Every profession has a code of ethics that are followed by its members in order to ensure self regulation. The code of ethics includes the values by which the members of a certain professional community must abide. These values are very instrumental in making the government and the public develop a level of trust for the specific profession. Codes of ethics differ with profession (Mizrach 2000, p. 1). One of the simplest and most informal of professional codes is the original Hacker Ethics. If a code of ethics is broken, the defaulting individual may be banned from practicing the profession. Violation of hacker ethics tend to lead to social ostracization. The existence of Hacker ethics in the computing profession leaves one wondering whether hacking is good or bad (Stone 1999, p. 1).
The definition of computer hacking
Computer hacking is, unlike other computer offenses, hard to define. In a general sense, computer hacking involves the intrusion of the computing privacy of other people, damage of the computing property of other people like files, software etc. or the theft of private information by unauthorized access to computer systems. Consider for example, a student logs in to the face book account of his/her classmate by trying different password combinations until the account opens (Erickson 2003, p. 1). This amounts to hacking since he/she accesses the computing resources of his/her classmate without the permission of the latter.
Another example could be a programmer who is hired to destroy files stored in a given computer by a client who wants to destroy evidence and commit frauds. This amounts to hacking since it is the destruction of computing resources of other people. Consider another example in which a programmer penetrates the system of a bank, creates ghost accounts and credits them with money. As evidenced in the examples above, hacking is mostly unethical (Harvey 2001, p. 1).
Two sides of hacking
Hacking has so much negativity attached to it for it to be termed as even remotely ethical. Hacking leads to unauthorized access of confidential information, destruction of personal resources for malicious reasons, acquisition of confidential information for use in committing crimes etc. It is therefore apparent that hacking is, literally, unethical. However, hacking can be used productively to benefit the owners of computing resources.
Consider for example a case in which confidential data is lost due to the security measures employed to protect it. In this case, organizational operations may be put to a halt until such data is recovered. Therefore, a computer hacker employed to recover this data will be acting ethically since the access to the confidential data/information will be authorized. From this argument, hacking is shown to be both productive and destructive depending on the ability and willingness of the hacker to abide to professional ethics (Bynum 2008, p. 1).
Conclusion
Hacking has a dual effect on the computing community. It can be both beneficial and destructive to the computing community. Most of the negativity associated with hacking is due to the fact that the ethics associated with this issue are not clear-cut. Computer professionals are therefore guided by blurred ethical guidelines whose non-compliance may not be taken seriously. With the growth in the use effectiveness of computer technology, clear ethical guidelines should be set out to guide computer professionals. On the other hand, it is of essence that hackers abide to the existing professional ethics and use their skills to benefit the computing society.
Reference List
Bynum, T. (2008). “Computer and Information Ethics”. Web.
Erickson, J. (2003). “Hacking: The art of exploitation”. Web.
Harvey, B. (2001). “What is a hacker?”. Web.
Mizrach, S. (2000). “Is there a Hacker Ethic for 90s Hackers?”. Web.
Living in the era of the Internet and online technology increases the vulnerability of the information stored online and on electronic devices. It upsurges ethical considerations, as, nowadays, personal data could be easily retrieved. Thus, hacking is one of the cyber activities, which makes the leakage a possibility. Initially, hacking was not associated with an illegal act (Pike, 2013). It was used to portray the “process of exploring and experimenting with a computer (Pike, 2013, p. 67).
The differentiation between ‘good’ and ‘bad’ hacking occurred when the terms black, white, and gray hats appeared. The black hats are primary threats, as their actions tend to be wrongful and focus on one’s favor (Mahmood et al., 2010). On the contrary, white hats are often opposed to the black ones since they attempt to catch me (Mahmood et al., 2010). The gray crackers do not cause any harm but can be used to examine the security. White and gray hats are the protagonists of a new computerized era. Nonetheless, it is questionable whether it is ethical to use them for governmental purposes.
This debatable nature of the benefits of advanced ‘hacking’ education and white crackers are the primary reasons for conducting this research. The critical goal of this paper is to understand the nature of hacking, its intentions, and criminal background. The benefits of white hats and recommendations to improve online security will be offered, as it will help evaluate a problem from a different viewpoint.
Definition of Hacking
As it was mentioned earlier, hacking was not meant to be a negative phenomenon in the computer era. It was often related to the actions, which seek innovation and development in the technological sphere (Pike, 2013). Thus, the commercialization of software and hardware was the primary driver of the change (Pike, 2013). Nowadays, hacking can be defined as a tool for “personal, corporate, and government espionage” (Monteith, 2016, p. 63). It is often regarded as an unlawful practice since it violates personal space.
The typology and conceptualization of hacking are rather complex. Nowadays, hacking is associated with a plethora of activities such as creating mischievous code, stealing confidential information, and disabling a firewall (Lacy, 2006). These matters are the primary concepts of hacking. Meanwhile, the intentions are driven by personal needs for financial independence and prosperity. Information is highly valued in the modern world, and it makes is one of the items in high demand (Fulton, Lawrence, & Clouse, 2013).
Speaking of types of hacking, it was revealed that the personalities of the crackers could be divided into white, gray, black hats. Black hackers tend to use unlawful practices to get access to the required information (Mahmood et al., 2010). In turn, the gray hats could not be considered as a source of the major threat, but they are often referred to as security assessment. Lastly, the white hats comply with the legislation and are often used to protect confidential information (Mahmood et al., 2010).
Hacking as a Criminal Act
As it was discovered previously, hacking is often viewed as a criminal act. This viewpoint is present, as black hats prioritize their wants and needs over the security and acquire the required data with the help of unlawful practices. This problem is widely spreading in the United States and worldwide (Thaw, 2013). The United States of America pays vehement attention to this question and protects the rights of the individuals by The Computer Fraud and Abuse Act of 1986 (Thaw, 2013). The primary goal of this law is to minimize the occurrence and consequences of hacking.
To understand the legal foundations of hacking, the definition of this computer phenomenon has to be provided. In this case, Hacking implies violating individual rights and freedoms due to unauthorized access to websites and servers (Thaw, 2013).
The presented above act attempts to differentiate hacker attacks from simple unauthorized logins (Thaw, 2013). Nonetheless, the majority of the companies do not follow these regulations and create confusion in the interpretation of the act. Despite the rising misinterpretation, hacking is still a criminal act punishable by law. In this case, the majority of the cybercrimes interfere with different branches and refer to unlawful actions such as harassment, theft, and fraud (Thaw, 2013). Consequently, similar types of punishments will be applied in instances of cybercrimes.
Controversies and Benefits of White Hats
It remains apparent that not all types of hackers are dangerous to modern society. For instance, white hats are often viewed as a “new breed” (Lacy, 2006, p. 2). The companies often hire or train this professional to prevent hacking attacks and minimize the leakage of information. There are several reasons for the rising popularity of this trend among the well-known companies. One of them is the improved security levels, as addressing services of white hats is more effective than using the firewall (Fulton et al., 2013). Another advantage of this type of hackers is the fact that it is a suitable approach to study the behavior of black hats and stop their actions (Fulton et al., 2013). Thus, white hats can be regarded as a new security mechanism, which is effective and cost-efficient.
However, one has to consider risks of white hats, as the availability of the specialized education portrays that any individual can become a qualified hacker within weeks (Lacy, 2006). This matter increases threats to online security since these competencies can be used in illegal practices. It could be said that the aspects mentioned above underline ethical controversies in using and educating white hats in governmental and organizational purposes.
Recommendations to Improve Security
Nonetheless, there are several approaches to improve online security at international, national, and individual levels. One of them is conducting the research on black hat activity, as it can help prevent future attacks (Mahmood et al., 2010). In this case, the governmental website could be used as sources of information. However, security professionals can also apply ‘honeypots’. This approach implies developing a trap for hackers by creating a perception that the falsely valuable information is treasured (Mahmood et al., 2010).
An alternative solution is the development of online security skills and competences. Following this strategy will help minimize the risks of black hacking. The recent research underlines that the profession of white hacker will rise in demand in the recent future (Fulton et al., 2013). For instance, international corporations are under aggressive attacks of crackers on a weekly basis (Fulton et al., 2013).
Companies such as Apple and LinkedIn require professionals, who will help them protect their information from leakage to the competitors (Fulton et al., 2013). In this case, particular attention has to be paid to the development of the competencies such as cryptography, computer forensics, security engineering, and ethics (Fulton et al., 2013). Prioritizing these skills will help educate qualified professionals and improve the level of Internet security.
Lastly, personal safety plays a pivotal role in the protection of individual data. Due to the popularity of the technological devices among the individuals of all generations, the vulnerability of children for black hat attacks cannot be underestimated (Monteith, 2016). In this case, learning the basic principles of Internet security will help not become victims of cyber-attacks. For instance, one should set difficult passwords and modify them regularly (Monteith, 2016). Following simple rules like this one will help optimize the work of the security system and minimize the possibility of information leakage.
Conclusion
In the end, hacking is often viewed as a criminal activity. These assumptions are rational since, nowadays, hacking means to ‘steal’ the privately stored data in personal interests. Moreover, it is regarded as a criminal act since it has a tendency to violate individual rights and freedoms. These aspects depict the fact that hacking causes a threat to online security at national and international levels.
