Security of a Strategic Installation - Assignment Example

Security of a Strategic Installation: Air Base Author’s Name Institution Table of Contents 1. Introduction ……………………………………………………………..p. 3 2. Espionage definition and history………….……………………………..p. 3 3. Consequences and impact of espionage………………………………….p. 5 4. Airbase threat environment………………………………………..……..p. 6 5. Airbase espionage attack methodologies…………………………………p. 8 6. Espionage countermeasures by an organization………………………….p.11 7. Conclusion ……………………………………………………………….p. 14 8. Reference List……………………………………………………………..p. 15 9. Introduction Industrial security procedures are measures put in place to curb threats which affect industrial objectives. An example of these threats is the risk of unauthorized disclosure of sensitive data or information. Industrial security procedures also include measures put in place by the government to handle information that is affiliated to the government and deemed classified. In the US, the National Industrial Security Program (NISP) was set up during the reign of President Bush. It was given the mandate to handle classified information that is related to the government (John & Eric, 2008). The NISP program aims at providing uniformity in security procedures, eliminating duplication procedure, provision of clearance to the relevant personnel and reducing the cost of providing security. The Secretary of Defense acts as an Executive Agent to the NISP. The secretary of defense maintains the NSIP manual as well as implements the recommendations put forward by the body with regards to classified information (John & Erik, 2008). This paper seeks to examine security of an installation; industrial espionage and countermeasures against such. The strategic installation chosen for this topic is the airbase. This is because such kinds of installations are under constant threats from adversaries who may want to acquire key information in order to sabotage activities among other intentions. Espionage Definition and History Espionage is defined as the act of gathering information secretly about a competing industry or foreign government, with the aim of placing one’s own corporation or government at some financial or strategic advantage. It is a clandestine activity which is carried out by people working under secret identity, so as to acquire classified information to be used by another entity or nation. Espionage involves obtaining confidential information without authorization from the holder (Winkler, 1996). It is also the act of accessing a target place or identified personnel so as to get classified information (Robert, 1994). Espionage is done in such a way that the holder of information does not notice that the intruder has the information. It is thus the duty of the NSIP to ensure that such measures do not take place (Winkler, 1996). The act of Espionage has been present since time immemorial. During the World War I and II, various states employed the act of espionage so as to interfere with the enemy’s army. One of the most known instances of criminal espionage in the history of U.S. was uncovered in the 1980. This was the Walker spy ring composed of John Walker, the son Michael Walker, brother, Arthur Walker and friend, Jerry Whitworth. They supplied the Soviet government with confidential information from the U.S., including Navy codes that allowed Soviets to intercept over a million messages. This act of espionage was carried out from 1967 to 1985. The Walker ring also sold Soviets information regarding U.S. offensives in Vietnam War among other classified information (Adams, 1994). The spy usually infiltrates the enemy’s army gathering information about its strength and loopholes (Schweizer, 1993). The spy can also steal technology from the enemy state so as to incapacitate the enemy in various ways. In case they find protesters in the enemy’s army, they may be used to instigate them to defect. This will greatly sabotage the enemy’s security system thus raising their level of vulnerability. Although beneficial in case of war, there are various laws that prohibit the use of espionage. The penalty when caught, is usually death (Schweizer, 1993). An espionage agent is usually highly trained to identify target areas as well as obtain the relevant information. They are usually persons who are able to associate well with the personnel in the target place. The major targeted areas include economic resources, natural resources and the security system. The economic resources include production, manufacturing and research centres. The natural resources include energy, nuclear materials and energy sources. Security resources include the military assets and personnel. Counter espionage measures involve giving false information to the agent so as to protect the country’s interest (Griffith, Samuel & Sun, 1963). Consequence and Impact of Espionage Several cases of espionage have caused damage to the U.S. since 1980s. Jonathan Pollard was arrested in 1985 for spying for Israel. He provided Israel with approximately 360 cubic feet of documents at a price of $50,000 in cash (Adams, 1994). In 2006, the security group Wells Fargo, lost high profile data, in what was termed as an act by a rival company, in order to edge them out in the competition. The same thing happened to Ernst & Young, with an alleged leakage of classified information (Vance, 2006). Estimates of the Federal Bureau of Investigation showed that U.S. corporations lost $100 Billion every year due to industrial espionage (Cox, 1996). In 2001, the combined cost of domestic and foreign economic espionage was estimated at $300 billion and rising. Theft of information from such corporations is a goal for most foreign nation and companies. Last year, the U.S. businesses lost more than $250 billion to economic espionage. Over $1.2 trillion was lost in the last decade due espionage in the U.S. (White, 2011) Adversaries that commit these crimes may gather this information in any form including electronic format or even from trash. Information gathered during espionage in