Cyber Security A Homeland Security Dilemma - Research Paper Example

Cyber Security: A Homeland Security Dilemma? Research question How can the Department of Homeland Security effectively secure cyberspace from cyber attack, viruses, worms and other forms of malwares? The next big conflict is computer warfare that the United States government has to respond vigorously as the Center for Strategic and International Studies has said that the Department of Homeland Security has not well performed the task of protecting the government from cyber attacks. Groups like Al Qaeda and other criminal syndicates have been finding every possible opportunity to penetrate government- and private-sector websites and leaving behind viruses, worms, and malwares to destroy files and possibly copy confidential documents. The perpetrators of cyber crimes and terrorism have remained unknown but almost every activity of the public and private sectors depends on secure databases and electronic systems. Political leaders, past and present, have reiterated in their speeches that information processing systems with confidential information can be intercepted. (Brenner, 2010) Hypothesis 1 Cyber attacks of viruses and other forms of malwares that have infiltrated private and government websites have been happening and are inevitable. Infiltration of viruses and other forms of malwares on private and government websites is a daily occurrence and inevitable. Hypothesis 2 The Department of Homeland Security will be able to defend cyberspace for as long as it can use all its resources within its power and unite private and public agencies to defend cyberspace. The threat of organized attack through the Internet and Information Technology is inevitable. It will cause a serious disruption to the country’s critical infrastructure including security of the nation and of the economy. The perceived enemy of the United States – the terrorists and their organizations and state sponsors of terrorism – has the potential to strike with technical sophistication. They are going to hit the so-called vulnerabilities. (Bush, 2003, p. 6) Terrorists have gone high-tech and connected. They use malware and computer ‘zombies’. Computer users are used as end-target or go-between in criminal activity like denial-of-service attacks over which syndicates demand ransom. Digital crime now costs $250 billion a year. (Matai, 2005, p. 18) Cyber attacks can disrupt public life and the government’s critical operations. Loss of revenues for the government, even loss of lives and properties are some of the consequences. Countering these attacks should force the country’s defence department and the Department of Homeland Security to build robust capabilities in order to reduce the perceived vulnerabilities. Through cyber attacks, the enemy can strike the country even at a distance. (Bush, 2003, p. 7) In cyberspace, it’s easy to commit fraud, steal intellectual property and penetrate governmental networks. Even U.S. classified networks have been hacked; IP thieves and cyber spies are proliferating and we don’t know who they are. (Brenner, 2010, p. 33) The question is, can the government through the Department of Homeland Security secure and defend government’s IT infrastructure? When it is about cyber security, Washington finds it difficult and the government is at a loss, according to the Centre for Strategic and International Studies (as cited in Clark & Levin, 2009). Literature Review Beneath the Karkas mountain range in Iran sprawls a complex 25 feet underground, covered by 8 feet thick walls, where 5,000 centrifuges spin in 100,000 revolutions per minute to become weapons’ grade enriched uranium. This is part of Iran’s nuclear program. But in 2009, the uranium-enrichment program was disturbed by a computer worm known as Stuxnet. It penetrated the system’s programmable logic controllers destroying the system that runs the operations. Stuxnet was believed manufactured by Iran’s enemies, the U.S. and Israel. (Brust, 2012, paras. 1-3) Computer warfare has started and long-time enemies can now bring their weaponry in cyberspace. When the computer virus Stuxnet was clandestinely brought within Iran’s nuclear facilities (through a USB stick), the U.S. was considered the ‘aggressor’. But is the U.S. prepared against a cyberspace counterattack? It is happening – viruses and worms are proliferating all through the Web, carried by emails and passed on from one user to another. Organised crime stalwarts and terrorists are celebrating and conducting operations in cyberspace. Terrorists conduct espionage activities against the government and its agencies, including U.S. educational institutions and research centers, and public and private firms. They are preparing to attack through the Internet by mapping information systems, finding out what targets to strike, and accessing the country’s infrastructure through every possible means available. The enemy too can intimidate the country’s political leaders through cyber attacks. Globalization has brought about interdependence among organizations and countries. But this interdependence has brought new threats to individuals and organizations through network ‘hackers’. The militaries of countries have been introduced with new challenge, not only in conflict but in bringing about collaboration with organizations for other purposes like humanitarian aid, and coordinating with societies and civilian groups. The militaries and organizations have a critical role in cyber security. In fact this could be the key to a long and lasting cyber security that all have been awaiting for. (Demchak, 1999) The job of