are increasingly investing in logistic and supply chain infrastructures such as Information Communication Technology (ICT). Therefore, trade across countries is increasingly being conducted through the Internet.

A report by the World Economic Forum (2012) asserts that technology has significantly facilitated the flow of goods across countries. Consequently, it is imperative for governments to ensure secure transmission of data. However, cyber attacks by foreign governments, terrorists, and “hactivists” among others present a major challenge to governments’ in their efforts to establish effective logistic and supply chain infrastructures.

Aim

The objective of this report is to compare and contrast how the UK and China are facilitating international trade investing in effective logistic and supply chain infrastructure. The report focuses on how the two countries are countering cyber attacks.

Analysis

Management of cybercrime

The UK

The UK government ranks cyber attack as one form of major incidents and international terrorism. Consequently, the government is investing heavily in various defence tactics (World Economic Forum, 2012). In 2008, the UK government formed the Police Central e-Crime Unit (PCeU).

The unit works in collaboration with the private sector and other law enforcement agencies. The government’s effort to curb cyber crime is also evidenced by the formation of the UK Serious Organised Crime Agency (SOCA). In 2011, the government invested US$1 billion to all the cyber security initiatives in the country. The funds were to be used in training experts and developing software to curb cyber attacks (KPMG International, 2011).

China

Currently, China ranks one of the fastest growing economies in the Middle East (World Economic Forum, 2012). The country’s economic growth has arisen from increment in the volume of trade with other countries. However, China is not fully committed towards fighting cyber crime as evidenced by the fact that the country is considered as the major source of targeted cyber attacks.

A report released in 2009 by KMPG International shows that 200 government websites were hacked in China. In an effort to curb such attacks, the Chinese government integrated computer crimes within the country’s criminal law legislation (KPMG International, 2011). Additionally, the Chinese government is also partnering with other organisations such as the Association of Southeast Asian Nations (ASEAN) and the United Nations in an effort to fight cyber attacks.

Reflection on the advantages of the strategy adopted by the two governments

The above analysis shows that the UK is more effective in dealing with cyber crime as compared to China. The UK government is actively involved in dealing with cyber attacks. For example, by investing in development of new technology and human capital, the UK will be in a position to curb cyber crime more effectively. On the other hand, China’s strategy to deal with cyber crime is more indirect. Consequently, the outcome might not be very pleasing.

Lesson learnt

Cyber crime presents a major threat in the survival of organisations, which arises from the fact that firms can lose confidential information to hackers hence threatening their future survival. Therefore, it is imperative for firms’ management teams to integrate effective strategies to counter cyber attacks.

Conclusion and recommendation

1. To counter cyber attacks, organisations and governments should ensure that effective computer security mechanisms are integrated. Moreover, computer systems should be well configured to eliminate possible gaps that might present an opportunity to hackers.
2. It is also imperative for governments and organisations to review their computer security systems continuously in order to make the necessary improvements.

Reference List

KPMG International. (2011). Issues monitor, cyber crime; a challenge for governments. Retrieved from https://home.kpmg/xx/en/home.html

World Economic Forum (2012). Outlook on the logistics and supply chain industry. Retrieved from http://www3.weforum.org/docs/WEF_GAC_LogisticsSupplyChainSystems_Outlook_2013.pdf

Introduction

Background

Cyber-attacks are becoming a major problem for government institutions, private companies, and individuals who are engaged in various online activities. According to Buchanan, emerging technologies have given rise to sophisticated cyber-threats as some techno-savvy individuals embrace hacking as their career (53). Some of them are even sponsored by their governments on intelligence-gathering missions, while others are motivated by pure greed.

The United States power grid cyber-attack was a clear demonstration of the vulnerability of important government infrastructures. Cybercriminals were able to have access to and manipulate important data, which was a clear demonstration that the threat posed by cybercriminals can no longer be ignored. As Dehghantanha et al. put it, these criminals are not only getting sophisticated but also bold and aggressive in their moves (32).

In this paper, the researcher will focus on the increasing threat of cyber-attacks that target critical government institutions, with a special focus on the recent power grid attack in the United States and how the threat can be managed.

