Cybersecurity threat posed by a terrorist group - Essay Example

?Cyber Security Threat Posed by a Terrorist Group MEMO Sub: Need for a national policy on cyber terrorism Summary The rising number of cyber attacks in Australia indicates that Australia is facing the serious threat of cyber terrorism. Though sparse cyber attacks only cause annoyance, the present situation is that Australia is facing considerable degree of such attacks that create fear in the minds of people, and evidently, the government is startled by the pace at which these miscreants get access to nation’s secrets breaking the barriers erected by the government and various companies. So, it becomes necessary for the government to take steps on a war footing so that vital installations like defense and nuclear departments remain safe, especially on the face of the recent attack on Iranian nuclear plants. Considering the fact that nations like China and US have already taken stringent steps to prevent any cyber attacks on them, and also to utilize cyber attack as a positive warfare, it is highly necessary to adopt policies at the earliest to prevent such further attacks on Australia, especially when there is a rise in the attacks. The solution to the problem can be identified in the steps taken by America and Japan on the face of cyber terrorism. One step is to have a separate department of defense that is solely responsible for protecting categorized government departments, defense installations, and nuclear technology from cyber attacks. The second step is to have an agency that monitors the cyber activities of nationally important sectors and companies using sensors in the networks. This will help identify cyber attacks and take effective steps before the systems are attacked and information is stolen. Thirdly and most importantly, there should be a national program that works in collaboration with all the ISPs. It should be made mandatory for the ISPs to identify the already compromised computers and direct such customers to the agency for removal of the malware. This is very necessary as most of the time, the compromised computers are used by attackers to commit crimes. Identifying such remotely controlled computers is the first step in preventing cyber attacks. Background Nations throughout the world including US are struggling to save their cyber sphere from the cyber attacks. The factor that makes things worse in the cyber world is that the terrorists get a chance to operate from other nations or geographic areas, thus making the arrest and punishment of terrorists a difficult task. According to Taipei Times (31 May 2011) records, Australia is one of the most targeted nations in the world. The companies, government departments, and persons that came under cyber attack in the recent past range from the Australian parliament, Australian Prime Minister Julia Gillard, Australian Defense Minister Stephen Smith, Japanese conglomerate Sony, Woodside petroleum of Australia, to mention but a few. Ironically, Chinese intelligence agencies are suspected by many nations and companies for such attacks. Anyway, according to McClelland, the Australian Attorney general, “it is better to deal with the threat, to address the vulnerability.” (Taipei Times, 31 May 2011). According to reports, there were 400 cyber attacks on the Australian government networks in the past year; a number too high to ignore. In addition, the Director General of the Australian Security Intelligence Organization David Irvine (cited Staff Writers, Energy Daily, 30 May 2011), points out that Australia experiences constant cyber efforts to steal the nation’s secrets. In the opinion of Irvine, the cyber terrorists not only try to steal the nation’s secrets, but they also aim critical national industries and infrastructures. This claim is substantiated by the fact that Australian miners are vehemently targeted by terrorists. Thus, it becomes evident that it is high time to address the issue. In fact, Australian government has already taken a few steps in this regard, though not so effective. One such step is the Stay Smart Online Alert Service that works on keeping the computer users aware of the new threats and software bugs. However, it is very evident that this system is ineffective in handling the already compromised computers, or the already infected computers which are utilized by the criminals to carry out their operations. Issues There are three key issues that the government needs to take into consideration at this stage. The first one is that the government departments and personnel are under constant cyber attack. One has to conclude that most important sectors including defense and nuclear installations are not free from threat. The second major issue at this stage is that it is not only the government departments that the terrorists are interested in. In addition, important companies and infrastructure too are targeted very often. So, it becomes necessary to ensure that the cyber activities on these are closely monitored and when there is a security threat, necessary steps are taken. Thirdly, there are various computers which are already compromised, and are remotely used by attackers for spreading viruses and to collect information. So, it is very important to identify such computers which already contain malware and to remove them. The present problem is that the anti-virus programs are not effective in handling the malware as some of them have the ability to subvert the anti-virus programs. Thus, letting the customers to handle the situation on their own will not solve the problem. Instead, it is necessary to get the computers