Category: Cybersecurity

What was PDD-63 signed by President Clinton and how did it set the pace for cybersecurity directives and future laws?

Presidential Decision Directive 63 (PDD-63), also titled Combating Terrorism, was the document that identified the unconventional methods of attack that might be used against the nation, assessed the danger of cyberattacks, and the need for preparation. This directive paved the way for future measures against cybercrimes and laid the groundwork for more cooperation between the public and private organizations, in pursuit of national security (McGowan, 2013).2. Describe how the Patriot Act dealt with cybersecurity.

The Patriot Act maintained that law enforcement in collaboration with national security should be able to use every technological development of the 21^st century to prevent threats (Eastton & Taylor, 2011). The Patriot Act addressed the threat of cyber terrorism by enabling surveillance of online communications and Web use, as well as ordering the creation of Electronic Crimes Taskforce, which would focus on investigating cybercrimes (Aspects of Cyberterrosim Covered by the Patriot Act, 2006).

Describe the National Strategy for the Physical Protection of Critical Infrastructures and Key Assets and how it attempts to protect cyber assets.

The purpose of this document was to create and develop the guiding principles for improving the protection of the nations critical infrastructures and key assets by reducing their vulnerability to physical attacks from terrorists. The document presented cyber systems as part of these critical infrastructures (Department of Homeland Security, 2003). As part of the initiative, it meant that integrated risk modeling would be conducted to study vulnerabilities as well as the consequences of an attack on these systems. Finally, the information systems and networks were to be assessed and identified in order to better understand the full scope of the dangers.

What is PPD-21 and how does it fit into the protection of cyber assets in the United States?

PPD-21 is a Presidential Decision Directive issued in 2013 by President Barack Obama, titled Critical Infrastructure Security and Resilience. It is a cybersecurity executive order that redefined the organizations and companies where a cybersecurity incident could reasonably result in catastrophic regional or national effects on public health or safety, economic security, or national security, and include them as a part of the US, in order to mitigate the threat of cyber attacks and improve responses (Exec. Order No. 13636, 2013).

List and briefly describe the 16 critical industry infrastructures.

The critical infrastructure sectors according to PPD-21 are (Critical Infrastructure Sectors, 2013):

• Chemical Security (mostly privately-owned companies, includes basic and specialty chemicals, agricultural chemical, pharmaceutical, and consumer products industry segments).
• Commercial Facilities Sector (includes industries involved in shopping, entertainment, business, and accommodation).
• Communications Sector (is especially important, as it is an enabling factor for all other infrastructure sectors).
• Critical Manufacturing Sector (this sector is responsible for metals manufacturing, machinery that is used in other sectors, electrical equipment manufacture, and transportation production).
• Dams Sector (damn maintenance and proper function).
• Defense Industrial Base Sector (research and development, as well as production and maintenance of military equipment).
• Emergency Services Sector (includes all services that save lives, property, and environment, and help communities and individuals to recover from disasters and emergencies).
• Energy Sector (provides the energy supply for the economy to function properly)
• Financial Services Sector (includes organizations like banks, credit unions, investors, etc).
• Food and Agriculture Sector
• Government Facilities Sector (includes a wide variety of federal, state, local, and tribal owned organizations, which provide services critical to effective functioning of the state).
• Healthcare and Public Health Sector (plays a vital role in maintenance of public health, and in dealing with the outcomes of terrorist acts, disease outbreaks, and other disasters).
• Information Technology Sector (similarly to communications is vital for intercollaboration of different sectors and their functioning, but is also a source of potential dangers which need to be assessed).
• Nuclear Reactors, Materials, and Waste Sector (includes industries which use nuclear power).
• Transportation Systems Sector (transportation of goods and people inside and outside the state).
• Water and Wastewater Systems Sector (a vital sector, which need protection to ensure public health, and most human activities).

How do the specific sectors work with each other to provide cyber security?

Information Technology Sector, Government Facilities Sector, and Communications Sector work tightly together to provide cybersecurity by eliminating all identify and eliminate cyber vulnerabilities and, together with the other sectors, maintain effective and up-to-date facilities for threat prevention, as well as share information critical to the sectors safety (Whitman & Mattord, 2011).

References

Aspects of Cyberterrosim Covered by the Patriot Act. (2006). Web.

Critical Infrastructure Sectors. (2013). Web.

Department of Homeland Security, (2003). The National Strategy for the Physical Protection of Critical Infrastructures and Key Assets. Web.

Eastton, C., & Taylor, J. (2011). Computer Crime, Investigation, and the Law Boston, MA: Course Technology, Cengage Learning.

Exec. Order No. 13636, 3 C.F.R. (2013).

McGowan, M. L. (2013). 15 Years After Presidential Decision Directive (PDD) 63. Web.

Whitman, M. E., & Mattord, H. (2011). Reading & Cases in Information Security: Law & Ethics, Boston, MA: Course Technology, Cengage Learning.

Introduction

The quality control over computer forensic products is necessary because of the growth of the Internet services. While providing a variety of time-saving possibilities, the Internet also creates many opportunities for malicious activities and security breaches. Forensic practice shows that computer-related cases can be complicated for various reasons. The complexity of such cases leads to the necessity of proper quality control. Thus, the investigator and the lab are challenged not only with solving a case but also providing the appropriate evidence and maintaining the required level of quality. Therefore, the level of quality must be regulated by specific documentation and entrusted to specific individuals.

Challenges and Quality Control of Computer-related Cases

Computer services and the Internet present possibilities for a variety of criminal activities. Nevertheless, crimes can also be prevented and investigated with the usage of computer products. For instance, the analysis of mobile applications can play a critical role in the investigation and prevention of cyber crimes, as stated by Mahajan, Dahiya, and Sanghvi (2013). This point is further expanded by Grispos, Glisson, and Storer (2013) also touching upon cloud services. Both of these studies focus on whether or not data remaining in smartphones or cloud services can be used as evidence in solving cases. To summarize, the modern forensic practice relies not only on the traditional methods of gathering evidence and data but also on computer products, which proves to be a useful measure.

