StudentShare
Contact Us
Sign In / Sign Up for FREE
Search
Go to advanced search...
Free

Cyber Attacks on America - Literature review Example

Cite this document
Summary
The review "Cyber Attacks on America" observes America’s vulnerability to cyber-attacks has increased leading to loss of confidentiality, integrity, and availability. The country faces increased risk from insider threats, terrorists, criminal groups, hackers, and virus and worm writers…
Download full paper File format: .doc, available for editing
GRAB THE BEST PAPER94.8% of users find it useful
Cyber Attacks on America
Read Text Preview

Extract of sample "Cyber Attacks on America"

? Cyber Attacks on America Introduction The 11 September terrorist attack on the US exposed the vulnerability of the country to foreign attack in a way not witnessed in a long time. Since then, the public, media and even the federal government have been on alert to avert any future attacks by undertaking appropriate precautionary measures. In addition to these physical attacks, the US now faces another form of attack, cyber-attacks, against computer networks that crucially serve the economy and security of the nation. Attackers target organizations across the various sectors of the economy including both private and government institutions (Sanger & Perlroth, 2013). These include voice communication systems, financial institutions and federal agencies among others. Whereas physical attacks would be carried out by hostile foreign nations and terrorists, cyber-attacks could be executed by a wide array of enemies including organized protest groups, terrorists, foreign states and even teenagers. Additionally, Lee (2013) observes the incapacity to protect all computer networks or cell phones or pagers from attack, especially now that 95% of these gadgets are operated and owned by the private sector. Therefore, America is increasingly vulnerable to cyber-attacks which grow by breadth and complexity, indicating the need for the country to continuously adopt and re-engineer its protection approaches that would uphold its cybersecurity. Cyber-attack refers to an attack originated from a computer system against another computer system or a website, aimed at altering, stealing or erasing information or have the functionality of the targeted computer system impeded or destroyed (Lee, 2013). A report on cybercrime documented recently by Hewlett-Packard indicates that the number of cyber-attacks have risen by 42% as compared to the year 2012 (Lau & Xia, 2013). Organizations get successfully attacked 102 times weekly with the annualized cost as a result of these cyber-attacks rising to $8.9 million per organization. Furthermore, it was indicated that security breaches by an organization could cost it up to 1% of its market value. Citing the examples of recent attacks on HSBC, the New York Stock Exchange and major commercial banks such as Citi Bank and Bank of America, PricewaterhouseCoopers, PWC (2013) appreciates cyber-attacks as a serious problem in America that needs critical intervention. Types of Cyber Attacks Cyber-attacks could occur in different ways. First, it could occur in form of exploits. As explained by Vatis (2002), this form of attack involves a sequence of commands, chunk of data or piece of software which takes advantage of software bug to cause unanticipated or unintended reaction by the computer hardware, software or any piece of electronic. It normally includes denial of service, allowing privilege escalation or gaining control of the system. Secondly, the attack could take the form of eavesdropping where the attacker surreptitiously listens to private conversation. This could be done through the monitoring of faint electronic magnetic transmissions which get generated by the hardware. Moreover, attackers have penetrated even the most secure computer systems leveraging on the carelessness of authorized individuals or through deliberate deceit of such individuals. Lee (2013) refers to this as social engineering. Denial of service attacks are a unique approach to cyber-attacks. They are not used to control a system or gain unauthorized access, but rather render the system unusable. This could include multiple deliberate entry of a wrong password to lock the user or overloading the capability of a system or network so as to block it. Finally, direct access to a computer system could lead to the installation of devices that could compromise security, including modification of operating systems. It could also include downloading crucial information from the system (Brenner, 2010). Using this knowledge, cyber attackers have adopted varied approaches to executing their intentions. Cyber-Attack Techniques in America The volume, coordination and sophistication of cyber-attacks keep increasing. Sanger and Perlroth (2013) in particular note that the increased attacks aim at sabotage more than they aim at espionage. This increased sophistication opens up organizations to myriad types of cyber-attacks. They could take place through unauthorized intrusion where an