The explosion of information technology use in government agencies and critical infrastructure has contributed to significant security threats to the information and computing system that support operations. Cybersecurity is a critical issue facing agencies and other critical infrastructure in their effort to deliver valuable services to the customers. Cybersecurity pose severe issues and can affect the delivery of essential services (Clarke & Knake, 2011). Information communication technologies play a significant role in supporting the operations of an entity. However, such capabilities can only be achieved if data and information are secured and accessed by authorized persons only. Any information can provide can only be useful to an agency if it is accurate, available when needed and reliable for the intended purpose (Sutton, 2017). Any information system, therefore, must guarantee availability, integrity, and access by authorized persons only. Government entities and critical infrastructure must, therefore, guarantee that their operations are not affected by cyber security related threats.
The prevalence of cyber security related threats can significantly affect the performance of an entity by targeting critical information that can significantly hamper normal activities. Government agencies must identify potential threats that they are likely to face and approaches that they can employ to address such issues (Sutton, 2017). It is critical for entities to understand cyber threats that they are likely to encounter to develop appropriate measures that can reduce the impact of such threats. The management must understand the critical information held by an entity and the effect that access to such information can have (Clarke & Knake, 2011). A system breakdown, for example, can disrupt the delivery of an essential service for example water, electricity, healthcare and .fuel posing a severe security threat. The protection of critical infrastructure, therefore, becomes a strategic issue that must be addressed with utmost care.
Delegate your assignment to our experts and they will do the rest.
Cyber Threats
A cyber threat is a potential violation of the security of a computing environment. Threats can be differentiated according to their impact, character, origin, and actors (ITU 2009). Threats can be differentiated as either accidental or intentional threats like the malfunction of a computer or software whereas in passive threats. There are no significant changes in passive threats glean the information stored or processed yet they do not affect the resources of the system. Some of the techniques used include eavesdropping, tapping, and in-depth packet analysis. Threat sources are determined to gain from security breaches either financially (KumarGoutam, 2015). Some of the potential threat sources include foreign intelligence services, dissatisfied employees, investigative journalism, extremist organizations, hacktivists, and organized crime groups. Threat actors usually perform cyber attacks. Threat sources and threat actors exploit the vulnerabilities in a computer system
The Concept of Cyber Security
The increased use of information technology has raised serious calls over the protection of the ICT systems from potential threats caused by cyber attacks. Possession of critical information raises the desire by unauthorized individuals to access computer systems with the intention of stealing or damaging information, causing disruptions in the critical infrastructure and performing other unlawful acts (KumarGoutam, 2015). Computer security experts predict that the number, as well as the severity of cyber attacks, will continue increasing as entities hold strategic information and as attackers devise complex approaches that allow them to access the computing environment. , therefore, is an act of protecting information communication systems as well as their content. According to Fischer (2016), cybersecurity is a set of activities and approaches employed to protect a computer system from disruptions, attacks and other potential threats (Clarke & Knake, 2011). Similarly, it can include the quality or state of being protected from potential threats. Cybersecurity can also be used to refer to a broader field of endeavor intended to implement and improve computer security activities and their quality.
Cybersecurity and information security are two related terms. However, the two are not identical. According to the federal law, information security is the act of protecting the information system from access by unauthorized persons including use, disclosure, modification, disruption as well as destruction with the aim of ensuring the integrity, confidentiality, and availability of such information (KumarGoutam, 2015). , on the other hand, aims at protecting the computers, networks, hardware, other devices, software as well as the information and all elements of the cyberspace.
The security of federal agencies is at stake following a spate of cybersecurity related issues. The Homeland Security and the White House conducted a review of the security situation of all agencies to determine their preparedness to cybersecurity related issues. According to an article by Hawkins (2018) published by the Washington Post, the results show that government agencies are still struggling to be secure. According to the review, the majority of Federal Agencies have adopted cybersecurity programs that are inadequate to address intrusion to their networks.
A report by the White House office of management and budgets showed that 71 out of 96 federal agencies that were examine depended on cybersecurity programs perceived to be of high risk or at risk. Such revelations come at a time when the US is determined to enhance cybersecurity. Trump on the campaign trail promised to enhance cyber defenses in the country in addition to confronting malicious cyber-related activities emanating from foreign governments (ITU, 2018). The report was commissioned under his executive order on cybersecurity. The order placed absolute responsibility of protecting the networks on agency heads.
