Cyber Warfare: How Secure Are Your Communications?
Almost every week the media reports on negligent loss of data, much of it highly sensitive. Perhaps with so many people using so much data in so many different places we should not be so surprised. Today more and more organisations - emergency services, government departments and financial institutions - hold information nationally and access it nationally, and, in some cases, offshore it.
There is relatively little offshoring of information by Government. But corporate organisations, credit helpdesks and so on hold their customer relations management overseas. They share information over the Web with a vast number of IT systems and databases. It is almost impossible for anyone to know on what scale this information is accessible. The aggregation of information, in itself, escalates the level of sensitivity. So there is greater risk of abuse or corruption, either intended or accidental, as in the loss of the child benefit database last year.
Unfortunately, shared technology increases risk, and criminals and vandals are using this same technology to remotely attack data systems. These attacks can be very successful, and by their nature make the deterrent of legal action more difficult. We are faced with different threat levels to network-based information systems. These range from the careless user who leaves a disc on a train to foreign intelligence services who engage in cyber warfare against perceived enemies. An example of the latter centres on the Russian incursion into Georgia in response, they said, to Georgia’s attack on the breakaway republic of South Ossetia. In the weeks leading up to this, Russia had disabled the Georgian president’s Web site with a massive spam attack - what is known in the trade as a ‘denial of service attack.’
So in the quest to satisfy the network-enabled world’s increasing demand for effective data protection, the first step is an accurate assessment of risk. At the lowest level, but the most common source of threat, are the millions of users themselves. They might lose a data stick, leave a laptop on public transport, or write their password on a Post-it note and stick it on their computer screen! Next up are the service providers. With outsourcing on the rise you need to be confident your service providers conduct rigorous processes in how they look after their networks and information. Higher still are the amateur hackers, of which there are many, although they are opportunistic and immediately they hit a firewall will probably move on.
At the pinnacle of threat are sophisticated hackers who are often linked to criminal gangs, and foreign intelligence services. These may be relatively few in number - but they have a lot of resources behind them, and therefore need correspondingly greater efforts to fight them. Assessing the appropriate level of response for each of these threats is therefore the starting point to resolving the problem. There is no point in overkill, locking down systems so tightly that it imposes on the system’s usability if the information it contains is fairly innocuous.
When it comes to protecting our data many of us, it seems, are still stuck in the Dark Ages. People think IT protection is just about the computer. It is not the computer but the system it is running on that is most vulnerable. We now need to concentrate on how to secure information as it is being transported across networks. Putting all the necessary protection into computers would be expensive, so making sure that computers can operate on secure and trusted networks is important because of the way we work today, using laptops, working away from the office, all done over public networks.
In Britain, sophisticated information assurance services are being developed which span cryptography, computer network defence, intruder detection and business continuity. Computer network defence is the front line of cyber warfare. For some clients such as government, banks and financial institutions this means real time 24/7 activities manned by people in special trusted locations, and constant updating of threats. It is vital to know what level of protection you need. But however good your information assurance is, if someone else has not taken adequate steps they are the weak link and your data is vulnerable because of them. In this network-enabled world we all depend on each other as never before.
This article was written for ITreviewed by Mike Simms, EADS
Have you read these related articles?
The Future Of Fuel Cell Adoption
Fuel cells have been causing a stir throughout the power industry recently. Promises of their reliability, application and cleaner emissions make them seem the Holy Grail of sustainable energy, and with more and more organisations ...
A Cloudy Future...
According to a recent report by Forrester titled ‘Is cloud computing ready for the enterprise?’, Cloud computing still remains a genuine Web security concern. In theory, it can be more secure than do-it-yourself computing since shared ...
The Great Green Collision
Among all the challenges CIOs and IT administrators currently face, two historical trends are on a collision course. Firstly, the growth in data processing is generating ever-increasing demand for servers, storage arrays and the ...
Femtocells & Picocells: Are These The Future?
Femtocells and picocells are set to be one of the biggest trends in mobile communications over the next few years, and are expected to have a major impact on the mobile industry and users alike, including business users.
Social Networking Creates Business Threats
Social networking sites are a popular way for people to communicate with their peers, business contacts and keep up to date with their industry and no longer the preserve of teenagers to keep in touch with friends.
Businesses are ...
This entry was posted on Feb 19, 09 and is
filed under Networking