Is Cybersecurity a Problem? To What Extent?
Cybersecurity is an international issue spanning monetary, governmental and personal concerns. Professors Jack Goldsmith and Jonathan Zittrain led a conversation about the careful balances and difficult solutions involved.
Networks like the Internet are pervasive, yet vulnerable. Cyber attacks can be broken down into two categories, attacks and exploitations. Cyber attacks are computer network activities that change, destroy or manipulate data. Cyber exploitation is reading and potentially copying information.
Professor Goldsmith broke down cybersecurity into four threat vectors:
- remote attack, orĀ an attack from one computer system to another such as DOS. Narrowly and colloquially speaking a DOS (or denial of service) attack is a surplus of requests to a particular website, making it inaccessible, but more broadly speaking it is any resource that cannot interact on the network.
- supply chain attack, or something that affects critical infrastructure, such as trojan hardware or software
- exploitation, or the copying of data, such as industrial or governmental espionage, or the copying of individual personal information such as credit card numbers
- military/intelligence problem, for GPS locations and the control of UAVs(unmanned aerial vehicles)
Cybersecurity differs from other forms of security due to the type of anonymous attacks possible. From an investigative and enforcement standpoint, anyone can be an aggressor, which in turn facilitates the blur between public and private. In this way it is more difficult to identify or punish or deter aggressors, especially with the potential for delayed attacks hidden in software or hardware. How safe is your computer and what are you willing to do about it, economically, time-wise and in terms of policy support and advocacy? Where do you draw the line between security and human rights/privacy concerns for individuals? How can a government respond to attacks of unknown origin?
Interventions can be incremental or quantum, the question remains both a policy and economic debate. How can risk be calculated? Can we have the open Internet and solve the cybersecurity problem? What would a solution look like? What kind of losses are you willing to accept?
New innovations in cloud computing, or the ability to store data and computational resources online rather than on a personal computer are also susceptible to cybersecurity debates. On one hand, large storage services have higher security implemented than the average computer user, but information on aggregate becomes a more appealing target for exploitation. How can we design resilient systems that uphold against attacks (though they wont’ be perfect)?
Olusegun Akanbi
January 7, 2010 @ 9:02 pm
It is my opinion that there is need for both national and international agencies to police the Internet.There is alot of gabbage on the Internet and some materials need to be removed or otherwise block.Research has proven that some pornographic website do harbour viruses ,malicious codes and trojan horses.I know this may sound like a conspiracy theory but some anti Virus vendors do manufacture viruses and malicious codes in other to keep them in business.They use the pornograghic sites as baits so as to infect the computers of unsuspecting victims. The issue of weblinking is also a cause of concern because when a website is visited by an individual and such an individual clicks on a link that is unsafe he may suffer some loses as a result of the damage caused by malicious codes.This necessary that persons offering weblinking services on their website should warn individuals visiting such websites that they are no longer within the precinct of their own website.They are also expected to Thus it is not easy to have an open Internet and solve the problem of cybersecurity.The Internet is like the vast ocean where effective policing will be inconceivable except if regulators lay down some rules to solve the problem of cyberattack will reduce.Apart from technologies such as internet protocol Address and geolocation technologies, there ought to be some can of regulation that will discourage hackers and other kinds of cybercriminals.The German Criminal code in article 263a prohibits some kind of unauthorised access to anothers computer.The Computer Misuse Act 1990 of United Kingdom also has a similar provision that prohibit unauthorised access to another’s computer in its section 1.However,individuals must be vigilante and they must take neccessary precautions in protecting their passwords,personal identification numbers[PIN] and other vital information about themselves while transaction in cyberspace.These precautions will help in preventing the incident of phishing[ where email message which resemble legitimate e mails are use to gather information on unsuspecting victims] and hacking.The information gathered is used for identity theft.
Resilient systems can only be designed through a practice of constant upgrading.Each time a vulnerability or hole is discovered , a technique of preventing such attacks is developed.Sometimes it is necessary that regulators practice this in a safe environment in case the real thing where to occur they could have put in place better precautionary measures.Individsuals who write these programs always try to come to with something new each day so as to beat the system.Hence regulators must stay a step ahead.There is no computer that is totally safe from cyber attacks.Thus it is important that all computers must be subjected to regular check to ensure that it is not infected by malicious codes and viruses.
m green
January 13, 2010 @ 6:27 am
As an attorney researching information privacy/security, my concern is cyber-security on the micro or personal level. There is no doubt a movement to increase the security of businesses and organizations but I don’t see much in the way of securing an individual’s information. Is it that the individual is left to fend for himself? Is it that most people don’t care enough about their personal information assets to warrant a more holistic security scheme. I’m not sure but I hope that you may be able to discuss such points in your class. I will observe with great interest!