attacker breaks into a computer system using various techniques in hacking or exceeds the authorized access to carry out unauthorized activities in the network. The attacker could also use destructive viruses or worms, spread through various computers in a network by different ways of data exchange such as emails leading to loss of functionality in parts of the system. Denial of service, DOS involves bombarding a computer with communication using various techniques leading to an overload which hamper its functionality. Lee (2013) observes that America faces a myriad of politically motivated attacks, and this forms the basis of analyzing the various types of cyber-attacks in this section. Computer crimes could be perpetrated by a disgruntled insider. As noted by Lau and Xia (2013), insiders do not require a great deal of knowledge on computer intrusion since the knowledge they posses on the system could be adequate enough to allow them access with the intention of stealing or damaging data. Though receiving less media coverage, insider related attacks account for 34% of all cyber-attacks according to a report by PWC (2013). This is the largest proportion of the types of cyber-attacks. Even former employees constitute insider threats based on the information that they have on the organization. Together with the current employees, they make up 21% of the cyber-attacks. A majority of information security tools dwell on authentication and access but are less effective in controlling insiders such as contractors, employees and third parties with legitimate access to the system and sensitive data. Many organizations seem not to appreciate the potential threat from insiders on business operations, corporate assets and reputation. Increasingly, criminal groups use cyber intrusions to attack systems for monetary gains. For instance, these groups could collect information from phonebooks and use it to trick employees who would then give out their details, including crucial passwords. Such information would be used to break into the targeted systems. According to PWC (2013), this approach contributed 4% of the threats to cyber-attacks in the US organizations. Therefore, cyber-attacks use even the old fashioned trickery to undertake their action, though to a minimal extent. The threat from hackers has been keeping at par with the advancement in technology. Hackers in America launch politically instigated attacks on email servers or web pages accessible publicly (Lee, 2013). These attacks could fail to alter networks or operating systems but damage services and deny the public access to the websites that have information. This category of attackers makes up 22% of the risk of cyber-attacks (PWC, 2013). Furthermore, America faces a great risk of cyber-attacks from virus writers. Virus writers have been noted to pose greater threat than hackers do (Lee, 2013). A computer virus refers to a malware which on execution replicates through insertion of its copies into data files, a computer program or the hard drive’s boot sector. These viruses, including worms, are known to steal into the space of the hard drive or the CPU time, corrupt data, access private information, spamming or displaying humorous messages on the monitor (Brenner, 2010). Even though not all viruses are destructive, they share the characteristic of self-installation without consent from the user. With America and Israel having used this approach to attack nuclear facilities in Iran, using Stuxnet worm, the countries face retaliatory threats from other nations (Sanger & Perlroth, 2013). Terrorists remain one of the major threats to cybersecurity in America. They threaten to destroy or disrupt critical infrastructure such as emergency response services. They also engage in information theft and denial of service attacks (Lau & Xia, 2013). Lee (2013) gives an example of the al Qaeda terrorists who declared ‘cyber jihad,’ choosing cyber-attacks because of the comparative remoteness and safeness as compared to strapping on a bomb. Such was the attack that hit the computer systems run by the private industry and the government in the year 2011 through denial of service. Finally, the threat from foreign intelligence services on America’s cybersecurity remains a critical consideration. PWC (2013) documents this threat from countries such as North Korea, Russia and China among others to stand at 11%. Sanger and Perlroth (2013) cite officials from the Department of Homeland Security noting that the current threat majorly emanates from the Middle East. This came after it was observed that a majority of American companies faced major attacks from China aimed at stealing trade secrets and obtaining confidential information so as to gain competitive advantage. On the contrary, the latest form of attacks were aimed at manipulating industrial machinery or destroying data, then shut down or take over the networks meant for running industrial processes or delivering energy. This resembles the Stuxnet worm secretly used by Israel and the US to fight against Iran’s nuclear