On Tuesday, our class had the pleasure of hearing a lecture on cybersecurity. We talked about what exactly cybersecurity is and what kinds of things threaten our cyber safety. It became immediately apparent that there is a “dark side” to the technology that we have come to thrive off of and depend on. We discussed the concept of hacking and the many different ways that our data can be compromised without our knowledge. One thing that really resonated with me was our discussion of APTs, or Advanced Persistent Threats.
An APT is a set of stealthy and continuous hacking processes orchestrated by a group of people targeting a specific entity. APTs usually target organizations and or nations for business or political motives. There are entire military units devoted to this kind of Internet-enabled espionage. For example, APT1 is a term commonly used to refer to Unit 61398 of the People’s Liberation Army of China. They exist solely for this purpose. One of the first things that comes to mind is, “What are the ramifications?”, especially for a nation like the U.S. that relies so heavily on its data. Is our data safe? Are our networks secure?
In a recent article by Matt Sheehan of the Huffington Post, we can see that this is a growing concern. China has been making massive investments in United States technology, and the investments are only growing. For many, it may seem as though China is a little too close for comfort. We know they have the kind of technology to invade our networks, just as we have the technology to invade theirs. Is this becoming a modern day Cold War? Cybersecurity concerns could easily turn into Cyber Warfare. Traditionally, the United States’ economy welcomes this kind of foreign investment, but in the near future it will become increasingly important to exercise discretion, and to understand the potential consequences of giving our competitors a hand in our technological developments.
Over the past few weeks we have discussed many new tools and programs designed to put more governmental information online to streamline processes. These programs have the potential to simplify and aid in development but they also come with their own set of problems. Cybersecurity is one of the most important issues of the new millennium.
The ITU has released an entire report about how developing nations need to upgrade their cyber-infrastructure. As these nations begin to put more and more governmental, financial, and secret data on to computer systems hackers and cyber-criminals have opportunities to steal this information. High profile attacks like on the Saudi Arabian oil company Arramco which affected more than 30,000 computers could be devastating to a developing nation. Cyber criminals can target government owned systems to steal data or digital currencies like M-Pesa to steal money from 1000s of miles away.
The ITU has released guidelines for developing nations to improve their security. Some of their recommendations include training the weakest part of the cybersecurity system, the user. The same skills gap that holds developing countries back in terms of digital knowledge also makes their existing systems more venerable to cyber threats. Inexperienced computer users are not worried about cyber threats and can take risky actions online. Poorly trained government workers can easily compromise sensitive government systems and allow hackers and other cybercriminals access to governmental data.
Over the next few years the success of eGovernment and eCurrency programs will be determined by the level of security they can provide for users. If developing countries cannot train their population to safely use technology many of the advances that technology can provide will be lost due to compromised security problems. Technology can help to improve the lives of people living in developing nations but if their governments do not invest in security infrastructure for their networks the same technologies that can help them develop can make them venerable to crime and cyberwarfare.
Upon writing my second country paper, I was interested to find that the only concrete information I could find regarding statistical data on Indonesia was when it was grouped with the rest of Southeast Asia. Yes, there was definitely information that could be found, but as far as the information communication technology policies in place it was not only hard but some of the sources had to be translated into English. It is therefor reasonable to report that maybe the most accurate information is not from United States or English-speaking reports, but instead through publications and articles that come directly from the country and are translated so that English speakers can read them. It is also reasonable to consider that the cyber security systems that would undoubtedly monitor the information from other countries being printed in the U.S. is quite possible. By going directly to local and national newspapers of the country in which you are interested in is probably the best way to find out the most factual information. The website I’ve fount the most helpful was this:
Like I stated on one of my previous posts, there is definitely a huge barrier when we are trying to gain information from thousands of miles away through the portal of the Internet. Something interesting I found was that the articles written on websites like the Huffingtonpost or on The New York Times were very generalizing in their information. When I went to an Indonesian website and went through the trouble of translating it, I found that the information although more opinionated was more concrete and factual sounding. If it weren’t for technology that would allow us to translate other countries’ newspapers, then maybe all of the information we were getting could be held at a bias. There is definitely something to say about news reports that are part of large companies, acting only as a subsidiary with no real say about the content they are allowed to publish. In one of my other classes, Media Analysis we discuss how there are only several companies that own all of the news programming we receive and as such there is definite bias in that information.
