Cyber Threats to our Personal and National Security
By Stephen Recca, M.A., Program Director for Homeland Security
In recognition of Cybersecurity Awareness month in October, our faculty offer insights on both policy and technical issues related to cybersecurity. In our second post of the series, Bruce Harmon, Ph.D., took a look at the defining terminology making its way into our culture. In today’s post, Stephen Recca, M.A., takes a look at four cybersecurity threats from a policy perspective.
Earlier this month, I spent a fair amount of space defining Cyber. The end result is that there remains considerable flexibility in word choice and continued uncertainty in our collective understanding of the domain and its piece-parts. What is clear, though, is that this new operating area loosely termed Cyber space contains significant threats to privacy and personal and national security.
There are four broad areas of concern: privacy, criminal activity, anarchist efforts, and national security. Let’s take a deeper look at each of these threats as they relate to cybersecurity.
We tend to associate the day-to-day issues of cybersecurity, such as data intrusion, access to Personal Identifiable Information (PII), credit card fraud and theft as privacy and criminal concerns. These issues hit us at a very personal level and are both important and, unfortunately, enduring aspects of the information age. Actually, these intrusions are more associated with fundamental human traits than with 21st century life. As long as there have been personal valuable possessions, crooks have tried to steal them. Technology just enables new methods for criminals to invade our privacy and allows smaller groups or individuals with few resources to “box above their weight class”, forcing resource-intensive countermeasures. For better or worse, gone are the days of Glenn Ford’s sheriff taming the Wild West with a six-shooter and a pure heart.
On the criminal side, there seems to be a new technology threat announced daily. This month it’s a new Android app-in-the-making that captures smartphone data and displays a 3D history. Researchers at Indiana University, working with the Naval Surface Warfare Center, developed a camera app – really, malware – that secretly records a user’s actions and data by taking periodic photos (with the smartphone temporarily muted, so the owner is unaware) and noting location and relative movement. According to a recent article, the “images could then be browsed by criminals for objects worth stealing, such as credit card details, identity-related data or calendar events that could reveal when a user might be away.” This threat is bit worrisome, as it essentially allows access to almost every aspect of your daily life.
The concerns of fraud, theft and mal-intent are real. We will likely not forego use of smartphone and other devices of convenience. So, the Latin phrase applies: Caveat utilitor – let the user beware.
Not to diminish the actions of oppositional anarchist elements (which make for great film), the more significant threat, in terms of national impact, comes from those wishing to challenge the power and legitimacy of the United States, and have or approximate the capacity to do so. The more obvious source of these threats is existing nation-states, namely China and Russia, but also – for the technology-as-enabler reasons described above – lessor powers, such as Iran, North Korea, and determined anti-U.S. groups such as al Qaeda.
The national security threat is real, and current. Lieutenant General Keith Alexander, Director of the National Security Agency and head of U.S. Cyber Command, told the Senate Armed Services Committee earlier this year that Defense Department networks face an unbelievable six million attacks each day. The majority of these originate in China, with increasing numbers coming from North Korea and other parts of Asia.
Those in positions to advise governments and corporation heads continue to sound the alarm. Eugene Kaspersky, CEO of Moscow-based Kaspersky Lab, offered a bleak portrait of a future of government-sponsored attacks and intrusions, stating that if the willingness to use malware continues, “Somewhere in 2020, maybe 2040, we’ll get back to a romantic time — no power, no cars, no trains.” According to Kaspersky, viruses are becoming more advanced every day. And, “if previous viruses were like bicycles, then the Stuxnet worm that damaged uranium enrichment centrifuges at the Natanz plant in Iran two years ago would be a plane and the latest programs, dubbed Flame and Gauss, would be space shuttles.”
Stuxnet and Flame reportedly came from “the good guys”. Is there any doubt that our adversaries are working hard to build the next generation virtual cyber-warriors via viruses, worms, and… whatever follows? The threats are serious, numerous, varied, and difficult to detect and counter. Surely, we have government strategies, regulations, and policies in place to deal effectively with Cybersecurity. And, these government armies are collaborating side by side with the private sector, to share information and resources to keep us ahead of the game. Or, perhaps not quite yet.
What steps can we take to better protect our nation’s cybersecurity? How do you protect your personal information from potential threats?
In our next post in the series, Dr. Bruce Harmon looks at the individuals behind cybersecurity threats and the methods they use to wreak havoc.
Image credit: Bigstockphoto/Bobby Deal
Stephen Recca, M.A., is Program Director for Homeland Security at Colorado Technical University. His background includes assignments with the Central Intelligence Agency, State Department, and Department of Defense. Follow his tweets @CTUHomeland.