used primarily for military purposes. The easiest way of spying so as to gather data is by infiltrating the enemy’s rank. This is usually done by highly skilled personnel called spy. They are mostly from the military or persons who have undergone intensive training. This act of espionage is mainly aimed at the enemy’s security. Airbase threat environment The U.S Air force has numerous installations across the world. These installations are in located in places that are considered safe, while others in areas known to be unsafe and hostile. Following the December 12 attack at Pearl Harbor, it was obvious that geographical location was not the only indicator for a facility’s vulnerability (Howard & Peter, 1976). This was because terrorist activity was both from external and internal groups in the USA. It is for this reason that Air Force protection is important in the planning, designing and construction of security installations. The Air Force security involves the protection of both the military equipment as well as the personnel. In the past over 300 personnel were killed with over 200 injured during a terrorist attack on the Air force (Levine, 1995). There are various kinds of sensitive information that may be a target for perpetrators of espionage. The most common ones include satellite map images. Attackers may use these maps so as to gain access to the various locations within the airbase. New product plans may also be a likely target. Foreign countries may use these plans in order to build superior weapons. Notes associated with military inventions may also me stolen in acts of espionage. Portable drives or computer data with information regarding military operations is also a target. Of those who may want to penetrate an air base, terrorist are among the serious threats. Terrorists may be international or domestic. They may target military installations in order to incapacitate the powers of the given country by crippling its’ airbase. They may penetrate the facility in order to steal crucial projects, materials or information, which they will use in perpetrating their acts of terror (Robert, 1994). Some of the sensitive materials they may be after are satellite map images. Most of terror groups employ an insider in order to carry out their heinous intentions. Dissatisfied employees may also want to carry out acts of espionage. This includes those who feel that they are underpaid. These employees can be easily swayed in order to get information from the installation. They may carry out unauthorized access to confidential information in order to sell it. The sensitive information that they can target include computer and entrance passwords. These employees may be utilized by rivals or enemies (Vance, 2006). Employees can also be dissatisfied if they feel their ideas are being ignored. Hence, as an act of retaliation, they may want to sabotage missions to satisfy their egos. This is particularly so for those whose bosses are patronizing. Another type of dissatisfied employees is the overzealous types who feel that they can hasten progression of some activities (such as missions and operations) within the facility. They usually see their superiors as dragging operations and hence they can carry out acts of sabotage and espionage in order to hasten military operations. Trusted insiders are considered the best source of military facility espionage. These insiders, also known as moles, may be asked initially to hand over information which is inconsequential. Once compromised due to committing a crime, they are then bribed so as to hand over more sensitive material. There are also those employees that may take up employment with another military base or country. This behavior has been the cause of numerous military espionage cases, most of which have resulted to legal battles (Griffith, Samuel & Sun, 1963). Some countries have been known to hire individuals to undertake spying for them, rather than utilize their own intelligence (John & Eric, 2008). These countries usually utilize students, academicians and business delegates. This may include cadets within the military facility or other workers to the extremes of cooks and gardeners. It may also include military students being offered military training by a different country. Another rare source of people who may wish to penetrate airbases is activist groups and pressure groups (Robert, 1994). This is happens mostly in cases where a group of persons may want to overthrow the government by securing key military installations, an example being airbases. Airbase Espionage Attack Methodologies There is an increased risk that valuable information will be changed, lost, misused or stolen, due to the recent advances in technology. Information available on networked computers or recorded electronically is more vulnerable than that which is paper printed and locked in a cabinet (Cox, 1996). Intruders or those carrying out works of espionage have no need to enter an office or security installation so as to steal information. They can be able to tamper or steal information without touching any papers. They can run their own programs, create new electronic files and even hide evidence of their activities. There are basic security concepts important to information. These include; confidentiality, availability and integrity. There are also concepts that relate to people who use this information, and these include; authorization, authentication and non-repudiation. When information is copied or read by unauthorized persons, this is termed as loss of confidentiality. Modification of information in unexpected ways will result in the loss of integrity. Hence, unauthorized changes can be made to information, including data for air traffic control. Information may be erased in acts of espionage, resulting in the loss of availability (Vance, 2006). This information may include sensitive issues like airline schedules. Computers have become crucial in carrying out espionage activities in military installations. This is due to the large amount of information they have