the Department of Homeland Security could not be made easier than with the full cooperation of the various sectors of society including the military and other governmental agencies. Moreover, the problem of IT security should be addressed on several levels, such as the home user or small organizations, big enterprises, critical sectors, national and global issues. Home user or small business organization Internet users at home can become a part of computer networks to attach government and private infrastructure. Most homes and private organizations today are connected to the internet. Many of them have digital subscriber lines (DSL) connections which can be vulnerable to attacks by professional hackers. Terrorists can conduct denial-of-service (DoS) attacks to these users. Big Enterprises Big corporations, government agencies, educational institutions and research facilities can be targets of attacks. Terrorists are aiming for these particular targets due to the magnitude of damage that could be inflicted. Critical Sectors Institutions and enterprises can form groups to address common problems in security. Small enterprises can join in these groups which conduct best practices and evaluate technological problems. It is important to note that forming groups can also have vulnerabilities because these groups share information and mechanisms. Information Sharing and Analysis Centers (ISACs) are a way of monitoring cyber attacks. They also conduct best practices and reducing vulnerabilities. (Bush, 2003, p. 8) National issues and vulnerabilities Cyber security problems are usually national in scope. All sectors share information through the Internet, and so they are all at risk if their systems are not secure. Some software and hardware components are not well secure making problems spread up to the national level. There should be more trained and qualified personnel to manage and operate their respective information systems. Global The worldwide web is an information system that involves a planet-wide scope and grid. The interconnectedness of computers allows more vulnerabilities on the part of those connected to the grid and creates a problem in case of an attack. There should be more cooperation in the international context by sharing information about criminals and their clandestine activities. (Bush, 2003, p. 8) Employees’ security awareness is significant in information systems’ security management. Employees of organizations can be risk or assets to information security. In fact, some commentators consider the employees of an organization as the weakest link to information security. But some studies found that employees can be assets in reducing risk to information security. Variables Cyber security There seems to be nothing secured in the age of the Internet. Organizations can store as much information and data, but the more we input in our databases, the more risks and threats we attain from hackers, computer saboteurs, criminals, syndicates and terrorists. Risks are multiplied if computers are continuously connected online. Internet security Brenner recommends eight steps to improve Internet security, namely: 1) Government should require vendors to provide higher security standards of computers and other equipment which can verify software and firmware; 2) Make amendments to the Privacy Act enabling Internet Service Providers (ISPs) to disclose information if a customer’s computer has become part of a botnet regardless of the contract of confidentiality between the ISP and the customer; 3) define circumstances that would allow ‘ISPs to block or sequester traffic from botnet-controlled addresses’; 4) Cyber attack Hackers or malicious code writers are programmers who program secret codes for critical infrastructures. (Erbschloe, 2005, p. 2) Security risks pertain to unauthorized access to information. This is also linked to data leakage, privacy and fraud, and other forms of security risks. A computer virus can spread so rapidly and destroy files and maliciously collect private and confidential information and data. Security risks have caused about $17 to $28 million for every occurrence of attack, according to a study by Ernst and Young. (Suduc, Bizoi, & Filip, 2010) According to an annual survey of IT executives conducted by Dataquest in San Jose, California, security ranked on top of all IT priorities for manufacturers. The survey indicated that security is more critical than ‘…building on existing IT investments and solutions, such as ERP, or piloting new applications and technologies, such as Web services’, said a statement by Geraldine Cruz from Dataquest (Seewald, 2003). Another survey conducted in the United States found that computer viruses had penetrated majority of the respondents’ computers. Other risks involved insider abuse by employees and users within the organization (44%), followed by simple theft of laptops and cell phones. (Suduc et al., 2010) Physical risks and logical risks are two problematic areas in IT infrastructure. Physical risks refer to the equipment which has to be protected from natural disasters like earthquakes, hurricanes or floods. Man-made disasters include bombings, theft, power surges, etc. The equipment can be protected through controls like locks, insurance coverage, performing daily backups of the information system and data, disaster recovery procedures, and so forth. (Suduc et al., 2010, p. 43) According to surveys, approximately 90% of organizations face information security investigation almost annually (Siponen, Pahnila, & Mahmood, 2007, p. 133). To counter these security threats, there have been recommendations to