Priority on federal cybersecurity was a welcome move following large braches that led to the exposure of personal information of approximately 22 million people four years ago. Similarly, there was concern over the role of Russia in the 2016 elections. Despite the desire by the Trump administration to address cybersecurity issues, the federal government is still struggling to address cybersecurity related issues. The report shows a worrying trend that needs to be addressed if the desired outcome is to be achieved. Similarly, the top leadership must be on the forefront in the fight against cybersecurity related issues.
The ability to prevent cyber-related attacks depends on how prepared agencies are in their effort to address the issue (Clarke & Knake, 2011). According to the report by the white house and Homeland Security, 12 agencies operated high-risk programs. The implication is that the basic cybersecurity tools were absent. Similarly, 59 agencies ranked at risk meaning that despite the presence of the right policies, there were significant gaps that could pose security related issues.
Some of the federal agencies do not have the right visibility of their networks; thus they are unable to detect any attempts to access data in addition to failing to be responsive to cyber-related incidences. According to the report, there were no significant differences between small and large government agencies, and there all had to put more effort into secure their networks. A worrying trend is that the majority of the agencies are aware of cyber-related threats, but few are dedicating their resources to address the issue (ITU, 2018). Similarly, more applications that are critical to the agencies cannot be patched, and therefore the risk programs are critical for government operations. The report however offered critical insights as to the current standing of the federal. An understanding of cyber-related issues can significantly enhance the preparedness of government agencies thus avoid data breaches like the one reported in 2014.
Hackers tend to target the computing system with the intention of stealing information that can be used to achieve a desirable objective. The 2014 data breach is a classic example of the effects cyber threats can have on an agency. According to McMillan, a Kazakh/ Canadian Hacker named Karim Baratov was sentenced to five years in prison including a fine of $250,000 for the 2014 yahoo data breach. It is believed that the hacker was hired to assist in gathering information that was leaked to Russia. The author points out that the hacker accessed over 11,000 web emails with 80% of the breaches being related to Yahoo. The hacker was even sorry since he was not aware of the damage and trouble he caused pointing out that he had no excuse for his actions (ITU, 2018). The article states that foreign intelligence services used hackers to obtain useful information by empowering them to conduct a significant cyber attack on 500 million accounts.
Foreign intelligence services also use malware like Joanap and Bramble for cyber attacks. Such malware target aerospace, media, critical infrastructure, and the financial sectors. China also engages in cyber intrusion with the aim of accessing business information. Federal governments are not spared either one example is the Idaho state where three different cyber attacks were reported in the same month. A phishing email attacked a tax commission employee on May 9 th . The email contained a malicious link that a state employee followed the lino without suspecting anything and entered government credentials. Two days later, the state legislature's website was targeted by Anon, a group of Italian hackers. However, no data was compromised in the incident (Hawkins, 2018). Such incidences indicate the vulnerability that state agencies and critical infrastructure can be exposed to and the need to protect them from hackers.
Recent Cyber Security Incidences Targeting Government Agencies
The Center for Strategic and International Studies (CSIS) released a list of significant cyber-related incidences from 2006. The list is updated once a new incident arises, the Center focuses on cyber attacks targeting government agencies, defense and other high tech companies as well as economic crimes. The list is a long one indicating the date and the targeted entities. The following is a selection of some of the incidences in the last two years. On October 2018, the Department of Justice showed how hackers and Chinese intelligence officers tried to hack the Aerospace companies with the aim of stealing information. On the same month, defense officials pointed out that cyber command was targeting Russian operatives to prevent them from taking any part in the midterm election.
Homeland security stated that it detected a surge in the cyber-related activities intended to access election infrastructure before the midterm elections. The Center for Medicare and Medicaid services revealed that hackers accessed a computer system where data for 75,000 individuals was compromised before the start of ACA sign up. Justice department pressed criminal charges against seven officers for hacking related activities on different organizations like Westinghouse Electric,c Company FIFA, and the Anti-Doping Agency. On September 2018, Senate leader Ron Wyden pointed out in a letter to Senate leaders that a technology company alerted several Senate offices of attempts by foreign governments to access email accounts for the senators including other staff. In the same month, unclassified emails from the U.S State departments were breached leading to the exposure of personal information of the affected employees.
The department of justice indicted a North Korean who was involved in the 2014 hacking of Sony, the WannaCry ransomware attacks and theft in Bangladeshi bank. In August 2018 Facebook realized disinformation campaigns that were sponsored by Russians and Iranians. Microsoft announced in the same month that Russians had targeted Senators and other think tanks who are critical to the Russians. On July, Homeland security said that Russian hackers compromised critical infrastructure for several U.S electric companies in 2017 to the extent that they caused blackouts in some instances. In the same month, Microsoft disclosed that Russians targeted three democratic candidates in the race to 2018 midterm elections (CSIS, 2018).