Nonetheless, the constant development of technology evoked the development of new professions. Living in the era of virtual reality changes a perception towards white hacking and makes it one of the tools to prevent the leakage of confidential information. Today, many companies with a well-established brand name educate white hat professionals to reveal additional information about the actions of black hats and ensure high levels of security in the organization. However, despite the positive intentions of the profession, the ethical nature of white hacking is questionable, as the behavior of educated individuals cannot be predicted.
References
Fulton, E., Lawrence, C., & Clouse, S. (2013). What hats chasing white hats: Careers in IT and the skills required to get there. Journal of Information Systems Education, 24(1), 75-80.
Lacy, S. (2006). What I learnt at hacker camp. Web.
Mahmood, M., Siponen, M., Straub, D., Rao, R., & Raghu, T. (2010). Moving toward black hat research in information systems security: An editorial introduction to the special issue. MIS Quarterly, 34(3), 431-433.
Monteith, B. (2016). Hacking for good and bad, and how to protect yourself against hacks! Knowledge Quest, 44(4), 60-64.
Pike, R. (2013). The “ethics” of teaching ethical hacking. Journal of International Technology and Information Management, 22(4), 67-75.
Thaw, D. (2013). Criminalizing hacking, not dating: Reconstructing CFAA intent requirement. The Journal of Criminal Law and Criminology, 103(3), 907-948.
Legal integration progressions on cyber security in Asia, Europe, and the United States of America came into place at a very fast rate. It also led to immense development in technology within a very short time. As a result, recommendations for Federal Information Systems on security controls pointed out the importance of interrelationships, interoperability, and technical controls. These recommendations further suggested that the challenge of integration lies in global acceptance. However, later reports continued to show that there was visible progress to undertake mitigation of persistent weaknesses that were evident in most United States’ agencies. Even after training, the GAO report continued to demonstrate system control deficiencies due to failures in the identification of enough boundary security mechanisms, breakdown in the need to know, insufficient restriction of physical access, and improper identification of authentication of users to implement common security configuration policies (Roth, 2010).
Furthermore, there have been reports on lacked proper segregation of information technology duties due to inequities in access rights. Even after recent global threats such as H1N1, more than fifty percent of the audited agencies had not entirely given an address to continuity of operations and catastrophe revitalization planning. There were also missing nationwide information security programs showing delinking of agencies in the United States alone. Identification, facilitation, and integration keys to success include observation of many existing standards which comprise global challenges in risk management professionals. Application of process improvement frameworks to ensure understanding of business drivers of the team leading information systems was also proposed (Roth, 2010).
Whereas identification of parts of a full program and larger team is relatively easy, integration of the involved components may prove to be quite difficult. Sharing sensitive information among nations whose objectives are different is a daunting task given their obvious differences in political agenda. The integration will therefore be the best way to go about the issue since the idea of postmodernism has facilitated multiplicities instead of universalities (McAuley, Duberley & Johnson, 2008). Therefore, the rift created will lead to reluctance by agencies and therefore interfere with national integration. Given that the existing standards are extremely diverse, the formation of an integrated security system will require the use of similar standards to boost the security system of any organization that may be at risk of various security threats common in business organizations. This will in turn demand deconstruction of initial standards to contain uniformity which again is highly impossible in a postmodern world (McAuley, Duberley & Johnson, 2008). Although understanding of team business drivers through process improvement will change in unit construction, a lot of positive effort is necessary at any given time.
From this article, it is imperative to note that it is possible to change some of the conventional security systems and adopt new ones in a bid to meet new security challenges facing organizations in the 21st century. It is clear that the integration and incorporation of security systems worldwide on matters of global concern is extremely important. Despite the obvious boundaries in security systems all over the world, integrations should focus on report deliveries such that organizations are not deconstructed due to the presence of a world of diverse opinions that have been shaped by postmodernism. Despite diversities in global views on different matters, there is a need for collaboration on sensitive matters that relate to global security as those that concern human health. My mental opinion has been greatly affected to consider universalities on matters of absolute global impact. In addition, my individual perception regarding global issues will not be affected by postmodernism.
References
McAuley, J., Duberley, J. & Johnson, P. (2008). Organization Theory, challenges and Perspectives: Postmodernism as a philosophy: the ultimate challenge to organization theory? Phoenix: Phoenix University Press.
Roth, J (2010). Evolution of Federal Cyber security.
Cybersecurity is one of the most crucial issues of the modern world. Technological advancement and software development brought numerous opportunities. Nevertheless, these changes opened up new possibilities for information stealing and hacking through various malware programs and computer viruses. Eight-character password verification is the most common protective measure for website and data-carrying platforms. The complexity of passwords plays a critical role in ensuring information safety and intact preservation. Several factors are determining how simple or complex the password is. Thus, passwords can be categorized as weak and strong ones.
Weak passwords
Weak eight-character passwords usually possess logically sequential patterns related to personal information or general mathematical and linguistic progression. For instance, the passwords 12345678, qwerty, and brad Pitt can be considered as weak protective sequences. The main reasons are that the first and second examples are logically simplistic and convenient to both memorize and insert, whereas the latter one is named for a well-known celebrity.
Strong passwords
Strong eight-character passwords are usually highly illogical and contain various combined elements, such as letters, numbers, symbols, and capitalization. For example, the passwords Ub6+2SeH, 406K0QM2, gb4)&2Yj are the cases of sequentially random and chaotic security measures. The strong passwords have a low probability of being guessed because the amount of possible iterations and combinations is extremely high. The amount of plausible letter combinations alone almost eliminates the problem of hacking. Introducing the elements of capitalization, symbols, and numbers makes the decoding process statistically impossible.
Conclusion
In conclusion, it is important to note that the eight-character password is a powerful instrument to ensure safety and cybersecurity for websites. However, the sequential pattern should be fully randomized and chaotic, which substantially reduces the statistical probability of accidental guess and repetitive hacking.
There are some major elements of good cyber security. It is however imperative to recognize that factors, such as size, complexity, and sustained evolving nature of attack vectors among others, have made it difficult for the industry to develop a simple, one approach to manage risks related to cybersecurity. Nevertheless, some best practices have been identified to provide a model for locating vital elements that must be present in any cybersecurity risk management plan. The following are some essential elements for cyber security risk management.
First, cybersecurity requires an effective framework. The focus of any risk management effort is a standard system or a framework that help organizations and individuals to manage integrity, confidentiality, and data and ensure critical resources availability (Chaudhary and Hamilton 4). As such, industries have adopted different frameworks, including the National Institute of Standards and Technology (NIST) Cybersecurity Framework.
The NIST offers a deliberate, risk-driven set of practices, guidelines and standards to assist firms manage any cybersecurity threats in a more cost-effective manner. At its minimum level, the framework accounts for major roles through with organizations can manage their critical data, such as identification, protection, detection, responding, and recovery. Apart from the NIST framework, other cybersecurity frameworks include ISO/IEC Security Control Standards, SEC/OCIE Cybersecurity Initiative, and FCC Cyber Security Planning Guide.
Second, cybersecurity requires an end-to-end approach. In this case, the scope is an important consideration. This element requires a broader scope of accountability for Internet resources. That is, cybersecurity program must account for all vital elements that require protection in an organisation. For instance, a scope may consider the network, computers, and other mobile gadgets. However, addressing the scope has become a challenge because of the so-called Internet of things. Today, cars, appliances, doors, and thermostats and many other gadgets are now connected to the network and can easily be accessed by the Internet. This scenario has exposed many possible devices to attacks. The scope should also address the concern from a thorough perspective – inside-out and outside-in approach (Chaudhary and Hamilton 5).
Third, cybersecurity requires comprehensive risk evaluation and threat modeling. Organizations usually have limited resources to devote to attacks. As such, when faced with many forms of threats, they must focus on risk assessment and prioritization. Firms should monitor new forms of threats and their possible impacts. In this case, the cybersecurity team may create a plan that identifies possible attacks, risks, costs, and efforts needed to protect a company.
Fourth, another element for consideration is a proactive Incident Response Plan. For the past efforts, cybersecurity efforts have focused on attack prevention and restricting access to firewalls, user information, and other related actions. Today, however, in addition to prevention, cybersecurity practices are now concentrating on effective response plans against intrusions and limiting damages from an attack. In effect, many organizations recognize that their system security almost clearly will be attacked ultimately. Hence, recovering and limiting damages are now the current efforts to restrict financial losses and organizational reputation issues that emanate after an incident.
Finally, the cybersecurity requires dedicated resources. Specifically, an organization should have a dedicated team for Incident Response. It is regrettable that many firms have not yet allocated adequate resources, developed a response team, identified roles and responsibilities, and have failed to create the required cybersecurity governance approach.
Some recent events involving cybercrime can be used to illustrate weaknesses in organizational cybersecurity system. Cases involving high-profile corporations with high impacts are now becoming common. Such attacks are normally associated with massive breach, financial losses, and severe damages. An attack on Sony Corp, Home Depot, and Target Corp are just some of the few instances. The 2014 cyber-attacks on Sony Corp set a new realm and level in a highly sophisticated technology firm. The attacks were thorough, so deep, and discrete, leaving the company and FBI to imagine just who did it, including the government of North Korea.