plants a while back. This threat in the US could therefore be a retaliatory attack, a fear shared by the US President Obama when the plan was launched. Critically contributing to cyber attacks in America is the increase exchange of cybercrime knowledge. Additionally, there has been an increase in transactions in tools used for cyber-attacks, such as Botnets, through dark markets with establishments in the social media (Lau & Xia, 2013). Further complicating the current cybersecurity efforts is the fact that attackers cover their tracks. A security system administrator should remove a system once it has been discovered to be under attack so as to reduce the ability of the attacker maintaining unauthorized access. Ideally, the logs would have all network transactions and scripts and could be developed by the system administrator to identify erroneous transactions. Conversely, an attacker would edit these logs so as to delete any indication of their existence. Therefore, cyber-attacks continue to spread in the country even as efforts to curb the problem continue to be geared up. Prevention Even though “there is no such thing as 100% security, on- or offline,” it is important to keep cyber-attacks on the minimal as possible (Lee, 2013, 119). The ability to effectively curb cyber-attacks would be pegged on activities by the private sector, the government and both. Tactically, adversaries aiming at launching attacks should be detected and early preparation undertaken to deter them from acting. The maiden and most basic approach in preventing cyber-attacks is implementing public awareness on cybersecurity. This realization saw DHS set October of every year as the month of national cybersecurity awareness (Lee, 2013). Additionally, other initiatives meant to make the public aware of cybersecurity such as the National Cybersecurity Awareness Challenge have played a critical role in making the public understand ways in which cyber-attacks occur, their impact and ways of preventing them. This is an approach that should be carried out continuously so as to keep the public updated with emerging issues. Key among the teachings during such public awareness programs would be to impart positively behavioral changes when dealing with computer systems. People should be taught the importance of protecting their passwords and avoid sharing or exposing the passwords. They should also be taught to develop the culture of saving their documents in formats that do not allow editing. The public should be made aware of the risks involved in using smartphones, especially for crucial services such as banking. In addition, all mobile services should be password-protected. Encryption of data should be encouraged, especially when using public systems such as Wi-Fi. This applies even to sending emails that contain sensitive data such as financial information. People should be taught of the importance of always logging out of any systems and avoid the habit of just closing the respective windows. Suspicious emails and other items should be reported for appropriate action (Brenner, 2010). Organizations should learn the importance of restricting administrative privileges in its systems because such accounts provide prime targets for attack. Prevention of cyber-attacks should also involve reducing the vulnerability of computer networks. Some of the approaches to this as noted by Vatis (2002) includes having a strict input validation and applying latest security patches. Additionally, it involves the development of network security architecture and placing the organization’s database in a web server different from the application server. This could also be undertaken through the implementation of a defensive architecture where a system has a series of increasingly cybersecurity concentric defensive layers that safeguard critical systems (Lee, 2013). The network should be scanned regularly to identify any security lapses and appropriate measures taken henceforth. It would also be critical to change all default passwords after the system is up and install up-to-date and effective antivirus software. This should be combined with the installation of an effective firewall which determines which systems access the target system. From a legal perspective, formulation and implementation of proper legislations could deter cyber-attacks. This would encompass law enforcement authorities investigating reported cases and gathering relevant intelligence (Brenner, 2010). There would be appropriate legislations that would seek to deter attacks and prosecute perpetrators so as to avert any future possible attacks. The American Congress has passed various legislations aimed at curbing cyber-attacks, having introduced the Cybersecurity Act 2012 to support other previous legislations, including the Cybersecurity and American Cyber Competitiveness Act 2011, the Cybersecurity Act 2009 and the Cybersecurity Enhancement Act 2007 (Lee, 2013). The Computer Fraud and Abuse Act, for instance, criminalizes unauthorized access or access in excess of authorization and using