Scope and Purpose

The scope of this study will be on analyzing the extent of the cyber-threat, institutions that are most vulnerable, the motivation of the hackers, the economic impact of the threat, and the steps that the relevant authorities can take to address the problem. The study will also look at the local and international laws that have been put in place to address the problem. The purpose of this study was to evaluate the emerging trends in cyber-attack in a way that would enable the local community to prepare for such problems.

The United Arab Emirates is one of the fastest developing economies in the region, and cybercrime is becoming a common problem. Looking at the trends in some of the countries around the world would help local stakeholders to understand and appreciate the magnitude of the problem. Such case studies may also help local firms to know how they can respond appropriately to such threats.

Report Structure

The report has several sections, each addressing different issues. The first section of the report is the introduction. It provides background information for the study, the scope, and the purpose of this research. The second section focuses on the incident analysis of the cyber threat. It provides the lifecycle of such attacks, purpose, target, and motivation of such attacks, planning process, and implementation of the plan. It also looks at the distribution of the attacks, triggers, timeline, and show of power. The next section provides a response plan for a possible attack. Other sections include cyber threat assessment and attributes, IOCs, TTPs, Cyberthreat protecting and defending mechanisms, cyber threat implications on the UAE, conclusion, summarization, and closing remarks.

Cyber Threat Incident Analysis

Incidences of cyber-attacks are becoming common not only in the developed nations such as the United States and the United Kingdom but also in developing nations of the Middle East and North Africa (MENA) region. Proper planning may help government institutions and private firms to avoid the devastating consequences of such an attack. In this section, the focus is to analyze the threat of possible incidences of an attack.

Lifecycle of the Attacks

According to Clark and Hakim, cyber-attacks have lifecycles that one needs to understand to have a plan on how to deal with it (48). As shown in figure 1 below, it starts with the initial reconnaissance, where the cybercriminal identifies a potential target and the benefit that would be accrued from a successful attack. The next step is to target an initial compromise, where they would try to have access to the database by simply hacking into the system or using a sophisticated virus to have access to the database (Kalb 39).

The criminals will then establish a foothold in the system of the target before escalating privileges where they can steal or manipulate data as they wish. They will conduct internal reconnaissance to identify what is important, move literally to have access to information they need, and maintain their presence for as long as it is necessary for them. When their mission is complete or if they are detected, the final phase is to move out of the system.

Purpose

The purpose of every cyber-attack varies significantly. Rugge argues that one of the common reasons why people target and attack specific databases is because of financial gains (59). Many cyber criminals focus on financial institutions where they can transfer huge sums of money into their bank accounts. They believe that such attacks offer them an easy way to become rich. Some of the attackers engage in this practice because of their perceived patriotism or loyalty to their government.

Radziwill explains that the attack on the US 2016 General Election was planned and executed by cybercriminals loyal to the Russian government (74). Sometimes the attack can just be out of malice, such as the recent power grid incident in the United States (Rugge 88). Others are just curious to know the information in databases of various organizations.

Target

A cybercriminal must have a clear target and what should be achieved by the end of the attack. In this case, the target was the power grid in the United States. The grid is critical in the normal running of the economy, and any form of manipulation that would interrupt its normal operations may have devastating consequences on the country’s economy. Operations of the grid have been digitized to make it easy for the officials and customers to engage. Other than a possible manipulation of the operations of this firm, hackers may have access to customer’s confidential messages that they can use maliciously to achieve selfish goals.

Motivation

The real motivation behind the recent attack of the United States power grid by Russian hackers identifying themselves as Dragonfly or Energetic Bear is not yet clear. However, reports show that these criminals had access to sensitive information such as login details of various individuals, passwords, and information about energy generation (Shackelford 93). The study indicates that the likely motive of these criminals is sabotage(Shackelford 93).

They may be planning to disrupt the normal operations of power generation. It was not clear if they were on a general phishing expedition or a specific purpose under the directives of the Russian government. The authorities were convinced that the intention was to plan a major attack on the power generation and supply system in the United States. The incident highlighted the vulnerability of the grid to international cybercriminals.

