Technology Issue in Information Assurance Term Paper

S. Department of Defense (DOD) uses over two million computers and more than ten thousand local area networks, most of which are linked to, and vulnerable to attack from, users of the larger Internet. (2008, p. 276)

These increasing threats correspond to the growing reliance on information systems to manage the entire spectrum of modern commerce and energy resources, making the disruption of a single element in the integrated system a potential threat to the remaining components that can result in a massive disruption to a nation's economy (Jurich, 2008). Certainly, these types of trends were witnessed in a similar fashion when terrorists flew jet airliners into the World Trade Center and Pentagon in 2001, and the national economy of the United States suffered to the extent that it is still recovering. As Jurich points out, "The push towards greater reliance on information technologies in fields including energy, communications, industry, finance, transportation, and human services has produced a situation in which economic collapse could occur even if only the financial components of the information systems were crippled; a more widespread attack could lead to an even greater disaster" (2008, p. 276). With cyber attacks, though, there is no need for an expensive and massive conspiracy that involves taking flying lessons and sleeper cells.

Likewise, in sharp contrast to the conventional warfare of the past, conflicts today can exploit the vulnerabilities of cyberspace to overcome the geographic distances that have provided the United States with a modicum of protection from its enemies overseas. During World War II, with the exception of a few German submariners who were placed ashore in New York (and quickly captured) and some Japanese balloons that carried incendiary devices to America's western shores, the United States has not had to fight a war on its on shores to date. Cyberwarfare, though, changes the situation dramatically by eliminating this traditional buffer from conventional military forces. In this regard, Allen and Demchak (2003) point out that as the world's only remaining superpower, it has become the focus of cyber attacks from all corners of the globe. According to these authorities, "Because the United States is the largest player in the international political environment, it has become a lightning rod for hacking and terrorist attacks, regardless of whether the nation was involved in the initial conflict" (p. 54). The geographic boundaries that buffered the U.S. In the past simply evaporated on September 11, 2001: "Until 11 September 2001, the United States was fairly complacent about its enemies overseas. However, the distance between the United States and its enemies is dramatically reduced. The lessons from early cyber conflicts need to be learned now to properly prepare for future conflicts" (Allen & Demchak, p. 54).

Current trends indicate that the threat to the nation's security is genuine, particularly with respect to the proliferation of computer viruses which have steadily increased in recent years (Denning, 2001). According to Trendle (20020, the number of viruses increased by more 150% just between 1998 to 2002, and in more than 50,000 viruses have launched with as many of 400 viruses being active at any given time; further, as many as a dozen new viruses are placed on the Internet every day (Trendle, 2002). Indeed, by 2013, industry analysts estimate that at least 50% of all emails will be infected by viruses (Trendle, 2002). There are also growing concerns that these viruses may affect other mobile devices that are becoming increasingly popular (Trendle, 2002). As Trendle emphasizes, "Experts believe that many of the viruses and worms deployed by hackers in a new cyberwar could spread to the Internet as a whole and infect systems worldwide. There are also fears that malevolent bugs could cross over to mobile phones and personal digital assistants" (2002, p. 8). The nightmare scenario envisioned by the so-called Y2K bug would become a reality if such an eventuality occurred today, and cyberwarfare could bring down the electrical grid, air traffic control as well as the nation's banking sector among others (Trendle, 2002).

Other military analysts paint an equally grim picture of the outcome of cyberwarfare on the United States and its interests at home and abroad. In this regard, Clemmons and Brown (1999) report that an increasing amount of malicious software is being developing in the Middle East and Asia that will ultimately target U.S. interests.These authors note that, "If nations, groups or individuals in those areas have interests divergent from ours -- and they do -- they could quite easily insert destructive code in programs, or leave back doors whereby they could enter U.S. computer systems at will" (Clemmons & Brown, 1999, p. 36). The potential outcomes of such massive cyber attacks on a modern society that is highly dependent on its information systems will be devastating because of the effects such attacks will have on humans as well as the computer they rely upon (Gable, 2010). As Clemmons and Brown point out, "We can only imagine the fatalities that would result from these attacks. They would include deaths from transportation accidents, starvation from lack of cargo movement, deaths from exposure to extreme heat or cold caused by power failures, drownings from burst dams, riots, and the list goes on" (1999, p. 36).

Other trends suggest that the threat is becoming more sophisticated and state-sponsored as well. For example, according to Williams, "China, North Korea, and other countries have well-developed graduate education programs in cyber warfare" (2009, p. 22). These software experts may use their newfound skills to develop cyberwarfare capabilities that transcend current threats (Williams, 2009). While many cyber attacks are not made public, what is known is sufficiently disturbing to demand a substantive response (Cetron & Davies, 2009). In this regard, Wrights emphasizes that, "As of 2007, hackers had stolen at least 10 terabytes of sensitive data from Defense Department networks" (2009, p. 30). Industry analysts believe that these cyber attacks have been sponsored, at least in part, by China but Chinese officials consistently deny such allegations (Wright, 2009).

What Can Be Done?

Six centuries ago, the response to new threats would be the "bigger castle walls and deeper moat" approach, but new threats demand new responses and the United States has not been idle in this area. In fact, the federal government and the private sector in the U.S. have had an official program in place for data sharing about cyber attacks since 1991, known as the Network Security Information Exchange (Wright, 2009). When private sector organizations experience cyber attacks, they report this information to the information exchange which then disseminates this information to other members so they can develop countermeasures in response (Wright, 2009).

Based on their analysis of recent cyber attacks, Allen and Demchak (2003, p. 53) report that there are four fundamental national and international policy needs that need to be addressed as soon as possible:

1. To decide who will provide security on the Web;

2. To provide legal responses to rapid horizontal escalation;

3. To enforce legal responsibility for hacker citizens responsible for international incidents; and,

4. To halt proliferation of cyber arms.

In the meantime, the DOD has implemented a software-security package designed by McAfee to provide a "last line of defense against external threats and as a first line of defense against hardware threats" (Wright, 2009, p. 30). In addition, the Department of Homeland Security has conducted a series of exercises called Cyber Storm that are design to evaluate the nation's ability to respond and recover from massive cyber attacks (Wright, 2009). Further, the Defense Department has established the U.S. Cyber Command, which is a centralized effort to protect military networks that became fully operational in 2010 (Wright, 2009).

Conclusion

The research showed that cyberwarfare is becoming a growing threat to the national security of the United States and the threat remains better described than understood in many ways. By definition, cyberwarfare uses the Internet to achieve its goals by damaging or disrupting information systems, but such attacks have the potential of adversely affecting other elements of a nation's infrastructure as well because of the highly integrated aspects of modern society. The research also showed that the threat continues to increase, with countries such as China and North Korea training software engineers who will be capable of launching even more sophisticated cyber attacks in the future. In the final analysis, such cyber attacks will likely not be a matter of if but when.

References

Allen, P.D. & Demchak, C.C. (2003). The Palestinian-Israeli cyberwar. Military Review, 83(2),

52-54.

Cetron, M.J. & Davies, O. (2009, September-October). World War 3.0: Ten critical trends for cybersecurity. The Futurist, 43(5), 40-41.

Cimbala, S.J. (2002). Military.....