and ease of copying and transmission. The use of computers in order to obtain unauthorized information has been increasing at a high rate since the 1990s (Katz, 1995). Information may be copied from unattended military installation computers by those who have unsupervised access, for example, repairmen or janitors (Voyager, 1995). A good example is the case of a Singapore janitor who stole a laptop and hard disk from a military installation (March Air Reserve Base) in Northern District California (John & Eric, 2008). The rapid rise in computer networks and the internet has increased the detail and range of information that is available. It has also enhanced the ease of access of such information for the purpose of espionage. Worldwide, hundreds of airbases come under cyber attack (Katz, 1995). Sensitive military or defense information may be stolen in this form. Mostly, these activities are state backed or sponsored. It is also possible for individual hackers or cybercriminal to access information from such installation. In order for one to undertake such method to carry out espionage, one must have immense knowledge of networks. A common method for perpetrators to acquire such information from airbases is by use of malware and spyware. These are key tools for industrial and military espionage (John & Eric, 2008). Newer forms have been developed in the height of technological sophistication. These include devices which can switch on recording devices, cameras and mobile phones in order to acquire information. Another method that can be employed is the Distributed Denial of Service (DDoS). This form of attack uses computer systems which are compromised in order to carry out a flood of requests to the target system, leading to shut down and denial of service. They can be employed in switching off surveillance programs so that one can steal key information from military installations. This method was allegedly used by Russian secret service on a cyber attack on Estonia, in response to removal of war memorial of the soviet era (Katz, 1995). Professional hackers employ a number of activities in order to access information from an airbase network. The first step is footprinting; where the intruder tries to gather as much information about the targeted network by utilizing sources that the public can access. This creates a map of the network to ascertain what applications, operating system and address ranges are being used. The next step is port scanning where the hacker collects information about the network services and attempts to find open ports. Enumeration is the third step, and here, the hacker collects information on the applications and hosts on the network. The last and the catastrophic step is acquiring access. The intruder can then delete, add or modify data and key information (Katz, 1995). Espionage Countermeasures by an organization Countermeasures against such acts of espionage and sabotage must be instituted in order to maintain safety within military installations and other facilities. Countermeasures can be instituted at the technological level, employee level and physical security level. At the technological level, one of the means is through security engineering. It is crucial for building secure systems to have well stipulated methods for construction. The systems should be secure and should include components for validating and formally assessing security within a given installation. There is a need for development of security preservation, combining techniques from secure hardware design, software engineering and other methods (Hellriegel & Richard, 1992). There is also need for development of intrusion tolerant systems. Such system should work safely and securely even if some of its subsystems have been maliciously corrupted in acts of espionage. Such information systems might even have the ability to reconfigure into a less corrupted state in the event of an attack. Another thing that can be done as a countermeasure is intrusion detection. There is need for development of sensors to watch for specific situations and correlate them with alarms so as to warn in the case of an intruder. However, this has become a problem due to the many false alarms (Vance, 2006). Surveillance cameras are also important in safeguarding facilities such as airbases. These should be strategically located within the installation so as to get clear coverage of most of the facility. There should also be a control room where security personnel are monitoring the cameras for any suspicious activity. Recording devices may also be employed: it encompasses tapping of phone calls, to and from the facilities. This enabled Standard Duplicating Machines Corporation to find out that one of their disgruntled former employees was leaking information to a rival group in 1992 (Cox, 1996). Intrusion detection systems within the facility are also crucial. These trigger alarms if they sense motion or unauthorized entrance into restricted areas. Proper lighting is also essential since dark corners can be used to execute acts of atrocity (Hellriegel & Richard, 1992). Countermeasures that can be instituted at the employee level include the issuance of proper, tamper proof identification system. The installation can impose identification requirements for employees, contractors, visitors and others who may seek access. Some sophisticated identification systems have been designed. A good example is the fingerprint recognition method of identification ensuring that only the authorized personnel will gain access. Another method that can be employed is the introduction of escorting policies for contractors, visitors and some of the employees (Cox, 1996). Screening and searching procedures are also crucial. This should be done preferably at the entrance to the facility. Vehicles, baggage and hard carried articles should be scrutinized. One may therefore, be able to intercept various tools that may be employed in carrying out acts of espionage including cameras and other gadgets such as recording devices as well as stolen