Actors Planning

Dragonfly, the criminal gang that planned and executed the attack, is an entity that brings together some of the Russian highly intelligent cyber-experts. These individuals have helped their government in cyber-espionage in the past, but it is not clear whether this time they were representing the interest of their government. Given that the goal of the attack was not determined, authorities assumed that they acted alone when planning and executing the attack on the power grid. However, it may be possible that they got government support to enable them to achieve their goals.

Initiation and Implemented Methodologies

The attack was initiated and implemented using conventional hacking methodologies. The criminals were able to use a sophisticated virus to override the standard procedure required of anyone having access to the database. They planted a virus into the database that enabled them to conduct surveillance on the database for some time before gaining full access to the system. The intrusion was detected before it could escalate further. Roscini argues that sometimes hackers can delete or distort data in the system, making it possible for authorized individuals to have access to information they need, as shown in figure 2 below (90).

Distribution

Cyber-attack is a widespread problem that affects firms and government entities all over the world. The chart shown in figure 3 below identifies how widespread the problem is and countries that have been the main targets of cybercriminals. The United States of America is the greatest target of these criminals, accounting for 23% of the global cyber-attacks. China is another major target, accounting for 9% of the attacks (Kaplan 24).

Germany, Britain, Brazil, Spain, and Italy accounted for 6%, 5%, 4%, and 3%, respectively (Kaplan 24). Other major targets include France, Russia, India, Canada, Russia, South Korea, Japan, Mexico, Australia, and Israel. It is evident that these criminals often target economically empowered nations around the world. As the local economy in the United Arab Emirates continues to grow, the cases of cyber-attacks are likely to increase in the coming days.

Triggers

The triggers of attacks, such as the one directed towards the power grid in the United States, vary. One of the main triggers is the availability of opportunity. The firm could have employed an individual who is loyal to the criminal gang. As such, they used their informant to have access to data without the approval of the relevant authorities. Major weaknesses of the security system of the database, which is easily detectable to these criminals, maybe another trigger.

When on their routine survey of targetable companies, these criminals must have noticed the weakness, which promoted them to try to gain access. Another possible trigger would be a directive from their government, if the attack were sanction by Russian authorities, to have access to the database and obtain specific information. Kosseff notes that the authorities were unable to identify specific triggers of the attack (35).

Timeline

The timeline of the plan and course of action that the Russians took when attacking the power grid is not clear. However, indications show that soon after the last general elections, these criminals shifted their focus to the grid (Kosseff 77). It means that the plan must have been initiated in late 2016, and its implementation started in 2017. However, it was not until 2018 that the government realized that the power grid was under constant monitoring by Russian cybercriminals. Measures were taken in 2018 to ensure that such events do not occur at the institution in the future. However, it is still not clear if the measures have thwarted further attacks.

Sustainability/ Show of Power

Cyberwarfare is emerging as a new battlefront for the world’s superpowers, and it is clear that the attacks witnessed in the United States and planned and executed by government operatives (Ohlin 48). The claim that Russia meddled in the last general election and thereby participated in determining the president of the United States is a show of power. It is an achievement to the Russian government as it feels it deserves to be the superpower.

On the other end, the United States has the responsibility to protect itself from such attacks as the only way of demonstrating that it has the technical capacity, financial muscle, and political will to engage in the new battle for supremacy in cyberspace (Schünemann and Baumann 38). In such an environment where cyber-attacks are considered a show of power, it may not be easy for the existing laws to help fight crime. As long as these criminals enjoy state protection, they know that they cannot be subjected to any form of punishment by foreign governments.

Response

The approach that an organization takes in case of a cyber-attack is very important. According to Roscini, an organization needs to ensure that it makes an immediate response to such an attack in a way that would discourage future attempts to breach the system (60). When the United States power grid was attacked by Russian cybercriminals, the government responded promptly to protect its integrity.

