The world of Information Technology is complex and sometimes difficult to completely understand. When studying information systems, one must look at this aspect as well as the business component. The strength of its infrastructure is vital to government agencies and corporations that rely on technological advances for efficiency of their business processes. As we continue to progress in making information technology more efficient, we must focus on advancing its security components and respond to the growing phenomenon of cyber warfare. We can protect ourselves from potential cybercriminals by improving antivirus and computer software such as firewalls, and intrusion detection systems, and by implementing employee training in computer security. Major attacks also need to be publicized so that corporations and business entrepreneurs can make necessary precautions for their businesses. A recent publicized attack was Operation “Shady Rat,” however there have been a number of successful attacks since the ‘90s.
This attack affected approximately 14 countries and over 70 corporations with damages amounting to billions of dollars. The details and whereabouts of the data that was possibly stolen have yet to be discovered by research officials and analysts; how will that data be used and what do they have? The U.S must realize that strengthening the defenses of the IT world is equally as important as strengthening military defenses, if not more. Cyberspace is slowly starting to establish itself as a legit battlefield and the U.S must be prepared .to defend itself in the event of a cyber war. In order to do this, there are components of the IT infrastructure that have to be looked at including cyber security tools and systems, computer software, and other vulnerabilities within the infrastructure. The U.S should reallocate some resources to these areas of focus before irreparable damage is done to the world economy and the U.S infrastructure. Cyber Security and Cyber Warfare
So much attention is given to improving efficiency of business through technology that the United States forgets to enhance the security aspects of the new and improved machines, software, and servers. The researcher of this topic would be wrong in saying that no attention was being given to this issue. The White House and the Pentagon have attempted to implement plans, but after looking at the cost of damages and repair, there should be more resources devoted to fixing this problem. More attention must be focused on the advancement of IT infrastructure specifically cyber security, and to the phenomenon of cyber warfare as cyber attacks on U.S corporations continue to inflict damage and become more detrimental to the United States economy and society as a whole. The future of American prosperity and competitiveness depends on these improvements. As stated in the Laudon & Laudon text, the IT infrastructure provides the foundation for supporting all the information systems in the business (Laudon & Laudon, 2010).
It is composed of computer hardware, computer software, data management technology, networking and telecommunications technology, and technology services. Computer security software is one area that should be addressed. New Windows software is being developed everyday with improvements in performance, usability, support for interfaces, and security. For some corporations, Windows is the operating system for network servers. Are the security enhancements really being improved that much? Is there enough effort and money being put toward these enhancements? These are questions to ask due to the increasing number of cyber attacks against all types of computers including PCs, mainframes, servers, work stations, and supercomputers. The security aspect of the infrastructure refers to the policies, procedures, software, and technical measures used to prevent unauthorized access, theft, or physical damage to information systems. All of these mentioned areas must be updated and improved periodically because of their vulnerabilities. These weaknesses exist because data is now being stored electronically, which makes them more vulnerable to internal and external threats. In multi-tier computing systems, vulnerabilities are present within each channel through which information passes.
Intruders, being the most common form of external threats, are able to access and intercept this data as it flows from one component to the next. Most people are so focused on avoiding hackers and intruders that they forget about the common internal threats of their own employees and co-workers. According to Laudon & Laudon, studies have shown that the lack of user knowledge is the single greatest cause of network security breaches (Laudon & Laudon, 2010). With this being the case, there should be improvement made on training and educating employees on IT security. Government agencies will not allow employees to start work or get access to the network until they pass a short assessment on IT security and on ensuring the safety of the agencies network. Measures like these should be taken all across the globe and should be strictly enforced. Approaching and fixing the issue of cyber security has been and will be a long and expensive process, as in dealing with any problem related to information systems. The cyber warfare phenomenon is growing rapidly and is continuously taking a toll on the infrastructure and financial stability of the United States. The improvement of all these aspects of IT infrastructure will help prepare the United States from future attacks, while safeguarding it from a potential decline in economic growth.
Cyber warfare refers to a politically motivated attack of major networks or systems with the purpose of damage or spying. Government security expert Richard A. Clark, author of Cyber War, defines the term as “actions by a nation-state to penetrate another nation’s computers or networks for the purposes of causing damage or disruption” (Clarke and Knake, 2011). The global aspect of the Internet makes it possible for intruders to do harm to any country’s system from anywhere in the world. Some computer security experts say that the internet has become a “warzone” for cyber battle with steadily advancing hacking techniques. Certain vulnerabilities of the internet and other networks are making them easy targets for attacks by terrorists or other groups looking to cause disruption or damage. The “targets” are created by the fixed internet addresses that occur with computers that are constantly connected to the Internet. These include a wide range of victims, especially government agencies that use systems that require constant uploading and updating.
