Name:
Instructor:
Subject:
Date:
Cyber Security
W5-1
Critical infrastructure is a resource that is important to the country such that its destruction may weaken the country’s economy, national security and or public health
Advantages
Firstly, the internet is a global connection of computers linking schools, governments, individuals, and businesses. No one is in full control of the internet. Therefore no one can stand and create laws hat all must abide by since it is not a resource that one can control it fully. Goldsmith, J. (2007). Secondly, no one can particularly give the absolute value of paying a certain amount of money to raise our cybersecurity. Cybersecurity requirements do not apply to all of us evenly.Shackleford & Russell(2016). You will alwa\ys hear of someone who did not do anything to increase his or her security online, yet nothing in particular happened. On the same note, you will ear of others who went through a lot of processes to secure their data or crucial resources but still fell victim to cybersecurity. We may, therefore, easily overestimate or underestimate the value of cybersecurity to a high degree, lose a lot of money or compromise our security in the process. Lastly, it is quite difficult to determine whether a cyber attack will be conducted or not we are thus left to pick up the pieces after the damage has occurred which is quite not reliable, furthermore, it could be expensive to pay for a cyber attack since information cannot be quantized to a given price.
Disadvantages
Firstly most businesses invest to earn a profit; if a company does not make anything from investing in cybersecurity, it will not invest. Therefore cybersecurity will continue to be a problem. Furthermore, not everyone feels the pangs of risking one’s data, and those who do are very few such that the many who don’t care will quickly bring them down. Shackelford et al. (2017). Secondly, these firms, once they have invested in cybersecurity, will have to pay for much more since they have to ensure that all the firms they work with also invest in cybersecurity as it may be used as a channel to hack into the mother firm. Since cybersecurity cannot be f, it is difficult to decide how much or how little a firm should invest in it.
References
BOOZ ALLEN HAMILTON, CYBER ROI: A PRACTICAL APPROACH TO QUANTIFYING THE FINANCIAL BENEFITS OF CYBERSECURITY 1 (2015).
Goldsmith, J. (2007). Who controls the Internet? Illusions of a borderless world. Strategic Direction.
Shackelford & Russell, Above the Cloud, supra note 47, at 641.
Shackelford et al., “Voluntary” Cybersecurity Frameworks, supra note 86, at 218–19.
W5-2
The cybersecurity act of 2015 goes to identify a threat and its possible repercussions and goes on to describe what is to nabe done to the person violating this act. It encourages all to share the risk of cybersecurity. However, the private sector is afraid that the federal government will leak their information. Jenab, K., & Moslehpour, S. (2016).This is, however, always been an issue as it is not easy to decide where the line is to ensure that people’s information is kept secret. The person’s security is maintained top-notch. It states that the federal government is responsible for overseeing cybersecurity and give reports on the progress. Anyone can express cyber threat indicators to the federal government, and personal information should not be shared. The federal government can, however, share with appropriate governmental entities to manage a possible national threat. Wilbur, S. E. H. (2017). The federal government, however, is limited in what to do with the information, it cannot disclose the information to anyone, and it cannot use it for its benefit. It may, however, be revealed if it contains a risk such as that of death or if it may cause one serious bodily harm and economic harm. Yet it has its kinks. Some feel that it is not cybersecurity but mostly surveillance.
Firstly there will be too much sharing of personal information. Its definition of cyber threat indicators is so broad that it is difficult to know precisely what information is to be shared and what is not in the event of a possible threat.therefore leading to the submission of personally identifiable information, which should not occur as client data should be kept private. This means that the user’s data of users is compromised, considering huge companies such as Google, which contains millions of information on individuals. This shows the scope of how significant the risk is.
Secondly, since this information can be used for various uses such as the risk of bodily harm, it means that it may be manipulated and used to investigate almost all cases of violent crimes which may be unrelated to cyber threats and even may also be extended to terrorism Shetty et al. (2018) — leaving a broad usage of this information which will not be computer crimes disguised as computer crimes and wit the brand ‘cybersecurity’.
Solutions
To address the first issue of too much sharing and to risk possible exposure of personally identifiable information, the information acquired through this act should only be shared with the national safety authority to address significant national threats.
On the second issue, law enforcement should only access information if they have clearly defined a cybercrime and only be allowed where violence is inevitable.
References
Jenab, K., & Moslehpour, S. (2016). Cybersecurity management: A review. Business Management Dynamics, 5(11), 16.
Shetty, S., McShane, M., Zhang, L., Kesan, J. P., Kamhoua, C. A., Kwiat, K., & Njilla, L. L. (2018). Reducing informational disadvantages to improve cyber risk management. The Geneva Papers on Risk and Insurance-Issues and Practice, 43(2), 224-238.
Wilbur, S. E. H. (2017). What Does This Mean: Examining Legislative Ambiguities in the Cybersecurity Act of 2015 and the Potential for a Future Circuit Split on Interpretation. Seton Hall L. Rev., 48, 275.