This week’s reading focused on CyberSecurity and the importance of
nationalstrategies. In ITU’s report ITU National Cybersecurity Strategy Guide
written by DoctorFrederick Wamala he discusses the importance that a national
government and securityshould consider when creating their national strategy.
Cyberspace involves all of thesystems connected directly or indirectly to the
Internet while cyber security focuses on thestrategic plan to protect cyberspace
and ensure that the system continues to functionunder a threat.
According to the
guide there are 10 important elements of creating aNational Cybersecurity
Programme.The first item of the list is “Top Government Cybersecurity
Accountability”.According to the guide this element is important for a cyber
security programme has to becross- sectional across a nation. Not solely local
or national but has to cooperate under alllevels of government. They are the
ones accountable for devising a functional plan. Thesecond term on this list is
a coordinator. Like Homeland Security it is crucial that there isan office or
individual who oversees cyber security activities. Thirdly a “National
Cybersecurity Focal Point” meaning the multi- agency body is the focal point for
all of theactivities dealing with protection. Fourthly when creating a
Cybersecurity you need todesign the “Legal Measures” in which a team drafts a
policy and law procedures inresponse cybercrime. Fifth on the list is a
Framework. This is your start of the plan forwhich you state the basic elements
required in a national security. Sixthly, you need todesignate a Computer
Incident Response Team (CIRT) which is a “strategy led programmecontains
incident management capabilities with national responsibility”. They
areresponsible for coordinating responses to the stakeholders. After creating a
team you needto promote awareness and education about cybersecurity. It is
important that the nationknows and understands the importance of cyber threats.
Eighth on the list is a “Public –Private Sector Cybersecurity Partnership” for
which Government agencies shouldcollaborate with private companies such as
google. In order for a security team to be set upyou do however need to train
cybersecurity professionals. Lastly, the government needs toform “International
Cooperation” especially cause most cyber threats come from othercountries and
global cooperation is vital to additional security.If a country follows these
initial guidelines to forming and creating a NationalCybersecurity Programme,
they should soon be able to generate a national strategy planfor which they will
increase security and ensure that their nation’s cyberspace and
privateinformation is never threatened.
When I initially took this course, I really had no idea how technology would fit in the field of development. I remember the first class when Professor Ports asked if any of us knew about Information and Communication Technologies and I did not have a clue what she was talking about. I have never considered myself to be a very tech savvy person and my initial thoughts were that concepts from this class wouldn’t prove to be particularly vital. Indeed, I proven wrong. We live in an extremely fast paced world that is driven by continuous technological advancements. The scope of technology and its’ applications extends across all sectors and ultimately, without a grasp on technology, one is unlikely to succeed.
Being exposed to the many real-world applications of ICT4D throughout the course is what really sparked my enthusiasm. I was excited to see course lessons extend beyond the classroom walls and realized that the knowledge and skills gained through this course will be applicable to any career path. It was also this class that solidified my career passions in the humanitarian sector. Specifically, I was inspired by the ICT4D applications in disaster relief and humanitarian aid. I was amazed by the whole idea of crowd sourcing/HOSTOM and its’ ability to function efficiently in a situation when every second counts. In addition, the experience we had working with Geographic Information Systems gave me invaluable skills that will be extremely useful to a career in disaster management. After focusing on the humanitarian sector for my group project, I became really interested in other ICT4D applications that could bring even greater benefit! Any area of ICT4D that I feel deserves more attention is what our class recently covered in regards of cyber security. Its nearly impossible for the appropriate policies and regulations to keep up with technologies fast-pace nature. This leaves a huge gap in cyber security, such as potential for cyber threats, and I think it is crucial that this aspect of ICT4D is addressed as we move forward. We’ve seen endless examples of ICT4D applications bringing great benefit to the people and overall development , from advocating for human rights, ending corruption, to e-medicine, and I’m excited for what the future of ICT4D holds.
In our class yesterday, Ralph Russo stressed the importance of understanding that no entity exists that has the authority to or even can regulate the internet. Therefore, there is the potential for many cybersecurity attacks to occur that can be, if not properly defended against, devastating to economic, political, and personal safety.
The burden of protecting sensitive information systems falls primarily upon the government; however, the private enterprises that control important services, such as power companies, health institutions, and food supply chains must also take initiative in securing their control systems because of the potential loss of business they may face due to a cybersecurity attack. In essence, both private and public entities must play an active role in defending our country against cybersecurity attacks, but the question is whether the government will require certain private companies, like utilities companies, to disclose cyber-defense strategies to the government to enhance overall national safety.
