Cybersecurity in the Globalization Era
MCR 601 – Intelligence and the Global Strategic Environment
LT Barry DeLisle, USN
October 2015
When considering the technological advances over the past 50 years, the Internet has undoubtedly had the greatest impact on everyday life of developed economies and its citizens. The world has become smaller, societies interconnected, and the pace of global integration dramatically increased since the introduction of the Internet. As people and information become increasingly integrated around the world, physical borders between nations are no longer sufficient to restrict access to information and sensitive data. This integrated world allows for malicious cyber actors to advance strategic
…show more content…
Risk mitigation encompasses all actions taken after a cyber-attack to return to normality. While investigation costs and risk mitigation costs can be assessed without much difficulty, the lost value of a compromised asset can be a complicated number to arrive at quantitatively. The cost of stolen intellectual property (IP) is the most difficult to estimate, as part of the cost of cybercrime, but it is also the most important variable for determining loss. Along with the difficulty of valuing IP, other intangible losses are not easily measured. For example, the effects of cyber espionage on national security are significant, and the value of military technology taken cannot be assessed using standard commercial methods. Commercial endeavors to place a monetary number on the value lost after a cyber-attack focuses on several variables that do not translate easily into the public sector. Some of the variables include: fluctuations in stock prices, fair market value, return on investment, and ability to generate cash …show more content…
In 2013, more than 40 million people were affected by stolen information in the United States alone. In 2015, the Office of Personnel Management (OPM) announced the results of the interagency forensic investigation into two cyber intrusion incidents on their network. Following the conclusion of the forensics investigation, OPM determined the compromised information included details such as Social Security Numbers (SSNs); residency and educational history; employment history; information about immediate family and other personal and business acquaintances; health, criminal and financial history; and other details. The team concluded with high confidence that sensitive information, including SSNs of 21.5 million individuals, was stolen from the background investigation databases. This includes 19.7 million individuals that applied for a background investigation, and 1.8 million non-applicants, predominantly spouses or co-habitants of applicants. Additionally, over 1.1 million fingerprints were exfiltrated from the network. Essentially, for any federal employee, contractor, or military member who underwent a background investigation through OPM in 2000 or afterwards, it is highly likely their information was compromised in the OPM cyber
The actual increasing nature connected with treats and vulnerabilities not just affects specific businesses and their particular consumers, nevertheless in concert this treats present a chronic economical and countrywide stability problem. Since the review clarified, revealing obligation to protect cyber security across all pertinent significant can be growing to be ever more critical. Research equipment usually are extreme and significantly
Every time we connect to the Internet at home, at school, at work, or on our mobile devices we make decisions that affect not only ourselves, but our neighbors, or colleagues, and our nation. Cybersecurity is a shared responsibility, and each of us has a role to play (Homeland Security 2015). The intended audiences that are most interested, receptive and motivated, in reading this research paper: business owners, teenagers, college students, military, people in IT, computer science, employees and government. Cyber space has become a critical area of national security with the ever increasing amount of information transferred through and contained within digital environments. Attacks over the last couple of years reveal the severity of the threat regarding both the target and the number of the attacks (Braman, Susmann & Vaseashta 2014). If your business is like most in America, Internet is an indispensable modern tool for daily transactions. Online browsing allows connectivity to new customers and business growth. If you do not have a Web site, Instagram, Facebook page or Twitter account, you probably rely on Internet to perform your day-to-day business, as banking, payroll or orders for supplies. Using the internet should be safe. Small businesses may think they are not targeted; but cybercriminals are
Towards the end of 2013, OPM began to upgrade their cybersecurity polices. They added new tools and capabilities to various networks throughout their agency. The results of the new security upgrades, OPM was able to identify two different cybersecurity incidents on its systems. May of 2015 OPM discovered that their system has been under attack. Information such as background investigation records of current, former, and prospective Federal employees and contractors were stolen. After an extensive forensics investigation, it was determined that the types of information in these records include identification information such as Social Security Numbers, educational history, employment history, information about immediate family and other personal
In a documentary by Admiral Vern (2002), “the events of September 11, 2001 tragically illustrated that the promise of peace and security in the 21st Century is fraught with profound dangers”. The US foreign policies and interest in key geographic regions of the world sparks controversies resulting in state funded cyber attacks, cyber espionage and terrorism against the United States and its allied nations. When several attempts to cripple the United States and its allied nations through negotiations failed, enemy states and nefarious groups have shifted their focus to cyber attacks and cyber espionage. According to Gady (2016), “China continues cyber espionage against the United States”. Drezner (2014), “Washington and Beijing hardly agree on everything, but they agree on the big things, like maintaining an open global economy, reducing the likelihood of a military confrontation, and tackling climate change”.
