Friday, April 23, 2010

CBS Report on Cybersecurity

This report from CBS News is a good brief overview of how the lack of international cooperation on cyber security represents a threat to US national security.

The video also shows something that all of us should already know - Mudge is the man.


Deven said...

Ned, thanks so much for posting this!

I am writing my paper on deterrence and US cyber security I think, and this video was a good introduction to the kinds of things I'm researching.

Some of the facts in the video are really shocking. 360 million unauthorized probes infiltrate our system everyday! 360 million!! While the number itself seems daunting, the greater challenge is finding a way to cut the amount of unauthorized probes in light of their danger.

Deterrence doesn't really exist right now and for the US to actually halt potential antagonists, they must be convinced that they will be identified and punished. If the Pentagon continues to find 360 MILLION unauthorized probes a day, that means we definitely have an attribution problem.

It seems to me that the only way we can cut vulnerability of our system is to build up our defenses. It seems almost fruitless, since hackers can bipass lots of things. Thus, while it's important to look at new avenues for secrecy of code/information...sometimes I think the United States' Cyber Defense Agency ought to work on both preventative actions and also start being clear-er on consequences for breeches. Since we haven't really defined what is okay and not okay, we can't expect to have any clout in scolding bad behavior.

Allison R said...

I agree with Deven that the facts in this video are extremely shocking. However, I see the United States' main obstacle in preventing probes from infiltrating our system in accountability.

Without accountability deterrence is completely pointless. No one will be afraid of the consequences if they have such a small chance of being caught, and even when these unauthorized probes are detected within our system, it is not very likely that the government will be able to effectively track the origin of the hack.

As Mudge says, many companies have taken several steps to better secure their information, but even now they barely safer than they were before. I believe we need to focus our efforts on accountability so that we may implement a plan of deterrence. Unfortunately, I believe it is time for the United States to take a preventative stance because as the importance of technology continues to rise, so will the number of attacks on the United States.

Matthew D. said...

I found this clip to be absolutely fascinating and terrifying at the same time. It does a great job at highlighting issues of national security that often escape the attention of the public. Most people worry about physical attacks against the US, such as the terrorist attacks on 9/11, but they typically overlook the severity of cyber crimes, which are slowly crippling this nation.

At the beginning of the clip, one of the men interviewed stated that the US is losing its sovereignty while it continues to allow cyber criminals to attack private and public entities through the Internet. I found this statement to be particularly alarming and true. If a terrorist cell physically attacked the US or if another state’s aggressive actions towards the US resulted in harm to American civilians, the US government would take immediate action to avenge and protect its citizens. For this reason, it surprises me that the US does not take a more aggressive stance on cyber attacks. With over $20 billion stolen a year and with intellectual property losing its value due to theft, it is worrisome that the government allows these attacks to continue without strongly advocating action against the culprits.

The US is one of the most powerful nations in the international arena, and it falls to us to push for laws that will protect Internet users around the globe. If protecting people around the globe is not enough, should not the protection of its own citizens be enough? I personally think the US should spend a considerable amount of time working out an international redline for cyber attacks. The US needs to be able to fight back against these cyber criminals to protect the government, the civilians and the corporations. If we fail to do this, the gentleman at the beginning of the clip is right, we have lost our sovereignty as a great nation.

Daniel L said...

It is worrying that most people (and many policy makers) don’t seem to take cyber threats seriously. Maybe they seem less “real” because the Internet and the concept of a virtual world are relatively new. Until the Internet, most (if not all) threats we faced were physical: ones that we could see, hear, touch, etc. As Prof. Moran said in class, this gives aggressors a distinct advantage.

Another problem is that there seems to be a huge knowledge gap between the small minority of those who understand the Internet and the vast majority of people who don’t. While people use the Internet more frequently than ever before, familiarity does not necessarily translate into more technical knowledge. In fact, it may give people a false sense of security (especially with younger “digital natives”) that could be dangerous. I wouldn’t be surprised if less than 10% of all Internet users knew how viruses, Trojans, or botnets work. Before this class, I definitely didn’t.

A step in the right direction would be better (and maybe even mandatory) Internet safety/security education--- starting in grade school all through high school and college. Just as parents and teachers make it a priority to teach kids how to stay safe offline, the same should be done for Internet security. While educators and organizations have (rightfully) dedicated much of their online safety resources to empower kids to stay safe from sexual predators, making them aware of online privacy and information risks is also necessary.

While online threats may seem distant to most users, it’s clear that their consequences are all too real.

Marisa said...

I found the video to be fascinating, especially given the plethora of linkages to topics we've discussed in class.
It was mentioned that the U.S government has no jurisdiction outside their borders. Meanwhile, Verizon interacts with 70% of internet traffic at some point. Additionally, in the map with all the lines and red dots it is clear that not only do we have major problems with China and Russia, but a multitudes of other countries as well - and as Deven notes, with as many unauthorized probes a day as U.S. citizens, the question quickly becomes how to guard and deter.
I would be interested in further exploring relationships between the public and private sector when it comes to finding crime, especially given remarks that so many other governments seem to have much more of their technology in-house than we do.
While I agree with Deven that we do need to establish stricter rules on what is allowable versus expressly banned, I think it needs to be done in such a way that we remain cognizant of the '$20 issue' i.e. do not give people laws that they will then go right up to. However, given the fact compared to those metaphorical $20 hundreds are being taken every day, I think stepping up and establishing them will do more good than harm. How though, do we establish accountability?
Allison and Matthew raise great points on the necessity of fighting back, but how can we in many instances? I think that there needs to be some sort of multinational convention on rights to achieve power though numbers with our allies, but that doesn't go far enough when you consider that agressors are other nation states and we are dealing with a unique set of issues and ramifications.Ultimately, given the high threat presented from a variety of angles, we need to step up and take action, but consider how to subcategorize, from intellectual property (copying machines down to a T is certainly a step up from those loom engineers who had to memorize plans before emigrating in the Industrial Revolution) to guarding against mass attacks on the national grid (if we thought the Blackout a few years ago was bad..)
Lastly, I agree with Daniel that we need to establish a standard for baseline safety knowledge - I know that I was woefully ignorant until this class, and we need to raise recognition that cyberattacks don't just mean you can't use your computer, but have the power to create tangible, devastating acts of terrorism, and are huge economic drains.

John said...

While it was surprising to see that Verizon has such a large presence in monitoring cyberspace, it was also promising to see them taking some initiative. A lot of companies seem to shy away from taking responsibility for internet (in)security. I also think this is especially interesting given what Daniel said about taking these threats seriously. It seems like policy makers, like many people, don't have a firm grasp of the real consequences of a virtual world. It's kind of like The Matrix when Neo realizes the connection between the virtual world and the real world, and he asks Morpheus, "If you die in the Matrix, do you die out here?" The consequences of actions in the Matrix, including bodily injuries, translate out into the real world. In the same way, the consequences of breaches in cybersecurity translate into real world consequences, sometimes resulting in physical or financial damage. It would be nice if companies with large internet presences would step up and be proactive about protecting consumers, many of whom do not understand the implications of cyberspace, and this is why Verizon taking action is so refreshing to see.
It was also good to hear that the administration is taking initiative in finding ways to beef up cybersecurity. Their recognition of the fact that there is difficulty in deciding jurisdiction on these problems shows that there is some fundamental level of understanding of what the government needs to do to protect the security of its information as well as its citizens.