Tag Archives: Cybersecurity

The New Cold War: Cybersecurity

On Tuesday, our class had the pleasure of hearing a lecture on cybersecurity. We talked about what exactly cybersecurity is and what kinds of things threaten our cyber safety. It became immediately apparent that there is a “dark side” to the technology that we have come to thrive off of and depend on. We discussed the concept of hacking and the many different ways that our data can be compromised without our knowledge. One thing that really resonated with me was our discussion of APTs, or Advanced Persistent Threats.

An APT is a set of stealthy and continuous hacking processes orchestrated by a group of people targeting a specific entity. APTs usually target organizations and or nations for business or political motives. There are entire military units devoted to this kind of Internet-enabled espionage. For example, APT1 is a term commonly used to refer to Unit 61398 of the People’s Liberation Army of China. They exist solely for this purpose. One of the first things that comes to mind is, “What are the ramifications?”, especially for a nation like the U.S. that relies so heavily on its data. Is our data safe? Are our networks secure?

In a recent article by Matt Sheehan of the Huffington Post, we can see that this is a growing concern. China has been making massive investments in United States technology, and the investments are only growing. For many, it may seem as though China is a little too close for comfort. We know they have the kind of technology to invade our networks, just as we have the technology to invade theirs. Is this becoming a modern day Cold War? Cybersecurity concerns could easily turn into Cyber Warfare. Traditionally, the United States’ economy welcomes this kind of foreign investment, but in the near future it will become increasingly important to exercise discretion, and to understand the potential consequences of giving our competitors a hand in our technological developments.


Cybersecurity in Developing Nations

Over the past few weeks we have discussed many new tools and programs designed to put more governmental information online to streamline processes. These programs have the potential to simplify and aid in development but they also come with their own set of problems. Cybersecurity is one of the most important issues of the new millennium.

The ITU has released an entire report about how developing nations need to upgrade their cyber-infrastructure. As these nations begin to put more and more governmental, financial, and secret data on to computer systems hackers and cyber-criminals have opportunities to steal this information. High profile attacks like on the Saudi Arabian oil company Arramco which affected more than 30,000 computers could be devastating to a developing nation. Cyber criminals can target government owned systems to steal data or digital currencies like M-Pesa to steal money from 1000s of miles away.

The ITU has released guidelines for developing nations to improve their security. Some of their recommendations include training the weakest part of the cybersecurity system, the user. The same skills gap that holds developing countries back in terms of digital knowledge also makes their existing systems more venerable to cyber threats. Inexperienced computer users are not worried about cyber threats and can take risky actions online. Poorly trained government workers can easily compromise sensitive government systems and allow hackers and other cybercriminals access to governmental data.

Over the next few years the success of eGovernment and eCurrency programs will be determined by the level of security they can provide for users. If developing countries cannot train their population to safely use technology many of the advances that technology can provide will be lost due to compromised security problems. Technology can help to improve the lives of people living in developing nations but if their governments do not invest in security infrastructure for their networks the same technologies that can help them develop can make them venerable to crime and cyberwarfare.

 


ICT National Policies, Where from Whom?

Upon writing my second country paper, I was interested to find that the only concrete information I could find regarding statistical data on Indonesia was when it was grouped with the rest of Southeast Asia. Yes, there was definitely information that could be found, but as far as the information communication technology policies in place it was not only hard but some of the sources had to be translated into English. It is therefor reasonable to report that maybe the most accurate information is not from United States or English-speaking reports, but instead through publications and articles that come directly from the country and are translated so that English speakers can read them. It is also reasonable to consider that the cyber security systems that would undoubtedly monitor the information from other countries being printed in the U.S. is quite possible. By going directly to local and national newspapers of the country in which you are interested in is probably the best way to find out the most factual information. The website I’ve fount the most helpful was this:

http://imtranslator.net/translation/english/to-indonesian/translation/

Like I stated on one of my previous posts, there is definitely a huge barrier when we are trying to gain information from thousands of miles away through the portal of the Internet. Something interesting I found was that the articles written on websites like the Huffingtonpost or on The New York Times were very generalizing in their information. When I went to an Indonesian website and went through the trouble of translating it, I found that the information although more opinionated was more concrete and factual sounding. If it weren’t for technology that would allow us to translate other countries’ newspapers, then maybe all of the information we were getting could be held at a bias. There is definitely something to say about news reports that are part of large companies, acting only as a subsidiary with no real say about the content they are allowed to publish. In one of my other classes, Media Analysis we discuss how there are only several companies that own all of the news programming we receive and as such there is definite bias in that information.