The United States Office of Personnel Management (OPM) announced on June 4th, 2015 that hackers had intruded into its network to exfiltrate the personnel records of 4.2 million current and former government employees (Bisson). On June 23rd, FBI Director James Corney confirmed the OPM breach was much worse than originally thought, in total 21.5 million people were compromised. Information Security experts warn that this breach could threaten the United States’ national security for generations. It is important to study how the breach occurred to prevent similar ones in the future.
Office of Personnel Management (OPM) in June 2015 discovered two cybersecurity breach incidents that impacted information of Federal government employees and contractors. OPM discovered that the background investigation data of current, former, and future Federal employees and contractors had been stolen y hackers. OPM found that sensitive information, including the Social Security Numbers of 21 million individuals were stolen from the background investigation databases. This includes 20 million individuals that applied for a background investigation, and 2 million non-applicants, mostly spouses or co-habitants of applicants. Some records also include Reports of Investigations/Statements from interviews conducted by
The world is becoming more and more digital everyday, things as simple as the lights in our houses can be linked to a network. Nevertheless, these networks can be a window of opportunity for cyberterrorist groups, or hacktivists to exploit. Technology has also given the resources needed for these groups to become more efficient at what they do, like increasing bandwidth speeds or more efficient computers for example, but also the same technologies can be used to strengthen security measures against these attacks.
The advancement of computer technology and networking has rapidly expanded communications but as we progress with the wage of the new world technology comes with it own costs. The same technology that provides useful services can be used against its users and benefit computer terrorist to get our information, take our identity and preview our personal lives without many of us knowing what has happened until it is too late. Continuous advancing technology provides criminals and terrorists with a variety of new tools and opportunities to conduct their agendas against current technology.
Our corporations, and even government agencies, continue to demonstrate the variation in defense and mitigation techniques, as we are more or less unsurprised when another company reports an erroneous amount of stolen credit card and banking data. Indeed, our visage of unconditional safety is leaving us vulnerable on the cusp of another internet revolution.
“110 million Americans saw their identities compromised in 2014” Gault argues, adding that 110 million is one in every two Americans (2). With new technological inventions, such as the cloud, which allows remote access to stored information, there are “too many vulnerabilities hackers can exploit” (Gault 7). Cybersecurity has been breached due to the lack of integrity in the system. There is an acute focus on encryption in the industry with the belief that it is the key in ensuring confidentiality and ultimately, cybersecurity. Meanwhile, the industry “rarely” addresses integrity (Gault 17). Gault firmly argues that “the system is broken” because of the lack of integrity in the system. Confidentiality, while important, is not integral in preventing and providing solutions for data breach and theft. The current system solution for cybersecurity threat is dominated by a “lock-and-key system”; preventative, but once access is achieved, accessibility becomes much more effortless for others (Gault 21). Gault suggests an integrity solution that acts more “like an alarm”, a method focused on monitoring suspicious activity on online databases and platforms that then sends an alert when suspicious activity is detected. (22). Gault argues the loss of integrity is apparent in the cybersecurity industry because of the method in which prevents unauthorized access and thievery does not include elements of integrity. The
Due the advancement of technology over the past few decades, cybersecurity has become a more prevalent issue for businesses than ever before. Prior to Thanksgiving in 2013, Target experienced the biggest cybersecurity breach in retail history. Target had all the correct controls put in place to prevent the cybersecurity attack. In fact, six months before the attack “[Target] began installing a $1.6 million malware detection tool made by the computer security firm FireEye, whose customers also include the CIA and the Pentagon” (Bloomberg, How Target Blew It). Target’s security ignored all the alerts that went off regarding the cybersecurity attack, and “stood by as 40 million credit card numbers—and 70 million addresses, phone numbers, and other pieces of personal information—gushed out of its mainframes” (Bloomberg, How Target Blew It). The Target incident is just one example (of many) that demonstrates the need for heightened cybersecurity in the business world. Today, there are various disclosure requirements under multiple financial reporting jurisdictions regarding the impact and cost of cybersecurity breaches. These requirements and disclosures will be discussed in more detail below under the different reporting jurisdictions, including: U.S. GAAP, IFRS, the SEC, and SOX.