For example, at the U.S. Department of Agriculture, a newly implemented financial system called Financial Management Modernization Initiative (FMMI) is constantly updating and uploading Business Intelligence information which travels between servers. The computers in the building are constantly connected to the network, although they may not be logged into the financial system, they are still susceptible to attack. The Internet is something that people and businesses rely on for day to day activity and some can’t survive without it. This technological expansion plays right into the hand of cybercriminals because there will never be a shortage of victims to pursue. A great response to this situation is to make it not only tougher for those criminals, but next to impossible. After researching this topic, it seems as if it is less expensive to launch offensive attacks than it is to protect and defend the servers and networks (Laudon & Laudon, 2010). The U.S. must continue to focus on defense against these attacks as opposed to launching an offensive strategy. A solution to this problem is to create software programs and other tools to defend against various malicious attacks as there are so many hacking and damaging techniques. Malware and spyware are types of malicious software programs that come in the form of virus, worms, or Trojan horse (Laudon & Laudon 2011).
These programs are implemented through e-mail, networking sites, and other vehicles using various techniques such as spoofing, phishing, and sniffers. E-mail and instant messenger have become essential tools for business processes in the corporate world as well as major vehicles for delivering malicious software programs. Many employees are instructed to refrain from using instant messaging programs, such as Yahoo or AIM, and opening emails from unknown addresses and sites because they make networks vulnerable to cyber criminals. These random emails with large attachments that employees get while at work are most likely worms. Viruses and worms are capable of destroying critical data, computer programs, and disrupting the operation of an organization’s network. Spoofing is a technique used by hackers that enable social engineering, which is a practice where malicious intruders trick employees into revealing their passwords by pretending to work for the company. Phishing is a form of spoofing that comes in the form of email and Web pages used by intruders mostly to obtain vital identity information (Laudon & Laudon 2010). The email message or web site would ask people to subscribe to this service or confirm their identity, and people would actually respond to these web sites, ads, or emails with social security numbers, credit card numbers, bank, and other confidential information that leads to identity theft.
Although these types of attack are directly against the U.S, it does cost to develop plans and cover the losses of people who are victims of identity theft. As a result of employee curiosity and lack of knowledge, this form of malware has become very problematic over the years among government agencies and corporations. Social networking sites have become a popular vehicle for malware due to the abundance of users. Harmful content can be posted in messages, wall posts, and web pages and launched onto the networks once this content is viewed. This technique can damage or monitor hundreds of systems from one implementation. The fact that this type of content can be freely posted on such a widely used site is alarming. This is where the advancement of IT software comes into play in terms of upgrading the security of operating systems and software that will detect this content before it can be launched onto the network. A big issue that has been concealed from the public is the widespread increase in cyber attacks against many different corporations and government organizations. Over the years, computers have become what some call “tools for catastrophe” (Browning, 1997). Our pursuit for efficiency through means of technological advancement has actually worked against us in some ways.
Hackers have used these same tools that executives work more efficiently to perform malicious tasks such as altering government files, installing pornographic material, collecting security passwords, and disrupting military research operations. There have been various historical attacks on numerous United States computer systems which have become both costly and dangerous. According to an article by Graeme Browning, in 1996 a survey was taken of over 500 U.S corporations, government agencies, and financial institutions and showed that 75% of them lost a total of $100 million due to computer attacks (Browning, 1997). The cyber warfare – also a controversial term – phenomenon hasn’t necessarily evolved in terms of technique but more in terms of number and frequency. The term warfare has become controversial. Are we really at war? Most attacks are mere intrusions that allow attackers to spy on intellectual information. Cyber attacks can be dated back as far as the early 1990s during the Gulf war when hackers from the Netherlands stole vital military information that, according to a former Energy Department official, was offered to the Iraqi leaders.
Later in 1994, a U.S Naval ship was attacked using sniffer programs that had been installed on servers. The results of this attack included the changing of thousands of passwords and the Academy’s inability to process and store classified information. Although these attacks were damaging, they were not as effective as some of the more recent attacks. One of the most recently revealed major global cyber attacks was “Operation Shady Rat”. This cyber attack spanned over a time period of five years and has been characterized as a “historically unprecedented transfer of wealth,” in which wealth is defined as national secrets, emails, legal contracts, schematics for design, and other valuable intellectual data. According to McAfee, the amount of pillaged data amounts in the petabytes range but where and how the data is being used has yet to be answered. To put this in perspective, that amount of data is equal to about one quadrillion bytes of information or 1,000 terabytes. Some small company servers only hold about 800 GB of data which is a tiny fraction of a petabyte. However, the missing data still represents a threat to our country’s economy and infrastructure.