Importance of Cybersecurity Strategies

This week’s reading focused on CyberSecurity and the importance of
nationalstrategies. In ITU’s report ITU National Cybersecurity Strategy Guide
written by DoctorFrederick Wamala he discusses the importance that a national
government and securityshould consider when creating their national strategy.
Cyberspace involves all of thesystems connected directly or indirectly to the
Internet while cyber security focuses on thestrategic plan to protect cyberspace
and ensure that the system continues to functionunder a threat.

According to the
guide there are 10 important elements of creating aNational Cybersecurity
Programme.The first item of the list is “Top Government Cybersecurity
Accountability”.According to the guide this element is important for a cyber
security programme has to becross- sectional across a nation. Not solely local
or national but has to cooperate under alllevels of government. They are the
ones accountable for devising a functional plan. Thesecond term on this list is
a coordinator. Like Homeland Security it is crucial that there isan office or
individual who oversees cyber security activities. Thirdly a “National
Cybersecurity Focal Point” meaning the multi- agency body is the focal point for
all of theactivities dealing with protection. Fourthly when creating a
Cybersecurity you need todesign the “Legal Measures” in which a team drafts a
policy and law procedures inresponse cybercrime. Fifth on the list is a
Framework. This is your start of the plan forwhich you state the basic elements
required in a national security. Sixthly, you need todesignate a Computer
Incident Response Team (CIRT) which is a “strategy led programmecontains
incident management capabilities with national responsibility”. They
areresponsible for coordinating responses to the stakeholders. After creating a
team you needto promote awareness and education about cybersecurity. It is
important that the nationknows and understands the importance of cyber threats.
Eighth on the list is a “Public –Private Sector Cybersecurity Partnership” for
which Government agencies shouldcollaborate with private companies such as
google. In order for a security team to be set upyou do however need to train
cybersecurity professionals. Lastly, the government needs toform “International
Cooperation” especially cause most cyber threats come from othercountries and
global cooperation is vital to additional security.If a country follows these
initial guidelines to forming and creating a NationalCybersecurity Programme,
they should soon be able to generate a national strategy planfor which they will
increase security and ensure that their nation’s cyberspace and
privateinformation is never threatened.


ICT4D: looking back

When I initially took this course, I really had no idea how technology would fit in the field of development. I remember the first class when Professor Ports asked if any of us knew about Information and Communication Technologies and I did not have a clue what she was talking about. I have never considered myself to be a very tech savvy person and my initial thoughts were that concepts from this class wouldn’t prove to be particularly vital.  Indeed, I proven wrong. We live in an extremely fast paced world that is driven by continuous technological advancements. The scope of technology and its’ applications extends across all sectors and ultimately, without a grasp on technology, one is unlikely to succeed.

Being exposed to the many real-world applications of ICT4D throughout the course is what really sparked my enthusiasm.  I was excited to see course lessons extend beyond the classroom walls and realized that the knowledge and skills gained  through this course will be applicable to any career path. It was also this class that solidified my career passions in the humanitarian sector.  Specifically, I was inspired by the ICT4D applications in disaster relief and humanitarian aid. I was amazed by the whole idea of crowd sourcing/HOSTOM and its’ ability to function efficiently in a situation when every second counts.  In addition, the experience we had working with  Geographic Information Systems gave me invaluable skills that will be extremely useful to a career in disaster management. After focusing on the humanitarian sector for my group project, I became really interested in other ICT4D applications that could bring even greater benefit! Any area of ICT4D that I feel deserves more attention is what our class recently covered in regards of cyber security. Its nearly impossible for the appropriate policies and regulations to keep up with technologies fast-pace nature. This leaves a huge gap in cyber security,  such as potential for cyber threats, and I think it is crucial that this aspect of ICT4D is  addressed as we move forward. We’ve seen endless examples of ICT4D applications bringing great benefit to the people and overall development , from advocating for human rights, ending corruption, to  e-medicine, and I’m excited for what the future of ICT4D holds.