Interestingly enough, the Washington Post published an article this afternoon that reported that “[t]he White House has backed away from its push for mandatory cybersecurity standards in favor of an approach that would combine voluntary measures with incentives for companies to comply with them.” This current position is a result of the failure of bipartisanship; so many factors must be considered in a case such as this because of the freedoms and privacy rights of companies and individuals may be violated. Therefore, the White House wants to make information-sharing voluntary.
Do you think the government should be lax in its cybersecurity policies regarding private businesses that are critical to the daily functionings of American society? It seems to me that it would be in the best interest of both the government and these private businesses to share at least some basic information about the internet since separately, they are much more vulnerable to cybersecurity attacks than as part of a joint effort.
This week, both our classmate Annie Mellon and our guest speaker Professor Ralph Russo, briefly discussed the pressing issue of cyber security and cited examples from different security breaches including worms that invade control systems in nuclear plants to mobile applications that hijack airplanes. Russo mentioned that he fears the government does not know how to cope with many of these serious threats. After researching the matter, it turns out they don’t.
According to an article by CBS (http://goo.gl/KZd3L), no organized, across-the-board computer safety training is offered for employees even though electronic data theft from governments among other issues are unquestionably on the rise. One would think at least Wikileaks or Anonymous would be a wake-up call.
Information technology experts view training as an integral component of cybersecurity and D.C. officials admit their own employees should be more educated on computer use (yet seem to have a hard time acting on it), especially as governments face sophisticated cyber-threats such as those referenced above and as human errors have contributed (and will continue to contribute) to widespread data breaches.
While government officials have legitimate points when they argue that developing internet security through new products and tools come first, others argue that it should be the other way around. What do you all think? Should training be put on the so-called back-burner for now?
One might have to consider what Eric Chapman, deputy director of the Maryland Cybersecurity Center at the University of Maryland, has to say:
If you have one user who’s fundamentally unaware of what a spear-phishing email looks like, the entire enterprise is vulnerable
If US employees are incompetent at dealing with these rapidly emerging issues, government employees in the developing word certainly are not equipped to dealing with them. Will basic training even suffice to combat many of the issues? Hacking into the cyber space has become more sophisticatedly performed with every day. These are ill-intentioned uber-geniuses we are dealing with.
In this week’s lecture we discussed cyberspace and cyber security strategies. To begin I will differentiate the two terms. According to the ITU National Cybersecurity Strategy Guide written by Dr. Frederick Wamala in 2011, the term cyberspace is used to “describe systems and services connected either directly to or indirectly to the Internet, telecommunications and computer networks”. Cybersecurity on the other hand is a term used to describe a strategy of defense that is crucial to all governments for it ensures that cyberspace (internet) continues to work efficiently and maintain social order if it is attacked unexpectedly by and external threat. Secondly I will discuss an article that illustrates the true importance of cybersecurity.
In an article 2012: Year of War Against Cyber Crime written by Arthur Coviello published in early 2012 in The Economic Times he discusses the negative side effects of a technological emerging world and how shared private information has the possibility of becoming public. In 2011 there were various attacks on large corporate companies such as Sony, Epsilon and Google in which their software information was hacked and stolen. Thus in 2012, these companies have decided to “focus on key areas of improvement and innovation”. According to the author he believes that both private and public sectors should collaborate and establish a common framework to share information. According to the article “today’s attackers are better at sharing real- time intelligence than their targets”. As ITU suggested in their guide for national strategies and similarly in the article, education and training of our cyber workforce will become the priority. It is not only important to create a government programme dedicated to cyber security but also support cyber security programmes “that graduate more individuals in computer sciences and risk assessment.” ITU suggested this national strategy plan in 2011 and this article claims that the US federal government is enforcing and renewing its cyber security workforce plans and is anticipating to spend nearly 13.5 billion on cyber security initiatives by 2015. Organizations as well will begin to change the way they incorporate security into their systems. While our society has made huge innovations in the field of technology it is vital to our well being of individuals and nations that our cyber information is protected and safe.
Thus as the article claims and ITU suggested and seems to be in the United State’s interest and future strategic plans, cybersecurity needs to be incorporated into a national programme and policy and should work along side private companies such as the one listed above to ensure full capacity security.