Upload
norwich
View
1
Download
0
Embed Size (px)
Citation preview
Running head: NATIONAL SECURITY THROUGH THE WORLD OF CYBER 1
National Security:
Through
The World of Cyber
By: Joseph R Costa Jr
Norwich University
October 18, 2014
NATIONAL SECURITY THROUGH THE WORLD OF CYBER2
Abstract:Get ready to begin a journey into the world of Cyber.
Cybersecurity, Cyber Crimes, and Cyber Terrorism are all of the
hot button topics of the world today. With criminals breaking
into insecure companies servers and stealing your banking, social
security numbers, and other key personal identification
information, we need to learn how to protect ourselves in this
world of Cyber. Cybersecurity starts with you; the user, through
our journey we shall learn ways to protect ourselves in this
online world and what our government is and planning on making
this world safe one for all that enter. We shall talk about
Password Security, Operation Security (OPSEC), and the value of
keeping our devices up to date, and C.I.A; no not the Central
Intelligence Agency, but Confidentiality, Integrity, Availability
and what it means to you. We shall learn about China and their
abilities of attacking through the “Cloud” and what others are
doing to make life harder for you. The Cyber World can be a scary
NATIONAL SECURITY THROUGH THE WORLD OF CYBER3
place for those who are not experienced in the ways of computers
but we shall get through this together and at the end you will
feel a lot better and more prepared to journey in this world.
Shall we begin?
(Press the Power Button to Begin)
Joseph R Costa Jr
Introduction to National Security
Norwich University
October 18, 2014
NATIONAL SECURITY THROUGH THE WORLD OF CYBER4
National Security: Through the World of
Cyber
“Any cyberattack, large or small, is born from a weak link in thesecurity chain. Weak links can take many forms: outdated
software, poorly written code, an abandoned website, developererrors, a user who blindly trusts. Adversaries are committed to
finding these weak links, one and all, and using them to their fulladvantage and using them to their full” (Cisco Networks,
2014)
Since the creation of our country in 1776 by our Founding
Fathers, our government has been there to provide security
through all facets of our lives. We are protected against all
enemies foreign and domestic by our military, we are protected
from disease with the Center of Disease Control and other medical
facilities throughout our country. Our money is protected by the
government in case banks shut down, and we are even protected
from criminal activities in our day to day lives with the
Department of Justice and local and state police forces. However,
what we are not protected from is crime and attacks that come
NATIONAL SECURITY THROUGH THE WORLD OF CYBER5
across our computers, smartphones, and tablets. The cyber world
is like the Wild West, marshals and sheriffs traverse the
landscape and protect the “citizens” of their domains, but when
the bandits come to town they have free reign of these domains
and the innocent people of these domains are the ones whom deal
with the aftermath of such attacks and raids. Unlike the old
western movies, there will be no great hero riding into the
sunset as the credits roll from defeating the bandits because
there cannot be just one hero. We as citizens of the Cyber World
need to stand up against the enemy and band together as one.
Cybersecurity is the responsibility of all persons who traverse
the landscape of the Cyber World. There are steps that need to be
taken in order for you and your loved ones to be safe on this
journey.
History of the Cyber WorldThe history of the Cyber World begins in 1934 with Belgian
information expert Paul Otlet (August 23, 1868 – December 10,
1944), who imagined with the use of technology of the day;
telephone and radio to create a “Radiated Library”. This library
NATIONAL SECURITY THROUGH THE WORLD OF CYBER6
was created on the basis of access and sharing. Throughout his
life, he indexed and cataloged over 15 million books, magazines,
newspapers, photographs, posters, museum pieces, and other
assorted media. It was Otlet’s dream to enable universal access
to all of these items; his global information network was named
the “Mundaneum”. Otlet would go on and inspire future visionaries
of the information science domain and the founding fathers of the
modern internet and World Wide Web. (Popova)
Paul Otlet (Daily Mail UK)
In 1965, two computers at Massachusetts Institute of
Technology communicated with one another using packet-switching
technology. Packet-Switching entails the packaging of data in a
specified format called packets. These packets are then sent over
a form of medium such as; fiber optics or as back in the sixties,
over copper telephone wires. In 1969, computers from UCLA,
Stanford University, and the University of Utah were able to
first speak to each other over a long distance, even though the
first attempt failed because a computer at Stanford crashed.