McAfee states that the many different countries that were victims to this attack face the possibility of decreased economic growth along with major threats of national security (Alperovitch, 2011). The attack was discovered by the McAfee security company when, in 2009, they came across the command and control server used by the intruders. Although the server itself was discovered in 2009, the details behind the attack were not researched until March 2011. Analysis of information technology issues can be very complex but the idea that action was not taken until years later is quite disturbing. The results of the research concluded that there were more than 10 countries and over 70 corporations that were affected by this attack. Of those 70 corporations, almost 50 of them are located in the United States. Another daunting fact about this attack is that, from an IT standpoint, based on the delivery and method of attack, it was no more sophisticated than any other normal cyber attack.
The methods they used were standard phishing techniques which consisted of emails with attachments that would introduce malware to the system if opened. The way that this attack got its name is that through the phishing technique, hackers could install RAT software in the victims’ system which would allow for system monitoring, network probing, and data extraction, hence the name ‘Shady RAT.’ This technique is usually guarded by security policies which forbid employees from opening attachments from unknown emails, let alone opening the email itself. If we could somehow better enforce these policies we could limit attacks that use this method. This simple method was also used in other attacks including “Operation Aurora” on Google and other oil and gas companies. (Alperovitch, 2011) Another key characteristic of this attack is that it was in fact disclosed to the public which is very important because it alerts us as a people, what we are doing to enable these attacks, and what we can do to prevent them. Other hacker groups such as Anonymous and LulzSec, who have also launched attacks, receive much more press than these long term attacks which researchers say do far more damage and are more persistent in manner. As for the culprits of these attacks, it was found that the intrusions most likely originated in China.
After being briefed by McAfee and noticing that the International Olympic Committee and the Taiwanese Government were on the victim list, Jim Lewis of the Center for Strategic and International Studies was led to the conclusion that China was responsible for the attack. China has also been accused of these types of attacks before dating back to the late 1990s but have yet to be blamed publicly for these attacks. Over the five year span of the attack, Scott Borg, an economist for the U.S Cyber Consequences Unit, indicated that the overall annual intellectual loss ranged from $6 billion to $20 billion, with oil industries being on the upper end of that scale due to the loss of investment opportunities. This cost does not include the costs that were initially put into efforts of improving cyber security. (Alperovitch, 2011) Through the development and improvement of access control, firewalls, intrusion detection systems, antivirus software, and employee training and education, the task of securing information systems can be daunting and costly but possible. Cyber security is a vital part of the IT infrastructure therefore more focus should be put into its enhancement.
Some attention has been given to this issue by U.S government officials, according to CBS News, as the Pentagon has spent over $100 million in response to cyber security and attacks (CBS News, 2009). It can be argued, that increased attention has not been warranted due to the lack of sophistication of these attacks but some officials say that “it would be nice to spend money proactively…rather than fixing things after the fact.” Access control refers to the policies and procedures a company uses to prevent unauthorized access to systems from insiders and outsiders (Laudon & Laudon, 2010). In the business world, most systems have authentication processes often using passwords known only by the users of that system. The problem with this goes back to the idea of employees serving as internal threats. Most passwords are forgotten by users or shared with co-workers or made simple to keep from forgetting them; these are all factors that compromise computer security. However, the authentication process creates more problems than expected. For example, as a government employee, you are required to periodically change passwords for multiple systems.
This leads to increased forgetfulness with multiple passwords and easier passwords that can be guessed or figured out. Also, users tend to keep these credentials written down making them vulnerable some even kept them in excel spreadsheets. The password dilemma is partially addressed, but not solved in the development of tokens and smartcards, which are also most often used by government agencies. There is ample opportunity for these to be stolen, along with passwords thus allowing unauthorized access. On the other hand, biometric authentication systems provide a more unique process for users, which consist of reading and interpreting individual human traits, such as fingerprints and voices, in order to grant them access. This specified form of measurement would permit only that individual to gain access. With the growing rate of people working from home and accessing networks while on travel, biometric authentication is a safe and smart route to take in regards to improving security applications.