However effective the digital forensics can be, there is rarely a reason to use all of its resources. (Garfinkel, 2013). Not every forensic practice in the field of computer-related crimes is effective. Gathered data on the measures used by criminals to ensure their safety while committing a cyber crime indicates this ineffectiveness. The work by Stephenson and Gilbert (2013) presents the reader with methods used by professional hackers to commit cyber crimes. The increasing complexity of cyber crimes is also elucidated in the book. Thus, forensic units are facing a problem of preventing and solving cyber crimes while also coping with the increasing quality of cyber criminals skills.

Another important topic in the field of digital forensic is the discussion of the error. It is frequently discussed amongst many researchers (Christensen, Crowder, Ousley, & Houck 2014). The increasing standards of quality control are a direct result of this discussion. The effectiveness of digital forensics is provided by the quality of the investigations which can be entrusted to a specific document  Quality Assurance Manual, and an individual that is observing the abidance of the forensics units  Quality Manager (Barbara, 2013). With these assets operating properly, the percentage of errors in the forensic practice can be minimized.

Conclusion

Hence, one can see that quality control of digital forensics can and must be provided by the above-mentioned document and specifically nominated person. Although cyber crimes are difficult to investigate and solve, and the methods used in the process can be redundant, the effective procedure of investigating a cyber crime has become easier over the decades. This is a result of spreading computer products and the amount of evidence they are capable of storing. Todays quality control of digital forensics is a necessary measure that contributes a lot to the procedure of investigating cyber crimes.

References

Barbara, J. J. (2013). Quality assurance practices for computer forensics: Part 2. Forensic Magazine. Web.

Christensen, A. M., Crowder, C. M., Ousley, S. D., & Houck, M. M. (2014). Error and its meaning in forensic science. Journal of Forensic Science, 59(1), 123-126.

Garfinkel, S. L. (2013). Digital forensics. American Scientist, 101(5), 370-377.

Grispos, G., Glisson, W. B., & Storer, T. (2013). Using smartphones as a proxy for forensic evidence contained in cloud storage. 46th Hawaii International Conference on System Sciences, 1-10.

Mahajan, A., Dahiya, M. S., & Sanghvi H. P. (2013). Forensic analysis of instant messenger applications on Android devices. International Journal of Computer Applications, 68(8), 38-44.

Stephenson, P., & Gilbert, K. (2013). Investigating computer-related crime. New York, NY: CRC Press.

Introduction

My chosen source is a credible source of information because it is not outdated and has no indicated currency. The clearly stated minimization of ransomware threats makes its relevance easy to understand. The accuracy of the source is evident by the reference list that provides most non-actual links. It has high authority ratings because it contains accurate information and authors credential. The purpose of the source is to inform readers of the strategies to help healthcare professionals identify, avoid and respond to ransomware dangers (Budke & Enko, 2020). Its objectivity is fact-based, and the authors affiliation does not bias the information.

In the 21st century, technology has become an integral part of operations and is changing rapidly. Additionally, hackers have gained the ability to penetrate and compromise the most secure systems, and technological threats are rapidly evolving. Ransomware is malware that encrypts a system and prevents users from accessing it until they pay a predetermined ransom, after which hackers decrypt the data (Budke & Enko, 2020). Although the healthcare system has improved over time and becomes one of the most secure, many facilities use the same technology for their equipment and implement it themselves, making them more vulnerable to attack.

Ransomware can potentially target healthcare organizations for various reasons for healthcare providers to maintain their operations. Cybercriminals have become well aware of the industrys reliance on IT and the disruption caused by the inability to access critical information, making healthcare providers increasingly vulnerable (Budke & Enko, 2020). After all, they know that the hospitals systems must continue to work for patients safety, so medical institutions are always ready to pay the ransom. In addition, the hospital information system contains essential data that should not be lost.

Healthcare organizations should update their systems and software to protect against ransomware threats. They should also take adequate precautions, such as installing anti-malware software and regularly scanning their systems for vulnerabilities. Hospitals are responsible for ensuring the security of their systems, so they should scan all incoming and outgoing emails to detect threats and filter executable files from reaching end users (Budke & Enko, 2020). All employees of healthcare centers should therefore receive ransomware training.

Reference

Budke, C.A. & Enko, P.J. (2020) Physician practice cybersecurity threats: Ransomware, Missouri medicine. Journal of the Missouri State Medical Association, 117(2), 102104. Web.

Growth hacking is a method in marketing that was established by technology startups that apply inventiveness, diagnostic rationality, and social metrics in order to retail goods and acquire disclosure. It could be viewed as a branch of the online advertising network, as in many cases growth hackers are using techniques such as search engine optimization, website analytics, content marketing and A/B testing (The Definitive Guide to Growth Hacking par. 2). Moreover, growth hackers aim their attention towards low-priced and groundbreaking replacements for outdated advertising, for example, exploiting social communications and viral advertising rather than purchasing public notices for sale by the means of more classical correspondence such as broadcasts, journals, and visual and audio entertainment. Growth hacking is predominantly significant for the establishment of the new ideas, as it permits for a lean launch that focuses on growth first, budgets second. Facebook, Twitter, LinkedIn, Airbnb, and Dropbox are all companies that use growth hacking techniques (Growth Hacking par. 2).

To my understanding, in contrast to the marketers, who conventionally are not as much of technical specialists, growth hackers pursue only one goal, which is to expand the organization where they work. This goal can be achieved by the means of a variation of strategies that are labeled hacks, due to an absence of better terms. These hacks usually are cheap and for the most cases entirely free; furthermore, they are intended to advance the viral constant.

Ryan Holiday, the author of the Growth Hacker Marketing, has stated that the advertising issues that are currently confronting many startups are a separate budget that is dedicated specifically to advertising and a classical advertising experience. In order to replenish the absence of monetary funds and advertising background, growth hackers address advertising with an emphasis on novelty, invention, scalability, and the relations with users. Nonetheless, the representatives of growth hacking do not insulate the plan and the efficiency of the output from advertising. Growth hackers aim their efforts towards building the impending development and expansion of the production, including user acquisition, onboarding, monetization, retention, and virality, into the product itself. Fast Company used Twitter Suggested Users List for an example; this was Twitters real secret: It built marketing into the product rather than building infrastructure to do a lot of marketing (Biyani par. 2).