Sony attacks were not as any other attacks based on the impacts (Fogarty 1). It is estimated that the company lost data for about 77 million user accounts with various information, including unencrypted credit card numbers (Fogarty 1).
The attacks involved terabytes of information, implying that the attackers acquired vital information of employees, vendor passwords, login details for external users, FTP access information, maps with the company’s IT infrastructure, all servers and hardware information, IDs, staging production information, and certificates among others. Overall, the series of attacks led to the loss of crucial information required to conduct everyday operations at the firm. These attacks on the above-mentioned corporations reflect sustained growing trends that affect firms of all sizes. As such, cybersecurity is now a critical risk that many organizations across the world face today.
ERP Systems and their adoption failures
While many large organizations have adopted ERP systems for many years now, several implementation efforts have often failed, implying that there are critical success factors for a successful adoption of an ERP system. Adoption involves both critical success factors and risk factors. In fact, even these critical success factors could be at risk if poorly handled. It also imperative to note that multiple success factors exist largely based on what works for a specific organization.
First, user involvement has been identified as a critical factor in an ERP system adoption. ERP systems are known to cause significant changes during implementation. As such, many stakeholders, specifically end users, are greatly affected. It is therefore necessary to involve users in change management. This process requires identification of user needs and creating effective channels of communications to facilitate information exchange and feedback systems. In addition, user involvement also accounts for training of end users. Training ensures that potential users acquire technical skills needed to operate different platforms of ERP systems. Training is necessary because of ERP systems are complex, and users can only be sufficiently engaged if they are well trained.
Second, support from senior executives is an important factor for consideration (Ziemba and Obłąk 7). An IT department should seek for support from senior managers to reduce resistance. Managers should demonstrate their interests, importance of the project and communicate to all stakeholders about it. Senior managers require detailed information about an ERP system to secure their support. In addition, they can provide communications required to facilitate adoption of an ERP system. As such, leadership support ensures that an ERP system adoption gets leadership support to encourage employees to adopt it and secure the needed resources while aligning ERP systems to strategic organizational goals.
Third, an ERP system needs clear articulation of needs and planning. Successful ERP system adoption should be driven by a project vision. Moreover, metrics, measures, and expected milestones are defined in this critical process.
The plan should identify ERP project issues, expected outcomes, the right team and assigned roles and responsibilities. The plan should also account for change management processes.
Fourth, an ERP system adoption can only succeed when realistic objectives and expectations are set. This activity should start from need identification, setting project objectives and eliminating all unrealistic goals from the project.
Fifth, ERP team competency can significantly influence outcomes. In most cases, however, it could be difficult to find the right talents to implement an ERP system. Hence, organizations tend to assess skills gap and recommend the necessary training for users.
Sixth, an ERP system adoption requires business process reengineering and perhaps customization. Reengineering of processes ensures that an ERP system and operations fit. Some critical processes involving daily activities may be altered (Rabaa’i 133-147). Customization ensures that an ERP is adopted to support existing processes. It is however recommended that customization should be restricted to allow exploitation of new features of the system.
Seventh, the choice of an ERP vendor, consultant, and the relationship created after could influence outcomes. Thus, people and ERP components are critical success factors.
Finally, organizations should conduct post-adoption assessment against the set metrics to determine the overall achievements and drawbacks of an ERP system adoption.
While there are multiple cases of failed ERP system, the case of Lumber Liquidators ERP is worth mentioning. The company claimed that it suffered massive losses because of its SAP ERP adoption. The project generally dampened productivity of workers (Kanaracus 1).
The company employees who could not figure out the new ERP system caused the ERP system failure. As such, the failure was not related to the system itself. Previously, the company had relied on a flexible and easy to manipulate system. However, the new SAP system was more structured and required users to follow defined steps. The SAP system brought about changes to the company. Given the lack of training among end users and poor change management process, the ERP system failed.
Overall, these diverse factors indicate that there is no one reason responsible for ERP system failure. Rather, multiple factors are usually involved.
Cybercrime and an example
Cybercrime is a type of illegal criminal activity done over the Internet using computers and other equipment connected to the Internet. Typical cybercrime activities vary, but they generally include spamming, hacking, phishing, denial of service and many other forms of attacks. Cybercriminal are driven by different motives, such as defrauding users, stealing, changing, or destroying sensitive information, stealing identities, swindling users, and/or harassing users.
It is imperative to profile cybercriminals to understand types of criminals engaged in such activities. While there are minimal exceptions, most cybercriminals have the following attributes. They possess technical computer knowledge, ranging from simple hackers who use malicious codes to more advanced, talented hackers. Cybercriminals generally disregard the law and believe that such laws should not exist or not applicable to them. They also seek for thrill factors associated with manipulating or outsmarting others. Finally, cybercriminals may also be grouped under motives, such as money, emotion, espionage, sexual desires, some extreme religious beliefs, or just sheer boredom and the desire to have ‘some fun’ (Shinder 1).
As such, people engaged in cybercrime have broader descriptions, but they are generally referred to as hackers or attackers driven by criminal motives because they have the means and opportunity to hack network systems. The most dangerous types of cybercriminals are individuals who create malwares and other malicious programs to perpetuate their criminal activities. Cybercriminals create programs that can steal information, including personal information and bank details, advertise some products, use infected systems to attack more systems (the so-called DDoS attacks – Distributed Network Attacks) and blackmail users – the latest ransomware program.
Computers and networks have become the most vital tools for cybercriminals to perpetuate their activities. Networks and computers have made cybercrime simpler. Cybercriminals have relied on the Internet to identify their targets. For instance, police have successfully thwarted and arrested cybercriminals engaged in child pornography and pedophilia. Cybercriminals may even use their personal gadgets or devices owned by companies.
Once again, the case of Sony Corp attack provides a good example for illustration (Fogarty 1). Irrespective of cybercriminals involved, Sony hack reflects another level of cybercrime. The industry generally believed that such attacks could not happen to a large multinational, technologically sophisticated firm. The attacks were so intense to extent that the company could not understand who was responsible. Nevertheless, the FBI had sufficient evidence to suggest that North Korea, a rogue state, was involved.
As noted, the attacks on Sony were not like any other previous attacks. Cybercriminals managed to achieve a lot. The hackers claimed that they stole terabytes of information from nearly all stakeholders, both internal and external, related to Sony. In short, the hackers stole some of the most sensitive data used in daily operations of the company.
Costs associated with the attacks were massive. For the three months that the attacks took place, the attackers detailed and documented all stolen information. About 77 million users were affected of which 12 million had unencrypted credit card numbers. Analysts estimated that the attacks were most likely to cost the company over $100 million (Fogarty 1).
The attacks reflected another different milestone in terms of costs and corporate IT security breaches. The attacks were a classic case of massive damage to a technologically driven firm that created an online empire, but failed to secure its online systems.
In addition, the issue of North Korea brought about a new perspective in cybersecurity and cybercrime. That is, a rogue state is able and convinced to attack any multinational firm as a form of punishment or intimidation to control their business practices. In this case, the Internet transgresses national boundaries and, therefore, any company could be a victim to such rogue, lawless states.
It is imperative to note that Sony was unable to identify the attackers internally. Consequently, it opted for external assistance. The response of Sony included engaging FireEye, Inc. Mandiant forensic department. The company was hired to clean up the system and restore normal operations. It is recognized for incident response to assist attack victims to clean up the network and restore the network systems. At the same time, the US FBI started their investigations to ascertain the origin of the attack.
It was noted that the response team was engaged in repairing the damage done by attackers and restore e-mail functions soonest.
However, Sony did not respond immediately to queries from customers (Abdollah 1). Instead, more than a year after the attack, Sony still responds to the incident in various forums.
Works Cited
Abdollah, Tami. “Sony CEO breaks down hack response, Google role in ‘The Interview’ release.” 2015. Web.
Chaudhary, Raj and Jared Hamilton. The Five Critical Attributes of Effective Cybersecurity Risk Management. 2015. Web.
Fogarty, Kevin. “Sony makes cybercrime even more dangerous.” Computerworld. 2014. Web.
Kanaracus, Chris. “Biggest ERP failures of 2010.” Computerworld. 2010. Web.
Rabaa’i, Ahmad A. Identifying Critical Success Factors of ERP Systems at the Higher Education Sector. 2009. Web.
Shinder, Deb. “Profiling and categorizing cybercriminals.” TechRepublic. 2010. Web.
Ziemba, Ewa and Iwona Obłąk. “Critical Success Factors for ERP Systems Implementation in Public Administration.” Interdisciplinary Journal of Information, Knowledge, and Management 8 (2013): 1-19. Print.
The concept of cybersecurity has gained significantly broader attention over the past few years. While creating an entirely attack-proof system is barely possible, studying the records within the system allows one to maintain the levels of security decently high. A look at the system logs in Windows 7 and MacOS, one will be able to shield one’s systems from possible attacks.
