« The end-to-end approach
Goals of the Internet »

Threats to cybersecurity

13Jun10

Reaction to Clay Wilson’s CRS Report for Congress on Botnets, Cybercrime, and Cyberterrorism: Vulnerabilities and Policy Issues for Congress

The report discusses the current trends in cybersecurity to help the Congress create policies in preparation for the possibilities of cyberattacks against critical infrastructure and to assign which bodies should respond to threats in national cybersecurity. The report paid particular attention to the link between terrorism and cybercriminals, and the attractiveness to attacks, as well as vulnerabilities, of the US infrastructure system.

Cyberattacks can be classified under three labels: cybercrime, cyberterrorism, or cyberwarfare. Investigating bodies have difficulty putting a label on cyberattacks due to the fact that it is hard to accurately and quickly determine the identity, intent and political motivations of the attackers as methods and tools for infecting computers are rapidly evolving and becoming more sophisticated.

Different trends in cybercrime methods were also discussed, including the use of botnets, malicious codes from websites, identity theft, and cyber espionage. Particular attention is given to the possibility of terrorist groups hiring the services and technical skills of cybercriminals for raising funds for terrorist activities.

Some notes:

  1. Mindset: not enough priority for cybersecurity. Our dependence on computer systems is continuously growing, yet it doesn’t seem like we are giving enough importance to security, thinking that they could not inflict physical damage. We conveniently forget the fact that many control systems (power grid, floodgates, road systems, aircraft systems, communication systems, etc. — some of which are possibly interdependent) could be remotely administered through the internet and could wreak havoc when controlled by malicious groups or individuals. Just like what the late Ernie Baron used to say, “Knowledge is power” — theft of highly confidential information and other criminal activities could endanger lives. Old people are probably traditional in this sense.
  2. Cybercrimes are “cooler” and more profitable. Young people, in particular, are vulnerable to performing cybercrimes, as they are tempted with the thrill (of doing something without getting caught), and the need to establish a reputation among peers by showing off their technical expertise. Some professionals are exploited through deception and other means, or lured by the lucrative pay. This influx of talents and clients support the rapid technological advancement and financial growth of this underground industry. There are probably more bad guys than good guys. :(
  3. More focus on functionality in software development. Software companies usually spend development time on developing functionalities, with security probably as an afterthought. Security should be given as much priority as functionality — no one wants to use a software that has backdoors or broadcasts private information behind his/her back. However, consumers are probably not demanding security enough. (For example, some consumers buy cars for the sole purpose of traveling, with little care about how it guards their personal safety or whether it passed crash tests.)
  4. User consciousness. Many are uninformed that when their computers are compromised, they become unsuspecting accomplices whose computers can be used as tools for enacting crimes (as in botnets). The importance of computer security should be impressed on everyone — students, professionals, home or mobile users, etc. In the same way that we learn about safety precautions and how to properly use the products we purchase (for example, how to make sure your gas range doesn’t cause fire), users should be taught to be responsible for their machines.
  5. The open and distributed nature of the internet. The open nature of the internet which has spurred the explosion of IT developments over the years is the very same property which makes these illegal activities possible and very hard to trace. The distributed nature of the internet which makes it resilient and the anonymity it provides is a double-edged sword.

In a way, this battle between the good guys and the bad guys is advantageous to advancing technology and could be counted as part of human progress — which means, it will keep on going and going. All this discussion is making me think of the Dark Knight: It’s always tougher for the good guys; the bad guys take in hostages (and sometimes, coerce them to do bad things) which complicates the mission. Currently, it seems like the good guys are getting overwhelmed, and just playing keep-up.

In the same way that the Internet is a huge network of distributed administrative domains, responsibility should also be distributed. Cybersecurity should not be a concern of only the military or government; the software companies, electronics industry, academe, and consumers should also bear their weight in maintaining a clean virtual environment.

Advertisement

Filed under: Security, Software   |  Leave a Comment
Tags: , , ,

No Responses Yet to “Threats to cybersecurity”

Feed for this Entry Trackback Address
  1. Leave a Comment

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Cancel

Connecting to %s

Follow

Get every new post delivered to your Inbox.