Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Information Security

Combating Cyberterrorism cyberterrorism

advertisement 
Combating Cyberterrorism
As a general definition, cyberterrorism can be described as the use of computing
resources to intimidate or coerce a government, civilian population, or any other segment
of a nation’s citizenrywith political or social objectives. It is important that IT
professionals be aware of possible threats that cyberterrorism can cause, especially in
areas where information security is critical.
Although many people only started worrying about cyberterrorism in the aftermath of the
September 11, 2001, attacks, this threat was present even before these attacks. With the
boom of the Internet in the past decade, financial institutions, utilities companies, healthcare organizations, and even governmental institutions started moving critical functions
and information to networks. Now, many companies have almost all their operations
automated, and their infrastructure (including their most critical applications) relies on
network processes. Unfortunately, this infrastructure might not be secure enough to
withstand the brunt of cyberattacks.
Until recently, terrorists have not considered the Internet a target because it could not
disrupt nationwide operations. Moreover, until now, terrorists preferred a headlinesgrabbing visual impact for their attacks, such as a crashing building or a shoe bomb,
rather than disrupting information and communications infrastructure through
technology.
It is important to differentiate between hackers and cyberterrorists. Hackers work on their
own, usually for fun or for monetary gain; this means they are loners who are motivated
by self-interest or finances. Cyberterrorists, in contrast, are part of a well-organized
terrorist network, whose actions are driven by political or social ideologies. Although
terrorist organizations could enlist a professional hacker to initiate a cyberattack, the
hacker’s interest in handsome monetary gain is likely to be at the bottom of their
willingness to consort with and assist a terrorist organization.
The U.S. government has taken several steps to address the threat of cyberterrorism. The
creation of a secure intranet, called GovNet, to support sensitive government operations
is one of these steps. However, GovNet has been the target of verbal attacks from several
experts who think it will not stop cyberattacks. Needless to say, this has created some
controversy for GovNet. Another step has been the establishment of a link between
government and private industry to create an environment for sharing information about
attacks.
Wall Street IT executives are supportive of the idea of creating a centralized mechanism
for alerts and access to information about hacking and terrorist threats. On the other hand,
they point out that today, most of the attacks come from insiders; this means that people
with access to the organization’s networks can use this power for harmful purposes.
Therefore, many security experts contend that companies should base the thoroughness of
employee background checks on the sensitivity of the position they have (or will have)
inside the organization.
In October 2001, the Gilmore Commission, headed by Virginia governor James Gilmore,
outlined specific steps to protect critical infrastructure. The commission recommended
the creation of a nonprofit entity between the private sector and the government to solve
conflicts about sharing security information. It also outlined the need for a cybercourt to
address information security issues and the creation of a body to prepare a plan for
information security research and development.
We must not overlook that the targets of cyberattacks can extend beyond government
organizations and corporations; our personal computers and our most sensitive and
individual information may also be vulnerable to attack. How can we “regular” citizens
protect our computer systems from cyberattacks? Some basic steps such as setting
password controls for all our personal accounts, avoiding easy-to-guess passwords, and
checking logs that can detect an intruder can make our systems less easy targets for
cyberattacks. Unfortunately, there are no foolproof mechanisms for protecting a system,
so maybe we should consider isolating devices storing our most critical information from
outside connection.
Many private organizations have developed sophisticated mechanisms to protect their
corporate networks. Most of them use a combination of hardware and software, such as
security routers, firewalls, encryption software, and intruder detection systems, to protect
their private network from hackers and cyberterrorism. A variety of increasingly
sophisticated security tools are available, and network managers should carefully choose
the combination that best fits the company’s purposes and best protects the company’s
data and infrastructure integrity.
Related documents
– Security JDiBrief Scenario based risk assessment for critical infrastructures:
– Security JDiBrief Scenario based risk assessment for critical infrastructures:
Guarding against cyberterrorism NEWS By and
Guarding against cyberterrorism NEWS By and
The cyber-terrorism threat: findings from a survey of
The cyber-terrorism threat: findings from a survey of
Mind the cyber security GAP MDR Fills the Future Cyber security
Mind the cyber security GAP MDR Fills the Future Cyber security
Events that Wrote the History of the World
Events that Wrote the History of the World
Marking Time Discussion Questions When did the planning for the September 11
Marking Time Discussion Questions When did the planning for the September 11
Document10862953 10862953
Document10862953 10862953
George W. Bush’s Address to the Nation on 9/11/01
George W. Bush’s Address to the Nation on 9/11/01
Imran Ahmad Published in on Countering Cyberattacks Plant Magazine
Imran Ahmad Published in on Countering Cyberattacks Plant Magazine
9/11 PPT
9/11 PPT
Copy of Persuasive Paper
Copy of Persuasive Paper
Download
advertisement