documents. Routine checking of baggage helped Sun Microsystems in intercepting stolen trade documents from Fe Ye and Ming Zhong in 2001 (John & Eric, 2008). Regular security monitoring should be done by security personnel in terms of regular patrols in the facility. Training is another countermeasure technique an organization or facility may employ. Employees may be trained on advances in technology that will enable them use this in securing key data and information. Employees may be taught on specific procedures and steps in order to make use of new technology. Security awareness is also vital. The security personnel guarding the installation may be taken for drills and further training, to improve their quality of work in helping safeguard the facilities (Hellriegel & Richard, 1992). Various physical security measures can be undertaken to combat espionage. These will include proper fencing and barrier erection. The fence or perimeter should be constructed at a big radius from the installations (Hellriegel & Richard, 1992). Spies have been known to take photos and videos in order to map out their navigation through such facilities. The fences must be hard to penetrate, and one may utilize electric fences. Locks in the building should be tamperproof, and only authorized personnel should be entrusted to the keys (Robert, 1994). Information access should be on a ‘need to know’ basis. This helps to prevent unnecessary proliferation of information (Cox, 1996). Another countermeasure technique is the introduction of policies that restrict the utilization of open communication lines, such as telephone system and the internet. This is so as to reduce the vulnerability for information compromise. An industry can also enforce security policies on its contractors and employees. A thorough background check should be done before any entrustment (Cox, 1996). Conclusion Due to the recent advances in technology, acts of espionage have escalated to new heights. Computers have worsened the situation, due to many loopholes which can be explored by professional hackers and spies. Those willing to perpetrate such acts include terrorists, disgruntled employees, criminals and spies. Most of them are utilized by rival countries and companies. Various measures can be instituted in order to curb espionage and hence, sabotage. This include physical measures, example being use of an intruder alert system, surveillance cameras, proper fencing and good lighting. It also includes measures done at the employee level and at the technological level. Those using the internet must seal all loopholes and open ports of access by employing firewalls and other software. Training of personnel working for such facilities should be undertaken in terms of security protocols and recent advances in the technological world. Reference List Adams, J. (1994). The New Spies. London: Hutchinson. Bergsten, C. (2004). Foreign Economic Policy. Washington D.C.: Prentice Hall. Carrier, B. (2005). Forensic File System Analysis. Addison Wesley. Casey, E. (2004). Digital Evidence and Computer Crime; Forensic Science, Computers and the Internet. Academic Press. Cox, J. (1996). Siphoning U.S. Companies’ Knowledge. USA Today, February 16, p. 31. Garfinkel, S., & Shelat, A. (2003). Remembrance of Data Passed: A Study of Disk Sanitization Practices. IEEE Security & Privacy, 1 (1). Greenfield, K. (1963). American Strategy in World War II: A Reconsideration. Westport: Greenwood Press. Griffith, R., Samuel, B. & Sun, T. (1963). The Art of Espionage. New York: Oxford University Press. Hakim, J. (1995). A History of us: War, Peace and all that Jazz. New York: Oxford University Press. Hans, N. (1951). Industrial security of the National Interest. New York: Elsevier. Hellriegel, D., John, W. & Richard, W. (1992). Security Organizational Behavior. St. Paul: West Publishing Company. Howard, M. & Peter, P (1976). Carl Von Clausewitz, On War. Princeton: Princeton University Press. Jones, A., Mee, V., Meyler, C., & Gooch, J, (2005). Analysis of Data Recovered from Computer Disks released for sale by organizations. Journal of Information Warfare, 4 (2), 45-53. John, M., & Eric, P. (2008). Speed and Power, Toward an Expeditionary Army. Santa Monica: RAND. Jones A., Valli C., Sutherland I., & Thomas P. (2006). An Analysis of Information Remaining on Disks offered for sale on the second hand market. Journal of Digital Security, Forensics & Law. 1 (3). Katz, A. (1995). Computers: The Changing Face of Criminality. New York: Prentice Hall. Kerber, R. (2006, December 12). Firm will settle with state over data loss: Missing laptop had information on thousands. Boston Globe. Retrieved from http://www.boston.com/business/articles/2006/12/12/firm_will_settle_with_state_over_data_loss/ Levine, E. (1995). A fence away from freedom: Japanese Americans and World War II. New York: G.P. Putnam’s Sons. Pasternak, G. (1996, March 4). The Lure of the Steal. U.S. News & World Report. Retrieved from http://www.usnews.com/usnews/news/articles/960304/archive_034063_4.htm Robert, M. (1994). The Changing Face of National Security: A Conceptual Analysis. Westport, CN: Greenwood Press Schweizer, P. (1993). Friendly Spies. New York: Atlantic Monthly Press. Sutherland, I., & Mee, V. (2006). Data Disposal: How educated are your Schools?. 6th European Conference on Information Warfare and Security, June 2006. Vance, A. (2006, February 25). Ernst & Young fails to disclose high-profile data loss: Sun CEO's social security number exposed. The Register. Retrieved from http://www.theregister.co.uk/2006/02/25/ernst_young_mcnealy/ Vance, A. (2006, May 12). Wells Fargo fesses up to data loss: Lightning strikes twice for HP man. The Register. Retrieved from http://www.theregister.co.uk/2006/05/12/wellsfargo_computer_loss/ Voyager, (1994). Janitor Privileges. The Hackers’ Quarterly, 11(4), 45-54. White, H. (2011). Annual Report to Congress on Foreign Economic Collection and Industrial Espionage. Washington DC: Government Printing Office. Winkler, I. (1996). Assignment Espionage. InfoSecurity, 7(3), p26. Read More