unlawful systems to access information leading to loss, defrauds and damage to the US government or any other party. However, there could be opponents to these legislations, citing intrusion into the privacy of businesses. Although this could be the case, the greater benefit from such acts overrides the argument against intrusion. The federal government has continuously employed various strategies to deal with the ever evolving forms of cyber-attacks. Importantly, the government has collaborated with the private sector in fighting against cyber-attacks as the problem affects both the government and private organizations. Information sharing serves as a critical approach to curb against cyber-attacks. The private sector owns and operates a vast of the nation’s cyber networks and critical infrastructure and therefore plays a significant role in cybersecurity (Lee, 2013). Sharing information on cyber-threats with the government could be used to avert any attacks. Appreciating this approach, the US President Obama in February 2013 through the Executive Order on Cybersecurity assigned the Department of Homeland Security, DHS to be the coordinator of intelligence sharing between the government and the private sector (PWC, 2013). The private sector had been unable to share intelligence information with the government because of the existence of many public-private information sharing groups which made it difficult to determine the government agencies to deal with. Developing an effective cybersecurity workforce would neutralize the effect of the advancement in cybercrime. This explains why the DHS has needed to expand its workforce of hacking specialists by 600 for the past four years to keep at par with the increase in the volume of attacks (Sanger & Perlroth, 2013). With attackers known to have skills and knowledge about the system that enables them to execute their actions, an equivalent or even better skilled workforce would be needed to combat the action of these attackers. Conclusion Generally, America’s vulnerability to cyber-attacks has increased leading to loss of confidentiality, integrity and availability. The country faces increased risk from insider threats, terrorists, criminal groups, hackers and virus and worm writers. Importantly, the US has faced significant threats from China with attackers seeking information that would give them competitive advantage in trade. The Middle East now poses threat deemed to be retaliatory to attack on Iran’s nuclear plans. Therefore, the federal government, in collaboration with the private sector, has adopted critical approaches to avert these attacks. Information sharing between the private sector and the government has gone a long way in providing intelligence on cyber-attacks for appropriate action. Techniques that could further protect America from cyber-attacks include sensitizing the public on cybersecurity, protecting computer systems against attacks and acquiring expert employees to fight against the problem. Deterrent legislation also plays a critical role in cybersecurity. Therefore, America needs to continuously discover appropriate approaches to cybersecurity now that it faces continued vulnerability to cyber-attacks in terms of volumes and sophistication. References Brenner, S. (2010). Cybercrime: Criminal threats from cyberspace. Santa Barbara, California: ABC-CLIO. Lau, R. Y. K. & Xia, Y. (2013). Latent text mining for cybercrime forensics. International Journal of Future Computer and Communication, 2 (4), 368 – 371. Lee, N. (2013). Counterterrorism and cybersecurity. New York, NY: Springer Science+Business Media. PricewaterhouseCoopers. (2013, June). Key findings from the 2013 US state of cybercrime survey. Retrieved 5 December 2013 from https://www.pwc.com/en_US/us/increasing-it-effectiveness/publications/assets/us-state-of-cybercrime.pdf Sanger, D. E. & Perlroth, N. (2013, May 12). Cyberattacks against U.S. corporations are on the rise. The New York Times. Retrieved 5 December 2013 from http://www.nytimes.com/2013/05/13/us/cyberattacks-on-rise-against-us-corporations.html?_r=0 Vatis, M. (2002). Cyber attacks: Protecting America’s security against digital threats. ESDP Discussion Paper. Retrieved 5 December 2013 from http://belfercenter.hks.harvard.edu/files/vam02.pdf Read More
Cite this document
  • APA
  • MLA
  • CHICAGO
(“Cyber -Attacks on America Essay Example | Topics and Well Written Essays - 2500 words”, n.d.)
Cyber -Attacks on America Essay Example | Topics and Well Written Essays - 2500 words. Retrieved from https://studentshare.org/information-technology/1495266-cyber-attacks-on-america
(Cyber -Attacks on America Essay Example | Topics and Well Written Essays - 2500 Words)
Cyber -Attacks on America Essay Example | Topics and Well Written Essays - 2500 Words. https://studentshare.org/information-technology/1495266-cyber-attacks-on-america.
“Cyber -Attacks on America Essay Example | Topics and Well Written Essays - 2500 Words”, n.d. https://studentshare.org/information-technology/1495266-cyber-attacks-on-america.
  • Cited: 0 times

