Cybersecurity and Cyberwarfare: Difference between revisions
No edit summary |
mNo edit summary |
||
Line 42: | Line 42: | ||
* Infoweek, [http://informationweek.com/news/security/attacks/229401866 Leaked Cables Indicate Chinese Military Hackers Attacked U.S.] | * Infoweek, [http://informationweek.com/news/security/attacks/229401866 Leaked Cables Indicate Chinese Military Hackers Attacked U.S.] | ||
* CNET, [http://news.cnet.com/8301-27080_3-20055091-245.html Cyber attacks rise at critical infrastructure firms] | * CNET, [http://news.cnet.com/8301-27080_3-20055091-245.html Cyber attacks rise at critical infrastructure firms] | ||
* Bet365, [http://yourbookmaker.co.uk/bet365 bet365] | |||
</onlyinclude> | </onlyinclude> | ||
Revision as of 05:13, 5 December 2011
May 3
Cybersecurity has been identified as one of the greatest challenges facing the United States today, but it is ill-defined and almost impossible to address. How can we frame this problem to better inspire solutions? How should government, military, businesses, and technologists approach the problem from different angles and do these different approaches work together?
Slides: Cybersecurity and Cyberwarfare
Readings
- Jack Goldsmith: Senator Cardin’s Bill to Explore ISP Enforcement of Digital Security
- Zittrain, The Future of the Internet: And How to Stop It; Chapter 3
- Chatham House Report On Cyberwarfare - Executive Summary
- Wikipedia entry on Stuxnet
Optional Readings
- Whitehouse.gov, Comprehensive National Cybersecurity Initiative, Cyberspace Policy Review
- Jack Goldsmith, The Cyberthreat, Government Network Operations, and the Fourth Amendment
- Jane Holl Lute and Bruce McConnell, Op-Ed: A Civil Perspective on Cybersecurity
- Zittrain, Freedom and Anonymity
- Infoweek, Leaked Cables Indicate Chinese Military Hackers Attacked U.S.
- CNET, Cyber attacks rise at critical infrastructure firms
- Bet365, bet365
Class Discussion
A little early for this, but I would like to share this nice paper written by analysts and researchers at Chatham House. It's pretty fundamental, I would recommend it to anyone who encounters this subject for the very first time. --Jastify 22:55, 31 January 2011 (UTC)
Great recommendation. I've added the executive summary to the required readings list. --Dardia 23:50, 10 February 2011 (UTC)
I wanted to submit this article to add to the discussion. I found it to be interesting. Cybersecurity is probably the most vital issue to our country's infrastructure today. The recent military operation to take out Osama bin Ladin would have failed miserably if knowledge of the raid was disclosed. To keep our intelligence reports under wraps should be among our highest priorities. While the government wages wars on three fronts at once, it is difficult but nessessary to ensure our reports stay out of our enemies hands. By blocking IP addresses and using more sophisticated encryption, we will be well on our way to protecting our great country. The world runs through the Internet, and so does our future. [1] Joshuasurillo 01:47, 3 May 2011 (UTC)
Cyberthreats are real and pervasive. The people within IT infrastructure have been fighting the battle for years. It makes no difference whether you work for a government, business or school – every domain (gov, com & edu) is under attack. Private business and the military arm of the government are the most concerned about security, so they were the first to adopt network access control and identity management. Security is enforced by verifying the identity of each user and device before allowing them to gain access to the network. This, of course, runs counter to the idea of a free, open and anonymous Internet. Yes, we can do a lot to protect the public by having the ISPs filter and block malware (search for SonicWALL and Blue Coat for examples) but it’s not enough to stop all breaches and wastes precious bandwidth. Our government recognizes this and is actively promoting what would become a national electronic identity “ecosystem.” (Their euphemism; see http://www.whitehouse.gov/sites/default/files/rss_viewer/NSTICstrategy_041511.pdf) Jack Goldsmith had some well reasoned arguments why we should expect more government controls. Finally, a good taxonomy of Internet security practices can be found in the pages of Chief Security Officer Magazine at http://www.csoonline.com/. -Chris Sura
Even with additional security measures instituted, there will always be someone looking for a way around it. Jack Goldsmith's suggestion (suggested earlier by Zittrain), that additional measures be placed at the ISP level brings in significant risk to the ISPs. What if the measures are put in place and something (inevitably) gets through? Are the ISPs then liable for this? Hacking and break-ins will continue to occur even at some of the most "secure" sites. RSA, an industry security leader recently had their systems compromised, which led to information being extracted from their systems. The fact that extremely sophisticated and targeted attacks can happen at secure Nuclear Power plants (Stuxnet worm), means that ISPs have would have their hands full with any targeted attack. http://www.rsa.com/node.aspx?id=3872 Earboleda