It is also the act of accessing a target place or identified personnel so as to get classified information (Robert, 1994). Espionage is done in such a way that the holder of information does not notice that the intruder has the information. It is thus the duty of the NSIP to ensure that such measures do not take place (Winkler, 1996). The act of Espionage has been present since time immemorial. During the World War I and II, various states employed the act of espionage so as to interfere with the enemy’s army.

One of the most known instances of criminal espionage in the history of U.S. was uncovered in the 1980. This was the Walker spy ring composed of John Walker, the son Michael Walker, brother, Arthur Walker and friend, Jerry Whitworth. They supplied the Soviet government with confidential information from the U.S., including Navy codes that allowed Soviets to intercept over a million messages. This act of espionage was carried out from 1967 to 1985. The Walker ring also sold Soviets information regarding U.S. offensives in Vietnam War among other classified information (Adams, 1994).

The spy usually infiltrates the enemy’s army gathering information about its strength and loopholes (Schweizer, 1993). The spy can also steal technology from the enemy state so as to incapacitate the enemy in various ways. In case they find protesters in the enemy’s army, they may be used to instigate them to defect. This will greatly sabotage the enemy’s security system thus raising their level of vulnerability. Although beneficial in case of war, there are various laws that prohibit the use of espionage.

The penalty when caught, is usually death (Schweizer, 1993). An espionage agent is usually highly trained to identify target areas as well as obtain the relevant information. They are usually persons who are able to associate well with the personnel in the target place. The major targeted areas include economic resources, natural resources and the security system. The economic resources include production, manufacturing and research centres. The natural resources include energy, nuclear materials and energy sources.

Security resources include the military assets and personnel. Counter espionage measures involve giving false information to the agent so as to protect the country’s interest (Griffith, Samuel & Sun, 1963). Consequence and Impact of Espionage Several cases of espionage have caused damage to the U.S. since 1980s. Jonathan Pollard was arrested in 1985 for spying for Israel. He provided Israel with approximately 360 cubic feet of documents at a price of $50,000 in cash (Adams, 1994). In 2006, the security group Wells Fargo, lost high profile data, in what was termed as an act by a rival company, in order to edge them out in the competition.

The same thing happened to Ernst & Young, with an alleged leakage of classified information (Vance, 2006). Estimates of the Federal Bureau of Investigation showed that U.S. corporations lost $100 Billion every year due to industrial espionage (Cox, 1996). In 2001, the combined cost of domestic and foreign economic espionage was estimated at $300 billion and rising. Theft of information from such corporations is a goal for most foreign nation and companies. Last year, the U.S. businesses lost more than $250 billion to economic espionage. Over $1.2 trillion was lost in the last decade due espionage in the U.S. (White, 2011) Adversaries that commit these crimes may gather this information in any form including electronic format or even from trash.

Information gathered during espionage in used primarily for military purposes. The easiest way of spying so as to gather data is by infiltrating the enemy’s rank. This is usually done by highly skilled personnel called spy. They are mostly from the military or persons who have undergone intensive training. This act of espionage is mainly aimed at the enemy’s security. Airbase threat environment The U.S Air force has numerous installations across the world.

Read More