NATIONAL SECURITY THROUGH THE WORLD OF CYBER7
(Internet Society) Standard protocols were starting to be
established in 1972 and in 1978, the Open Systems Interconnection
(OSI) model was agreed upon. The OSI model is what computers and
networks use to communicate between each other. Starting from the
top, we have the Application Layer where such protocols as HTTP,
POP3, and SMTP are used until it reaches the Physical Layer where
the ones and zeroes are transmitted and delivered to the machine
that you the user are trying to connect to. Throughout the
process, the packets or data that you are sending are
encapsulated with headers and other information used by network
equipment and then later changed over to binary and transmitted
along the medium in which you are connected. (Cisco)
(Escotal)
It All Starts with You; the End User
“In view of all the deadly computer viruses that have beenspreading lately, Weekend Update would like to remind you: when
NATIONAL SECURITY THROUGH THE WORLD OF CYBER8
you link up to another computer, you're linking up to everycomputer that that computer has ever linked up to.” - Dennis
MillerWith the advent of the commercial internet service providers
(ISPs) and the availability of hardware has enabled consumers to
take the World Wide Web with them wherever they so choose. People
nowadays are constantly connected to the internet, whether it is
through a desktop computer, laptop, smartphone, or tablet. Coffee
Shops, Department Stores, and even your local do it yourself
stores are starting to offer free wireless connections to their
customers. With all of this connectivity and unlimited bandwidth
free for all, it is up to the end user to make sure that their
equipment is secured and up to date.
When a user first decides to connect to the glorious world
of the Internet, they have to call a provider, whether it is
Comcast, Verizon, COX, or Time Warner. They enter into a contract
with them for a specified speed. Most users will get around 40-50
Mbps which for the typical home user is more than they will ever
need. The ISP will rent you a modem/router to connect back to
them and will place a standard username and password on the
NATIONAL SECURITY THROUGH THE WORLD OF CYBER9
device, usually admin/admin. Even if the consumer decides to
branch out on their own and purchase their own modem and router,
the standard password is still admin/admin. On these routers
typically is a wireless antenna which allows the end user to
connect their wireless devices to the internet so that they do
not have to pay for any data rates that their cellular provider
might charge them. However these wireless connections are not
secured and are left open. Since these signals are left unsecure,
anyone that is within range of your wireless signal can hop on
and surf the internet, stream music, and of course surf your
local network. If you are anything like the rest of us, you have
downloaded your bank statements to your computer or your bills
and saved them in a nice organized folder somewhere on your
computer. Since your computer network is not secured and the
person that happened to log into your wireless can not see and
steal your bank information and transfer your hard earned money
out of your account. What these ISPs do not tell you is that you
need to change the username and password on your devices away
from the standards, by which means getting away from admin/admin
NATIONAL SECURITY THROUGH THE WORLD OF CYBER10
and choosing a more complicated password. A more complicated
password does not mean using your pet’s or child’s first name and
their birth year as the password. There exists a dictionary of
all passwords that have ever made been that contain eight (8) or
less characters including the special ones. These dictionaries
are called Rainbow Dictionaries. These dictionaries are readily
available to anyone who wants to search for them on Google or
whichever search engine you use on the Internet. (Softonic) What
does this mean to you? Well this means that you need to come up
with a password that has more than eight characters, something
more along the lines of fifteen (15) characters, utilizing upper
and lower case letters, numbers, and special characters. When
passwords are longer and complex it takes the attacker longer to
crack your password. A prime example of a 15 character password
would P@$$W0rd1234567. It is not recommended that you use this
password because this is the example for most 15 character
passwords. There are ways to secure your password even more so.