ICT4D: course lessons

Based on our readings, lectures, guest speakers, and presentations in this course, the most salient topics for me were: the dos and don’ts of ICT4D, appropriate technologies, why ICT4D projects fail, the relevance and role of ICT4D in the major sectors of development, mapping and emergency management/ disaster relief, social media, and cyber-security. The discussions and material from these sessions will stick with me the most as I move on in development. I learned several important lessons about ICT4D that will definitely contribute to my professional career in development, including the importance of:

1)   Ensuring that projects are demand driven

2)   Using local knowledge and power

3)   Taking the local context into highest consideration: the citizens’ current lifestyle, behaviors/ tendencies, the existing infrastructure (or lack thereof), most frequently used ICTs, their motivation towards the proposed idea (which should be created mutually) etc.

4)   Ensuring that the infrastructure that is required for your project is in place or in progress (electricity, Internet, etc)

It’s also important to realize that with technology and development comes a responsibility to protect individuals in the digitized world. Cybersecurity is an essential compliment to ICT4D.

The topics that resonated most with me, and the ones that I think will be most useful to me moving forward are the implications for ICT4D in the health care sector, and the potential for mHealth, mobiles, and radios for development in general. I hope to go into the field of maternal and child health in my future, and this class exposed me to the supporting role that ICTs can play in health care, which is something I had not considered in depth before. Through research for blog posts, our second paper, and our sector projects, I uncovered some fascinating ICT4health initiatives such as the Taru Initiative radio entertainment-education campaign in Bihar, India, the WHO mCheck project for maternal and child heath, the eMocha health app for smartphones that facilitates health care in developing countries greatly, and others. My eyes are now open to many more possibilities to improve health in developing countries via ICT solutions including distance learning, radio- based health campaigns, SMS texting interventions, and many more.

The implications for social media as a platform for ICT4D also spurred an interest in me. I think it was great that we had the opportunity to work with some of these platforms such Twitter and WordPress on a regular basis. It allowed me to become more ‘digitally literate’ and gave me a hand into the ICT4D community online. Now I always know where to go to access breaking news or general information, stories of ICT4D trials and errors, and current initiatives in the particular sectors of ICT4D which are most interesting to me (namely health). Getting to do real mapping with HOSTM was also undeniably a great learning experience; it was awesome to get the chance to contribute to real ICT4D work. In addition, crowdsourcing as a platform for ICT4D was a very new and intriguing concept for me that seems to have a lot of promise in our digital world.

In my opinion, the most useful framework presented in this class was Human Centered Development. I liked the report that we read a lot and I very much agree with the project design and implementation process that it promotes. It clearly proposes needs assessments and grassroots development, which I think are essential to development projects. It supports demand driven development, considerations of local context, culture, and peoples, monitoring and evaluation, sustainable human development etc; all of which we have established as “DOs” for development. The topics covered in this class gave us a great overview of an entire field in international development. I especially enjoyed module 2 where we reviewed several case studies, because that allowed us to take broader theories and frameworks and zoom in on the specifics. I think that we touched on all the right things, and our discussions were supplemented greatly by some amazing guest speakers that we had the opportunity to hear from.


Should the Government know about Private Companies’ information security strategies?

In our class yesterday, Ralph Russo stressed the importance of understanding that no entity exists that has the authority to or even can regulate the internet. Therefore, there is the potential for many cybersecurity attacks to occur that can be, if not properly defended against, devastating to economic, political, and personal safety.

The burden of protecting sensitive information systems falls primarily upon the government; however, the private enterprises that control important services, such as power companies, health institutions, and food supply chains must also take initiative in securing their control systems because of the potential loss of business they may face due to a cybersecurity attack. In essence, both private and public entities must play an active role in defending our country against cybersecurity attacks, but the question is whether the government will require certain private companies, like utilities companies, to disclose cyber-defense strategies to the government to enhance overall national safety.