Main body
In the Windows system, several instances of event 8033 were located while analyzing the logs. The described problem was located in the Windows Logs under the “Applications” section. The observed error is described in the log as “The browser has forced an election on network %1 because a master browser was stopped” (The Microsoft Corporation). As explained by the Microsoft support team, the described issue occurs when the master browser starts malfunctioning, causing the Chrome browser to shut down (The Microsoft Corporation). The specified event points to the need to configure the current settings of the master browser in order to address possible security issues and close the loopholes that potentially make the computer vulnerable to malware.
Another important log that can provide interesting data to an expert is the entry labeled as Error 903. Identified as the Office Software Protection Platform Service error, the specified issue implies that the WMI/WBEM repository has been corrupted, which opens a gateway for potential attacks on the computer (The Microsoft Corporation).
Conclusion
Therefore, managing the specified issue should be deemed as an important step in enhancing security. Compared to Windows, the MacOS system functions in similar codes. For instance, error 23000 located when exploring the logs showed that the local network handler could not be initiated (“Macintosh Error Codes”). The error suggested a potential threat to the computer’s security and, thus, was important for an expert to reduce the vulnerability of the user’s data.
With developments in the Internet, computing and mobile technologies, cyber security and attacks have become issues of critical concerns among governments, individuals, and businesses (Nye, 2010). More advanced threats, such as ransomware, have continued to undermine the benefits associated with computers, the Internet, and networking due to escalating costs of malicious cyber-attacks. As billions of dollars and information are stolen each year, industry experts, governments, and academics have continued to work tirelessly with the aim of advancing cyber security to protect critical infrastructures.
The US Government, for instance, has developed policies to promote cyber security and resilience of its key installations while advancing effective, innovation, and economic development through safe, secure, confidential, private, and liberal practices. The US enacted the Cybersecurity Enhancement Act 2014 to ensure that respective bodies develop and maintain a clear plan for cyber security research and development (R&D) based on a risk assessment tool for guidance.
The federal government is responsible for R&D funding. Based on this approach, the US government has demonstrated its commitment to advancing cyber security R&D and protecting numerous benefits associated with technologies and the Internet. While there are past initiatives to advance cyber security and related technologies, the US government has focused on incremental developments based on emerging threats and potential solutions from R&D.
Current evidence on efficiency and efficacy of cyber security approaches and technologies have resulted into enhanced R&D activities. As such, more robust technologies and emerging approaches will assist in protecting critical infrastructures.
This research paper is concerned with emerging cyber security approaches and technologies. In addition, it also looks at the role of the federal government in the support and nurturing of the emerging cyber security technologies identified. It is imperative to note that only emerging cyber security approaches and technologies considered as novel in the recent past have been considered. In this research paper, nature-inspired or bio-inspired cyber security, deep learning, and user behavior analytics (UBA) are discussed as emerging approaches and technologies for cyber security. These emerging cyber security approaches and technologies are unique and new, and they look promising for securing critical infrastructures in the cyberspace.
How the emerging cyber security technologies identified coupled with prioritized research and development improve cyber security
In most instances, much effort has been directed at developing and improving existing cyber security approaches and technologies. At the same time, some medium-term and long-term efforts are generally geared toward critical research and development to determine the best transformative solutions to solve cyber security issues, including emerging threats. From a broader perspective, emerging cyber security approaches and technologies also have similar goals based on four defensive aspects (National Science and Technology Council, 2016).
These solutions aim to deter attacks. They will be able to detect and discourage potential attacks while negatively impacting adversaries engaged in cyber attacks. These approaches and technologies also concentrate on protection. That is, they are being developed to resist cyber attacks and other malicious activities effectively. Besides, they want to uphold data and system integrity, confidentiality, availability, and accountability.
It is also expected that these emerging cyber security approaches will have abilities to detect and even anticipate possible attacks and other malicious activities. They appreciate the fact that perfect solutions are difficult to design and may not be possible. Hence, the approach is based on assumptions of vulnerable systems and networks. New solutions also have adaptability capabilities. They would defend and vigorously adapt to cyber threats to avoid massive disruption, ensure quick recovery, and sustain operations during system restoration. Such capabilities should also be observed in similar future attacks.
The emerging cyber security technologies identified and their main features
Deep Learning
Deep learning accounts for multiple technologies, including machine learning and artificial intelligence based on similar processes that human beings use to identify objects, and it is now one of the most recent approaches and technologies to cyber security. Deep learning relies on user behavior to detect anomalous behaviors. It can identify deviations exhibited by malicious behavior as opposed to legitimate behavior with regard to cyber security (Musthaler, 2016; Li, Ma, & Jiao, 2015).
It is expected that deep learning will have a significant influence on cyber security. It could be the most sophisticated approach for detecting “zero day malware, emerging malware, and other extremely advanced persistent threats (APTs)” (Musthaler, 2016, p. 1). APTs are currently regarded as the most advanced mutations of malware and viruses because of their abilities to attack networks without detection by most cyber security technologies. Industry experts claim that deep learning has an accuracy rate of 98.8% in detecting APTs in real-time (Musthaler, 2016). Moreover, recent research has shown how deep learning would be important in the Big Data Analytics where massive amounts of unsupervised data are involved (Najafabadi et al., 2015).
The machine learns by identifying behavior of a malicious code. As a result, it notes all unidentified codes as benign or malicious with exceptionally “high rate of accuracy and in real time while the identified malicious files can then be quarantined or deleted based on the preferred policy” (Musthaler, 2016, p. 1).
User Behavior Analytics
Once users’ credentials have been compromised, they can be used for all forms of malicious behavior. For a cyber security team, such behaviors should be an indicator of a potential attack particularly if user behavior analytics (UBA) is employed. UBA relies on big data analytics to detect unusual behavior in the system.
The traditional security techniques could not offer absolute solutions. Moreover, static perimeter protections cannot meet escalating security breaches executed by authentic stolen user credentials. In addition, they have not been effective against malicious users, and today’s BYOD environment further complicates the situation (Nayyar, 2015).
UBA, through “machine learning and big data algorithms used to evaluate risks in near-real time, can be used to assess user activity by modeling for usual behavior against abnormal ones” (Nayyar, 2015, p. 1). Modeling is elaborate, and it accounts for user duties and positions alongside permissions, access, and accounts; user specific location and practices as collected from the system; and presents alerts (Nayyar, 2015). The collected data are correlated and assessed according to past and current observed activities.
The analysis process is detailed. It usually includes “types of transactions, user session period, resources, connectivity, and general peer group behavior” (Nayyar, 2015, p. 1). UBA is deployed to determine usual behavior and elements of anomalous activities.
The next process involves risk modeling. The approach does not automatically classify unusual behaviors as risk. Instead, the behavior must be assessed based on its possible consequences. If ostensibly unusual activity entails resources not classified as sensitive, then the possible risk may be classified as low. Conversely, any attempts to gain access to private data, such as trade secrets, are regarded as critical impact risks. As a result, risk is determined by likelihood and impact. Anomaly can then be assessed through behavior modeling algorithms. For impact, factors related to criticality, classification and specific controls are applied for the data.
User activities can then be traced. It assists in determining the level of risk involved. UBA risk determination also accounts for other variables, such as permission, classification of assets, possible vulnerability, and organizational policies among others. An increase related to these aspects would result in elevated risk level of users.
Overall, UBA gathers, correlates, and analyzes multiple factors, such as unknown threat and situational ones. It then delivers a rich, context-driven large datasets.
Biologically Inspired Algorithms
The cyber security communities now concentrate on novel technologies and approaches to manage overwhelming and radically increasing array of cyber threats and data that may require real time analysis. Given these scenarios, the traditional methods have failed to offer viable alternatives, and they are generally not applicable in real time analysis. Bio-inspired algorithms for detecting anomalies in Wireless Sensor Network (WSN) communication have been proposed.
“Particle Swarm Optimization (PSO), Artificial Immune System (AIS), Ant Colony Optimization (ACO), Artificial Bee Colony (ABC), and Genetic Algorithm (GA)” (Rizwan, Khan, Abbas, & Chauhdary, 2015, p. 3) among others are some of the innovative solutions in biologically inspired algorithms with the necessary capabilities for a wider search for effective results for solving network intrusion and detection problems.
Bio-inspired systems work in a similar manner as the Human Immune System (HIS). HIS protects the body from “harmful viruses, bacteria, and parasites” (Rizwan et al., 2015, p. 3).
The AIS, for instance, has gained a lot of recognition in the recent past as a tool for intrusion detection. AIS, as a defense system, is motivated by principles and procedures noted in HIS (Phogat & Gupta, 2015). It generally relies on memory and learning to detect and solve security intrusion based on the created unusual patterns by relying on normal data (Rizwan, Khan, Abbas, & Chauhdary, 2015, p. 3). Hence, they do not develop pattern for regular data. The developed patterns are referred to as nonself because they are developed to conduct only anomaly-driven intrusion detection. As such, any detected patterns with matching outcomes are classified as anomalies.
How an organization would use these emerging cyber security technologies
Deep Learning
An organization can apply deep learning technology to assist its main engine to learn how to identify malicious code. They would be able to collect hundreds of millions of files created in different formats, including PDFs, Office files, and others for analysis. Deep learning does not focus much on the type of file collected. The most important aspect is file classification as either legitimate or malicious.