Risks/Weaknesses

When responding, it is important to understand the risks and weaknesses of the organization. The fact that these criminals managed to have access to the database of the grid was a major sign of weakness. It was an indication that the security measure put in place to protect its digital data was not capable of achieving these goals when faced with a complex problem. The risk of such a serious weakness was that unauthorized individuals could easily have access to the information considered confidential. These criminals could also sabotage the operations of this entity in case they are ordered to do so by their government.

Innovation/Payoff/Result

Innovation is the only way of dealing with the current cyber threat in the United States and other parts of the world. It is necessary for the management of the power grid and many other government institutions and private entities operating in the country to consider investing in new technologies when it comes to data protection. They need to be one step ahead of the criminals by maintaining innovative ideas in their operations (Schünemann and Baumann 68). The payoff or results of such investment would be a secured database that cannot be compromised by criminals. The government will be assured that this important institution is not sabotaged by a hostile state.

Cyber Threat Assessment and Attributes

Profiles of the Cyber Threat

It is important to conduct a cyber-threat assessment to understand their magnitude on an organization, the possible frequency of their occurrence, and the manner in which an organization can deal with them effectively. One of the first steps of the assessment is always to determine their profile. Table 1 below shows the generic threat matrix. It summarizes how a firm should profile cyber threats.

Incident Data

The power grid cyber-attack was a major indication to the American society that cyber-security is becoming one of the most important issues that can no longer be ignored. The government did not reveal the exact data about the incident stating dates and level of data compromise. However, it was established that the incident must have started in late 2016 or early 2017, and the criminals were able to have access to critical information that would sabotage the operations of the institution (Roscini 28).

Attack Vectors

The vector of the attack, as was revealed by the Federal Bureau of Investigation, was the critical database of the firm that defines the plant’s operations, its strategic goals, and steps that it is taking to meet the increasing demand in the country (Schallbruch and Skierka 57). The investigators revealed that once these Russians have access to the database, they focused on data explaining strategic plans and specifics about the daily operations of the entity. The fact that these hackers went for passwords and login details also demonstrates that they had the desire to manipulate the operations of the system by posing as the administrators authorized to initiate specific operations in the plant.

Target Characteristics

When conducting a cyber-threat assessment, Buchanan explains that one of the important issues that an institution has to consider is the target characteristics (43). The response team must consider the threat as a target that needs to be evaluated to determine how to respond. The significance of the threat, the possible outcomes, and the frequency of the threat are some of the factors that have to be considered. Table 1 below shows how the cyber-threat should be classified and rated.

IOCs, TTPs Cyber Threat Protecting, and Defending Mechanisms

Using indicators of compromise (IOCs) to identify potentially malicious activities in the database and tactics, techniques, and procedures (TTP) to determine the modus operandi of cyber adversaries are some of the steps that a firm should take database. In this section, the focus is to determine appropriate defense mechanisms in cyberspace.

General Protection Framework and Applying the Framework on the Attack

The FBI and the Department of Homeland Security played a major role in ensuring that data breach of the power grid was managed effectively. They used an appropriate framework to monitor and respond to the threat in an appropriate manner. They used Open-source intelligence (OSINT) to deal with the threat. OSINT allowed them to collect data automatically about irregular activities in the database without the knowledge of the attacker. The framework enabled the authorities to monitor darknets for any changes in the status quo, which symbolizes irregular activities. The approach made it possible to monitor the activities of the hackers, the information they were interested in collecting, and their primary aim.

Best Protection Model

The use of both the IOCs and TTPs is the best protection model that the power grid and many institutions that face similar threats should embrace. One of the benefits of using this model is that it allows the victim to monitor the activities of the attacker without the criminal’s knowledge. One can determine the primary goal of such attacks by determining the information they focus on (Kalb 58). It is easy to mislead them while at the same time protecting vital information in the company. It can also help in determining the identity of the attacker, which makes it easy to find a lasting solution to the problem.

Cyber Threat Infographic

A cyber threat infographic makes it possible to use pictures and data together to explain the nature of the problem and the manner in which one can deal with it. As shown in figure 4 below, the number of those who have been victims of cybercrime is on the rise. The respondents in the statistics shown in the figure also indicate that such attacks are becoming increasingly expensive.