The department of justice indicted 12 intelligence officers from Russia over large-scale cyber operations before the 2016 general elections against the Democratic Party. The officers stole and then leaked emails while at the same time targeting election infrastructure. Similarly, they targeted local election officials with the intention of interfering with the outcome of the election. Hackers targeted at least two Democratic candidates in the primaries. The hackers used DDoS disrupting campaign websites. In June 2018 hackers from China were engaged in espionage and the aim was to collect data from telecom, satellite and defense organizations in South East Asia and the US (CSIS, 2018).
Hackers from China targeted US navy contractor networks managing to steal 614 GB data that included information on weapons, communication systems, and sensors being developed by the US submarine. The treasury department instituted sanctions against 5 Russian companies as well as three individuals who enabled intelligence officers from Russia and the military to carry out cyber attacks (CSIS, 2018).
In March 2018 the city of Atlanta reported disruptions of following ransomware attacks on the city's network. It demanded $55,000 in bitcoin payment and the city had to spend over $4.6 million in its recovery efforts. The Department of Justice and treasury later accused Iran in the same month of stealing its intellectual property from institutions of higher learning, government agencies, and financial institutions. The list of cyber attacks on government agencies and other organizations is endless.
According to the above information, cybersecurity then becomes a strategic issue as government agencies and the management of critical infrastructures develop cybersecurity programs that not only protect an entity from attacks but also help them detect such attacks on time to reduce the impact (KumarGoutam, 2015). Similarly, such programs should strive to enhance quick recovery in the event of an attack. Government agencies must, therefore, develop responsible programs that cover.
Growth in Cyber Crimes
The automation of agency activities, as well as the critical infrastructure, has contributed to the sudden growth in cybercrime. All activities can now be handled with information technology with all sectors and agencies relying on the opportunity offered by information technology to improve their efficiency. Internet usage has continued to report tremendous growth throughout the world with additional connections being created each day. Access to the internet through mobile phones has also significantly increased the number of people accessing internet connectivity Dalziel, 2015). The internet has also led to a change in the way people work with some employers allowing their workers to work remotely and connect to the rest of the organization using mobile telephony or computer network. The internet has made it possible for managers to manage from a distance and also to conduct meetings with other heads using video conferencing (Sutton, 2017). Such capabilities have not only changed the way organizations work, but it has also reduced communication costs while increasing the speed.
The internet has presented significant capabilities to entities around the world allowing them to share information and gather as much information as possible that can be used for strategic decision making. However, the opportunities presented by the internet are not without their shortcomings. It is now possible for a hacker to access information on transit through communication networks or even one that is stored in the company databases (Sutton, 2017). The value of such information cannot be overemphasised, and hackers are determined to try their prowess and capabilities to access information even in the most secure systems Dalziel, 2015). The objective of such an individual is to gain financial or to test their skills and knowledge. Others want to test the strength of the computer security and therefore are willing to do what it takes to access the information of an agency or critical infrastructure.
The ability to access records and other information stored in a computer system can be exploited by hackers in need of such information. Others are only interested in destroying the information whereas others are interested in disrupting normal operations (Sutton, 2017). According to statistics from India it is estimated that close to 100,000 viruses or worms are active each day with new and unique viruses numbering close to 10,000. The number of websites that have been hacked continues to increase throughout the world as hackers try to access information. The number cybersecurity breaches continue to grow with media outlets and government agencies reporting new breaches each year Dalziel, 2015). Some breaches lead to the loss of confidential information including credit card data that is exploit-ted by hackers to gain financially. Some have also resorted to selling such information to competitors or asking for ransoms.
Cyber Security and the Internet of Things
The internet of things has opened a new platform for businesses to create more value. However, information sharing also creates an opportunity for attackers to target information in transit. The internet of things rarely relies on people to function. It can sense, collect, communicate and even act on such information allowing entities to create value. It has enabled businesses to create value by identifying unique revenue and business streams while at the same time delivering value to the customers. IoT allows the sharing of substantial information which can pose security threats if such information is compromised. The platform allows the sharing of sensitive data among different participants thus increasing the risks of cyber attacks. The interconnectedness of different utilities poses serious security issues since any compromise can affect all the operations. Hackers can access such systems with the intention of accessing the sensitive data being transmitted or disabling the operations of the entire system to take advantage of the vulnerabilities identified. Despite the contributions made by computer systems and the internet, it is evident that adversaries can utilize identified vulnerabilities to hack into a system and access the much-needed information.