An organization would then transfer these massive data sets into their artificial engine in which deep learning will create a prediction model that is referred to as instinct. The instinct detects, with assurance, legitimate and malicious codes.
Deep learning is based on the prediction model or the instinct and training. The instinct agent is then installed on any system, including “tablet, server, laptop, and PC, and it could run on any operating system (OS)” (Musthaler, 2016, p. 1). The agent is activated when a file is downloaded or opened. The process involves breaking down the file into “minute pieces and analyzing them via the instinct or the prediction model in real time” (Musthaler, 2016, p. 1).
In the subsequent step, the instinct must rely on its training to detect if a file is a threat or not. It is imperative to note that the process is quite faster – estimated at nearly five milliseconds. As such, deep learning prompts different decisions for the detected threat, including deletion, blockage, quarantine, or whatever decisions an organization deems fit for the malware before it can cause any damage. Further, deep learning does not allow any negative outcomes on the user activity.
The agent contains all the necessary elements it needs to perform an analysis of strange files. This implies that it does not require organizational network or even the Internet for both “online and offline protection of devices” (Musthaler, 2016, p. 1). For instance, an employee may be in a remote location and decides to use possibly infected USB stick. The agent installed in the device will automatically initiate analysis of the files contained in the USB stick. In this case, the agent conducts an analysis of files contained in the USB stick using a pre-execution method and gets the threat before it can cause damage to the device.
In addition, there is also an agentless version of deep learning with a robust “prediction model and protection abilities, and these abilities do not depend on the device itself” (Musthaler, 2016, p. 1). Instead, the solution can be linked with any kind of gateway through “SDKs or APIs, for instance, a firm can use FireLayer’s cloud for a deep learning approach to perform threat detection and prevention for files and applications stored in the cloud” (Musthaler, 2016, p. 1).
Deep learning must conduct constant “training to its artificial brain or the engine to ensure that it can detect new threats, which makes it robust and creates a significant level of confidence in malicious file detection” (Musthaler, 2016, p. 1). While continuous updates are performed, it is noted that deep learning agents can perform accurately for several months without updates. Specifically, an agent may degraded by 1% or less in its malware detection capabilities if not update for a period of four months (Musthaler, 2016).
Biologically Inspired Algorithms
It is imperative to recognize that multiple entities of AIS have been developed. First, antigen is adapted as data with several variables of any kind. Second, T-Cell works on the “sequence, selects types of variables found in the antigen, determines a given variable class, and functions as a regulating agent” (Rizwan et al., 2015, p. 3). Third, B-Cell is a critical component that signifies a given variable type when learning occurs. Finally, the clone is represented as a mathematical representation of different types of B-cell. It is the identifying component. Hence, the technique generally borrows from HIS.
For an organization, the approach presents two approaches. First, negative selection algorithm (NSA) works just like the negative selection process of the natural immune system (Rizwan, Khan, Abbas, & Chauhdary, 2015).
The T-cell will identify any type of self-cell and then isolates it for immune processes within the T-cell as it develops. Organizations apply NSA for anomaly identification. In this case, the NSA has several detectors, including self-strings only. The NSA works in two major steps. The initial step involves censoring and matching different strings, and then matched strings are excluded while those that “do not match are sent to the detector” (Rizwan et al., 2015, p. 1). The second process entails matching of protected strings against strings sent into the detector (Rizwan et al., 2015, p. 1).
The final AIS model is the clone selection algorithm. This technique involves the recognition of antigen, cell spread, and perception into the cell memory. The clonal immune components are “deployed to develop several AIS algorithms” (Rizwan et al., 2015, p. 1). C-cell primary model and related antibodies may function as the main important metaphor as the B-cells develop various antibodies to counteract any foreign antigen. The clones of B-cells also differ based on arrangements of receptors, but they conduct a search for the most appropriate receptor.
User Behavior Analytics
In an organization, the UBA technique has been developed to execute two major roles. First, it works by identifying certain usual operations expected in a company and its employees. Second, the UBA technique must act quickly to discern the variations observed from the norm, which will need additional investigation. That is, UBA tools are developed to detect and act on abnormal behaviors. It is imperative to recognize that any abnormal behavior may or may not necessarily signal a cyber security issue. Therefore, the issue must be further investigated for effective determination. User is the central focus of UBA.
Describe real-world examples of the use of these emerging cyber security technologies
Deep Learning
Siemens CERT and Drebin University have practically applied deep learning as a top defense option during tests. It involved attempts to detect mobile malware among major ten security vendors. Deep learning delivered the most accurate solution with an accuracy rate of 99.86% (Musthaler, 2016). In addition, it was able to recognize malware from a dataset of 16,000 APTs at 98.8 percent of the time (Musthaler, 2016).
A company must install an agent on a device to detect anomalies. It must however conduct a proof of concepts for users based on dataset files to allow users to make distinctions with existing cyber security approaches and technologies.
User Behavior Analytics
It is noted that the CIA could be using UBA coupled with Big Data Analytics for its security analytics because the focus is on users instead of alerts or events (Wang & Alexander, 2015). That is, it can be used to identify employees or insiders, such as Edward Snowden, with anomalous behaviors. When anomalous event is detected, the focus should be on user behavior and related anomalies to determine if the user has been behaving in a perfect way based on how they gain access to the system, including timing. UBA helps organizations to detect APTs faster specifically from insiders who compromise systems. It generally relies on massive analytical capabilities to counter for shortage in cyber security shortage.
Biologically Inspired Algorithms
A company known as Darktrace explains that biologically inspired algorithms such as AIS automatically evaluates a device, user, and network of an organization to allow the system to create a model of information flow for better understanding of normalcy. Consequently, the system can extrapolate malware visualization interface to important maps of threats.
The cyber immune system, in this case, works by learning about normal behaviors through monitoring activities for few weeks before it can identify unusual activities. It works on probability advice and sustained updates of outcomes to reflect new realities. Hence, false positive are restricted.
Moreover, organizations use the approach to cut off infiltrating malware from any sensitive data. It sets a trap for hackers and observes their behaviors – information they seek, modes of operations, and probable origins.
The role of the federal government in the support and nurturing of the emerging cyber security technologies identified
Based on the Acts to promote cyber safety and security, the federal government has demonstrated its efforts to nurture emerging forms of cyber security from a general perspective. It support for R&D has been immense.
The benefits and drawbacks that government efforts to support new cyber security technologies may create
The federal government has generally concentrated on developing the right workforce right from lower levels of education by focusing on an appropriate curriculum. It also recognizes that developing and retaining the required workforce to advance technical research in emerging cyber security technologies are critical challenges (LeClair, 2013). Success or failure of emerging cyber security technologies largely depend on people and their skills.
The federal government has been keen on talents in cyber security research, product development, and professionals, who have become extremely rare. The National Initiative for Cybersecurity Education (NICE) was created in “2010 to advance R&D by implementing cyber security recommendations” (National Science and Technology Council, 2016, p. 29). It reflects the ultimate effort of the government to meet “workforce shortage in cyber security for both the government and the private sector” (National Science and Technology Council, 2016, p. 29).
The federal government is also committed to the provision of advanced cyber security test bed resources for researchers. Test beds are critical for researchers because they must depend on actual operational data and situations to “develop models and perform experiments on real cases, vulnerabilities, and scenarios for exploitation” (National Science and Technology Council, 2016, p. 29). It believes that the models and experimental techniques should be shared and evaluated by different researchers. Hence, providing the research infrastructure remains a vital role of the federal government.
While the current experimental test beds are created on ad hoc basis for customized experiments, there is a continuous improvement and development of standalone test beds for experiments. The emerging cyber security technologies must demonstrate abilities to capture, model, and recreate actual situations expected in cyber security and as reflected in human behaviors.
The federal research agency has also availed funds to support expensive cyber security research. In fact, it remains the main source of funds for near-term, medium-term, and long-term research. It funds some high-risk short-term cyber security initiatives to meet vital objectives and specific roles, which are important to the public, but the private sector cannot deliver, or is persuaded to pursue. The federal government research agency strives to deliver the right balance for all partners engaged in emerging cyber security technologies research and development.
Inadequate resources can slow down progress. However, the federal research agency focuses on fast transition to practice because of APTs. In this case, funding has become important as the government wants to realize and maximize positive returns on investments. Thus, accelerating R&D and transition remains a major theme in the role of the government in advancing cyber security.
There are also critical drawbacks for engaging the federal government in R&D of emerging cyber security technologies. Specifically, these are long-term challenges that could take years to address in a dynamic cyber security environment. Generally, the federal research agency has designed its action to focus largely on near-term solutions for cyber security. That is, prevention of cyber-related damages and espionage, minimizing consequences of successful threats, enhancing collaboration, and fighting cybercrime have been important. However, more complex, long-term drawbacks are most likely to persist. First, design has been a major challenge.
Experts agree that efficient cyber security solutions should account for ICT design. Yet, the federal research agency and developers have conventionally concentrated on system features rather than security mainly because of funds. In addition, the design cannot account for security needs of the future, which remain largely difficult to predict. Second, incentives have been singled as major drawbacks for innovation and R&D.