improve information management systems and policies. Many of these organization managements seldom comply with information security processes and techniques. Organizations’ IT infrastructure, both physical and virtual, is jeopardized. Physical assets are also at risk. (Siponen et al., 2007, p. 133) There is also the concern of privacy. Information technology was only used as an aid or tool in business, but now it is the mainframe because of the complexity and interconnectedness of businesses and organizations. Hackers and programmers with malicious intent continue to find ways to illegally penetrate vulnerable websites. There is no ‘safe’ or ‘trusted’ network in organizations. The ‘untrusted’ network which refers to the external connection of organizations will continue to expose the privacy of peoples and organizations. (Kelly Rainer & Cegielski, 2011, p. 83) Homeland Security, a dilemma There goes the question whether the job of Homeland Security Department is a dilemma or the department itself is a dilemma. Secretary Janet Napolitano has confessed that she herself doesn’t use email because email is a collector of all sorts of viruses. If people want to be secured, they have to shun email. What good is technology then? If the secretary of Homeland Security says that the best way to be secured is to shun email instead of accepting that her department cannot provide security to cyberspace, then it is better to conclude that Homeland Security is itself a dilemma. Methods to be used to collect data on the variables The method to be used will be collecting data and information from various databases of private and government institutions. Qualitative and quantitative data will be collected from a sample population composed of the staff from the Centre for Strategic and International Studies. The questionnaires will be emailed to the participants and their responses will be inputted in a database. The responses will be compared with the findings of the literature review and the research conducted in the past by authors on the subject of cyber security and the complex tasks of the Department of Homeland Security. Another sample will be taken from employees and police personnel assigned with the Department of Homeland Security. The questions for the members of the Centre for Strategic and International Studies will be the same questions that will be forwarded to the members of the HDS. The variables will be the subject of a meta-analysis. Meta-analysis is calibrating and analysis statistical evidence. This a proven method of analysing past researches by well known authors on an important subject like cyber security and the tasks of the Department of Homeland Security. The greatest challenge The greatest challenge is the research to be conducted on a sample population composed of personnel from the Centre for Strategic and International Studies, Washington, DC can be contacted through its email and this is how the questionnaires will be sent. First, I have to know the emails of the participants and ask their consent to be a part of the sample population and to answer the questions about cyber security. But there are other challenges in this research method. Conducting a meta-analysis will require a lot of effort as this will entail more researches. References Brust, R. (2012). Cyberattacks: Computer warfare looms as next big conflict in international law. ABA Journal; May2012, Vol. 98 Issue 5, p1-1. Retrieved from 4 October 2012 from http://web.ebscohost.com/ehost/detail?sid=a40fac55-96d8-461d-80b4-fbdc6d7c0527%40sessionmgr4&vid=1&hid=7&bdata=JkF1dGhUeXBlPWlwLGNwaWQmY3VzdGlkPXM4ODU2ODk3JnNpdGU9ZWhvc3QtbGl2ZQ%3d%3d#db=bsh&AN=76243712 Brenner, J. (2010). Privacy and security: Why isn’t cyberspace more secure? Communications of the ACM, Vol. 53, No. 11, pp. 33-35. Retrieved from www.ebscohost.com Bush, G. (2003). The National Strategy to Secure Cyberspace. United States of America: Morgan James Publishing. Clark, W. & Levin, P. (2009). Securing the information highway. Foreign Affairs, 00157120, Nov/Dec2009, Vol. 88. Issue 6. Retrieved 4 October 2012 from http://web.ebscohost.com/ehost/detail?sid=d60665ac-4795-4e68-bfd0-161a55456b7b%40sessionmgr10&vid=1&hid=7&bdata=JkF1dGhUeXBl4 PWlwLGNwaWQmY3VzdGlkPXM4ODU2ODk3JnNpdGU9ZWhvc3QtbGl2ZQ%3d%3d#db=bsh&AN=44695025 Demchak, C. (1999). ‘New security’ in cyberspace: Emerging intersection between military and civilian contingencies. Journal of Contingencies and Crisis Management, Vol. 7, No. 4, Dec. 1999, 181-198. Retrieved from http://web.ebscohost.com. Kelly Rainer, R. and Cegielski, C. (2011). Introduction to information systems: enabling and transforming business. United States of America: Quebecor World Versailles. Matai, D. (2005). Cyberspace. Financial Management June 2005. Retrieved 5 October 2012 from www.ebscohost.com. Siponen, M., Pahnila, S., & Mahmood, A. (2007). Employees’ adherence to information security policies: An empirical study. In H. Venter, M. Eloff, L. Labuschagne, J. Eloff, & R. von Sohns (Eds), New approaches for security, privacy and trust in complex environments (pp. 133-134). United States of America: Springer. Suduc, A., Bîzoi, M., & Filip, F. G. (2010). Audit for information systems security. Informatica Economica vol. 14, no. 1/2010. Retrieved from: Business Source Complete database. Wolfe, D. (2008). New strategy. American Banker, 00027561, 12/10/2008, Vol. 173, Issue 237. Retrieved 4 October 2012 from http://web.ebscohost.com/ehost/detail?sid=9d2d1ad8-1420-4f62-9293-cc58092bff98%40sessionmgr10&vid=1&hid=7&bdata=JkF1dGhUeXBlPWlwLGNwaWQmY3VzdGlkPXM4ODU2ODk3JnNpdGU9ZWhvc3QtbGl2ZQ%3d%3d#db=bsh&AN=35676216 Read More