The essence of growth hacking appears to be in the persistent emphasis on growing as the only result that really makes a difference. Mark Zuckerberg, who is one of the creators of Facebook, is believed to have this attitude while creating Facebook. While the particular approaches diverge from organization to organization and from one business to the next, the mutual goal is always expansion. There are a few commanders that appeared to be a theme to as abundant disapproval and disputes as Facebook co-founder Mark Zuckerberg. Stockholders have protested against his aspiration towards the growth of the company, and many have appealed that Zuckerberg is publically incompetent and inexperienced and youthful as well to be a director of a business that huge.

Nonetheless, despite this disapproval, Zuckerberg without doubts is one of the most prosperous magnates and impresarios in commercial history. His minor venture that was developed while Zuckerberg was a college undergraduate has evolved into a worldwide superior in the business and is advancing and escalating to this day.

Those organizations that have effectively applied the growth hacking technique possess a viral circle frequently that is installed on the onboarding process as anticipated. Fresh consumers of the production naturally learn about the merchandise or maintenance by the means of their system. Moreover, by working with the merchandise or maintenance, the customers use it in common with their associates one after another. This circle of attentiveness, usage, and distribution is able to cause an ascending growth and expansion of the organization (Holiday The Secret That Defines Marketing Now par. 5).

Twitter, Facebook, Dropbox, Pinterest, YouTube, Groupon, Udemy, and Instagram appear to be the corporations that have been applying growth hacking methods in order to promote labels and advance incomes up to this day (Emerson par. 4). Moreover, applying growth hacking methods of marketing has also massively committed to the advancement and the extension of the social media, which densely utilizes the methods of permission marketing; friending, liking, and following, all closely associates to the idea of Permission Marketing (Barwise and Strong 20). For example, Facebook or YouTube offers primary instances of permission- based samples  either it offers to post, like, or repost, the user will have to send a friend request (or permission) to the likely anticipators. As a result, it could be observed that the combination of the growth hacking methods and the permission-based marketing appear to be one of the most efficient techniques towards marketing that is low-cost and effective. In the words of Ryan Holiday, advertising is not accidental; it is engineered with taking into account every little detail that may hinder the growth of the company (Holiday 44). The growth hackers plunge genuinely into the data that is accessible to them and perfect it until they receive supreme outcomes.

Works Cited

Barwise, Patrick and Colin Strong. Permission-Based Mobile Advertising. Journal of Interactive Marketing 16.1 (2002): 14-24. Print.

Biyani, Gagan 2013, Explained: The Actual Difference between Growth Hacking and Marketing. Web.

Emerson, Rip 2013, Chamath Palihapitiya on Growth Hacking and How to Create a Sustainable User Acquisition Engine. Web.

Growth Hacking 2015. Web.

Holiday, Ryan. Growth Hacker Marketing, London, United Kingdom: Portfolio, 2014. Print.

. The Secret That Defines Marketing Now. 2013. Web.

The Definitive Guide to Growth Hacking. 2013. Web.

Changes to a single system component causing the need for changes to the controls

The risk treatment actions involve the avoidance of risk, reduction, transfer, and acceptance. This sequence is a part of a larger cycle that includes establishing the context, identification of the risk, its evaluation, treatment, monitoring and review (Treat Risks, 2009).

The first component of the risk treatment framework (avoidance) refers to the decision not to go through with the procedures that may present a risk; the second one (reduction) stands for the minimization of the possibility of a risk in the future; the third component (transfer) involves outsourcing the potential risk to the other parties so that the risk outcomes affect the other areas; finally, the last component (acceptance) stands for the admission of risk as an existing factor whose level is monitored and taken under control (Treat Risks, 2009). When the changes are introduced to any of these elements of the system, the whole structure changes. For instance, when the stage of avoidance is not followed, the risk remains and keeps requiring new controls. The same happens when the second, third, and fourth steps are not addressed. In other words, the cycle remains incomplete and needs to be reevaluated with the addition of new or different control measures.

The necessity to modify the Cyber Insurance coverage in case of a change to a system component

Carter (2015) mentions an example of changing the cyber risk insurance policy for a purpose to add the aspects protecting the company and the employees from bodily injury and property damage. Such modification will expand the terms and conditions of the policy and introduce changes into the activities which the policy is expected to cover and respond to. The newly added aspects may contain potential threats to security. As a result, due to the change in one or more of the system components, the whole sequence of the risk treatment actions is to be re-visited to address the new dangers. Namely, the component of risk transfer is being adjusted due to the changes in the security insurance. The policy directly correlates with the component, and that is why the change in one of the elements will require the other party to be modified as well.

The application of pre- and post-implementation assessment when implementing a control

According to SANS Analyst Program, the controls may cover versatile dimensions such as the applications and the vulnerabilities of network and endpoint devices, malware defense, data protection, and the access and recovery (Hietala, 2013). For the information security professionals to choose which controls are the most applicable to the particular situations, they are to apply a pre-implementation assessment.

Also, after the control is in place, the specialists are to conduct another evaluation and make sure that the control fulfills its duties and objectives correctly. This activity is called a post-implementation assessment. During the control implementation, the professionals must use the results of the pre-implementation. Hietala (2013) also maintains that the networks become more resistant to the attacks when the controls of different types are in place. For example, the critical security controls may be added to the existing controls and strengthen the protection. One aspect the specialists are to take into consideration is that the controls should not clash with one another; otherwise, such contradictions may result in security risks and breaches.

Addressing the remaining risk after implementation of a new control and a post-implementation assessment

In a situation when the control has already been placed, but the post-implementation assessment reveals the risk persists, a professional has several primary options and actions to undertake. First of all, the existing risk should be assessed and evaluated; it is possible that the level of the risk is minor, and it can be accepted within the fourth component of the risk treatment action. Secondly, if the evaluation shows that the level of risk is too high and cannot be accepted, it is possible that the specialists choice of control was flawed. The newly placed control is to be re-visited for a purpose to identify its compatibility with the system and its needs.