It is claimed that economic incentives are unfair and awkward (Fischer, 2014). However, the cybercrime is touted as profitable, cheap, and relatively safe for hackers. Conversely, cyber security is expensive, often deficient by nature, and economic returns on investments are usually not known. Poor incentives could therefore drive many experts to cybercrime. Third, federal research agency and other stakeholders need consensus.
However, cyber security holds different meanings to different partners. As such, there is little common consensus on its meaning, implementation processes, and risks involved. Moreover, organizational cultures are also impediments to collaboration within and across sectors. For the private sector, the government red tape procedures could be a major drawback to innovation and R&D. Finally, the cyberspace is among the fastest in terms of technology development.
New and emerging technologies and applications are common, such as big data, Internet of Things, cloud computing, autonomous systems, high performance computing, and Cyber-Physical Systems among others, and they continue to complicate the nature of the cyberspace and threats. While they offer vital opportunities for developing robust cyber security technologies, the government slow processes of enacting laws to facilitate investments in innovation and R&D could hinder fast progress.
These challenges could therefore imply that the government is slow to develop and adopt emerging cyber security technologies.
Real-world examples that support the position
While attacks still occur, one must however recognize actions and efforts of the federal government in raising the level of cyber security nationally, disrupting and deterring malicious attacks, and enhancing levels of Incidence Response and Resilience (Monaco, 2016). Nevertheless, these efforts have not yielded the expected outcomes, and the federal research agency is not a leader in emerging cyber security technologies, such as deep learning, bio-inspired algorithms, and user behaviour analytics. Moreover, issues related to slow response rate, poor funding and policy, inadequate technical expertise, insufficient risk knowledge, and poor security management have deterred progress (Lino, 2014).
The federal government has recognized that collaboration between its research agency, the industry, and private citizens remains a critical approach for tackling cyber security threats by developing robust solutions.
Moving forward, the federal research agency must focus on its vital role of protecting national critical infrastructure and private sectors as it prepares for unknown new threats of tomorrow. This goal is a tough technical challenge, which needs fundamental changes in design and execution of cyber security efforts to prioritize research and development and security. In this case, the federal research agency must focus on sustained proactive and thorough cyber security R&D efforts driven by the federal research agency itself, academics, the private sector, and other international partners, including private individuals.
Najafabadi, M. M., Villanustre, F., Khoshgoftaar, T. M., Seliya, N., Wald, R., & Muharemagic, E. (2015). Deep Learning Applications and Challenges in Big Data Analytics. Journal of Big Data, 2, 1. Web.
National Science and Technology Council. (2016). Federal Cybersecurity Research and Development Strategic Plan. Web.
Nayyar, S. (2015). Detecting Advanced Threats With User Behavior Analytics. Network World. Web.
Nye, J. S. (2010). Cyber Insecurity. Web.
Phogat, S., & Gupta, N. (2015). Basics of Artificial Immune System and Its Applications. International Journal Of Scientific Research and Education, 3(5), 3509-3516.
Rizwan, R., Khan, F. A., Abbas, H., & Chauhdary, S. H. (2015). Anomaly Detection in Wireless Sensor Networks Using Immune-Based Bioinspired Mechanism. International Journal of Distributed Sensor Networks, 2015(6), 1-10. Web.
Wang, L., & Alexander, C. A. (2015). Big Data in Distributed Analytics, Cybersecurity, Cyber Warfare and Digital Forensics. Digital Technologies, 1(1), 22-27. Web.
During the recent decade, which has been characterized by a dramatic increase in the sophistication of technology, the quantity, as well as the quality of cyberattacks, have never been as noticeable. According to Harriet Taylor from CNBC, the global community is currently forced to deal with “an arms race regarding security” (par. 3). Thus, there are a variety of cybersecurity risks that threaten the global community as the proficiency of cybercriminals increases with each year.
While we still are dealing with “regular” security breaches such as password fraud, it is expected that the complexity of attacks and their targets will change dramatically. Therefore, it is crucial to explore cybersecurity risks to be prepared for anything.
Ransomware
Ransomware is a unique form of malware that does not allow access to the computer that it has infected. This type of malware has become very sophisticated and is predicted to attack the security software installed in cloud-based solutions (Google Drive, Dropbox, etc.). Apart from exploiting a user’s credentials, ransomware is also able to affect backed-up data, so it is impossible to restore it after the attack.
Cyberterrorism
Attacks on the energy-sector organizations are currently on the rise. What many don’t know is that an increased number of such attacks come from nation-states that want to disrupt the supply of energy and cause panic. From a national security standpoint, it is crucial to know and understand the nature of the enemy and be prepared for an increase in cyberterrorism attempts (Steinberg par. 5).
Increase in cyber theft
While stealing financial data is old news, there is a new opportunity for hackers that can attack innovative methods of paying for products, such as mobile and contactless payments. Hackers will search for retailers that have failed to secure their store payments and attack them. Even though for now there have not been many instances of such cyber theft, the severity of attacks will increase if retailers do not apply adequate preventative methods.
Reliance on third-party security
Recently, it has been reported that there were several security breaches associated with hackers targeting suppliers or vendors of companies they wanted to attack (Steinberg par. 7). By relying on third-party security, businesses appear at a high risk of being attacked, so companies must collaborate with their partners and establish guidelines for information security or, if necessary, find other suppliers or vendors that take security more seriously.
Emerging technologies
While the emergence of new technologies is indicative of ongoing scientific progress, the number of cyberattacks that target mobile, car, and Internet-of-things technologies is predicted to triple. Moreover, hackers are currently working on zero-day attacks, which means that they are planning to target previously unknown technological vulnerabilities and create loopholes in the current security systems. In such cases, there is a high need for technologies that will be able to identify irregular activity and prevent hackers from achieving success in their plans.
Conclusion
To conclude, there are plenty of cybersecurity risks that may affect businesses or even governments shortly. Thus, it is important to strengthen the security front and be prepared for the worst attacks on financial assets or personal data since preparing for mild security breaches has not been effective yet with the increased sophistication of the current hacking technologies.
Nowadays, it is hard to imagine human life without the Internet. It has become not only an essential part of everyday life but also a way of living and thinking. The dependence on the Internet and the intention to stay online as much time as possible is the issue that is discussed from several perspectives. The existing computer’s holding power is one of the most challenging phenomena that could be even compared to drug addiction1.
Various telecommunication companies and Internet providers usually perform the role of drug dealers. Still, similar to drug dealers, telecommunication companies and other providers could not promote safety for all their customers and the users of their services. In this paper, the question of cybersecurity and the current ethical, strategic, and legal aspects will be discussed based on the case study about Deutsche Telekom and its September 2012 DDoS attacks.
Modern hackers and online terrorists can use different methods and techniques to infect web pages and make sure such infections get personal computers or organizational computer systems and destroy the material or make it available to other people.
Cybersecurity is the way of how to protect people against hacking some important, personal data, privacy abuses, constant network outages, and viruses and threats that could affect human lives2. The example of Deutsche Telekom proves the importance of the development of cybersecurity programs and strategies to protect users and their interests. This paper helps to understand the essentials of cybersecurity and its abilities to provide people with safe conditions for using Internet sources and the information on how to deal with online threats and inconveniences.
Cyberspace as the Place for Living
During the last several decades, people made numerous attempts to improve social, economic, and entertainment spheres with the help of the Internet. Cyberspace turned out to be the place where people could create new industries, promote communication, and introduce new ways of information exchange3. People got numerous opportunities to change and challenge their lives, use various methods to find, store, and share the information, and develop their skills in different directions.
On the one hand, cyberspace has to be considered as an amazing opportunity to increase awareness and destroy the boundaries of people’s possibilities. On the other hand, cyberspace is as vulnerable as any system people could use in their work due to some intentional or unintentional omissions or mistakes4. In other words, the bigger the system used by people is, the bigger and more serious problems and risks could occur.
At the same time, cyber risks could also be intentional and unintentional. There are designers, who could make some mistakes that lead to problems like the loss of information or making the information available to all people. There are also such people as hackers or system attackers, whose goals are to steal the information that remains to be confidential, to make some illegal financial transactions possible, or to change the facts to help a certain group of people to benefit.
Cyberspace is just another place for living where laws, crimes, and punishment cannot be neglected. People, who decide to share their information online, to store some data within the cyberspace, or to use the Internet as the main means to work, have to be careful and take as many precautionary steps as possible.
Story of Deutsche Telekom
Unfortunately, the maturity of online hackers and attackers cannot be estimated. People could demonstrate their achievements in the spheres they are hardly connected with. Besides, the goals and outcomes of cyber attacks cannot be specified and explained all the time. The example of Deutsche Telekom helps to clarify the peculiarities of cyber attacks and the worth of cybersecurity, especially at large telecommunication companies.
Deutsche Telekom is one of the well-known communication organizations that aim to provide 156 million mobile customers with mobile communications, Internet products, and services, and communication technologies that help people to make the right solutions and gain benefits5.
