The Threat and Opportunity of Cyber Insecurity Essay

Published: 2018-08-13 16:50:51
2081 words
8 pages
letter-mark
B+
letter
University/College: 
University of California, Santa Barbara
Type of paper: 
Essay
This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.

Nature Of Communications Technology

This paper discusses how the perpetually evolving nature of communications technology has ushered in a new era of opportunity and risk for people and businesses which gives rise to the importance of cyber-security. The context is established through a brief look at the convenience and independence resulting from a more wireless world. However, this convenience comes at the risk of being hacked.  As businesses move toward a more online presence, they too, become targets of hacking.  Unfortunately, the evolving nature of cyber-space has resulted in each new cyber-solution being met with a new cyber-threat. As such, greater emphasis is needed on integrating cyber-security into business operations to ensure that they are protected in the long run.  Using Apple as an example, cyber-security businesses should get involved at the manufacturing level to ensure that products are secure before they go to market.  Lastly, adverse impacts that have yet to be resolved include addressing the questions of who pays for damages not covered by insurance; who is responsible for securing the routes where electronic information flows; and who will maintain the infrastructure that connects the world. At present, we will be at the mercy of intergovernmental cooperation to address these concerns. 

A Brave New Instantaneous World

Increased Connectivity

We are in an interesting era of communication, having moved from hardwired connections (cable, modem) to wireless connectivity (WiFi, cellular, satellite). The distinction in moving from one to the other is that we previously were intuitively aware of being connected when we had to plug in our devices. With the rise of mobile computing and wireless communication we are less aware of our ‘connectedness’ and the degree to which our systems share our information with or without or knowledge. Data must be protected, whether it’s our email, our banking transactions, or confidential client data stored by companies, or even national intelligence. The marketplace demands that we transact this information in the course of doing business and performing daily functions. At every point of data transfer, the opportunity exists to for interception. ‘Hackers’ have become master shoulder-surfers at these points, embedding malicious ‘worms’ who later can be coordinated to do their unauthorized bidding.

Who is in Control?

The confluence of the digital and ‘real world’ through the internet of things (or the internet of everything; IoE) has brought with it significant advantages. We now live in an instantaneous world, where we perform tasks and see immediate results in ‘real time’. We can consult directly with health practitioners as necessary, payments can be captured remotely on handheld devices, and national alerts can be disseminated broadly. We can even begin to network functions in our own home, using our cell phones to view childcare, remotely secure our property and keep tabs on refrigerator contents. Yet every possibility for streamlining a process using IoE is both a business and a trespass opportunity. Wherever we are engaged to provide information through access to our person, processes or homes, we open the door to good and evil. 

This is where cyber security has its value proposition. The business of protecting electronic transactions emerged as soon as it became apparent in 1989 that digital systems were vulnerable (Julian, 2014, para. 2). Businesses seeking to increase market share through IoE discovered they were often a wholly centralized operation serving a drastically decentralized clientele” (Chianis, 2014, para. 5). The distributed user base opens them to attack on countless fronts, and customers are in turn vulnerable to compromise through company channels (Murphy, 2014, para. 10). Therefore, cyber security is in the interest of both business and consumers (KMPG, 2016, para. 1).

New Security Models

The Evolving Landscape

In the ever-changing world of IoE, cyber security must evolve with it. The “reactive approach is all too common” (Loveland and Lobel, 2015, para. 3) for businesses emerging into new IoE marketplaces. Consider how retail models have developed: eBay became a revolutionary auction house for everyday people to trade goods (Banjo, 2015, para. 3), but was soon overtaken by Amazon as an e-commerce hub (not helped by eBay’s major cyber breach in 2014; Murphy, 2014, para. 2). These businesses have in turn influenced complementary trends in delivery, banking, reading, and movies (Shorr Packaging Corp., 2015, para.. 1, 6; “Inside Amazon Prime”, 2015, para.. 6, 18). Other domains such as the medical devices industry have embraced IoE, and are made vulnerable to catastrophic compromise (Spring, 2016, para. 1). Some industry developments make all of us wary: Apple’s new laptops released last week have biometric fingerprint readers that represent a new level of vulnerability (“MacBooks”, 2016). Whereas compromised passwords can be replaced, one’s fingerprint cannot be retracted once captured by hackers (Greenberg, 2016, para. 1). 

