On Tuesday, our class had the pleasure of hearing a lecture on cybersecurity. We talked about what exactly cybersecurity is and what kinds of things threaten our cyber safety. It became immediately apparent that there is a “dark side” to the technology that we have come to thrive off of and depend on. We discussed the concept of hacking and the many different ways that our data can be compromised without our knowledge. One thing that really resonated with me was our discussion of APTs, or Advanced Persistent Threats.
An APT is a set of stealthy and continuous hacking processes orchestrated by a group of people targeting a specific entity. APTs usually target organizations and or nations for business or political motives. There are entire military units devoted to this kind of Internet-enabled espionage. For example, APT1 is a term commonly used to refer to Unit 61398 of the People’s Liberation Army of China. They exist solely for this purpose. One of the first things that comes to mind is, “What are the ramifications?”, especially for a nation like the U.S. that relies so heavily on its data. Is our data safe? Are our networks secure?
In a recent article by Matt Sheehan of the Huffington Post, we can see that this is a growing concern. China has been making massive investments in United States technology, and the investments are only growing. For many, it may seem as though China is a little too close for comfort. We know they have the kind of technology to invade our networks, just as we have the technology to invade theirs. Is this becoming a modern day Cold War? Cybersecurity concerns could easily turn into Cyber Warfare. Traditionally, the United States’ economy welcomes this kind of foreign investment, but in the near future it will become increasingly important to exercise discretion, and to understand the potential consequences of giving our competitors a hand in our technological developments.
Over the past few weeks we have discussed many new tools and programs designed to put more governmental information online to streamline processes. These programs have the potential to simplify and aid in development but they also come with their own set of problems. Cybersecurity is one of the most important issues of the new millennium.
The ITU has released an entire report about how developing nations need to upgrade their cyber-infrastructure. As these nations begin to put more and more governmental, financial, and secret data on to computer systems hackers and cyber-criminals have opportunities to steal this information. High profile attacks like on the Saudi Arabian oil company Arramco which affected more than 30,000 computers could be devastating to a developing nation. Cyber criminals can target government owned systems to steal data or digital currencies like M-Pesa to steal money from 1000s of miles away.
The ITU has released guidelines for developing nations to improve their security. Some of their recommendations include training the weakest part of the cybersecurity system, the user. The same skills gap that holds developing countries back in terms of digital knowledge also makes their existing systems more venerable to cyber threats. Inexperienced computer users are not worried about cyber threats and can take risky actions online. Poorly trained government workers can easily compromise sensitive government systems and allow hackers and other cybercriminals access to governmental data.
Over the next few years the success of eGovernment and eCurrency programs will be determined by the level of security they can provide for users. If developing countries cannot train their population to safely use technology many of the advances that technology can provide will be lost due to compromised security problems. Technology can help to improve the lives of people living in developing nations but if their governments do not invest in security infrastructure for their networks the same technologies that can help them develop can make them venerable to crime and cyberwarfare.
Upon writing my second country paper, I was interested to find that the only concrete information I could find regarding statistical data on Indonesia was when it was grouped with the rest of Southeast Asia. Yes, there was definitely information that could be found, but as far as the information communication technology policies in place it was not only hard but some of the sources had to be translated into English. It is therefor reasonable to report that maybe the most accurate information is not from United States or English-speaking reports, but instead through publications and articles that come directly from the country and are translated so that English speakers can read them. It is also reasonable to consider that the cyber security systems that would undoubtedly monitor the information from other countries being printed in the U.S. is quite possible. By going directly to local and national newspapers of the country in which you are interested in is probably the best way to find out the most factual information. The website I’ve fount the most helpful was this:
Like I stated on one of my previous posts, there is definitely a huge barrier when we are trying to gain information from thousands of miles away through the portal of the Internet. Something interesting I found was that the articles written on websites like the Huffingtonpost or on The New York Times were very generalizing in their information. When I went to an Indonesian website and went through the trouble of translating it, I found that the information although more opinionated was more concrete and factual sounding. If it weren’t for technology that would allow us to translate other countries’ newspapers, then maybe all of the information we were getting could be held at a bias. There is definitely something to say about news reports that are part of large companies, acting only as a subsidiary with no real say about the content they are allowed to publish. In one of my other classes, Media Analysis we discuss how there are only several companies that own all of the news programming we receive and as such there is definite bias in that information.
This week’s reading focused on CyberSecurity and the importance of
nationalstrategies. In ITU’s report ITU National Cybersecurity Strategy Guide
written by DoctorFrederick Wamala he discusses the importance that a national
government and securityshould consider when creating their national strategy.
Cyberspace involves all of thesystems connected directly or indirectly to the
Internet while cyber security focuses on thestrategic plan to protect cyberspace
and ensure that the system continues to functionunder a threat.