Description Infographic

The description infographic on the power grid cyber-attack provides a summary of the main pillars of the threat. The analysis framework of the cyber threat, a timeline of the attack, sustain/show of power, innovation/payoff/results, response, planning/initiation, and triggers. The infographic also identifies risks/weaknesses, distribution, methods, purpose/target, and protection/mitigation plans as discussed in this paper. Figure 5 below provides the information.

Cyber Threat Implications on the UAE

The United Arab Emirates’ economy is growing rapidly, and the cities of Dubai and Abu Dhabi have been attracting international investors over the past decade. The positive economic outlook of the country means that it is also becoming a major target of cybercriminals. As Rugge notes, cybercriminals do not just target financial institutions (86). They also attack government agencies, as was the case with the power grid attack in the United States, and private entities that are not operating in the financial industry. Their goal in every attack varies, and it is important for different stakeholders in the country to be ready for such an eventuality.

Cyber Security Strategy

The government of the United Arab Emirates should promote public-private partnerships in the fight against cybercrime in this society. According to Radziwill, the biggest concern in fighting this vice is that these criminals do not have to be physically present in the country to execute an attack (40). Such attacks are often planned and executed in a remote location that may not be easy to trace.

The best strategy is for the local stakeholders to pool their resources and fight this vice as a unit. It would be necessary to identify common cyber threats and formulate a common effective plan for addressing them. Embracing international best practices, such as those used in the United States where the problem has been rampant for the last decade, can be helpful. Embracing innovation can also help local stakeholders to deal with the threat.

National Cyber Crime Law

According to Shackelford, the United Arab Emirates is one of the countries in the MENA region, which have taken major steps in enacting strict cyber-security laws (64). The amendment of Article 26 introduced a new penalty of jail time of 10 to 25 years and a fine of between AED 2-4 million for those found guilty of various forms of cybercrime (Kaplan 86). The amendment also states that those who engage in hate speech could be sentenced to five years in jail and pays a fine of not more than AED 500,000.

Article 28 of the country’s constitution also specifies that those who manage websites or use the internet to engage in inciting acts would pay 1 million Dirham as a fine. They can also face a jail term specified by the judge. Article 43 provides for immediate expulsion of a non-citizen resident of the county who engages in cybercrime within the country (Ohlin 59). The country has also embraced regional policies and regulations on how to deal with the problem of cyber insecurity.

International Cyber Laws

The international community has come to appreciate the importance of coming together of nations to fight the problem of cybercrime. One of the initial international laws on cybercrime was the Convention on Cybercrime that was drafted by European Council together with the United States, Japan, and Canada in 2001 (Kosseff 112). It defined the meaning of cybercrime and the measures that should be taken to address it. Commonwealth’s Convention on Cybercrime, the London Action Plan, and Cyber Security Enhancement Act (CSEA) are some of the active international cyber laws (Schünemann and Baumann 78).

Conclusion, Summarization & Closing Remarks

Cyber-security is a major concern in modern society as digital data become increasingly important to the current generation. The attack on the United States’ power grid in 2017 was a clear indication of the extent to which some of these cybercriminals are willing to go to achieve their interests. The government of the United Arab Emirates should be ready to deal with this threat by embracing the following recommendations:

• The government should work closely with stakeholders in the private sector to formulate effective solutions to common cyber problems;
• The stakeholders should pool their resources to further research on how to deal with the problem innovatively;
• It is necessary to embrace international best practices when dealing with the problem of cyber-security.

Lessons Learned

This project provided important lessons to the researcher that will define the approach taken when dealing with similar problems in the future. One of the most important lessons is that cybercriminals may not be necessarily motivated by monetary desires. Some are just curious, while others serve the interest of their government. The researcher also learned that every institution, including government institutions, is vulnerable to cyber-attacks.

Works Cited

Buchanan, Ben. Cybersecurity Dilemma: Network Intrusions, Trust and Fear in the International System. Oxford University Press, 2017.