CHECK THESE SAMPLES OF Cyber Attacks on America

Cyber-Attack Has Two Broad Definitions

cyber attacks In the current age of advanced technology and the advance of the Internet, security issues have continued to emerge to organizations.... The third and worst form of cyber attacks is when it is used by conventional terrorists to achieve their means, for example, when the Internet is used to disrupt the functioning of a country's systems (BNAC, 2007).... In the recent past, there has been an increased call for the government to respond to cyber attacks targeting the country with conventional weapons....
4 Pages (1000 words) Research Paper

Political and Legal Influences of Cyber Wars

POLITICAL AND LEGAL INFLUENCES OF cyber WARS Political and Legal Influences of cyber Wars Institution Instructor The internet and world wide website connection has been hailed as a new and powerful engine of social and economic change the world over.... This is attributed to the fact that there have been a rising number of cyber wars and hacking and all this is due to the fact that there is worldwide connection with the advent of computers and technology , more so the internet....
6 Pages (1500 words) Research Paper

Sony Attacked y Cyber Criminals

Once such attack is the one that was experienced by Sony Corporation, a division of Sony that deals with electronics in the United States of america with headquarters in San Francisco.... Cyber crimes, which are the attacks in companies or government websites, which compromises the data in those websites for personal fulfillment of hackers or profits, have been rising day by day and they have caused huge losses to organizations that have experienced them.... In the recent past attacks have been launched to websites that belong to US, Israel and Uganda governments and in organizations like MasterCard, Visa PayPal and Sony among others....
6 Pages (1500 words) Term Paper

Cyber Attacks and Politics from a technological and security perspectives

Those responsible for the cyber attacks acts uses codes that are maliciously… Such acts results into destruction of the normal operations of the computer systems or the company networks.... This paper will focus on establishing the cyber attacks acts and politics from either the technological or security point of view.... These should be specifically aimed at detecting and combating all acts of cyber attacks, especially cyber terrorism....
4 Pages (1000 words) Essay

Sectors Targeted by Cyber Terrorism

Cyber terrorists have as well targeted the education sector in the United States of america.... These may be politically motivated attacks.... These attacks may results into financial losses and even deaths.... In the United… cyber terrorists have unlawfully invaded financial institution systems and caused losses to them. The security sector and the financial institutions The manufacturing sector has also been heavily targeted and attacked by cyber terrorists and criminals....
4 Pages (1000 words) Research Paper

American security culture in history

Terrorism has been a real challenge to the world in general but america being the world's icon of safety serious measures have to be put in place to eradicate the menace of terrorism.... In america alone which is the world's super power, terrorism has had an adverse effect especially after the 9/11 attacks and American citizens learnt how easy their security systems could have been bleached by the ruthless terrorist attackers.... The constitution of the homeland security in 2002 was the most brilliant security measure that the United States governments could have come up with at that time in order to avert future catastrophic attacks in america....
5 Pages (1250 words) Essay

Cyber Attacks against American Infrastructure

In the paper “cyber attacks against American Infrastructure” the author raises questions regarding management's approach to protect the assets for preserving the wealth of stakeholders and seamless flow of running the business.... However, the more the systems depend on technology, the more they are vulnerable to cyber attacks.... Exercises such as Blacks Ice, Blue Cascaded, and most recently Cyber-Shockwave have painted a disturbing picture of how vulnerable and unprepared America infrastructure is to cyber attacks....
15 Pages (3750 words) Research Proposal

Stuxnet: Dissecting a Cyberwarfare Weapon

Due to this, it was classified as the first-ever cyber-weapon.... The author of this paper "Stuxnet: Dissecting a Cyberwarfare Weapon" concerns the analysis of Stuxnet: dissecting a Cyberwarfare Weapon, Defensive and Offensive Cyberwarfare strategy, preventing Cyberwarfare, Cybersecurity systems installation, understanding cybersecurity....
6 Pages (1500 words) Assignment
sponsored ads
We use cookies to create the best experience for you. Keep on browsing if you are OK with that, or find out how to manage cookies.
Contact Us