offline, and it requires the service of an expert to ensure that the malware is removed. At this juncture, it is vital to look into the various steps adopted by other nations to address these issues. In the US, various law enforcement agencies have started different programs to address the issue. For example as reported in DHS Releases Cyber Storm Public Exercise Report (13 September 2006), the Department of Homeland Security regularly conducts ‘Cyber Storm’, an exercise to assess the ability of US government and private sector to recognize and respond to large-scale cyber attacks. In the program conducted in 2006, the areas where improvement was suggested were inter-agency coordination, contingency planning, risk assessment and roles and responsibilities, correlation of multiple incidents between public and private sectors, exercise program, coordination between various cyber incident entities, Common Framework for Response to Information Access, strategic communication and public relations, and tools and technology (ibid). In addition, the Department of Defense has started the Joint Functional Component Command for Network Warfare (JFCCNW) that solely works on defending the Defense installations. The expertise gained here is used for both offensive and defensive purposes. In the same way, the FBI has various initiatives ranging from a Special Technologies and Applications Program and a Cyber International Investigative Program to conduct investigations through both FBI, and foreign law enforcement agencies. Moreover, the CIA too has its own Information Operation Center which evaluates threats to US computer systems from various sources including foreign governments, criminal organizations, and hackers. As a part of this, in 2005, CIA conducted ‘Silent Horizon’, an exercise to see how various government departments and private enterprises respond to cyber attacks (Christensen, 2005’). Also, to ensure the availability of experts in cyber security the US government has given birth to initiatives like the President’s National Strategy to Secure Cyberspace in February 2003. According to the program, students get a chance to apply for scholarships and grants through the Department of Defense Information Assurance Scholarship Program and the Federal Cyber Service Scholarship for Service Program. This program ensures that the students with skill in the field are attracted and used for national cyber security. In addition to all these is the Implementing Recommendations of the 9/11 Commission Act of 2007. This Act calls for the development of Fusion Centers that will be a joint project of Homeland Security, CIA, FBI, US Military, and the Department of Justice (“Public law 110-53-aug. 3, 2007). Japan too has adopted measures to prevent cyber attacks. The most important step in Japan is the ‘Cyber Clean Program’. It does two things; effectively identifies the computers that are compromised with malware, and secondly, offers professional assistance to remove malware from computers. The operation of this program is as follows: It develops specific file signatures that will clean the computers infected with malware by eradicating malware. As a part of this program, the customers whose computers are compromised are directed by their ISPs to the Cyber-Clean Center which will provide solutions to the particular malware. (‘Japan: Cyber Clean Center’). Options Now, it becomes evident that there are various things to be taken care of at the same time, though protecting the defense and nuclear installations from cyber attacks is the most important thing. One method is to have web filters that can effectively prevent access to designated sites. However, the shortcomings are plenty. First of all, as far as the criminals are not caught and put behind bars, they will appear in another name and form. In other words, this will not be able to prevent the attacks effectively. Another way of dealing with the issue is to set up a separate entity similar to the Joint Functional Component Command for Network Warfare of the US Defence Department. However, it is very evident that this entity will only be able to handle issues related to defense installations and the offensive use of cyber attacks. In addition, when there is such an initiative, it is highly necessary to have well defined roles provided to the new organization so that confusion regarding authority will not arise when there is a critical situation. In addition, this agency should possess access to information from various other agencies and ISPs. However, the problem is that when this agency deals with defense and other nationally important sectors, it will not be able to handle the issues of common consumers. Thirdly, it becomes evident from reports that cyber attackers target not only nation’s secrets, but also important companies and infrastructure. So, monitoring the cyber activities around important companies and infrastructure too is an important step in promoting cyber security. Here, it seems useful to follow the US method of developing an agency for this purpose. In US, the Cyber Incident Detection Data Analysis Center is responsible for the task. An agency in the same line can be utilized to monitor cyber activities around the participant companies and departments by installing special sensors that automatically identify cyber attacks and notify the administrators and law enforcement agencies. However, this agency may not be able to monitor all the customers of all the ISPs, and to offer them assistance in managing their already ‘compromised’ computers. It is possible for the government to set up an individual agency that deals with the