By using methods such as the picket fence or the Caesar Cipher,
both are quite useful in “encrypting” your password. The picket
NATIONAL SECURITY THROUGH THE WORLD OF CYBER11
fence encryption is when you take your password and create a
visual picket fence. The standard is to create 3 lines of
characters, you start with the first letter on the first line and
then the second character on the next and so further until you
have three lines, or however many you decide you would like.
Since the standard is 3, once you reach the third line, you start
going back up to till you get to the first line and then continue
the process until you are out of characters. Once you have run
out of letters, you combine the first line, then the second line
and third line. Using our earlier example of P@$$W0rd1234567, it
would look something like this: PW15@$0d246$r37. Will this
password be harder to remember yes, but with the complexity of
this password, it will be near impossible for an attacker to
crack into your system. The Caesar Cipher on the other hand does
not have you creating fence lines but instead has your
reorganizing the alphabet. The standard for this cipher is 13
which mean that you take the thirteenth letter of the alphabet
and place that letter under “A” and the continuing with the
NATIONAL SECURITY THROUGH THE WORLD OF CYBER12
alphabet until you arrive at the letter prior. So for our example
password would look something like this; D@$$K0fr1234567.
Operational Security is not just for users that are in the
armed forces or work for government agencies. Operational
Security is something that everyone from your grandmother to your
youngest child should be using. What is meant by operational
security is; “A process of identifying critical information and
subsequently analyzing friendly actions attendant to military
operations and other activities to: a. identify those actions
that can be observed by adversary intelligence systems; b.
determine indicators that hostile intelligence systems might
obtain that could be interpreted or pieced together to derive
critical information in time to be useful to adversaries; and c.
select and execute measures that eliminate or reduce to an
acceptable level the vulnerabilities of friendly actions to
adversary exploitation.” (US Deparment of Defense, 2005) What
does all of this mean to you, the end user? This means that you
should not be posting on Facebook that you are leaving for
vacation for the next month or posting photos of new and
NATIONAL SECURITY THROUGH THE WORLD OF CYBER13
expensive toys (televisions or gaming systems). Just because you
might not be broadcasting to the world your thoughts and
pictures, friends of friends can still see what you post as soon
as one of your friends likes or comments on your post, meaning
that a person that might not be of high moral fiber can break
into your residence while your away or even while you are
sleeping and make off with your goods. Operational Security is
not limited to what you post online but even to that stranger in
line that appears to be interested in something that you are
carrying or even just you in general. We are not saying that you
shouldn’t have conversations with people that you do not know; we
all started off as strangers to one another but we must be
careful in what we disclose to strangers before we really get to
know them. If a stranger is trying to get more specific about
where you work or more about where you come from and live, it is
best to keep the conversation more generalize and not get into
specifics. The poster below is a perfect example of practicing
OPSEC can do for you.
NATIONAL SECURITY THROUGH THE WORLD OF CYBER14
Operation Security Poster (United States Army)
When it comes to securing your personal computer or
electronic device it is important to use passwords like discussed
prior, but it is also important to use antivirus and antimalware
programs and to keep your system up to date. These programs are
designed to be installed on your system and are updated regularly
from the company which created them; Bitdefender, Symantec,
MacAfee. There are programs out there that will defend a whole
network of systems and they are of course more expensive than
your typical home use software. These programs offer a GUI
(Graphical User Interface) that allows you to manage all systems
that have that software installed on them, and even quarantine
them if a virus or if the system itself is not up to date with a
variety of software like, JAVA, FLASH, or just Windows Updates.
By installing these programs having a strong password on your
system, it will make it more difficult for a hacker to enter your
system. That is why it is also important to make sure that your
computer is always up to date. Attackers seek out machines that
are up to date, by seeking out these machines, attackers can
NATIONAL SECURITY THROUGH THE WORLD OF CYBER15
exploit areas which were not secured in their initial release
from their company, and these are sometimes known as backdoors.