Clark, Robert, and Simon Hakim, editors. Cyber-physical Security: Protecting Critical Infrastructure at the State and Local Level. Springer International Publishing, 2017.

Dehghantanha, Ali, et al., editors. Cyber Threat Intelligence. Springer, 2018.

Kalb, Marvin L. Imperial Gamble: Putin, Ukraine, and the New Cold War. Brookings Institution Press,, 2015.

Kaplan, Fred. Dark Territory: The Secret History of Cyber War. Simon and Schuster, 2016.

Kosseff, Jeff. Cybersecurity Law. Wiley, 2017.

Ohlin, Jens. Cyber War: Law and Ethics for Virtual Conflicts. Oxford University Press, 2014.

Radziwill, Yaroslav. Cyber-attacks and the Exploitable Imperfections of International Law. Brill, 2015.

Roscini, Marco. Cyber Operations and the Use of Force in International Law. Oxford University Press, 2014.

Rugge, Fabio. Confronting an Axis of Cyber: China, Iran, North Korea, Russia in Cyberspace. Ledizioni LediPublishing, 2018.

Schallbruch, Martin, and Isabel Skierka. Cybersecurity in Germany. Springer, 2018.

Schünemann, Wolf J, and Max-Otto Baumann. Privacy, Data Protection and Cybersecurity in Europe. Springer, 2017.

Shackelford, Scott J. Managing Cyber Attacks in International Law, Business, and Relations. Cambridge University Press, 2014.

It is significant to note that cyber dangers are growing in importance as a result of technical improvements and the reliance of contemporary firms, like Deloitte, on hackable and exposed communication tools. Since the company’s primary source of income is cybersecurity consultancy, its reputation will suffer the most. In other words, even though the hacking may directly affect operations and cause disruptions to the business as well as the recovery of stolen data, all of these effects are ultimately repairable and reversible, while the reputational damage will not only have a short-term impact but will also be reflected in future deals.

Deloitte’s response to the situation can be considered to be reasonable and effective because it was able to prevent reputational damage by keeping the breach of the attack a secret. The business succeeded well in that it avoided adopting collective crisis accommodating measures and instead concentrated on non-expositional ways of data containment. To reduce the likelihood of reputational harm, Deloitte only informed top and senior managers and promptly got in touch with them directly informed affected clients.

In other words, the reputational damage is greater when a company in crisis employs accommodating strategies, such as exposing itself to the public and being excessively transparent about the specifics of the issue, than it would be if it stuck to defensive strategies and limited forms of communication. The business should have instead strengthened its internal security analyst’s team by extending the relevant department to assure future preparation instead of recruiting external specialists, which has the potential to cause information breaches.

The first top priority is the urgent inclusion of a multistep verification mechanism for administrative emails and other communication channels. The lack of serious security measures for the internal communication channels was the primary cause of the attack. It is significant to highlight that the hacker or hackers did not cause the significant losses and damages that they could have. Second, the company’s internal communication network must be completely redesigned. One communication channel, corporate email, was used to convey all sensitive information. This weakness must be fixed by establishing some highly secure communication channels that are distinct from one another and utilized for various reasons. The third priority should be investing in and expanding the security analyst and expert team for the company lives up to its supposed expert position in the security

Reference

Krebs, B. (2017). Source: Deloitte breach affected all company email, and admin accounts.

Executive Summary

The study will focus on examining the resilience of Austria to the threat of cyber-attack. The approach will include a qualitative study and a review of government sources and academic literature. The main sections will entail introduction, literature review and methodology, key findings and discussions, conclusion, and recommendation. Under the introduction, the manuscript will provide the background and history of cybercrimes and threats. Moreover, the document will illustrate the statement of the problem alongside the key objectives to evaluate during the study. Furthermore, there will be a comparative study on various countries related to the chosen area of interest.