A part of this discussion deals with necessary funding for confronting developing treats. Throughout the past decade, cybersecurity budgets and standards have been upgraded to deal with past incidents of developed attacks and the future threats they impose. In addressing this issue, cybersecurity has been the attention of major investments and budget allocations to support both research and its defense fields. For example, North America’s planned IT budget for cyber security was 7.75% in 2006 (Davis) growing tremendously by 2016 and allocating a 35 percent increase from US President’s Fiscal Year investment in overall Federal resources for cybersecurity (The White House). Additionally, in 2012, global defense organizations planned and increased their cybersecurity budgets by 6% over the next year (Defense). These actions are mainly provisions to encounter new vulnerabilities based on previous incidences. Powerful attacks proved vulnerabilities of industrial sized systems and thus showing leads to new forms of local and global terrorism. For example, Stuxnet was a “game changer”, being a first of its kind cyber-attack infecting industrial scaled systems by using sophisticated malware used to exploit machines (Langill). States have placed numerous safeguards to ensure more security in dealing with threats of this nature. In another example, the stealing of 5.6 million user biometric fingerprints created a lifelong identity theft problem which was addressed by the Office of Personnel Management. This has caused behavior analytics to develop standards in determining and protecting your identity (OPM). Overall, the time, energy, and resources allocated for cybersecurity is in proportion to the needs and the seriousness of the threats and as technology advances and the ability to cause damage intensifies, we can forecast a growth in cybersecurity investments for both
The United States Office of Personnel Management published an announcement in the month of June in 2015, that its office has been the object of ridicule from a high-level cyber-attack. This office is the section for the United States government, which oversees the federal government’s civil services (Lee, 2015). The department manages the security okays necessary for numerous of jobs in the government that oversees top-secret approvals for the armed forces in the United States. Five point six million people fingerprint information was stolen this is a fivefold upsurge since the former approximation of 1.1 million. The infringement of information would have a bearing on twenty-two million individuals that comprised confidential
Prevalent to the current trend now is the dependency of the society on Information technology and communication systems. Every aspect of human life is one way or the other linked and controlled by information technology tools. The importance of information technology cannot be over emphasized as its unavailability could lead to a form of disaster or the other. Pivotal infrastructures like finance, healthcare, education and security are driven by information technology. However, information technology and its benefits are accompanied by vulnerabilities and risks that can be exploited by people with the necessary technical skills. Individuals like ‘Hackers’ and ‘Cyber Terrorist’ can cause disruption to information systems, commit financial fraud and also attack computers and networks. These attacks and disruptions could result to violence against people and properties. In some cases, death, serious injuries and severe economic loss could occur as a result of these attacks.
In summer of 2013, numerous global surveillance programs were widely acknowledged by the public and media, because Edward Snowden leaked thousands of classified documents of them from National Security Agency (NSA), triggering a global debate about national security and citizens’ rights to privacy on the Internet (Philippens, 2013). The development of Internet provides great convenience for the companies and consumers, such as e-commerce and social networking. Meanwhile, it poses certain risks to some extent, such as leakage of corporate secrets and personal privacy. Thus, multinational companies should find their ways to respond to the problem of cyber security in the digital age.