Moreover, a firewall prevents unauthorized users from gaining access to private networks. It performs tasks like identifying names, IP addresses, applications, and other characteristics of incoming traffic. Some hackers are clever enough to hack through firewalls without an issue, which is why it is important for these firewalls to have the most up to date preventive measures. The firewall has various screening technologies that make it effective. Packet filtering evaluates fields in the headers of data packets that travel through cyber channels, but can miss many attacks if there was an error in the filtering. Stateful inspection is an additional security measure that determines if the data packets are part of a dialogue history or establishing new connections and decides whether to accept or reject those packets based on those options. Another layer of protection is the Network Address Translation which hides the IP address of the host connection making it difficult for intruders to implement sniffer programs or locate their target.
This method is interesting because if it’s capable of hiding IP addresses of major networks and connections, then it could possibly limit numerous cyber attacks. The technology that seems to be most effective is the Application proxy filtering which examines the actual content of the data packets deciding whether or not that data should pass through the firewall. Each system has a network administrator that is in charge of programming the access rules into the system so that the firewall has something to check against. In order for the firewall to be effective, the administrator must maintain these rules that identify various applications, people, or addresses. Strengthening these components of the firewall could be costly because first the U.S must buy the necessary hardware and software and then find someone with enough mental ability to program and maintain the internal rules, which is why security outsourcing becomes an option. Whenever companies lack the resources to provide that sort of expertise they can outsource to managed security service providers that will monitor the network and perform vulnerability testing and intrusion detection.
Intrusion detection would be a vital tool to improve, so that immediate action can be taken when attacks are discovered as opposed to having attacks last over five years without being detected until it is too late. It consists of monitoring tools that focus on the vulnerable areas of corporate systems detecting intruders continuously. The most intriguing part about this type of system is that it can be programmed to have a shut down trigger in which the sensitive part of the network will shut down if unauthorized activity is detected. The most commonly used defensive strategy is Antivirus software which is designed to locate and eradicate computer viruses. According to Laudon & Laudon, this software only works against viruses that are already known to the programmer, so defense mechanisms can be written into the program. Viruses today are evolving at high rates so the updates to the software would have to be done frequently. Most of these more advanced defense strategies are usually handled by software vendors. This means that U.S corporations and users have to pay a hefty amount, to get the most up to date software and tools.
Software vendors have even bundled firewalls, intrusion detection, and antivirus software into UTMs and unified threat management systems. Understandably, the reason behind out-dated systems and weak firewalls is the lack of financial resources, or under allocation of resources applied to this field. (Laudon & Laudon 2010) One of the other easier and cheaper options would be to educate and train employees expressing the importance of cyber security and the repercussions if the network was made vulnerable to intrusion or attack. Computer crimes, such as identity theft, and the financial cost of repairing a personal computer or network should be explained to the workers. It is essential to understand that using complicated passwords is just as important in protecting their company’s information. Updating the antivirus software on the operating system, checking the security settings, and archiving data are all tasks that need to be addressed with new employees. There is an annual National Cyber Awareness Month that has been held in October for the past eight years. During this month, awareness is raised to the public and private sectors about the “interconnectedness of the modern world,” which proves that everyone has a role to play in increasing cyber security (“National cyber security” 2011).
The researcher would recommend that funds are allotted towards security of the IT infrastructure instead of using those funds for repair of the damages to the IT infrastructure. Although there are many options and components to improve, the most vital and effective solution would be to enhance intrusion detection systems, antivirus software, vulnerability monitoring, and IT security training for new employees. Of those options, employee training seems to be the most cost effective, but with all the money going into missiles and armory, there is possibility for reallocation of these funds. The U.S must realize the severity of this issue and how this could greatly affect our nation. There are no policies in place of how the U.S as a country should respond in the event of a devastating attack against their infrastructure. The U.S has been making strides toward this effort but they must continue to do so as hacking techniques and viruses are evolving every day. No agency or corporation is safe from attack as they fall under one of two categories: those that know they have been attacked and those that have not realize they have been attacked.
Laudon, E. C., & Laudon, J. P. (2010). Essentials of management information
systems. (9th Ed.). Saddle River, New Jersey: Pearson College.
Department of Homeland Security, (2011). National cyber security awareness
Browning, G. (1997, August 1). Hack attack. Retrieved from
Alperovitch, D. (2011). Revealed: operation shady rat. Retrieved from http://www.mcafee.com/us/resources/white-papers/wp-operation-shady-rat.pdf
CBS News. (2009, April 7). Pentagon bill to fix cyber attacks. Retrieved from http://www.cbsnews.com/stories/2009/04/07/tech/main4926071.shtml
Clarke, I. A., & Knake, O. K. (2011). Cyber war, the next threat to national
security and what to do about it. HarperCollins. Retrieved from http://books.google.com/books/feeds/volumes?q=978-0-06–196223-3