already compromised computers. An example is the Australian Internet Security Initiative. However, the problem with this system is that it only provides the customers with advice as to how to handle various malware. So, the customers are left to handle the malware themselves using the available anti-virus programs. However, the problem is that once the malware is on the computer, even the latest anti-virus programs may not be able to identify them as many viruses have the ability to subvert the anti-virus. So, in order to address the issue of cyber attacks utilizing the compromised computers, it becomes necessary to have a program similar to the ‘Cyber Clean Program’ of Japan that will ensure that all the compromised systems within the range of the ISPs are identified. In addition, this will make it mandatory for ISPs to direct such customers to the Cyber Clean Center so that the customer can be given effective support to remove the malware. In addition, to ensure the future availability of skilled people to prevent cyber terrorism, it is highly necessary to start a program to develop more experts in information assurance. Under this program, it is possible for graduate and post-graduate students to apply for government scholarships to study cyber security. However, the problem with this initiative is the time it will take to bring productive individuals to the forefront. In addition, if there is no well-defined system on addressing cyber terrorism, it will become difficult to harness the expertise of these skilled people. Also, it is beneficial to have a public/private security warning system like the Cyber Incident Data Analysis Center of the US. As a part of this program, special sensors will be installed on the participating companies. These sensors will automatically detect cyber attacks and will notify the administrators and law-enforcement agencies. However, this should be done in coordination with various other government and private agencies dealing with cyber attacks. There should be clear idea as to which agency is to monitor information, what steps are to be taken in case of an attack, and which agency is responsible to take action. Recommendation The government should, at this juncture, start three important steps; the first one to secure vital governmental, defense, and nuclear installations from a possible cyber attack, the second to protect the nationally important infrastructure and industries, and the third to protect common users from cyber attacks and also to help the ‘compromised’ get rid of the malware. In order to ensure future prevention of attempts of cyber attacks on defense, government departments and nuclear installations, it is necessary to develop an agency similar to the Joint Functional Component Command for Network Warfare developed by the US Department of Defense. It will be the responsibility of this agency to ensure the security of Defense, government departments, and nuclear installations from cyber attacks. It should be provided access to data from various governmental law enforcement agencies and private sector as required in its operations. In addition, as already found, certain nations are highly involved in cyber attacks. So, the agency should be allowed to utilize its resources for both offensive and defensive purposes. In other words, military and various other law enforcement agencies can make use of the expertise of this agency as and when required. Secondly, in order to ensure the safety of important industries and infrastructure, it is necessary to start an agency like the Cyber Incident Detection Data Analysis Center of US. This organization will install special sensors on the networks of the concerned industries and sectors, which automatically identify cyber attacks and notify administrators and the Center. The third step is to develop a Japan model ‘Cyber-Clean Program’ that will ensure that all the ‘compromised’ systems within the range of the ISPs are detected and removed. This program will make it mandatory for ISPs to notify the program agency when a ‘compromised’ system is detected. The agency experts will help the users get rid of the malware effectively. The last thing to do is to develop a Fusion Center that coordinates the activities of all these three agencies. In addition, this Fusion Center will act as the point of interaction for all the agencies. In addition, it will be the responsibility of this agency to ensure proper exchange of expertise and other information among the agencies. In total, by adopting the above steps, it will be possible for Australia to ensure maximum cyber safety in case of a future cyber terrorist attack. This will ensure adequate level of security at all the levels of the nation ranging from the government departments, defense, various industries, and the common users. Considering the rising levels of cyber attacks on Australia, the earlier the strategies are adopted, the better the future will be. References ‘Australia warns of cyber attacks on resource firms’, May 2011, Taipei Times, Viewed 03 July 2011, Christensen, B 2005, ‘CIA’s ‘Silent Horizon’ internet war games’, Technovelgy.com, Viewed 03 July 2011, ‘DHS releases Cyber Storm Exercise Report’, September 2006, Homeland Security, Viewed 03 July 2011, ‘Japan: cyber clean center, the Anti-Botnet project’ January 2011, The Cybernaut, Viewed 03 July 2011, ‘Public law 110-53-aug. 3, 2007: Implementing recommendations of the 9/11 commission act of 2007’, 2007, Authenticated U.S. Government Information, Viewed 03 July 2011, Staff Writers 2011, ‘Australian miners concerned over cyber attacks’, Energy Daily, Viewed 03 July 2011, Read More