Graphical Representation of Application Compromise (Cisco
Networks, 2014)
Network Security“The ultimate goal of the Internet of Things is to increase
operational efficiency, power new business models, and improvequality of life. By connecting everyday objects and networkingthem together, we benefit from their ability to combine simpledata to produce usable intelligence.” (Cisco Networks,
2014)
Network security is very important especially in the private
and public sectors. The private sector contains 99% of the
businesses that we deal with on a daily basis, whether it is food
shopping, shopping at big box stores, or paying our bills online.
We as consumers trust these business to keep our credit card
information secure from cyber-attacks. Recently we have seen that
some of these big box stores have been attacked and our
information stolen from their computer systems. Companies like
NATIONAL SECURITY THROUGH THE WORLD OF CYBER16
Target, Wal-Mart, and Home Depot are just a few that has let us
down as consumers for protection of our data. Apple Computers is
another company that has been in the new recently for lack of
security on their “Cloud” computing system, which allowed an
attacker to seize and distribute photos of a private nature of a
few our favorite celebrities. (iCloud Hacked, 2014) We however
should feel grateful that the public sector hasn’t taken too many
hits as allowing leaking of personal data about it citizens as of
late. The United States has however had a lot of information
leaked about programs that the NSA and CIA were running by an
Edward Snowden. (Wired.com, 2014) How does one go about securing
a network whether it is for a public or private company?
The OSI Model on page 6, Layers 2 and 3 are where your basic
network functions begin. Layer 2 is where data is transmitted
from your computer to the access layer switch. A network switch
is a device that transmits packets back and forth to ports in
which it is designated to go to. Switches today are a lot smarter
than the devices that they replaced years ago. Hubs as they were
called years ago would flood traffic to allow ports that were
NATIONAL SECURITY THROUGH THE WORLD OF CYBER17
active on the device. Nowadays, switches have ARP tables [Tables
that are located on Layer 2 equipment] which are filled with MAC
addresses of the computer or device that is connect to an active
port. A MAC Address is like a social security number for a
person. They are unique identifiers on the Network Interface Card
inside of the device. Traffic that is for a device located
outside of the local network is sent to a router that then pushes
information across a medium, whether it is copper or fiber.
Routers work at the Layer 3 of the OSI model. Routers are really
the brains of the entire operation of networking, without
routers, the world would never be able to get outside of their
local network and data sharing over vast distances would near
impossible. Since both routers and switches are key components to
network communication, it is imperative that we secure these
devices first. How do we go about doing this? Like most
enterprise level network equipment, these devices have console
ports which allow an end user to go into the Command Line
Interface to program them. In the programing the Network Engineer
or Manager will input username and passwords for those who will
NATIONAL SECURITY THROUGH THE WORLD OF CYBER18
have access to the device while it is a part of the network.
During this time, access lists are created which will either
permit or deny access to either certain Internet Protocol
Addresses (IP Addresses) or a port in general; such as port 80
(HTTP traffic) or port 110 (POP3 traffic). By putting these
restrictions in place the amount of traffic that is allowed to
come and go from the network can be diminished and more secure.
Also at this time, encryption is set on these devices and how
many bits [size] the encryption will be. The standard for
government network equipment is between 1024 and 2048 bits. The
further you go up the chain, the more secure network devices
become. The edge of the network, the area in which your local
network connects to the ISP, there is a firewall. A firewall is
what lets traffic come and go from your network; again this is
where access lists are involved and they are set up the same way.
When it comes to Network Security, it is important to
remember C.I.A. Confidentiality, Integrity, and Availability.