W6-2
Since we are all heavy users of the internet, we are putting our faith into the internet. We ave kept our histories and academic records online, thinking it makes us feel safe. We have considered this CISA we would like to assure you that we do understand all the fears and worries you feel. It is currently challenging to draw a line of where businesses end and where the internet stops influencing the activities. We are all aware of the rising dependency of our companies on internet security and, therefore, aware of the ever-increasing attempts to steal trade secrets, financial data, or marketing information. Schweizer, P. (1996). We are creating systems that ensure that we are safe and protected from these attacks. Still, we must and should work hand in hand to make this a success. Firstly we have to make sure that our companies have formal policies to combat cyber threats and also ensure physical security and not rely solely on firewalls. Secondly, we provide to hire trusted employees as they may be used by competitors to trade secrets; this is very hard to detect, therefore hard to prove and detect. Thirdly former employees who may want to get back at the company may give sensitive data to competitors to get back to a business he or she has been fire from.this covers the scope of business. Still, a nation is much like a business with secrets that must be protected and laws that must be followed by all who abide in it. Let us think of citizens as employees and politicians as employees with higher ranks with more access to resources and more secrets of which some are better-kept secret. We can now visualize the risk we are dealing with, which begs the question of how should we protect ourselves? We should make sensitive information secret, limit the access of protected information, and keep a record of those using it. Let us continue training ourselves and implement non-disclosure agreements to protect sensitive data. We should also ensure that those who don’t need to know don’t know crucial data. In case anyone sees any suspicious behavior such as one living beyond their means suddenly, such cases should be reported and dealt with immediately. The federal bureau of investigation should be a friend and should be contacted in case of an insider threat. The penalties to those who offend these laws will receive severe punishment for this, and permanent records are kept to alert others of their previous acts. Remember, you also have a moral obligation to protect your data, and we have a moral obligation to protect you. We must work together to make this work. It is a two-way avenue that lets us cooperate and correct each other, and we will be surely on the way to safer and hack-proof businesses.
References
Brenner, S. W., & Crescenzi, A. C. (2006). State-sponsored crime: The futility of the economic espionage act. Hous. J. Int’l L., 28, 389.
Schweizer, P. (1996). The growth of economic espionage: America is target number one. Foreign affairs, 9-14.
W7-1
At the end of September and per the united nations, 27 countries signed an agreement to raise responsible national habits in cyberspace.this was meant to protect data and secrets such that there will be fair competition. Russia and China were among the countries that did not sign the agreement. Cyber attacks continually occur worldwide without a halt, and it is necessary to protect ourselves. However the question lies at what should we do after protecting ourself, what should be done to those who are caught trying to jeopardize the security and safety of nations.good offense may be critical in ensuring all is well and safe but to what extent should we do this and to what extent does it become wrong or unethical in the offensive side. Unlike most other attacks, one can do a lot of damage without blowing things or killing, therefore, making it challenging to calibrate the punishment that should accrue to those breaking this law.however since it also causes damage we would say that it is a form of force or amount to a use of force. The effect should also be equated t the amount of damage it causes, especially on the physical hardware affected. This includes computers and or machines which may be damaged in the process. Sometimes cyber-attacks are not intended to cause long term harm, but the effects may go beyond that scale. The force should be quantized according to its legal repercussions,, the physical systems affected, the extent of the effects, and the duration of the impact. Hunker, J. (2010).The retaliation should be to a degree such that it does not show weakness on the part of the nation but at the same time, indicate power such that the country cannot be pushed around. This, however, should be conducted smartly and also not so much that one nation will feel its pangs too long. The offensive should be almost as strong as the force or the repercussions of the attack that would accrue to it. Weissbrodt, D. (2013). The retaliation, however, should be limited to cybersecurity and should only affect the parties without affecting those who in no way participated in the first attack. Kshetri, N. (2005.)
In conclusion; we should do what is necessary to protect ourselves from those who put the lives and economies of others at risk. We should, however, do this to the extent of the effect of the attack and protect ourselves. If the attack puts someone’s life in danger with respect to everyone’s right to life, we should take all necessary measures to protect the individual or individuals. We should however, not end a life to save a life prosecutors should be arrested but not killed but rather jailed no matter the extent of their possible attacks.
Reffferences
Hunker, J. (2010). Cyberwar and cyber power. Issues for NATO doctrine.
Kshetri, N. (2005). A pattern of global cyberwar and crime: A conceptual framework. Journal of International Management, 11(4), 541-562.
Weissbrodt, D. (2013). Cyber-conflict, Cyber-crime, and Cyber-espionage. Minn. J. Int’l L., 22, 347.