If the control was chosen wrongly, the specialist is to follow the risk management framework once again to see which stages contain errors (the context establishment, identification of the risk, evaluation of the risk, its treatment, monitoring, and review) (Risk assessment and risk treatment, 2014). Also, the client is to decide, if the risk can be tolerated by their company or whether or not the risk should be treated. If all the steps were done correctly but the risk remains, it is important to perform a cost-benefit analysis and find out whether or not the risk can be addressed.

References

Carter, J. S. (2015). Does Your Companys Cyber Risk Insurance Cover Cyber-Related Bodily Injury and Property Damage? Web.

Hietala, J. D. (2013). Implementing the Critical Security Controls. Web.

Risk assessment and risk treatment. (2014). Web.

Treat Risks. (2009). Web.

Cybersecurity frameworks may differ significantly depending on the way in which the data is stored. Data servers may require regular supervision and maintenance, whereas usage of the cloud partially delegates cybersecurity to the service provider (Michels and Walden 383). Hence, it may be essential to thoroughly analyze the market and choose the most secure and cost-efficient option. However, regardless of the storage method, it may be vital to address several internal and external cyber threats.

The human factor plays a considerable role in the reliability of cybersecurity, as both user error and abuse of access-related privileges represent cyber threats. First, it may be highly beneficial to educate employees about cybersecurity in order to mitigate the probability of errors. Second, software-defined networking should be utilized to improve network visibility and flexibility. Software-defined networking can also be used to implement micro-segmentation, which may separate secure networks from public networks and prevent cybersecurity breaches by limiting the ability to access secure data from the public segment (Bakhshi 15). Therefore, both employees and external users will be able to access only the data they need.

It is also essential to introduce a comprehensive approach to external cybersecurity threats. A wide variety of threats, including ransomware, social engineering, malware, cloud security breaches, and phishing attacks, should be considered (Alsmadi 229). It may be highly beneficial to rely on third-party cybersecurity providers as they have extensive experience in the field and they may reduce security-related costs. Such providers as Cisco ASA, FortigGate, Sophos, and Meraki offer reliable firewalls for enterprises of different sizes. Nonetheless, it is critical to analyze the cybersecurity landscape in order to identify the most appropriate firewall in terms of both hardware and software.

Works Cited

Alsmadi, Izzat. The Nice CyberSecurity Framework: Cyber Security Intelligence and Analytics. Springer, 2019.

Bakhshi, Taimur. State of the Art and Recent Research Advances in Software Defined Networking. Wireless Communications and Mobile Computing, vol. 2017, 2017, pp. 135. Web.

Michels, Johan David, and Ian Walden. Cybersecurity, Cloud, and Critical Infrastructure. Cloud Computing Law, 2021, pp. 382418. Web.

As cybersecurity has been an intensely debated and widely researched issue, its application in the legislative context is also essential to explore. In the Security Magazine article, Henriquez (2020) discusses the Internet of Things (IoT) Cybersecurity Improvement Act and what it means for the public and the government. The reason behind the Acts signing into law was to address risks related to supply chains within the federal governments as a result of insecure devices with minimum requirements for security. Specific requirements of the Act include the mandatory publishing of standards and guidelines on the use of IoT devices by the federal government or the NISTs updates of IoT standards, procedures, and policies once in five years.

Because many IoT applications are designed in a way to allow digital interactions with other programming interfaces, it has become a priority to identify and reduce the occurrence of security vulnerabilities. Through the Acts implementation, digital devices can be secured using alternative and effective methods (Henriquez, 2020, para. 5). Important data that the legislation would safeguard include medical records, workplace plans, personally identifiable information, and any other sensitive data that can become available when devices connect to private corporate networks. Criminals often look for information to steal and use for fraud because the decreased prioritization of security measures in vulnerable products allows them to do so. Therefore, the IoT Cybersecurity Improvement Act is a step in the right direction for ensuring device protection when they connect to high-priority networks. Besides, with the Acts implementation, it will be curious to see whether companies increase the security of devices targeted to consumers as a result of the increased expectations of safety.

Reference

Henriquez, M. (2020). IoT Cybersecurity Improvement Act signed into law. Security Magazine. Web.

Synopsis

Applying existing knowledge to real cybersecurity threats is an excellent academic reflective strategy to conduct research and assess the quality of ones skills. Given the need to select the most recent cybersecurity events, I have decided to address the most pressing topic of recent weeks, namely the war that Russia has launched against Ukraine. I will avoid discussing political issues, but I will touch on a severe aspect related to cybersecurity. Specifically, a week ago, it was revealed that the international hacker group Anonymous had launched a cyber war against the Russian government and media, causing serious damage to the countrys reputation (Pitrelli, 2022). News stories reported that official websites of Russian ministries and some government-controlled TV channels were subjected to DDoS attacks, bringing their functionality to a halt. Data from 92 strategically important databases were reportedly compromised by a hacker group (Pitrelli, 2022). Some of that data was wiped, while others were renamed putin_stop_this_war. In addition, Anonymous orchestrated the theft of federal data from government oversight agencies, after which this data was released into the public domain.

In this situation, the critical cybersecurity issue defines the ability of an anonymous group of independent hackers to hack and influence entire countries government digital systems. This story demonstrates perfectly that even strong countries are not immune to cyberattack threats, and data theft and manipulation can cause damage to government agencies. On the other hand, Anonymous actions show that Russias cyber defenses are far from perfect; it would seem that such important federal data and state media should be well protected, but Anonymous showed otherwise.

Consequences

Any hacker attack is, first and foremost, a reputational damage to the organization whose bases were compromised. From this point of view, Russia had a major reputational crisis since Anonymous clearly showed that the digital assets of even a strong country, positioning itself as a superpower, can be compromised relatively easily. This has implications for investment flows as well; independent investors may lose interest in companies in a country whose resources are attacked by independent hackers. Of course, the current geopolitical agenda is already hardly conducive to foreign investment in Russia, but this blow reflects even more strongly the inability of developers and cybersecurity specialists inside the country to protect such vital data. In this sense, it should also be emphasized that the loss of trust and investment interest is likely not only from the outside but also from within. Russians, who observe how an independent hacker group can hack into government data and publish it, are likely to become less trusting of domestic companies and suspend investment in them.