Under the review of collected works, the substantial concentration will be put on the values of various activities amounting to threats and cybercrime. In addition, the researcher will also explore the trends in the world to help deduce value conclusions and recommendations. Under the findings, the study will provide a clear illustration of what the previous scholars established to ascertain the importance of the topic in modern society. Additionally, there is a need to make comparative reference to government documents to appreciate the role of legislation and governance in technology and development. There are several aspects which may pose a danger to cyber users; hence, the motivation should remain on manifested implication as opposed to opinions and outcries.

Introduction

Cybercrime is a global phenomenon which poses a fundamental threat to all economies in the world. Countries show different resilience levels worldwide; hence, there is a need to understand how Austria has fared in this sector.

Background and statement of the problem

The introduction of technology and the use of internet services expose the world to a global mechanism of networking. At the same time, it also presents users with multiple privacy concerns which threaten peace and cohesion in several ways.

Study objectives

The main objective of the report is to examine the level of resilience of the Austrian government in tackling the threats of cyber-attacks.

Significance

The significance of the study will help in contributing to the literature about cybercrime and ways to respond to the threat among states and individuals under various capacities.

Literature Review/Related Works

Global trends

This procedure will indulge in understanding the various types of cyber-attacks, country response, and the strategies for sustained resilience.

Regional thread

Ideally, it is important to compare how the neighboring countries have tackled the issue and their resilience techniques to make viable conclusions for this report.

Local dimension

Internet activities and cyber-attacks are essential in evaluating the threats to various attacks with the industry.

Findings and Discussion

The findings will include all the key objectives and the outcome from the regions of interest, including factors contributing to the threads alongside the visible practices.

Conclusion and Recommendations

Succinctly, all facts and data derived from the investigation will amount to commendable study results, which will help in making deductions and potential alternative provisions for the relevant authorities and entities in place.

References

Allison, D., Smith, P., McLaughlin, K., Zhang, F., Coble, J., & Busquim, R. (2020). PLC-based Cyber-Attack Detection: A Last Line of Defence. In IAEA International Conference on Nuclear Security: Sustaining and Strengthening Efforts. IAEA (Vol. 10).

Brenner, S.W. (2010). Cybercrime: criminal threats from cyberspace. Santa Barbara, Calif.; Oxford: Praeger.

Brown, I. (ed) (2013). Research Handbook on Governance of the Internet. Edward Elgar Publishing Ltd.

Brown, I. and Marsden, C.T. (2013). Regulating code: good governance and better regulation in the information age. mit press.

Gouglidis, A., Green, B., Busby, J., Rouncefield, M., Hutchison, D., & Schauer, S. (2016). Threat awareness for critical infrastructures resilience. In 2016 8th International workshop on resilient networks design and modeling (RNDM) (pp. 196-202). IEEE.

Holt, T.J. (2012). Cybercrime and criminological theory: fundamental readings on hacking, piracy, theft, and harassment. cognella.

Murino, G., Armando, A., & Tacchella, A. (2019). Resilience of cyber-physical systems: an experimental appraisal of quantitative measures. In 2019 11th international conference on cyber conflict (CyCon) (Vol. 900, pp. 1-19). IEEE.

Naughton, J. (2012). From Gutenberg to Zuckerberg: what you really need to know about the internet. Quercus.

Shafqat, N., & Masood, A. (2016). Comparative analysis of various national cyber security strategies. International Journal of Computer Science and Information Security, 14(1), 129.

Skopik, F., Ma, Z., Smith, P., & Bleier, T. (2012). Designing a cyber-attack information system for national situational awareness. In Future Security Research Conference (pp. 277-288). Springer, Berlin, Heidelberg.

The issue of cyberattacks becomes more and more critical with time because of technological development. The attention paid to it constantly increases, as cybercrimes have entered the top of law enforcement activities. Among the major recent attacks on US businesses was the one targeted at JPMorgan Chase. This organization is among the leading banking institutions in the country that deal with financial services within more than 100 locations. Its history can be tracked for more than two centuries so that it is not surprising that it has millions of clients who are represented not only by individuals but also by businesses, institutional and governmental bodies (JPMorgan Chase & Co., 2017).