Confidentiality means that when you send an email to someone they
are the only person that will get it. Integrity means that the
NATIONAL SECURITY THROUGH THE WORLD OF CYBER19
message that you sent is a legitimate email from you, and
availability is that the network is operating to its full
potential and emails are able to get through to whom they need
to. In confidentiality, keeps sensitive information from reaching
the wrong hands by having the data encrypted or having password
protected. The new norm is having, two factor authentication,
which is having two forms of identification. Which could be
something you know, have, or a part of you; such as a password, a
token, and a finger print. The Department of Defense for example
uses what you know and what you have, a pin number and a common
access card. If either one of these keys were to fall in the
wrong hands, they would not be able to access your system because
they do not possess the other half of the key needed. Integrity
is maintaining the consistency, accuracy, and reliability of data
through its travels, meaning that once the data has left your
computer it is not touch in in way, shape, or form along its
route to the destination computer. Availability is again that the
network is operating at its full potential. To keep a network up
and running to its optimum performance, hardware and software
NATIONAL SECURITY THROUGH THE WORLD OF CYBER20
need to monitored for critical updates, meaning that if a new
firmware or security patch comes out it needs to be installed.
Also when it comes to availability, a backup and recovery plan
need to be in place, for those unplanned events. By having
battery backups and physical backups of your data will help in
the event of a either a power outage or hardware malfunction or a
system crashes. It is a good idea also depending on the size of
the company or government agency to have a complete backup
location where if the event of a terrorist attack and your
building happens to be taken down, the backup site could be
turned up and everything would work from the remote site, minus
time it takes to get the site hot.
Cyber Warfare on your Network
“Today’s critical infrastructure networks are key targets for cyberattack because they have grown to the point where they run thecommand and control systems, manage the logistics, enable the
staff planning and operations, and are the backbone of theintelligence capabilities. More importantly today, most commandand control systems, as well as the weapon systems themselves,
are connected to the GIG [Global Information Grid] or haveembedded computer chips.” (Winterfeld, 2014)
NATIONAL SECURITY THROUGH THE WORLD OF CYBER21
Cyber Warfare can come at your network/system at any
possible time by anyone. There are various types of attacks;
there are viruses, spyware/malware, man in the middle, spoofing
of MAC/IP addresses, phishing/whaling, and botnets. Viruses come
in a variety of flavors as well such as; Trojans, Logic Bombs,
Root Kits, and Worms. Nobody wants to get a virus on their
computer, unless of course you job is to figure out what these
viruses do, but that is beside the point. A Trojan virus hides
itself inside of a program, a “friend” of your emails you the
latest episode of The Game of Thrones, you open the email and see
that it is in a format that your no typically used but however it
claims that it will open with Microsoft Media Player, next thing
you know, your computer is infected with a virus and your
computer crashes. This is typically what viruses will do, they
infect your computer and they will start eating away at certain
programs. Some target antivirus programs, other will attack your
folders in your start menu, or some will even go as far as
knocking out your computer for good; unless of course you
remember where you keep your backup copy. Logic Bombs are hidden
NATIONAL SECURITY THROUGH THE WORLD OF CYBER22
viruses that are set to go off when a certain period is reached,
whether it is by time/date or with a certain number of clicks
here and there. You are probably thinking, I had an antivirus
program, I am all set. You cannot be any further from the truth.
The people that are coming up with these viruses are getting
smarter; they are programming these viruses to grow and learn and
how to defeat your antivirus program. Antivirus programs are just
there to make you feel warm and fuzzy. Some viruses are even
programmed to hide in plain sight and act like just another
application that you have installed on your computer. The only
way to officially make sure a virus is 100% gone off of your
computer or your network to start from scratch and hope that the
virus did not get onto any of your back up data or you will
continue to have this problem. Spyware/Malware are programs and
text files that happened to downloaded from websites that you
happen to visit. The “webmaster” that develop and design websites
tend to throw them to gather data about the type of people that
visit their site. Some just do it to gather information about
your systems to see if they can get into your computer while you
NATIONAL SECURITY THROUGH THE WORLD OF CYBER23
are not paying attention. Programs that you download for free
from the Internet will also sometimes carry these programs as
well. They will come in the shape of toolbars for Google,
Ask.com, or some other kind of search bar feature that you do not
need. When downloading free applications from the web, make sure
it is from a well-known site and not some fly by night website.