In addition, the loss of databases for an organization has implications for the potential development of fraud. It has been reported that many of the personal data of government employees, including mailing addresses, names, and phone numbers, have been released to the public (Pitrelli, 2022). From this perspective, criminals and fraudsters, including those not affiliated with Anonymous, could use this information for blackmail or even physical crimes. Among other things, mailboxes can be hacked, and additional strategically important information can be compromised from them, creating new conditions for reputational and organizational risks.

Nor should we ignore the fact that employees who have failed to protect an organization from cyberattacks are not highly qualified. By now, there are a considerable number of ways to combat DDoS attacks, so the inability to provide adequate protection may be an indication of their low level of professionalism. As a consequence for Russia, this scenario is likely to lead to a wave of layoffs and personnel restructuring within government agencies. Many of the cyber-attacks are not always implemented by direct hacking because there is a phenomenon of social engineering. There is no guarantee that any of the employees of Russian federal agencies and media were not exposed to such attacks and phishing, which led to the data leaks. In addition, Russia might be interested in exploring measures to maximize protection so that there are fewer such threats in the future.

Finally, the nature of the published data should be taken into account  it is information from federal agencies, so it is classified as strategically important material. Any country or terrorist organization unfriendly to Russia could use this to prepare an attack or industrial espionage. As a consequence, one would expect physical threats from data leaks, which could follow immediately after other governments or terrorists understand how such data can be used.

Official government media sites have also been hacked, which has a consequence for spreading propaganda. Some of the TV channels and online news portals have been inaccessible for a long time, making it impossible for users to get information. Moreover, as we know, not all of the media outlets were attacked, but only those that are difficult to call independent; they supported Putins regime. For Russians, the blocking of such portals  when truly independent journalism was not attacked  demonstrated the true face of state media. As a consequence, it may have affected the loss of audience and decreased trust in such platforms.

Most likely, Russian government agencies and state media are now beginning to invest more finances and resources, including talented programmers, in cybersecurity. This situation has shown how flawed previous security practices were and has created a field for the development of new capabilities. This could include exploring new measures to protect against cyberattacks, using more muscular encryption systems, and rethinking access level systems. Since it is not out of the question that social engineering may have been the likely cause of the massive leak, organizations leadership can engage in retraining and a close investigation to identify the potential culprit employee. In addition, companies have lost much of their data if backups were not used. It may then be a conclusion for organizations to physically store all information from databases and the need to protect backups more securely. Moreover, it is likely that government agencies will have to create new databases and populate them anew if access to them has been lost. This creates a huge layer of necessary work that Russian authorities and the media will have to do in the coming months not only to get back up and running but also to ensure adequate functioning in the future. In the meantime, these enterprises will have to do a thorough propaganda job to regain their reputation not only before the Russians but also before the international community and investors. Only these steps seem to me to be the most appropriate in the current circumstances in order to regain their reputation and restore the former trust in their products.

Reference

Pitrelli, M. B. (2022). Anonymous declared a cyber war against Russia. Here are the results. CNBC. Web.

Technological innovations and globalization have allowed international organizations and local businesses to provide workers with remote access to their networks and servers. However, working from home has its set of disadvantages, primarily in cyber security, as it increases the chances of mishaps that might expose critical company information to competitors and third parties with selfish or destructive intentions. All individuals working remotely and within the institution should observe high operational standards and adopt strategies to limit cyber security threats due to negligence. Thus, the following policy brief details the initiatives and guidelines that administrators and information managers in a criminal investigation department should observe to protect against breaches of information and unauthorized access due to careless remote access work practices.

Background of Information

Employees with remote work access experience several benefits due to the flexibility and efficiency of completing their tasks at home or on the move. However, working from home risks the safety of organizational information. It exposes its servers and networks to risks due to inappropriate cyber security practices and attacks by malicious parties that may access the data through public networks and insecure channels. Subsequently, these threats bear severe implications for all shareholders in the organization. Therefore, it is better to ensure positive outcomes by guiding staff members on what to avoid when working remotely. In addition, it is necessary to offer support and assistance to ensure that all devices used to work remotely are updated with the latest antivirus security and protected from unauthorized access by third parties.

Purpose and Scope of the Policy Brief

Over the past years, instances of unauthorized access to critical organizational information and security breaches have increased due to external attacks targeted at the New York criminal investigations department. However, an evaluation shows that most cyber-criminals and offenders take advantage of gaps in systems adopted for remote working initiatives as the department observes high levels of information security within its setting (Curran, 2020). Therefore, the following brief intends to align the cyber-security practices of staff members working remotely in a crimes investigation department in New York. The policy brief will cover areas of access restriction using passwords, connecting to secure or private networks, and using updated antivirus applications to limit third parties from accessing the institutions information.

Causes and Implications of Inappropriate Remote Work Access Practices

Working remotely allows employees to manage their schedules and deliver on their obligations regardless of location and time. Additionally, it enables organizations to improve their prospects by enhancing their efficiency (Georgiadou et al., 2022). However, distant working limits the amount of control organizations have over their employees and obligates them to depend on the staffs dedication to organizational standards (Wang & Alexander, 2021). As a result, negligence often results in mishandling organizational data, carelessly storing passwords, and practices such as logging into user account using insecure networks and devices with obsolete antivirus software applications. Additionally, lacking awareness of the essence of data security limits employees from taking strict measures to protect organizational information (Ramadan et al., 2021). Therefore, institutional standards should establish guidelines to prevent inappropriate work-from-home practices that may result in data breaches and unauthorized access.

Cyber security issues such as third parties unauthorized access to critical information and data breaches have adverse implications on employees, institutions, and the individuals they serve. Exposing vital information to the wrong people can harm an organizations reputation and question its ability to handle critical issues (Curran, 2020). Additionally, accessing individuals private information puts clients at risk of blackmail and defamation. In turn, fewer people may want to engage or do business with organizations that do not observe the tenets of confidentiality, which may reduce the number of consumers and loyal customers (Wang & Alexander, 2021). Moreover, employees may face reparations due to litigation or suspension. Therefore, it is advisable to prevent these outcomes by adhering to guidelines that oversee the appropriate use and enhanced security of institutional systems in work-from-home initiatives.