Pillars of Global Cyber Security
The fight against cyber threats can only be achieved by establishing a framework that ensures that cyber threats are addressed and do not cause significant loses to an entity. Similarly, the framework ensures that entities are well prepared to face any cyber threats. Some of the measures include legal measures which are responsible for developing elaborate strategies in addition to models that can be applied globally and in different entities (Dalziel, 2015). Technical and procedural measures address the vulnerabilities in the computer system, especially software. It is designed to enhance the acceptable standards, protocols, and accreditation throughout the world (Wilson & Kiy, 2014). Organizational structure is another pillar and is intended to establish an appropriate structure as well as strategies that help to detect, prevent and respond to attacks aimed at critical infrastructures. Capacity building is another pillar that tries to elaborate appropriate strategies that enhance knowledge as well as the expertise to enhance cyber-security. The last pillar is international cooperation, and it focuses on formulating strategies for dialogue, cooperation, and coordination.
Cyber Security Stakeholders
The more the number of stakeholders in cyber security the higher the chances that initiatives aimed at reducing the impact will succeed. The number of different stakeholders in the fight against potential threats is critical because cyberspace covers different forms of national security, economic and social activities. As the number of stakeholders, there are higher chances that they will buy in and develop a sense of ownership. This can play a critical role in the implementation of cybersecurity strategies. Similarly, it can be challenging for the federal government to dictate the appropriate strategies since it is the stakeholder who owns as well as control the infrastructure. Additionally, some stakeholders possess skills that are beyond the reach of the government and are aware of the issues that can work and those that cannot.
Some of the key stakeholders include the government which is responsible for enhancing the security of a country. It sets the agenda for protecting the security domains that include the cyber-space. Other stakeholders include owners and operators, and they contribute to cybersecurity programs the success of any security initiatives directly affect the group. Law enforcement is another crucial stakeholder since they enforce legislation. Similarly, they validate the ability to enforce in addition to advising on the current and future cybercrime trends. Lastly, they offer different perspectives concerning international collaboration and arrangements that promote cybersecurity.
Another significant stakeholder is the intelligence community that can play a significant role in the planning and execution stages of cybersecurity programs. The expertise in the community can significantly determine the outcome and the ability of an agency to secure its IT infrastructure. Similarly, the community has expertise in several IT related issues which can be beneficial to agencies and protection of critical infrastructures. Vendors also play a significant role in the development of cybersecurity programs. They should be involved throughout the process since they are responsible for designing the technical capabilities required for detecting, preventing, deterring and recovery from a potential threat.
Academia forms the other stakeholders who should be incorporated to tap into their knowledge that they hold and to benefit from research and development of cybersecurity solutions. International partners can also contribute significant insight into the cybersecurity program. Strategic collaboration is critical since different stakeholders rely on the same cyberspace. Collaboration ensures that vulnerabilities in one location do not affect other destinations. However, there are severe concerns about collaboration since political, economic, and national security concerns can differ from one nation to the other. Lastly, a cybersecurity program should include the voice of the citizens. The cyberspace plays a significant role in daily activities, and therefore it is critical for citizens to contribute to the development of cybersecurity programs.
The Nine Ds of Cyber-security
The Nine Ds help agency to achieve a decent balance by offering a precise balance and inspired by the department of defense tenets of cybersecurity. The three include focusing on what is critical, moving the critical access points out of the band and detecting, reacting and adapting. According to the DoD, protection systems should include such characteristics like adaptability, feasibility, and sustainability. Protection focuses on reducing the susceptibility of the system, eliminating the potential of access to system flaws by hackers and reducing the capacity of the hackers to exploit any flaws in the system (Wilson & Kiy, 2014). Taking such initiatives will ensure that computer systems are more secured and less vulnerable to the actions of the adversaries. Similarly, such initiatives ensure that an agency can quickly recover from a data breach and the losses incurred are minimized.
Government agencies must understand the growing importance of information technology and how it can enhance their performance and service delivery. The ability to hold large amounts of data and information creates an opportunity for hackers to target the information system including databases and the networks with the intention of accessing the information for personal gain. Such gains can be monetary or disruption of the normal operations. Similarly, adversaries can access federal government agencies with the intention of obtaining information that can be used by enemy governments against the US.
From the above discussion, it is critical to determine the effects of cyber threats to the functioning of government agencies and critical infrastructure. Similarly, entities must secure their computing g environment to ensure that their normal operation is not disrupted. Additionally, securing the information technologies and the stored data will ensure that agencies avoid d unwanted loses in the form of claims or ransoms that attackers request. It is therefore critical to identify the information held and the vulnerabilities of the current systems. Agencies must determine the effect of potential attacks and how they can avoid the losses caused by such attacks. Similarly, the top leadership must be on the forefront in all initiatives aimed at securing the information held by agencies and the critical infrastructure that they currently manage. The agencies must be able to detect actions by adversaries and stop them before they can cause any severe damage. Additionally, they should have appropriate programs in place that ensure faster recovery in the event of an attack.