Interestingly enough, the Washington Post published an article this afternoon that reported that “[t]he White House has backed away from its push for mandatory cybersecurity standards in favor of an approach that would combine voluntary measures with incentives for companies to comply with them.” This current position is a result of the failure of bipartisanship; so many factors must be considered in a case such as this because of the freedoms and privacy rights of companies and individuals may be violated. Therefore, the White House wants to make information-sharing voluntary.

Do you think the government should be lax in its cybersecurity policies regarding private businesses that are critical to the daily functionings of American society? It seems to me that it would be in the best interest of both the government and these private businesses to share at least some basic information about the internet since separately, they are much more vulnerable to cybersecurity attacks than as part of a joint effort.


Government Employees Need to get Schooled on Cybersecurity

This week, both our classmate Annie Mellon and our guest speaker Professor Ralph Russo, briefly discussed the pressing issue of cyber security and cited examples from different security breaches including worms that invade control systems in nuclear plants to mobile applications that hijack airplanes. Russo mentioned that he fears the government does not know how to cope with many of these serious threats. After researching the matter, it turns out they don’t.

According to an article by CBS (http://goo.gl/KZd3L), no organized, across-the-board computer safety training is offered for employees even though electronic data theft from governments among other issues are unquestionably on the rise. One would think at least Wikileaks or Anonymous would be a wake-up call.

Information technology experts view training as an integral component of cybersecurity and D.C. officials admit their own employees should be more educated on computer use (yet seem to have a hard time acting on it), especially as governments face sophisticated cyber-threats such as those referenced above and as human errors have contributed (and will continue to contribute) to widespread data breaches.

While government officials have legitimate points when they argue that developing internet security through new products and tools come first, others argue that it should be the other way around. What do you all think? Should training be put on the so-called back-burner for now?

One might have to consider what Eric Chapman, deputy director of the Maryland Cybersecurity Center at the University of Maryland, has to say:

If you have one user who’s fundamentally unaware of what a spear-phishing email looks like, the entire enterprise is vulnerable

If US employees are incompetent at dealing with these rapidly emerging issues, government employees in the developing word certainly are not equipped to dealing with them. Will basic training even suffice to combat many of the issues? Hacking into the cyber space has become more sophisticatedly performed with every day. These are ill-intentioned uber-geniuses we are dealing with.


2012: The new year of cybersecurity

In this week’s lecture we discussed cyberspace and cyber security strategies.  To begin I will differentiate the two terms. According to the ITU National Cybersecurity Strategy Guide written by Dr. Frederick Wamala in 2011, the term cyberspace is used to “describe systems and services connected either directly to or indirectly to the Internet, telecommunications and computer networks”. Cybersecurity on the other hand is a term used to describe a strategy of defense that is crucial to all governments for it ensures that cyberspace (internet) continues to work efficiently and maintain social order if it is attacked unexpectedly by and external threat. Secondly I will discuss an article that illustrates the true importance of cybersecurity.

In an article 2012: Year of War Against Cyber Crime written by Arthur Coviello published in early 2012 in The Economic Times he discusses the negative side effects of a technological emerging world and how shared private information has the possibility of becoming public. In 2011 there were various attacks on large corporate companies such as Sony, Epsilon and Google in which their software information was hacked and stolen. Thus in 2012, these companies have decided to “focus on key areas of improvement and innovation”. According to the author he believes that both private and public sectors should collaborate and establish a common framework to share information. According to the article “today’s attackers are better at sharing real- time intelligence than their targets”. As ITU suggested in their guide for national strategies and similarly in the article, education and training of our cyber workforce will become the priority. It is not only important to create a government programme dedicated to cyber security but also support cyber security programmes “that graduate more individuals in computer sciences and risk assessment.” ITU suggested this national strategy plan in 2011 and this article claims that the US federal government is enforcing and renewing its cyber security workforce plans and is anticipating to spend nearly 13.5 billion on cyber security initiatives by 2015. Organizations as well will begin to change the way they incorporate security into their systems. While our society has made huge innovations in the field of technology it is vital to our well being of individuals and nations that our cyber information is protected and safe.

Thus as the article claims and ITU suggested and seems to be in the United State’s interest and future strategic plans, cybersecurity needs to be incorporated into a national programme and policy and should work along side private companies such as the one listed above to ensure full capacity security.


Does Anonymous Pose a Threat to Cybersecurity?