Recommendations and Policy Implications

Standardized policies are critical in guiding all individuals in the institution toward the right direction in ensuring data security. The proposed recommendations aim to reduce unauthorized access to institutional information and data breaches due to staff negligence while working from home. Therefore, all individuals should adhere to the stipulations and immediately report to the concerned department in case they need assistance or in case of issues such as lost devices and misplaced passwords.

1. Employees working from home should pay attention to high levels of cyber security practices. Thus, the organization expects them to familiarize themselves with all the requirements and checklists for keeping their passwords and devices safe. Generally, employees should store their passwords far from others reach. Additionally, they should use secure networks to access user accounts since hackers can quickly obtain information from public networks.
2. The organization will occasionally offer premium antivirus software packages that all individuals should install and run on their devices. Keeping up with the latest spyware will help prevent third parties from interfering with the system and its servers using computer viruses. In addition, they will keep organizational files encrypted and safe from destruction.
3. Finally, the institution will provide occasional training sessions that all employees must attend. The sessions will involve education regarding cyber security issues and assessments to evaluate participants understanding. These programs are critical in informing staff members of the adverse implications of data breaches and solutions to protect their data and devices from unauthorized access.

Adopting standard cyber security practices, using the latest antivirus software, and informing employees of the need to observe high levels of data security are critical to the organizations success as these initiatives limit breaches and attacks. As a result, the institution will keep its promise of confidentiality to its customers and avoid the implications of unauthorized data access, including lawsuits, customer dissatisfaction, and lost revenue. Therefore, observing the policy recommendations will allow all staff members in the organization to benefit.

Work-from-home opportunities provide organizations and employees with numerous benefits due to flexibility, increased efficiency, and self-management. However, remote working exposes organizations to cyber security threats due to staffs negligence and inappropriate practices such as using public networks and ineffective antivirus software. Therefore, policies that target increasing employee awareness of their role in securing organization data, providing staff with access to the latest spyware and antivirus software solutions, and championing appropriate cybersecurity practices when working remotely can help mitigate the organization Against associated adversities. Paying attention to the appropriate utilization of institutional systems at home also protects the institutions customers from parties that may harm their reputation. Thus, all individuals working remotely should observe the recommended policy guidelines as they will help avoid losses and unnecessary problems.

References

Curran, K. (2020). Cyber security and the remote workforce. Computer Fraud & Security, 2020(6), 11-12. Web.

Georgiadou, A., Mouzakitis, S., & Askounis, D. (2022). Working from home during COVID-19 crisis: a cyber security culture assessment survey. Security Journal, 35(2), 486505. Web.

Ramadan, R. A., Aboshosha, B. W., Alshudukhi, J. S., Alzahrani, A. J., El-Sayed, A., & Dessouky, M. M. (2021). Cybersecurity and Countermeasures at the Time of Pandemic. Journal of Advanced Transportation, 2021. Web.

Wang, L., & Alexander, C. A. (2021). Cyber security during the COVID-19 pandemic. AIMS Electronics and Electrical Engineering, 5(2), 146157. Web.

Introduction

The world cruise industry continues to be characterized by a significant growth rate. In the global cruise community, two such American giants as Carnival Cruise Lines (CCL) and Royal Caribbean Cruises (RCL) dominate. The modern cyberspace and the level of development of information technologies provide unique opportunities to manage the most complex technological processes in the industry of cruise lines. Such a wide range of possibilities is increasingly being used for criminal purposes by hackers. Even though cruise ships are equipped with the most advanced technologies, they remain vulnerable to cyber attacks that may lead to economic, political, and social damages.

Cyber Security Concerns

In 1819, the first steam engine called Savannah was constructed, and it entered the history as a pioneer of transatlantic cruise shipping, making the first cruise from Savannah, GA, the US to Liverpool, England. However, upon returning to the US, the steam engine was dismantled, and the ship continued to cruise under sail. The leader in transatlantic cruises of the 20th century was the British ship company White Star Lines, which had a very ambitious plan to build the first cruise fleet (Gladden 59). The company created a new class of ships and built three vessels: Olympic, Titanic, and Britannic. These were the most grandiose liners of that time, the biggest and the fastest, with their interiors striking the imagination of contemporaries. These giant ships were used for the transportation of poor people on the lower decks and, at the same time, of richer individuals on the upper decks during cruise trips.

Since the 1970s, the cruise tourism industry has continued to evolve. The size of ships has been increasing, more and more diverse entertainment for passengers is available on board, and one can visit almost every country in the world today. The cruise ship industry, similar to any other major sphere of activity, develops in parallel with the technical progress: ships become more technologically-advanced as more and more processes are automated, computerized, and internet-based (Kirby). Electronic systems on cruise ships are used to store and process the personal information of customers and employees, and all organizations without exception are obliged to follow certain rules and implement technologies to secure data processing in order to minimize possible harm to individual identity, financial status, and so on (International Cruise Ship Industry 1).

Considering that almost everything controllable by technologies has a weak spot, any security gap on the ship will increase the system vulnerability, which modern hackers will aim to exploit for both financial and personal gains, as well as for the thrill of cybercrime. The problem is that black hat hackers (or cyber criminals, in other words) usually have extensive knowledge about breaking into computer networks and bypassing security protocols, and are also frequently engaged in writing and disseminating malware, which is a method used to gain access to these systems (Symantec Corporation). By using their skills, not only can they steal important and sensitive data but may control the ship distantly. Therefore, managers should strive to ensure a high level of compliance with security standards to avoid data breaches and any other adverse events that involve hacking.

Motivation for Hacking

The paramount question that should be addressed is what drives hackers. Taking into account the importance of obtaining an answer to the above question, Thycotic, working in the field of cyber security, conducted a survey of 127 hackers at the Black Hat USA conference in 2014 (What makes todays hackers tick?). It was revealed that 51 percent of respondents reported that their main motivation was to search for emotions and fun, while 18 percent said that they were stimulated by the need for money. The overwhelming majority of them, to be more precise, 86 percent, were also convinced that they would not be held responsible for the implementation of their cyber attacks; therefore, they continued to commit their malicious acts (What Makes Todays Hackers Tick?). The conclusion of the study is as follows: the number of attacks carried out is much higher than the level of system monitoring. Todays hackers are more adaptable than ever before, and this allows them to perform numerous attacks on various systems, increasing the success of their actions without increasing the degree of risk.