Although cyberthreats are real and eminent issues, there are not enough resources, mostly human, for countermeasures. In the United States, lack of expert computer scientists in the field of information security poses a serious problem in appropriately handling cyberwarfare. Rouge states such as North Korea rather have a lead on cyberwarfare preparation. I assume that first of all there needs to be a wider recognition for cyberthreats and a determined agreement toward dealing with this "fifth domain of warfare". --Yu Ri 21:47, 3 May 2011 (UTC)
The Chatham House report is concerned that there isn't enough political control over the direction of cybersecurity and cyberwarfare initiatives due to the impenetrability of the technical details - that, as they put it, "the chief engineer" is driving the boat. I find this ironic (though not necessarily invalid); my first instinct is to be more concerned about know-knothing politicians trying to steer when they don't understand how the ship works or what direction it should go in. Still, education of the polical class, in either case, is the logical solution. - BrandonAndrzej 16:40, 7 May 2011 (UTC)
Just a quick rehash of something I was pondering in class: We have read about Lessig’s "free culture" (as opposed to permissions culture) as well as Benkler's "sharing nicely" and peer-production models. My project has been on Free and Open Source Software licensing. All this points to the value of sharing, open source business models, and weaker intellectual property rights. IP protections, however, have grown increasingly stronger. What if, I was thinking, we are never really able to secure the net? What will it mean when nation-states and other actors are constantly engaged in strategic and industrial espionage? Will we see, essentially, a culture of sharing "not-nicely" where theft of trade secrets and copying of patent and copyrighted materials regularly occurs outside the reach of law enforcement? Will companies reliant on proprietary business models be pushed more towards open source ones? Will we see the death of copyright as we know it? - BrandonAndrzej 16:51, 7 May 2011 (UTC)
Anonymous is the group that first comes to mind with this.http://en.wikipedia.org/wiki/Anonymous_(group) This is a real problem. Its not a journalistic endevor, this is harassment. There has to be a way to shut down these hackers. The target is not someone in paticular; there are scams all over Facebook to steal people's identity. Worms and Trojian horses are on the web to get to your information and transmit it overseas. Now there are two questions- Were we ever safe? And how can we become safe again? Wars will soon be fought via the computer. Elishasurillo 23:01, 8 May 2011 (UTC)
Wow. That is a problem. Maybe it does require teh creation of, as Zittrain suggests, a system of mutual aid. I think of this system as "us"--not simply a designated group to identify and fix problems. It's really up to us, but we need actual laws behind us to help bring us to a "safe" point.Myra 21:13, 9 May 2011 (UTC)
Barlow's declaration of independence seems like such a utopian vision when compared with where we are today. Not only do the government's laws apply to cyberspace, but worse they have proven in many cases to be inadequate to deal with the cyber crime issues at hand. Thus we are left without the perfect Barlow world of interdependency, sharing, and limited oversight, and also without the other end of the spectrum; a cyber world regulated but safe. Barlow does not win and neither do the fans of safety through control and oversight. We are in a truly dynamic period where law enforcement is desperately trying to catch up and become qualified to address cyber threats and crime, but as we catch up the threats change. While the law enforcement catch up game is similar to criminal trends in general throughout history, the difference today seems to be what is at stake. It takes only one cyber criminal with expertise to cause catastrophic damage, damage which would have taken the coordination of numerous criminals with great access to secure facilities and information back in the day. Coreymacd 02:54, 10 May 2011 (UTC)
Cyberwarfare is the future. Between the assets frozen and the websites knocked offline, the battlefields have switched from the physical world to the virtual. One of America's top security priorites should be keeping us safe from a mass hacking attack. We also have to look at this first from a personal level. Peer to peer transfers are easier than ever. Everything we have is connected to one another. What if there is a mass attack where we lose information? Are we prepared for such an event? How many of us have put our real social security number online? How do we know our infromation isn't being stolen from the email servers and sent overseas? Everything we do is online, from our banking to our shopping. It is up to us to protect it. Joshuasurillo 06:19, 11 May 2011 (UTC)
Links
If you'd like to help us with the collection of data regarding online dating sites please take our survey, it's anonymous. Online Dating site Survey: https://www.surveymonkey.com/s/28VMJWX --Adavies01 17:03, 4 May 2011 (UTC)