The peculiar feature of this company is its attention to its corporate values. The company develops customer-oriented policies that include the attention to people’s emotions, needs, and experiences, respect initiative used in regards to customers, colleagues, shareholders, etc., and cooperation culture that is based on team decisions, employee motivation, and personal commitment6. Telekom’s infrastructure consists of the Internet-related communications that could promote economic damage to the company and its customers.
The situation happened on September 3, 2012, when the DNS (Domain Name System) was attacked three times per two days. The first attack occurred at 4 p.m. The DNS was out, but the chosen DDoS defense tools helped to mitigate the outcomes. At 6 p.m., the same day, the attack repeated with the help of new modified packet structures to predict the work of the company’s defense. The system was improved by September 5.
However, that day, the third attack took place with no harm to the DNS because of the properly organized protection by the defense tools of the company. The BSI (the Federal Office for Information Security) was informed in a short period. Still, its representatives were not able to clarify the reasons for such attacks and the possible development of the events. Therefore, the thought that hackers just tried to check their possibilities was offered and approved.
Such an example proved that cybersecurity is a very delicate issue. It could be created and modified for several years and broken in several seconds. At the same time, people may promote the improvements of cybersecurity and offer strategies and policies with the help of which this kind of security could become better and stable.
Types of Cyber Attacks and Their Impact
To discuss cybersecurity strategically, it is necessary to understand what types of cyberattacks could be dangerous for people, what reasons are used to explain the nature of attacks, and what methods help to predict or overcome the outcomes of attacks.
Cybersecurity aims at preventing, predicting, and dealing with cyber attacks that could gain some forms nowadays. Millions of European people and citizens worldwide face cyber attacks day by day. Ulsch describes cyber attacks as the best examples of a perfect storm that could bother the world in a short period, and the consequences of which could be hardly predicted or controlled7.
Cyber attacks could be of different forms: unauthorized threats (when hackers use various cracking techniques to get to the computer system and steal/take/use/make public the information stored), computer viruses (when a program spreads via the Internet, e-mail, and other means of the information exchange and influences the work of the computer and its functionality), and denial of service, also known as DoS attacks (when a tool is used to influence the work of a computer system of a communication organization or organizations and to make people overload the system for a couple of times).
Each attack has its developers and characteristics. Some attacks could be properly developed and planned that the most effective defense tools could hardly deal with the outcomes. Some attacks remain to be just the possibilities to change the work of a system. The example of Deutsche Telekom is the example of the DoS attack, the most frequently used types of threats spread online. DoS attacks aim at limiting or halting normal services8.
Today, people have several options to protect themselves against computer viruses and unauthorized threats. For example, people choose passwords and login details that could hardly be predicted or understood. Anti-virus software could be bought or installed for free independently. DoS attacks have a different nature. Those people, who choose this type of attack, try to prevent users from accessing the required information or services, websites, email, online accounts, etc9. Properly installed firewalls could be the solutions to such threats. Still, the reasons for attacks could vary considerably, and defendants have to investigate them thoroughly to succeed in cybersecurity.
Reasons for Cyber Attacks
Cybersecurity includes the necessity to investigate and analyze the reasons for why people may want to attack in cyberspace and destroy the systems people use to improve their lives and their lives of society in general. The explanations include some economic impacts, political motivation, personal entertainment, or even socio-cultural roots10. The case of Deutsche Telekom shows that, sometimes, even the representatives of such serious and properly developed organizations like the BSI could not give a clear answer to why a cyber attack takes place and what could motivate people to break systems and continue making attempts.
The actions of cyber-attackers could be inadvertent without harmful intentions, inaction with a possibility of harm because of poor awareness, lack of skills, or wrong guidance, and deliberate when the intentions include to do harm and to achieve certain purposes like disrupting, taking control, frauds, blackmail, fund, or curiosity.
The essence of Cyber Security
Cybersecurity is one of the most important factors for consideration among communication organizations and companies that aim at providing people with Internet services. The developers and supporters of cybersecurity admit that the majority of threats come from the Internet and the possibility of cracking the system in a short period. The majority of cyber attackers use the fact that there is no security system in its absolute sense11 and develops its activities to prove or disprove this fact. Cybersecurity is the number of steps that are taken to understand the behavior of attackers and the possible forms of attacks that could be used to change the ordinary work of a system or prevent a certain group of people from using the necessary system.
All telecommunication companies and organizations that aim at providing people with the possibilities to share the information online, to store the required portion of the material, and to plan some activities that should not be exposed to the public for a certain period cannot neglect the need for cybersecurity. In other words, cybersecurity is the possibility to prevent data from being used in the wrong way and protect data from being destructed or changed. For example, CERT is the cybersecurity program with the help of which Deutsche Telekom could manage security on the local and international levels. CERT helps to protect the organization and all its customers from the existing variety of dangers that could come from the Internet12.
Regarding the possibilities of companies to improve their cybersecurity, it is possible to say that cybersecurity includes the ideas of management, the development of strategic steps, audits of cases, and vulnerability scanning. Many people, who plan to become the customers of certain communication companies, want to clarify if the employers provide all its clients with cybersecurity and what methods are used to achieve a safe exchange of information. So, it is possible to say that cybersecurity is a merit telecommunication companies have to demonstrate properly.
Legal Aspects of Cyber Security
Cybersecurity is the way of how people could feel safe and control in their cyberspaces. Such an explanation makes a comparison between real-life conditions and the conditions of cyberspace possible. Because laws and policies existed in the real-world to protect the rights of people and to promote the standards and rules people have to follow, similar laws and policies have to exist in cyberspace and touch upon the issues of cybersecurity and its impact on people.
The existence of certain legal aspects of cybersecurity helps to prove that malicious and criminal attacks ordinary people could suffer from being frequent users of the Internet could be controlled and prevented. In Europe, there is the Council of Europe Convention on Cybercrime and other frameworks that aim at creating the standards and rules to be followed and defining the boundaries to understand the territorial jurisdiction.
Proper legislation is not an easy task to be achieved because it is necessary to create a common and definite system that covers all aspects and outcomes of illegal activities. Besides, the recognition of legal aspects is challenged because of the necessity to take time to recognize the potential abuses and compare them with the current technological opportunities and the conditions of the national criminal law. Therefore, legal issues of cybersecurity cannot be identified in Europe because people have to work and investigate the latest achievements and create the protective means to make sure that citizens and users of the Internet cannot suffer from Internet hackers and attackers.
Roles of the Government and Other Bodies in Cyberspace
The role of the government in cybersecurity remains to be crucial because of two main reasons. First, the government is the body that takes responsibility for all regulations and frameworks to make sure that companies, including telecommunication organizations, could protect their systems and provide people with safe and high-quality services. Some people cannot still come to the same conclusion about the role of the government in cyberspace13.
Therefore, numerous discussions and polemic concerns are raised on this topic. On the one hand, the government promotes cybersecurity on the national and international levels. On the other hand, the government should not be involved in cyberspace where people try to avoid the boundaries and regulations. However, when people suffer from the results of the work of computer viruses or hackers, people try to address the government and find the solutions to their problems and the possibilities to protect or change their personal information that could be available online.
The role of politicians has to be discussed in terms of cyberspace and the possibilities to promote cybersecurity to all Internet users. The politicians decide whether there is an importance of bills to protect people against online hackers and make the regulations work for people. If politicians are not interested in cybersecurity, it could be hard to prove the opposite position. However, millions of people do not want to see politicians to be involved in cyber practice because they believe that such control could deprive them of their rights and freedoms. Therefore, several political representatives face a challenge when they develop their attitudes toward the idea of cybersecurity.
Cyber Security Strategies
Each country introduces its unique approaches to prove that the questions of cybersecurity are discussed and solved by the government. For example, the case study under consideration shows that Deutsche Telekom used the services of BSI to find out the attackers and their intentions. In Germany, the government supported the strategy that is based on the cooperation between the National Center for Cyber Defense, the BSI, the BND, and even the MAD that promotes the identification of the aspects of national security. The strategies developed by these organizations help to detect and prevent cyberattacks by any possible (still safe for ordinary users) means.
In the United States, there are some governmental and federal organizations including the United States Department of Justice and the FBI that take responsibility for the promotion of cybersecurity and the identification of the goals and possibilities people could have as the users of the Internet. As a rule, when people become users of the Internet and decide to share their personal information online, they have to realize that cyber attacks cannot be controlled even by the most powerful firewalls. Therefore, people should take personal responsibility for their intentions to share their information and confidential information about other people.
Therefore, cybersecurity should not be about some technological achievements, anti-virus software, and effective firewalls only. Cybersecurity is the ability of people to filter their information and make decisions that could protect their lives and the lives of their relatives.
Conclusion
In general, cybersecurity is the question that has to be discussed all the time because people should understand their needs, compare the current technological achievements, and consider the regulations set by the government. Cybersecurity is the thing several people strive to get. However, such cases as the attacks Deutsche Telekom experienced in September 2012 proved that cybersecurity cannot be promoted to people with 100% guarantees because the goals and intentions of cyber attackers and hackers cannot be understood and prevented.
Some people would like to check their skills and knowledge, and some people would be eager to earn money on stealing the information online. There is one suggestion that could be given to all people, who want to learn more about cybersecurity and its effects on human lives: if there is a possibility not to share some private information online, it should be used.