There are three pivotal reasons that make hackers target the cruise ship industry. The first one is a personal challenge as they perform these attacks to prove something to themselves. This does not mean that there is no element of danger from such attacks. Personal benefits compose the second motivation as numerous cyber attacks are made for the purpose of stealing personal data or money. It may also be one of the forms of vandalism. Sometimes, this is done to sow chaos by triggering an accident of IT systems (What Makes Todays Hackers Tick?). In other cases, there is a certain political aspect called hacktivism as, for example, conveyed by the groups of hackers who work under the name Anonymous. The key goal is IT administrators  people with direct access to servers and systems where a large amount of confidential information is stored, in particular, those of customers or users. This means that when a hacker has gained control over access codes, he or she can easily and quickly take control of the entire system.

Cyber Attack Vulnerabilities

According to the report of European Union Agency for Network and Information Security (ENISA), the analysis of cyber security aspects in the maritime sector raises puzzling statements that cyber security awareness is low or even nonexistent, including the industry of cruise ship. A small concern with cyber threats is also noted by the International Cruise Ship Industry, partially specializing in the safety of the marine industry (2). In particular, the fact that many employees in the maritime sphere are accustomed to being part of an almost invisible industry makes them feel secured. More often than not, if an ordinary person does not live near a significant port, he or she cannot imagine the real scale of the entire industry.

Along with the growing reliance on automation, the risk of external interference and disruption of the operation of key systems is significantly exacerbated. Hackers may interfere with the management of the vessel or the operation of its navigation systems, disconnect all external communications of the vessel, or acquire confidential data, as stated in Express report on the safety of navigation for 2015 (Kirby). The issue of relevance is complicated by the fact that not all information about successful attacks is widely publicized. Business owners can often keep silent about it, fearing such consequences as loss of authority, claims from clients and insurance companies, and initiation of investigations conducted by third-party organizations and government bodies

The complicated nature of cruise ships as well as their low protective measures contributes to vulnerability. For instance, Voyager of the Seas with the displacement of 137,000 tons is almost one and a half times that of its predecessor, the giant Queen Elizabeth II. The operator of the liner is the American company Royal Caribbean. In 1557 cabins, half of which has balconies, there are 3840 passengers, and the crew team consists of 1180 people (Voyage Further. Discover More). The length of the ship is 311 meters, the width is 48, and the height from the keel to the top of the chimney is 72.3 meters.

Voyager of the Seas has 15 decks, four of which are called Royal Promenade and have a length of 120 meters. According to the plan of its designers, all four Royal Promenade resemble the Burlington Passage in London with shops and restaurants. The ships theater is named La Scala, and the performances in it can be viewed by 1,350 spectators (Voyage Further. Discover More). The largest restaurant for 2100 seats occupies three decks in height, and a special rock of ten meters high is built on one of the decks where climbers can practice. There is an arena with an artificial ice rink. Moreover, this cruise ship provides an opportunity to get married  on the upper deck, just behind the pipe, there is a church.

Such a great variety of services requires a rather complicated system of equipment, monitoring, electricity, and control. On the largest cruise liner in the world called Oasis of the Seas, the total length of electrical wiring is sufficient to stretch it across the whole of North America. As one more vivid example, the ship is held in place by the special Global Positioning System (GPS), which is connected with three unique steering columns called azipods. Technically, azipod can be compared with the reversible engine of the aircraft with an emergency stop as it allows the ship to quickly reduce its speed to zero. Had Titanic had an azipod unit, it could have stopped just before the iceberg and escaped collision. Energy nodes have such a reserve and autonomy that during an accident Voyager of the Seas retains half of its capacity.

In addition to personal data of passengers and crew members that can be stolen, there are more dangerous threats associated with navigation, docking, and entering other countries ports. It is essential to identify two main systems that navigate cruise ships. The Automatic Identification System (AIS) serves for the transfer of a ships identification data (including its cargo), information about its condition, current location, and course (Kazimierski and Stateczny 1143). The device works by transmitting signals through the very high frequency (VHF) range between vessels, floating relays, and shore AIS-gateways that are connected to the Internet. In its turn, Electronic Chart Display and Information System (ECDIS) collects and uses AIS messages, data from radars, GPS, and other ship sensors from the gyrocompass and compares them with stitched cards (Kazimierski and Stateczny 1144). It is used to navigate, automate some tasks, and enhance navigational safety.

There are two directions of hacker attacks: the first is for AIS-providers collecting data from AIS-gateways installed on the coasts to collect AIS information and, further, to provide commercial and free services in real time (for example, MarineTraffic). The second type of attack is at the broadcast level directed at the AIS protocol. The attack on the protocol may be carried out using software-defined radio (SDR). The protocol architecture was developed for quite a long time; a senders validation mechanisms and encryption of the transmitted data were not provided since the probability of using expensive radio equipment to compromise the technology was regarded as low (Kazimierski and Stateczny 1146). One may note the possibility of the following scenarios: provision of false weather information to specific vessels to force them to change course to circumvent a nonexistent storm; falsification of Emergency Position Indicating Radio Beacon (EPIRB) signals that activate alarms in nearby ships; and the possibility of conducting a DoS attack on the entire system by initiating an increase in the transmission rate of AIS messages.

If one considers a hypothetical situation of a hacker attack, some potential consequences may be outlined. For example, the placement on the AIS-maps of the non-existent military ship of the country A in the territorial waters of the country B can provoke a diplomatic conflict. In addition, an attack by a hacker can lead to a deviation of the ship from the course as a result of substituting messages about a possible collision or moving it to a certain point in the water area by creating a false emergency beacon signal. In the complete set with ECDIS-systems, there are usually no means of information protection. It is also worth noting that Windows-based systems deployed on long-stayed ships do not always manage to receive even critical safety updates within reasonable time.