This week’s topic of discussion was one of my favorites by far- Cybersecurity and hacking. Before reading the two articles discussed in class, and listening to our guest lecturer Ralph Russo, professor at Tulane University in the Homeland Security Program, I was not fully educated on cybersecurity and its threat to human individuals. When thinking about ICT4D I never thought cybersecrurity and hacking would apply as greatly as it really does. What really intrigued me about Professor Russo’s talk was when he mentioned the use of applications on mobile phones, and if they are a means to promote a cyber attack. This really got me thinking, everything is run by technology: every means of transportation, food stands, banking, water industries, etc.  In connection to developing countries, not having a cybersecurity plan can be detrimental to that countries success and can lead to further impoverishment. However can hacking also be beneficial to social welfare of individuals?   In regards to hacking and cybersecurity, I recently read an Article by Dave Smith in reference to the hacktivist group  Anonymous. To learn more  about Anonymous  please read brookekania  post  Internet Hackers: Anonymous.

In brief, Anonymous  is known for hacking an array of targets such as from the internet company  GoDaddy to religious organizations to government websites,the Pentagon, and most recently Bank of America and the controversial Steubenville High School Rape Case. This year Anonymous hacked into Bank of America,  releasing up  to 16 gigabytes of information related to  Bank of America, Bloomberg, Thomson Reuters and others. This group articulated that Bank of America had employed security firms to “spy and collect information on private citizens  (Smith, 2013)”, it also was spying on social activist groups, Anonymous being one of them.  The  group also released the salaries of  top CEO’s from around the world. Although many officials say that this was a hack, Anonymous denied this accusation by having one of their subgroup representatives  identifying itself as Par:AnoIA speak in a press release stating:

“The source of this release has confirmed that the data was not acquired by a hack but because it was stored on a misconfigured server and basically open for grabs,” Par:AnoIA said. “Looking at the data it becomes clear that Bank of America, TEKSystems and others (see origins of reports) gathered information on Anonymous and other activists’ movement on various social media platforms and public Internet Relay Chat (IRC) channels (Adams, 2013).”

Additionally, the group found even more disturbing information, they discovered that the data was retrieved from an Israeli server in Tel Aviv. What is BofA’s connection with Isreal? The aim of releasing this information  was not to induce a cyber security threat on BofA. It was to inform the American people about  how corporations may be wrongfully spying on online activism that does not pose any threat impeding on individuals freedom. They also wanted to shed light on the questionable ways that BofA and other powerful corporations are funding these actions. Anonymous spokesperson stated: “We release the received files in full to raise awareness to this issue and to send a signal to corporations and Governments that this is unacceptable.” Although their actions were intended for the welfare of Americans, hacking into a bank poses serious cyber security threats to the country and its partners. Were Anonymous acts justified?

Anonymous was also in the news about their actions in the Steubenville High School Rape, where social media was used to perpetuate rape culture but also to bring light and justice to  sickening and graphic details about this controversial event. The case centered around two star high school football players and their involvement in raping an intoxicated unconscious teenage girl at a party. During the party pictures and videos  were taken of both the unconscious and the two teammates talking about their actions towards the girl. According to AlterNets’ writer  Kristen Gwynne, for months, only Alexandria Goddard of Prinniefied.com reported on the rape, where she stated that their was social media evidence (twitter, facebook, instagram) that could be linked to the perpetrators of this crime(Gwynne,2013). Her reporting drew in Anonymous and they were able to hack into these media sites where they released a disturbing video of the teenagers who performed this inhuman rape act. Through their hacking, Anonymous was able to bring justice to the victim’s family, and draw national attention to a crime that could have been easily thrown under the rocks. Although this event was not a threat to cybersecurity, it does pose a question about the privacy of the web and its monitoring. Should  social networks be monitored more heavily to prevent heinous crimes like this, and how could this be beneficial for developing countries?  From a capabilities approach, are the actions of Anonymous justified and can this hacktivist group be a catalyst for ICT4D?

 

http://www.alternet.org/how-anonymous-hacking-exposed-steubenville-high-school-rape-case

http://www.ibtimes.com/bank-america-hacked-anonymous-hackers-leak-secrets-about-executives-salaries-spy-activities-1107947