W7-2
Stuxnet was a computer wor uncovered in the year 2010 targeting programmable logic controllers that enable automatic use of electromechanical processes.stuxnet is believed to cause substantial damage to Iran’s nuclear programs by damaging centrifuges for isolating nuclear material by making them tear themselves apart.It is said to have affected over 200,000 machines computers and degraded 1000 machines physically.it is also believed to be the most significant and most costly development effort while creating malware in history. It has many capabilities, and like this example, it has cut to the root b affecting a target and causing maximum havoc. The code was said to be complicated and required a deep understanding of programming and the industrial process.BBC claims that only a nation would be able to produce such a malware Lindsay, J. R. (2013). Furthermore, it attacked a country (Iran), which could have been a war between competing countries in nuclear progression.
So let us review the advantages of the use of cyber weapons
We will analyze Stuxnet as a cyberweapon. For one, it caused physical damage through cyber methods. It was able to affect something in the real world through digital means, its target being a nuclear program that was already targeted diplomatically and held economic sanctions. It did not hurt or kill anyone in the process. Unlike traditionally, when bombs would be dropped and end lives in the processes.
Suntex did not also be stored in the hardware such as the hard disk, as this would make it easily identifiable as a virus, so it stored its data only in memory. It reprogrammed the application program interface so its data would be taken directly from the memory instead of the library Lindsay, J. R. (2013. It was this ghostly files that could not be saved on the hard disk, therefore wholly impossible to discover.
Stuxnet was precise, affecting a specific facility. It was accurate to its target even with details of the configuration at the target facility. Systems that did not match it were not harmed, making it very useful if you have inside knowledge of the target.
It was also able to spread continuously using USB drives.
It also updated its results continuously about the infected machines making it possible to be updated continually and e even more powerful.
Disadvantages
However, Stuxnet also infected thousands of computers, some of which did not deal with nuclear research. Kim, D. Y. (2014). It went past its target and ended up affecting more than it was intended to infect, causing damage to those not intended to be protected.
It could take too long for us to fix a problem arising from cybersecurity, in Iran, the machinery was changed continually for so long without knowing where the problem was.
Cyberweapons would leave most of us very vulnerable to attacks since most of us not yet fully understand the effect of cyberweapon’s impact on us and our society, as well as economic life. It would take a while to adjust, and billions would get lost in the process.
In conclusion, cybersecurity is undoubtedly becoming the next lever in the war; the next world war will surely be in people’s homes and offices on the internet and no longer in the field. Stuxnet plainly shows us what could be in the future, and it leaves all with the question of what’s next? Or instead, who’s next?
Reference
Kim, D. Y. (2014). Cybersecurity issues imposed on nuclear power plants. Annals of Nuclear Energy, 65, 141-143.
Lindsay, J. R. (2013). Stuxnet and the limits of cyber warfare. Security Studies, 22(3), 365-404.
Robinson, M., Jones, K., & Janicke, H. (2015). Cyberwarfare: Issues and challenges. Computers & Security, 49, 70-94.
W8-1
Firstly we should recognize the limitations of shared passwords such as OTPs relying on shared secrets and implement public-key cryptography whereby keys never leave the user’s device. Kartalopoulos, S. V. (2006).Authentication solutions also need to be created to support mobiles due to the increasing usage and dependency of mobile transactions.We should also ensure we focus on the results of any technology that is most effective and not conform to a single technology. Knapp, W. (2006). This is due to the emerging technologies which at times prove to be more effective, therefore remaining rooted in old or a single technology that is outdated or is no longer as effective.
We should also encourage secure authentication solutions that help users to use them continuously to ensure they are protected. Typically people get frustrated and therefore prefer to risk their security and that of others in the process. Newmeyer, K. P. (2015).We also need to address others that their privacy is of utmost importance to all and everyone, no matter how secure they feel, one can follow up your weak passwords and through it, gain access to the companies you are running.
Biometrics have helped a lot in making it easy for one to identify his identity in a mobile device. This, however, should not be viewed as the total security; it should just be a layer upon which another method is implemented, such as a personal password. Newmeyer, K. P. (2015).The country as a nation should also align with other countries with the same goals of cybersecurity to learn and form allies in the process. Lastly, as communication is vital, Washington should be transparent about its policy to communicate clearly to associates.
The methods stated above will surely aid in ensuring cybersecurity will be significantly improved; however, as stated above, it the obligation of all and every one to ensure that the data is safe. It begins with you!
Reference
Butler, B., & Lachow, I. (2012). Multilateral approaches for improving global security in cyberspace. Georgetown Journal of International Affairs, 5-14.
Kartalopoulos, S. V. (2006). A primer on cryptography in communications. IEEE Communications Magazine, 44(4), 146-151.
Knapp, K. J., Marshall, T. E., Rainer Jr, R. K., & Morrow, D. W. (2006). The top information security issues facing organizations: What can government do to help — network security, 1, 327.
Newmeyer, K. P. (2015). Elements of national cybersecurity strategy for developing nations. National Cybersecurity Institute Journal, 1(3), 9-19.