According to the
guide there are 10 important elements of creating aNational Cybersecurity
Programme.The first item of the list is “Top Government Cybersecurity
Accountability”.According to the guide this element is important for a cyber
security programme has to becross- sectional across a nation. Not solely local
or national but has to cooperate under alllevels of government. They are the
ones accountable for devising a functional plan. Thesecond term on this list is
a coordinator. Like Homeland Security it is crucial that there isan office or
individual who oversees cyber security activities. Thirdly a “National
Cybersecurity Focal Point” meaning the multi- agency body is the focal point for
all of theactivities dealing with protection. Fourthly when creating a
Cybersecurity you need todesign the “Legal Measures” in which a team drafts a
policy and law procedures inresponse cybercrime. Fifth on the list is a
Framework. This is your start of the plan forwhich you state the basic elements
required in a national security. Sixthly, you need todesignate a Computer
Incident Response Team (CIRT) which is a “strategy led programmecontains
incident management capabilities with national responsibility”. They
areresponsible for coordinating responses to the stakeholders. After creating a
team you needto promote awareness and education about cybersecurity. It is
important that the nationknows and understands the importance of cyber threats.
Eighth on the list is a “Public –Private Sector Cybersecurity Partnership” for
which Government agencies shouldcollaborate with private companies such as
google. In order for a security team to be set upyou do however need to train
cybersecurity professionals. Lastly, the government needs toform “International
Cooperation” especially cause most cyber threats come from othercountries and
global cooperation is vital to additional security.If a country follows these
initial guidelines to forming and creating a NationalCybersecurity Programme,
they should soon be able to generate a national strategy planfor which they will
increase security and ensure that their nation’s cyberspace and
privateinformation is never threatened.
When I initially took this course, I really had no idea how technology would fit in the field of development. I remember the first class when Professor Ports asked if any of us knew about Information and Communication Technologies and I did not have a clue what she was talking about. I have never considered myself to be a very tech savvy person and my initial thoughts were that concepts from this class wouldn’t prove to be particularly vital. Indeed, I proven wrong. We live in an extremely fast paced world that is driven by continuous technological advancements. The scope of technology and its’ applications extends across all sectors and ultimately, without a grasp on technology, one is unlikely to succeed.
Being exposed to the many real-world applications of ICT4D throughout the course is what really sparked my enthusiasm. I was excited to see course lessons extend beyond the classroom walls and realized that the knowledge and skills gained through this course will be applicable to any career path. It was also this class that solidified my career passions in the humanitarian sector. Specifically, I was inspired by the ICT4D applications in disaster relief and humanitarian aid. I was amazed by the whole idea of crowd sourcing/HOSTOM and its’ ability to function efficiently in a situation when every second counts. In addition, the experience we had working with Geographic Information Systems gave me invaluable skills that will be extremely useful to a career in disaster management. After focusing on the humanitarian sector for my group project, I became really interested in other ICT4D applications that could bring even greater benefit! Any area of ICT4D that I feel deserves more attention is what our class recently covered in regards of cyber security. Its nearly impossible for the appropriate policies and regulations to keep up with technologies fast-pace nature. This leaves a huge gap in cyber security, such as potential for cyber threats, and I think it is crucial that this aspect of ICT4D is addressed as we move forward. We’ve seen endless examples of ICT4D applications bringing great benefit to the people and overall development , from advocating for human rights, ending corruption, to e-medicine, and I’m excited for what the future of ICT4D holds.
In our class yesterday, Ralph Russo stressed the importance of understanding that no entity exists that has the authority to or even can regulate the internet. Therefore, there is the potential for many cybersecurity attacks to occur that can be, if not properly defended against, devastating to economic, political, and personal safety.
The burden of protecting sensitive information systems falls primarily upon the government; however, the private enterprises that control important services, such as power companies, health institutions, and food supply chains must also take initiative in securing their control systems because of the potential loss of business they may face due to a cybersecurity attack. In essence, both private and public entities must play an active role in defending our country against cybersecurity attacks, but the question is whether the government will require certain private companies, like utilities companies, to disclose cyber-defense strategies to the government to enhance overall national safety.
Interestingly enough, the Washington Post published an article this afternoon that reported that “[t]he White House has backed away from its push for mandatory cybersecurity standards in favor of an approach that would combine voluntary measures with incentives for companies to comply with them.” This current position is a result of the failure of bipartisanship; so many factors must be considered in a case such as this because of the freedoms and privacy rights of companies and individuals may be violated. Therefore, the White House wants to make information-sharing voluntary.
Do you think the government should be lax in its cybersecurity policies regarding private businesses that are critical to the daily functionings of American society? It seems to me that it would be in the best interest of both the government and these private businesses to share at least some basic information about the internet since separately, they are much more vulnerable to cybersecurity attacks than as part of a joint effort.