Men in the Middle attacks are actually what they are called.
A person will attach themselves to your network and they will see
all the traffic that goes across your network with a program that
sniffs packet traffic. A program such as Wire Shark will be used
to see all traffic that is flowing across your network without
you even knowing about it. Depending on your layers of security
that you have on your network equipment, the packets following
through should be encrypted and the attack will not be able to
get information from your system.
(Computer Hope)
Phishing and Whaling is the same thing, it just depends on
your station within your company, if you are just a regular
employee or a big CEO for a Fortune 500 company. Phishing is an
NATIONAL SECURITY THROUGH THE WORLD OF CYBER24
email that you receive from your company’s “Helpdesk” stating
that your account has been compromised and that you need to send
them your password for them to change it for you. Many people
will fall for this attack and will actually fill out the
information and return the information back to the “Helpdesk” and
then wonder why they are being locked out of the system after the
real Helpdesk sees what the user account has been trying to
access and blocks their account. Attackers who send these types
of emails are trying to gain to your company network by any means
necessary. With good information assurance training, one can be
taught how to spot these types of emails and what do to with
them.
Botnets are a group of computers that have been taken over
by an attacker by a virus that they have sent you or by
haphazardly downloading a program from a seedy website. Your
computer will become a “bot/zombie” in the attacker’s control.
You will not notice any real difference on your computer other
than it is running a little slow or your central processing unit
is running very high even when you are not actively using your
NATIONAL SECURITY THROUGH THE WORLD OF CYBER25
computer. The point of a Botnet is to gather a group of computers
to perform complex tasks that would too much to handle for one
computer, sending spam email out, or even a Distributed Denial of
Service attack (DDoS). A DDoS or DoS (Denial of Service) is an
attack on a piece of network equipment or on a server. A
computer(s) will send ICMP (Internet Control Message Protocol)
such as a ping to a computer over and over again, until such time
the piece of equipment or server cannot take anymore attempts to
connect to another machine that the system will crash.
(NCTA.com)
Now that we know what to look out for when it comes to these
attacks, but who is behind them? There are many terms for an
attacker; Hacker, Black Hat, Hacktivist, Script Kiddie. All of
these names mean all the same thing, they are going to try an
attack your system. There are organizations worldwide that teach
individuals to attack computer systems, other just learn how to
do it by watching videos on YouTube or reading books that can be
found on the subject at any bookstore. China is one the countries
along with the United States in teaching soldiers and citizens to
NATIONAL SECURITY THROUGH THE WORLD OF CYBER26
become hackers. According to Colonel Spade who wrote; “China’s
Cyber Power and America’s National Security” states that China is
transforming their military and defense systems by a method of
“informationization” which includes a networked military and
development of cyber capabilities. China’s push for “Revolution
of Military Affairs” (RMA) has increased the emphasis on
communication networks that link all services, joint training,
modernization of equipment, and the acquisition of power
projection platforms. The RMA also includes a strong emphasis on
information warfare, information dominance with a goal to
establish control of an adversary’s information and data flow,
while denying or degrading the enemy’s ability to transmit,
receive, access or use information. China has established two spy
network stations in Cuba under the permission of Fidel Castro.
Their mission was to monitor U.S. Internet traffic and monitor
DOD communications. During this same time frame China announced
the creation of its cyber warfare units. During this espionage
attack between 10 – 20 terabytes of data was extracted from the
Pentagon’s unclassified network, and other defense contractors.
NATIONAL SECURITY THROUGH THE WORLD OF CYBER27
This attack was called Titan Rain, it systematically target DOD
networks and extracted the data through servers in Hong Kong and
South Korea.