Vulnerabilities found by the researchers, largely associated with the server Apache, are installed in conjunction with the system. The implementer of malicious code can be an external infringer acting through the Internet or a team member using a physical medium to update or supplement navigation maps (Bothur et al. 85). The vulnerabilities found could read, download, move, replace, and delete any files on the workstation. With this development of events, an attacker gains access to reading and changing data from all service devices connected to the ships on-board network. Therefore, correct operation of the ECDIS-system is rather important, while its compromise can lead to the most adverse consequences such as injuries and even deaths of people, environmental pollution, and large economic losses.

Actual Examples of Past Events

On June 22, 2017, the US Navy Department received a message that the captain of the ship near Novorossiysk, Russia discovered that the GPS had incorrectly located its position (Weise). It allegedly was on land, in Gelendzhik airport. Having ascertained that the equipment is working properly, the captain contacted the neighboring vessels and found that the signals from the aeronautical information service indicated that they all occurred at the same in the airport. It touched at least 20 vessels. Weise notes that although the incident has not yet been confirmed, experts believe that this is the first recorded case of GPS manipulation  a long-spoofed attack, in which case spoofing is a fake signal from a ground station that misleads a satellite receiver.

In 2017, Danish shipping and logistics company Moller-Maersk reported that the virus that led to serious financial losses entered the system through the Ukrainian computer program (Baker). The company published a financial report for the second quarter of the above year that emphasized the impact of Petya virus attack at the end of June. Maersk preliminary estimated that financial losses from cyber-attacks are $200-300 million (Baker). The company claimed that as a result of the attacks suffered, the sea container traffic Maersk Line, operator APM Terminals as well as the logistics company Damco were engaged in collapse. Petya virus blocked computers, encrypted the information contained on them, and extorted money for unlocking the system. Microsoft declared that the virus was distributed through the accounting software M.E.Doc.

Another vivid case of compromise of satellite systems occurred in July 2013. The students from the University of Texas at Austin were able to decline $80 million yacht from the course using equipment that did not cost more than $3,000 (Dodson). Using a GPS simulator that is applied, for example, to calibrate equipment, they duplicated the signal of a satellite and gradually increased the power, thus managing to convince a ships navigation system to receive messages from the spoofing device and to reject the signal of the real satellite as interference (Dodson). After the navigation system began to work through the data of two satellites and the attacking device, the researchers managed to deflect the vessel from the initial course.

Responses to Threats and Their Improvement

As one of the measures to combat cyber attacks, it is important to note the second edition of the Guide to Cyber Security on Ships prepared by Baltic and International Maritime Council (BIMCO), the International Union of Marine Insurance, the International Association of Cruise Lines, the International Maritime Forum of Oil Companies, the Ministry of Railways, Intercargo, and Intertanko. The second edition of the Guide includes information on insurance issues and recommendations for effective isolation of networks (Wilkie). It also includes new practical guidelines for connecting the ship to the shore interface and managing cybersecurity when it enters a port and when it communicates with shore organizations.

The chapters on contingency planning and response to cyber attacks have been rewritten to reflect the fact that the guidelines are aimed specifically at ships and take into account remote conditions in the event of a breach of ship protection. In addition, a new insurance subsection has been added, providing for insurance coverage after cyber attacks, which is an integral part of the risks to ship owners (Wilkie). The Sectoral Guidelines are consistent with the recommendations given by the Guidelines for the Management of Cyber Security of the International Maritime Organization (IMO), which were adopted in June 2016.

To unify the navigation and meteorological information transmission system for the purpose of ensuring the safety of navigation on cruise ships, the Navigation Warnings on the Web (NAVAREA) world navigation warning service was developed. It is called to ensure the coordination of the transmissions of navigational warnings on the radio by all maritime countries. The transmission of navigation warnings, meteorological information, as well as alarms and necessary information when searching and saving should be protected by means of special technologies. What is also essential, crew training should prepare them for cyber attack related emergencies and their further elimination.

Conclusion

To conclude, it should be emphasized that poor preparedness of cruise ship industry in the times when cyber attacks are widely used by hacktivists, criminals, and terrorist groups is the main cause of vulnerability. In addition to the vulnerabilities of software and other weak points in the technical protection of these systems, the problem of the inability to instantaneously apply security updates for systems on ships on a voyage or in remote ports is also critical. Several cases when cyber attacks mislead ships systems were noted. As it can be seen from the report, there is an urgent need to disseminate existing policies and guidelines and increase the awareness of the identified problem.

Works Cited

Baker, Joe. Did the Maersk Cyber Attack Reveal an Industry Dangerously Unprepared? Ship Technology. 2017.

Bothur, Dennis, et al. A Critical Analysis of Security Vulnerabilities and Countermeasures in a Smart Ship System. The Proceedings of 15th Australian Information Security Management Conference Held 5-6 December 2017 at Edith Cowan University, edited by Craif Valli, 2017, Perth, Western Australia, pp.81-87.

Dodson, Brian. University of Texas Team Takes Control of a Yacht by Spoofing Its GPS. New Atlas. 2013.

Gladden, Graham P. Marketing Ocean Travel: Cunard and the White Star Line, 19101940. The Journal of Transport History, vol. 35, no. 1, 2014, pp. 57-77.

International Cruise Ship Industry. Cyber Security  Is The Cruise Industry Ready? HubSpot, 2014.

Kazimierski, Witold, and Andrzej Stateczny. Radar and Automatic Identification System Track Fusion in an Electronic Chart Display and Information System. The Journal of Navigation, vol. 68, no. 6, 2015, pp. 1141-1154.

Kirby, Will. Terror Fears At Sea: Cruise Ships Could Be Sunk by Cyber Terrorists, UK Government Warns. Express.

Symantec Corporation. What Is the Difference Between Black, White and Grey Hat Hackers? Norton, 2018.

Voyage Further. Discover More. Royal Caribbean, Web.

Weise, Elizabeth. Mysterious GPS Glitch Telling Ships Theyre Parked at Airport May Be Anti-Drone Measure. USA Today.

Wilkie, Gemma. Cyber Security Guidelines for Ships Launched Today. BIMCO. 2016, Web.

What Makes Todays Hackers Tick? Thycotic, Web.