In July-August 2014, this company experienced a range of cyberattacks. As a result, a lot of data was stolen, including checking and savings account information. More than 80 million households and small businesses suffered from this incident. Their account information was compromised, which attracted attention to the security problems within JPMorgan Chase. Fortunately, no evidence of fraud or misuse of these data was identified. Access was mainly obtained to email and home addresses as well as to phone numbers, which is not extremely critical as such information is often available even to the representatives of the general public (Granville, 2015).

The attack began in spring two years ago. Professionals claim that, first of all, the hackers stole the login information for one of the employees who worked in the bank. As a result, they received an opportunity to enter the network and get customers’ contact information. However, the bank got to know about it only in August, as its sponsors were also attacked. All in all, this group of criminals hacked more than 90 servers that belong to JPMorgan Chase. Still, they were finally caught before accessing private customer financial information (Leyden, 2014).

It was difficult for the company to ensure its network security because it integrates with the customers’ networks. However, professionals believe that the attack could have been prevented at the initial stage if the system was better protected. One of its network serves was neglected and had unguarded holes. The bank did not update its software, which made it vulnerable. An improved authentication mechanism could have solved this problem.

It is not yet known where this cyberattack originated, but Goldstein, Perlroth, and Corkery (2014) reported that Russia and Brazil were under suspicion. The reasons for treating Brazil as the origin of this crime were not revealed and lacked evidence. Still, Russia was likely to be an adversary due to the economic sanctions and interference of the USA in the issues between Russia and Ukraine. However, the FBI eventually claimed that it was not a culprit. I believe that this theory was true to life but was frayed because it lacked sufficient evidence.

Regardless of the country involved in the attack, it was sophisticated and well-planned even though no novel software bugs were used. If an adversary was Russia, it could have been willing to reduce the influence of the USA on the world’s situation, and on Ukraine’s situation, in particular. Considering the fact, that the USA is very active on the global market and is one of the leading countries that supports others, Russia might have thought that a threat to one of its main banks would make the USA focus on its inner problems only instead of interfering in international issues. As a result, Russia would have an opportunity to become more powerful and influential so that it could leave the USA behind and turn into the global leader in the future.

Still, it cannot be claimed that the attack was successful. Of course, a lot of bank’s clients were affected, but the information that was accessed was not critical and did not provide the hackers with the opportunity to influence them negatively. In addition to that, no frauds were found after the investigation, which supports this point of view. As other institutions were also hacked by the same group, the adversary made the USA focus on the inner problems. However, the threat was not crucial enough to make it stop focusing on global issues.

Considering the discussed point of view, the attack was likely to be an outside job. No bank employees or the USA citizens were suspected of being involved in this crime. It is not likely that people from JPMorgan Chase worked with the hackers because other institutions were also targeted by the same group. Americans who do not want their country to help others at least until it solves all inner problems could have initiated the attack, of course. However, the FBI conducted an investigation and did not concluded that someone from the country was involved. What is more, influences from the outside are now often discussed in the USA, which proves that this cyberattack is more likely to be a problem caused by someone from abroad.

In my opinion, JPMorgan Chase could have had an opportunity to protect itself from hackers if it paid more attention to network security (Griffor, 2016). First of all, it should have upgraded its network servers so that they use novel software that enhances security. For example, the utilization of the two-factor authentication would have prevented the attack even if the employee’s login information was obtained initially (Constantin, 2014). The security team of the bank should have maintained planned inspections to ensure the absence of unguarded holes in the network. Finally, the organization should have got its personnel briefed on the issue.

References

Constantin, L. (2014). Two-factor authentication oversight led to JPMorgan breach. Web.

Goldstein, M., Perlroth, N., & Corkery, M. (2014). Neglected server provided entry for JPMorgan hackers.New York Times. Web.

Granville, K. (2015). 9 recent cyberattacks against big businesses.New York Times. Web.

Griffor, E. (2016). Handbook of System Safety and Security. Amsterdam, Netherlands: Elsevier.

JPMorgan Chase & Co. (2017). About us. Web.

Leyden, J. (2014). JPMorgan Chase mega-hack was a simple two-factor auth fail.The Register. Web.