National Security“The security of a nation’s online environment is dependent on anumber of stakeholders with differing needs and roles. From the
user of public communications services to the Internet ServiceProvider supplying the infrastructure and handling everyday
functioning of services, to the entities ensuring a nation’s internaland external security interests – every user of an information
system affects the level of resistance of the national informationinfrastructure to cyber threats.”
(NATO Cooperative Cyber Defence Centre of Excelllence Tallinn,
Estonia, 2012)
National Security in the World of Cyber has finally come to
a head. A lot of information has been put out in this paper but
what does it all mean? How can one person make a difference to so
many? It is our responsibility of being an American Citizen to
protect our critical cyber infrastructure from those who mean to
bring it harm. All systems nowadays are run by computers, whether
NATIONAL SECURITY THROUGH THE WORLD OF CYBER28
it is the electrical grid, the water supply, or even the
transportation department. Every department in every local,
state, or federal government are running computer systems to help
automate the day to day activities and to monitor and push out
information to the end user or administrator on when there is an
issue. The President of the United States has put out an
executive order; Executive Order 13636 that states in the matter
of 12 sections that a framework will be created on how to handle
our cyber security in the United States. In 2012 NATO put a 253
page document on how to handle cyber security;
“Despite increasing awareness of the associated risks,
consumers and large businesses do not take advantage of
available technology and processes to secure their
systems, nor do they take protective measures to blunt
the evolving threat. This general lack of investment
puts firms and consumers at greater risk, leading to
economic loss at the individual and aggregate level and
NATIONAL SECURITY THROUGH THE WORLD OF CYBER29
thus poses direct a threat to national security” (NATO
Cooperative Cyber Defence Centre of Excelllence
Tallinn, Estonia, 2012)
The United States has seen the writing on the wall and has
started concocting ways to fight this Cyber Warfare. The United
States military branches each have their own Cyber Security teams
with the sole responsibility to protecting our nation against
attack in the realm of Cyber. For example the United States Army
has the Cyber Network Defense Team whose responsibility is to
look for attacks against the United States and their [un]secured
networks and to be able to stop them. The United States has more
than just the military looking out for us in the cyber world; we
also have the National Security Agency which monitors all sorts
of communication traffic.
Afterword“Addressing a nation’s cyber security needs is no easy task.
Indeed, it is not even always apparent what those needs exactlyare, or what protecting (or not protecting) a nation’s cyber
environment actually entails. Quite often there are different andcompeting considerations within each nation’s approach. Yeteach nation is faced with a steadily increasing level of cyber
NATIONAL SECURITY THROUGH THE WORLD OF CYBER30
threat, and thus requires the nation’s leadership to recognise thestrategic problem and set forth goals and strategies to addressit.” (NATO Cooperative Cyber Defence Centre of Excelllence Tallinn, Estonia, 2012)
The Cyber World is a rough place to reside, with so many
bandits running around and not enough Sheriffs and Marshals to go
around. It is up to the citizens of this world to protect
themselves against attacks on their systems. By creating stronger
passwords and keeping our systems up to date, we can keep these
bandits at bay. Our federal government is looking out for our
best interests when it comes the Cyber World but only through due
diligence can we remain safe. There was a lot of information put
out about passwords and password security. The reason is, that
passwords are what we use to log into our systems at both work
and at home. If you happen to work for a government agency,
password security and information assurance are big topics that
need to be review on a yearly basis. People tend to leave
password information lying around their desk areas and these
passwords are easily compromised, which can lead attackers
gaining your personal information and using your bank accounts
NATIONAL SECURITY THROUGH THE WORLD OF CYBER31
for their own purposes. If someone were to answer an email asking
for your password and you work for a government agency, you might
have let in an attacker in the network, which could lead to
classified information being stolen or leaked to the news. If
information is leaked to the news or the wrong people, men and
women who are serving this country in a military or a secret
position it is possible that their lives are now being put at
risk.
(Press the Power Button to Shutdown)
NATIONAL SECURITY THROUGH THE WORLD OF CYBER32
BibliographyCisco Networks. (2014). Cisco 2014 Midyear Security Report. United States: Cisco.
