Despite what you may think, Russia’s cyber attack on the Democratic National Committee’s servers was not the first instance of foreign actors committing cyber crimes against the United States. Yet, I cannot emphasize enough how significant these attacks were. Efforts made by top ranking officials in the Russian government not only undermined the legitimacy of the 2016 Presidential Election, but have additionally called into question the state of the American democracy. You might be thinking that it is a bit of an overreaction to question whether American democracy was weakened by these cyber intrusions. I assure you it is not. The 2016 Democracy Index Report published by The Economist downgraded the classification of the American democracy from a “full democracy” to a “flawed democracy.” Lastly, these cyber attacks fostered an increase in interest in the field of cyber security among the American population. Thus, I wanted to provide an overview of the nature of the field of cyber security and the means through which governmental and non-governmental actors can combat cyber crime.
So, what was the first foreign cyber attack on the United States that provoked the interest of the American government? In June of 2007, the unclassified email account of the Secretary of Defense of the United States, Robert Gates, was hacked by foreigners, who were never identified, in an attempt to extrapolate classified data and intelligence from the Pentagon. As a result of the development of this event, the United States Government assessed that it needed to revamp its focus on cyber security by securing cyberspace and revitalize institutions in place to combat cyber threats.
Several actors have an interest in promoting cyber security. First, governments have a vested interest in promoting their nation’s respective cyber security, as they acknowledge the susceptibility of networks on which critical infrastructure is dependent on and classified information is stored. Yet, governments are not the only actors who recognize the importance of cyber security and are susceptible to cyber attacks. Increasingly, major corporations have been the victims of cyber attacks, in which their customers’ sensitive information is obtained through metadata collection, information that includes passwords and personal information. Lastly, common citizens also have an inherent stake in the security of information and cyberspace. Their stake has increased after 2013, when Edward Snowden leaked the details of the National Security Agency’s (NSA) metadata collection and electronic surveillance domestically on American citizens.
Prominent Threats To Cyber Security
Complications in the enforcement and adjudication of cyber crime exist as a result of the anonymity of cyberspace. As a result of the nature of cyberspace, cyber criminals, and hackers are able to commit cyber crimes without fear of being prosecuted due to the ease of making oneself anonymous online, thereby, promoting more individuals to engage in illicit activity in cyberspace. Cyber criminals have capitalized increasingly on the intricacies in the nature of cyberspace that unintentionally promote anonymity, by selling their expertise and services to the highest bidder, leading them to engage in more sophisticated targeting of data and infrastructure. Further, the interconnectedness of networks in cyberspace allows for skilled individuals to mask their identities, causing individuals in the cyber security community to be unable to identify and prosecute these individuals.
The multilayered nature of Information and Communications Technology (ICT) has provided cyber-criminals with several channels through which they can engage in cyber crime. The first channel to engage in cyber crime is through remote access, which is the most common method utilized, because it allows cyber-criminals to hack these networks from any location that the Internet is accessible. An alternative channel to access information illegally is through what is deemed to be a “back door,” or a means of entry that is purposely built into the computer program and network during construction. Back doors provide networks with an increased susceptibility to cyber attacks and makes sensitive information on the networks vulnerable to manipulation, as this information is more accessible. Third, a tactic utilized by foreign hackers against Estonian online banking and government services in April of 2007, is denial of access, in which cyber criminals disable websites’ servers by producing a large number of illegitimate cyber traffic, as the networks cannot process the data fast enough to remain operational.
Lastly, the pervasiveness of the Internet, cyberspace, and cyber attacks provides an additional challenge for the cyber security community, as well as those who reap the rewards from sound cyber security policies. The pervasiveness of cyber attacks that occur across borders results in a significant challenge to agencies that work to identify and prosecute cyber criminals, as the Internet does not adhere to the principles of the Westphalian state system. Over the last decade, cyber criminals have begun to expand the scope of their operations to be increasingly transnational, as they recognize that they can exploit the jurisdictional laws of states to avoid prosecution. Thus, the Russian cyber attacks against the United States, while extremely alarming, are not that surprising. The increase in prominence of social media sites such as Facebook, Twitter, Instagram, and YouTube has caused a heightened online security risk for individuals, as hackers and cyber criminals often use individuals’ social media accounts to obtain sensitive and personal information that allows them to commit financial crimes and identity theft.
Let this be a warning to you. Do not share sensitive information online, or before you know it, you may be a victim of identity fraud.
Means By Which Threats To Cyber Security Can Be Combatted: Looking Forward
As a result of the threats that plague cyberspace, the development of a global cyber security environment seems to have become a necessity. This global environment would be tasked with solving a challenge that has been problematic for cyber security experts, how to advance the national economic interest, while securing sensitive information? Governments throughout the world recognize the importance of the existing global economy and utilization of the Internet through the private sector will foster economic growth and an increase in wealth. Thus, if efforts are made to restrict both data flow and the exchange of information, it will lead to unintended consequences that prevents the full capitalization and utilization of the Internet. Efforts to implement a global environment to promote cyber security will be challenging, yet, it will prove to be successful if key actors in the process of establishing this environment take several steps.
First, these actors need to ensure that legislation passed will not create barriers to using the Internet, increase the cost of transmitting data, disrupt trade, or restrict economic growth. Next, a new model needs to be applied to cyber security that sufficiently addresses the dynamic nature of cyber security and cyber threats. Third, these actors must provide governments, businesses, and citizens alike with a degree of transparency that promotes trust in the system, as well as an adequate protection of consumer data. Additionally, as governments, businesses, and citizens have a vested interest in promoting cyber security as it is economically beneficial to them, these three realms need to collaborate to provide long-term solutions to combat cyber crime and threats that jeopardize cyber security.
Lastly, the Doctrine of Prevention, whose goal is to deter all potential threats from a system by eradicating its vulnerabilities in the system, needs to implemented further into the global cyber security strategy. The implementation of the doctrine of prevention would include the development of patches, which are updates that can be installed to a system to eliminate previously identified vulnerabilities. Yet, as consumers lack the awareness to identify vulnerabilities in their systems they often opt to not install patches for several reasons, including fear of slowing down their computers and of the patches causing the illegal software present on their device to be reported to authorities. This doctrine includes a recurring expense to businesses, thus businesses in the past have been unwilling to adapt their systems to involve system testing.
Thus, governments throughout the world can take a combination of a few different approaches to eliminate the inefficiency in this doctrine. First, governments can subsidize the implementation of these systems tests, which are utilized to determine vulnerabilities in a system. Second, governments can establish mandatory standards that when deployed would result in systems across the board to have fewer vulnerabilities, which can either be subsidized by the federal governments or unsubsidized. Third, governments can engage in timely information sharing regarding cyber criminals and threats to cyber security, which would result in a better understanding of cyber attacks, which would help them prevent future attacks. Lastly, governments and businesses must promote the installation of patches through the utilization of automatic updates, as well as the encryption of systems and data, which is an underutilized tool to combat cyber threats. Therefore, if these steps are utilized to combat cyber crime, and cyber security will be strengthened.
But what can do take as a civilian to protect your information? The answer is actually quite simple. Do not share or store any sensitive information online!
Photo credit kremlin.ru, Creative Commons