References
A Report on Internet Security Threat Report 2014, Symantec Corporation, Volume 19, April 2014
CCRA (2009) Common Criteria for Information Technology Security Evaluation, Common Criteria Recognition Agreement (CCRA), CCMB-2009-07-001.
Chew, E., et al. (2008) Performance Measurement Guide for Information Security, National Institute of Standards and Technology (NIST), Gaithersburg, Maryland.
Clarke, R., & Knake, R. (2011). Cyberwar: The next threat to national security and what to do about it . New York: HarperCollins.
Dalziel, M. (2015). How to Define and Build an Effective Cyber Threat Intelligence Capability (1st ed.). Elsevier Science
DHS. (2018). DHS Role in Cyber Incident Response. Retrieved from https://www.dhs.gov/publication/dhs-role-cyber-incident-response
Drew, D. M. and D. M. Snow (2006) Making Twenty-First-Century Strategy: An Introduction to Modern National Security Processes and Problems, Air University Press, Maxwell AFB, Alabama.
GAO (2004) Information Security: Technologies to Secure Federal Systems, United States General Accounting Office, Report to Congressional Requesters, Washington, DC.
Hawkins, D. (2018). The Cybersecurity 202: White House cybersecurity report shows federal agencies still struggling to get secure. Retrieved from https://www.washingtonpost.com/news/powerpost/paloma/the-cybersecurity-202/2018/05/30/the-cybersecurity-202
ITU (2008d) "ITU-T X.1205 - Overview of Cybersecurity". in Series X: Data Networks, Open System Communications, and Security - Telecommunication Security, Geneva, Switzerland, Telecommunication Standardization Sector of ITU (ITU-T).
ITU (2009c) Understanding Cybercrime: A Guide for Developing Countries, ICT Applications and Cybersecurity Division, Policies and Strategies Department, ITU Telecommunication Development Sector, Geneva, Switzerland.
ITU (2009f) Security in Telecommunications and Information Technology: An Overview of Issues and the Deployment of Existing ITU-T Recommendations for Secure Telecommunications, Telecommunication Standardization Sector of ITU (ITU-T), Geneva, Switzerland.
ITU. (2018). THE ITU National Cybersecurity Strategy Guide. Retrieved from http://www.itu.int/ITU-D/cyb/cybersecurity/docs/ITUNationalCybersecurityStrategyGuide.pdf
Kumar Gautam, R. (2015). Importance of Cyber Security. International Journal Of Computer Applications , 111 (7), 14-17. doi: 10.5120/19550-1250
Power, D. (2009) "National Cybersecurity Strategy: Key Improvements Are Needed to Strengthen the Nation's Posture." in Testimony Before the Subcommittee on Emerging Threats, Cybersecurity, and Science and Technology, Committee on Homeland Security, House of Representatives, Washington, United States Government Accounting Office (GAO)
Saif, I. (2018). Cyber risk in an Internet of Things world | Deloitte US. Retrieved from https://www2.deloitte.com/us/en/pages/technology-media-and-telecommunications/articles/cyber-risk-in-an-internet-of-things-world-emerging-trends.html
Sherman, A., DeLatte, D., Neary, M., Oliva, L., Phatak, D., & Scheponik, T. et al. (2017). Cybersecurity: Exploring core concepts through six scenarios. Cryptologia , 42 (4), 337-377. doi: 10.1080/01611194.2017.1362063
Singh, A., & Jain, A. (2018). Study of Cyber Attacks on Cyber-Physical System. SSRN Electronic Journal . doi: 10.2139/ssrn.3170288
Sutton, D. (2017). Cybersecurity: A practitioner's guide . Swindon: BCS Learning and Development Ltd.
The National Cyber Incident Response Plan (NCIRP) | US-CERT. (2018). Retrieved from https://www.us-cert.gov/ncirp
UN (2010) "A/RES/64/211: Creation of a Global Culture of Cybersecurity and taking stock of national efforts to protect Critical Information Infrastructures". in SixtyFourth Session of the United Nations (UN) General Assembly - Resolution adopted by the General Assembly, New York, United Nations.
Wilson, K., & Kiy, M. (2014). Some Fundamental Cybersecurity Concepts. IEEE Access , 2 , 116-124. doi: 10.1109/access.2014.2305658