Clarke, R. A. (2010). Cyber War: The Next Threat To National Security And What To Do About It. Harper Collins.
Computer Hope. (n.d.). Man in the Middle Attack. Retrieved October 18, 2014, from ComputerHope.com: http://www.computerhope.com/jargon/m/mitma.htm
Daily Mail UK. (n.d.). Photograph of Paul Otlet. Retrieved October 18, 2014, from Dailymail.co.uk: http://i.dailymail.co.uk/i/pix/2012/06/08/article-2156249-1380564F000005DC-228_306x423.jpg
Department of Commerce Internet Policy Task Force. (2011, June). Cybersecurity, Innovation and the Internet Economy.
Department of Homeland Security. (2011, November). Blueprint for a Secure Cyber Future: The Cybersecurity for the Homeland Security Enterprise.
Escotal. (n.d.). OSI.GIF. Retrieved October 18, 2014, from ESCOTAL.com: http://www.escotal.com/Images/Network%20parts/osi.gif
iCloud Hacked. (2014, October 21). Retrieved October 22, 2014, fromReuters: http://www.reuters.com/article/2014/10/21/us-apple-china-security-idUSKCN0I92H020141021
Institue for Information Infrastructure Protection. (2009). National Cyber Security Research and Development Challenges: Related to Economics, Physical Infrastructure, and Human Behavior.
NATIONAL SECURITY THROUGH THE WORLD OF CYBER33
Internet Society. (n.d.). Internet Society. Retrieved October 22, 2014, from History of the Internet: http://www.internetsociety.org/internet/what-internet/history-internet/brief-history-internet
Kizza, J. M. (2014). Computer Network Security and Cyber Ethics. Jefferson, NC: McFarland & Company, Inc.
National Institute of Standards and Technology. (2014, February 12). Framework for Improving Critical Infrastructure Cybersecurity.
NATO Cooperative Cyber Defence Centre of Excelllence Tallinn, Estonia. (2012). National Cyber Security Framework Manual.
NCTA.com. (n.d.). BOTNET-Finalv5. Retrieved October 18, 2014, from NCTA.com: https://www.ncta.com/platform/wp-content/uploads/2013/04/botnet-finalv5.jpeg
Obama, P. B. (2013, February 12). Executive Order 13636 of February 12, 2013 Improving Critical Infrastructure Cybersecurity.
Obama, P. B. (2009). The Comprehensive National Cybersecurity Initiative.
Popova, M. (n.d.). The Birth of the Information Age: How Paul Otlet's Vision for Cataloging and Connectiing Shaped Our World. Retrieved October 18, 2014, from BrainPickings.org: http://www.brainpickings.org/2014/06/09/paul-otlet-alex-wright/
ShutterStock.com. Stock Photo Technology Planet. ShutterStock, New York, New York.
Softonic. (n.d.). Rainbow Dictionary Download. Retrieved October 22, 2014, from Softonic: http://en.softonic.com/s/rainbow+dictionary
NATIONAL SECURITY THROUGH THE WORLD OF CYBER34
Spade, C. J. (2012, May). China's Cyber Power and America's National Security.
United States Army. (n.d.). Retrieved October 18, 2014, from OPSEC Primer: http://usarmy.vo.llnwd.net/e2/c/images/2013/06/17/300436/size0.jpg
United States of America. (2003, February). The National Strategyto Secure Cyberspace.
US Deparment of Defense. (2005). Operation Security. Retrieved October 18, 2014, from The Free Dictionary.com: http://www.thefreedictionary.com/operations+security
Winterfeld, J. A. (2014). Cyber Warfare: Techniques, Tactics and Tools for Security Practitioners. Waltham, MA: Elsevier.
Wired.com. (2014, August 21). Edward Snowden. Retrieved October 22, 2014, from Wired.com: http://www.wired.com/2014/08/edward-snowden/