The Sophistication of the Enemy

Not only are our vulnerabilities evolving alongside technology, but the scale of cybercrime has also escalated with the changing business landscape. Either using employee logins (such as with eBay; Murphy, 2014, para. 4) or third-party agents (such as with Target’s massive 2013 breach; Murphy, 2013, para. 2), large amounts of non-encrypted credit card information was retrieved over several months of undetected ‘phishing’. Retailers and banks must be scrupulous in maintaining cyber security measures against these sophisticated attacks, not only to preserve their data integrity but also to uphold customer confidence and protect their brand. Other IoE breakthroughs like cheque deposits through image scanning from a cell phone, or security verification of online purchases can create a competitive edge in the marketplace. “Verified by Visa” protects against unauthorized online purchases and made associated merchants a preferred retailer. (Smith, 2014, para. 1). 

Benefits and Impacts to Cyber Security

Security Practices and Precautions

Fundamentally, IoE insecurity must be managed by a mix of hardware and software practices and precautions. Without necessary safeguards, the user becomes an accomplice to the assailant in matters of cyber security. Without regulations to ensure otherwise, manufacturers characteristically ship devices with no security whatsoever (“Home Devices”, 2016). Or factory-set passwords are not difficult for perpetrators to decipher, “often ‘admin’ or ‘12345’ or even, yes, ‘password’” (REF, NY Times, p. 24, Oct 23, 2016). Outdated software also provides an avenue for exploitation (“Home Devices”, 2016). 

October’s US-wide attacks revealed a new level of coordinated infiltration (“Shut Down”, 2016). Hackers then used the army of devices to wage an electronic war on a URL host provider “Dyn” that acts to support a range of widespread online businesses: AirBnB, Amazon, Netflix, Twitter, CNN, New York Times, and PayPal, to name a few. However, apparently only 10% of the devices hacked were used for the assault (“Home Devices”, 2016). The inability of Dyn to sustain such an onslaught resulted in a DDoS event, of which there are apparently 2,000 daily, responsible for a third of all internet downtime (“Web Went Down”, 2016).

Security Opportunity at the Source

Although it is advisable that passwords be changed at least every six months (Murphy, 2014, para. 16), and users are encouraged to not access sensitive data on public WiFi networks (Arndt, 2013, para. 3), these precautions won’t influence the security measures that ought to be included in the production process. Apple took this approach in designing its suite of compatible software and hardware, engendering “some of the most secure devices on the market”; as a result, Apple was recently subject to FBI scrutiny when agents were trying to access data stored on its systems, but no ‘crackable’ version of the operating software was made available (Brandom, 2016, para. 3). 

Whose Responsibility is it?

Sun Tzu acknowledges that accessible systems create equal opportunity for us and our enemies; advantage can be gained by securing the transportation routes (T. Power, personal communication, October 11, 2010). However, IoE’s collective ownership means that it is “not clear…who is supposed to be protecting it” (REF, NY Times, p. 24, Oct 23, 2016). In the US, government and finance leaders are imploring the “private and public sectors to step up their security game”, with President Obama demanding national security measures be taken to reduce cyber security risks (Loveland and Lobel, 2015, para. 4). Their Department of Homeland Security was deployed to review the recent compromise on national voter registration, and the FBI is assigned to investigate ‘critical infrastructure’ breaches (“Weaponry on the Web”, 2016). 