Bibliography
Franceschetti, Giorgio, and Marina Grossi. Homeland Security Threats, Countermeasures, and Privacy Issues. Norwood: Artech House, 2011.
Han, Chen, and Rituja Dongre. “Q&A. What Motivates Cyber-Attackers?” Technology Innovation Management Review. Web.
Kostopoulos, George. Cyberspace and Cybersecurity. Boca Raton: CRC Press, 2012.
Reveron, Derek S. “An Introduction to National Security and Cyberspace.” In Cyberspace and National Security: Threats, Opportunities, and Power in a Virtual World, edited by Derek S. Reveron, 5-16. Washington: Georgetown University Press, 2012.
Shackelford, Scott J. Managing Cyber Attacks in International Law, Business, and Relations: In Search of Cyber Peace. New York: Cambridge University Press, 2014.
Sherry Turkle, Life of the Screen (New York: Simon and Schuster, 2011), 30.
Giorgio Franceschetti and Marina Grossi, Homeland Security Threats, Countermeasures, and Privacy Issues (Norwood: Artech House, 2011), 11.
Derek S. Reveron “An Introduction to National Security and Cyberspace,” in Cyberspace and National Security: Threats, Opportunities, and Power in a Virtual World, ed. By Derek S. Reveron (Washington: Georgetown University Press, 2012), 5.
George Kostopoulos, Cyberspace and Cybersecurity (Boca Raton: CRC Press, 2012), 1.
“Leading European Telco”. Web.
“The Company Values of Telekom” Web.
MacDonnel Ulsch, Cyber Threat!: How to Manage the Growing Risk of Cyber Attacks (Hoboken: John Wiley & Sons, 2014), 6.
Scott J. Shackelford, Managing Cyber Attacks in International Law, Business, and Relations: In Search of Cyber Peace (New York: Cambridge University Press, 2014), 140.
“Understanding Denial-of-Service Attacks,”. Web.
Chen Han and Rituja Dongre, “Q&A. What Motivates Cyber-Attackers?”, Technology Innovation Management Review. Web.
Shackelford, Managing Cyber Attacks in International Law, Business, and Relations, 5.
“Introducing Deutsche Telekom CERT,”. Web.
Reveron, “An Introduction to National Security and Cyberspace”, 10.
The issues cyber-security has to tackle on a daily basis are numerous as they are determined by the variety of channels through which harm can be done. The present work deals with the issue of DDoS attacks and builds a case on one of the well-known IT companies to single out the problem, the immediate solutions and preventive practices, and the lessons learned from the experience.
Background
Deutsche Telecom
Deutsche Telecom (German Telecom) is a communications organization with the headquarters in Bohn. Created on the aftermath of the Deutsche Bundespost privatization two decades ago, it currently has the country’s Government as a direct and indirect stockholder of 31.8%1. A major Internet service provider, the company has experienced organizational structure reshuffles in 2005 and 2008, merging and separating from assorted strategic telecommunications units. By 2012, the company had several subsidiaries abroad and a 50-50% joint venture with a UK-based network operator Orange.
Because the Internet and related communications are a part of the country’s infrastructure, a deterrence of these communications would result in a serious infrastructure distortion and economic damage to both the company and the customers. At Deutsche Telecom, they pride themselves on transparent, customer-oriented policies and try to safeguard the customers’ security by sharing knowledge and research evidence.
DoS and DDoS attacks
As the name implies, a Denial-of-service (DoS) attack is the incident of malicious hackers trying to close access to a web resource2. DoS attacks can be conducted in different ways, the most common of which is overloading the service. The attackers saturate the service with communication requests rendering the system non-responsive to traffic. A more massive attack involves a network of malicious users targeting a bandwidth of services. Such an attack is called a Distributed DoS or DDoS.
Some of the common targets of DDoS attacks are governments, financial establishments, and electronic commerce institutions. They can be carried out for political and ideological purposes, as well competitive damping and expulsion from the market. In the case of Deutsche Telecom, however, the actors of the attack or their purposes were unknown3.
Problem
The attack on Deutsche Telecom’s reverse Domain Name System (DNS) commenced on September 3rd, 2012, at about 4 p.m. The DNS was out but the attack was promptly mitigated within an hour and a half. DDoS defense tools were facilitated, and the DNS was functioning again. By 6 p.m., the attackers have already modified the packet structure to override the company’s defense. This is when the DNS went out of function the second time.
The attack was again countered by a reconfigured set of defense tools. The saturation ceased by midnight only to restart on September 5th. This time, the DNS remained in function because the defense tools were still up. The third attack wave happened in the evening the same day, with no damage done to the DNS4.
The BSI (Bundesamt für Sicherheit in der Informationstechnik or Federal Office for Information Security) was informed about the attacks the same day. The company asked BSI for an emergency contact point at a web-hosting provider. It also contacted the Federal Crime Office and issued formal complaints to the Public Prosecution Service the following week. Two weeks after the first attack, the mitigation measures were called back.
The attacker’s or attackers’ motives for the actions remain unknown. No demands to the company were made and no information concerning the actors has been discovered. One of the possible explanations for these events is that the attackers were testing their skill, resources, and tools, that is, the attack for carried out for the sake of itself. Although the source of the DDoS remains unclear, the adversaries must have used the amplification technique.
The technique subsumes short-querying the third-party service DNS with spoofed-source IPs (Deutsche Telecom’s DNS IPs). The queries cause the third-party DNS to shortly send long responses to the IP of the attacked. While the DNS protocol’s amplification factor does not exceed the limit of 100, the size of the queries can be amplified to up to 4000 bytes, which makes it hard to withstand. The fact that the queries often come from legit-looking servers is another factor adding to the gravity of such attacks5.
Solution
Because the attackers used the another web host provider’s servers, Deutsche Telecom started the mitigation with abuse messages to the said provider. They were unsuccessful, hence the necessity to redirect the traffic. As stated in the report on the network security, the registered 2012 attacks did not raise the traffic above 60 Gbit/s but Deutsche Telecom possessed enough capacity to withstand the traffic overload6. Deutsche Telecom’s CERT (Computer Emergency Response Team) was briefed on the incident and assisted with analyzing it7. The attack method was revealed despite the fact that the actors remained unknown. The real queries were distinguished from the automated (DDoS) ones and the latter were blocked by the company’s security system.
The DDoS aftermath
If the 2012 DDoS was successful and the company’s server collapsed, it would severely and irreversibly damage both the provider and its customers, including individual users and businesses. The following actions were performed at varying times to either prevent the attacks altogether or lessen their effects.
The necessity to protect organizations utilizing the provider’s services stipulated the setting of the ICSS IP Transit Security DDoS Defense platform. The platform is capable of detecting and mitigating DoS and DDoS attacks and reduce the effects of traffic “spikes” – seasonal or any other. The platform is constituted by seven threat management systems quartered in Germany and Europe. The service guarantees security as it constantly analyzes the query flows from IPs8.
Within the ICSS platform, a hotline was established allowing the users to notify the company if they locate an attack.
The platform has a cloud-based option which uses the redirection technique like the one deployed for the September 2012 attack. With its 2Tbps mitigation capacity, it is perfectly capable to reroute the malicious traffic, clean, and return to the client by GRE.
As a joint project with BSI and the German Federal Association for Information Technology, Telecommunications and New Media (BITKOM), an online portal Sicherheitstacho.eu was launched in 2013. The portal is basically a dashboard providing a real-time view on cyber-attacks, free for access to everyone interested. The dashboard uses a system of sensors (which also serve as a decoy for unmanned attacks automatically detecting soft spots in assorted networks, sites, and device security)9. The company utilizes the data gathered by these sensors to shield its own system and provide the clients with the updated information10.
Lessons learned
Deutsche Telecom seems to have narrowly escaped the irreparable damage the DDoS attack could have caused if it were not for the prompt actions to redirect the query overflow and the fact that the company possessed a high network capacity. Because the company and CERT realize the vulnerability of their clients should such an attack take place again, they have expanded their existing set of tools and techniques for attack mitigation. Some lessons that can be learned from the company’s experience are as follows.
Firstly, when the attack begins, the abuse messages to the web host provider should not be the intermediary step before a mitigation action is started. In this situation, the attackers were covered under the other provider’s infrastructure, which made it more complicated to identify the attack. A company facing a DDoS should start mitigation as it simultaneously tries to contact the other web host provider. If the network capacity is not high enough to withstand the query flow and the server collapses before the mitigation is started, the damage to the infrastructure will be irreversible.
Secondly, the redirection technique utilized during the September 2012 attack was further upscaled and applied to protect the company’s clientele. In combination with the sensor scanning, the technique facilitates prompt detection and protection for all parties involved.
Conclusion
Deutsche Telecom could have dealt with the attack more efficiently if the mitigation was started immediately after the attack was identified. When the security of private and corporate users is concerned, sole reliance on the network capacity being higher than the attackers’ cannot be always justified. However, the technique of redirecting the attack has proved useful, especially in tandem with other preventive practices such as the DDoS awareness portal.
Bibliography
“DDoS Defense.” Deutsche Telecom. Web.
“International Case Report On Cyber Security Incidents.” Msb.se. Web.