Since cybercrime has become so sophisticated, some companies accept the inevitable and simply try to anticipate and reinforce areas of weakness. The recent Dyn attack was more an inconvenience than a shut-down to those at Amazon who had alternate URL routers in place to mitigate such an event (“Shut Down”, 2016); whereas, other supposed protection companies are so overwhelmed by onslaughts that they just give up (“Weaponry on the Web”, 2016). While there exists threats that require countering the opportunity created by the IoE is too attractive for society not to pursue. Here again, cyber security experts can work with large-scale businesses to safeguard the connectivity of their expanded systems.

Security Breach

Who pays for damage wreaked from network breaches, along with any associated fines for violation of data protection regulations? The TK/TJ Maxx fraud apparently cost the company more than US$250 million (Julian, 2014, para. 5), and insurance typically covers only the immediate fallout from cyber compromise and not third party liabilities (Ashford, 2016, para. 5). The Chief Legal and Business Officer at Mozilla/Firefox says it well: “the two sides might never agree about encryption” (“FBI Head”, 2016). Other companies like Open Whisper Systems that make encryption their business skirt the controversy by simply not storing subscriber information that lawyers might want to subpoena (“Tech Firms”, 2016). 

Ironically, Canada is part of the G8 Open Data Charter, which in 2013 committed member nations to five key principles for sharing government data across the globe. Despite open access, there remains of course the commitment to privacy safeguards (Government of Canada, 2015, p. 1). Canada then went on to co-chair the working group for the International Open Data Charter, recognized in 2015 as another step toward “enabling the data revolution” (Open Data Charter, 2016, p. 1). However, authors of Global Intelligence Oversight warn that “IT changes the power balance between individuals and governments, and causes upheavals of business models” (Kojm, 2016, para. 3). Nations seeking to govern open-source data will need to continuously monitor and efficiently investigate system violations. However, government access to corporate data must adhere to ‘law-and-rule’ compliance to maintain respect for national cyber security operations. 

Monitoring and Enforcement

Recent regulations and hacker indictments help give federal prosecutors teeth in defending international data boundaries (Russian”, 2016). Multinationals extradited to the US for cyber infringements face hefty prison sentences (up to 30years) and possible million-dollar fines. The EU Data Protection Directive oversees the “the progression of personal data” according to European privacy and human rights laws, and will soon be supplanted by regulations that permit fines for contravening their Data Protection Act (ComputerWeekly.com, 2016, para. 2, 8). Yet outside Europe and the US, who will confirm compliance with relevant prevailing policies on privacy and access? Who will regulate data storage sites in the so-called ‘cloud’, these concentrated server centres connected to the internet (PCMag Digital Group, n.d., para. 1). Canada is already behind other countries in defending its citizens by policing the internet (Seglins and Burgess, 2015, para. 1). Along with the International Open Data Charter, why is there no collective data protection agency in this era where “traditional geographic boundaries have given way” (T. Power, personal communication, October 14, 2016)? The authors of Global Intelligence Oversight agree that “cross-domain collaboration… will be critical to the success of the intelligence enterprise going forward” (Kojm, 2016, para. 10).

Infrastructure Maintenance and Protection

However, one realm where cyber security experts are at the mercy of intergovernmental cooperation is in the area of infrastructure. Surprisingly, today 99% of the world’s intercontinental data travels through undersea fiber-optic cables, under repair “every third day” (Vic and Barone, 2016, p. 16). In a curious twist on global warming, the melting icecaps may impact our ability to maintain and operate these electronic lifelines, including new opportunities to lay communication lines that evade international detection. However, it is the coalescing of cable lines onshore that currently lack adequate security, and so cyber experts ought to work with governments to ensure appropriate protection of our essential global hardware. Without due diligence, our nations will “increasingly keep [their] data in the cloud… and [their] head in the sand” (“Weaponry on the Web”, 2016).

sheldon

Request Removal

If you are the original author of this essay and no longer wish to have it published on the SpeedyPaper website, please click below to request its removal: