The threat to cybersecurity

Ikram Sehgal

Confidential information has been increasingly compromised by electronic attacks around the world. Many websites, both official and private, have been virtually crippled, exposing the vulnerability of financial data.

A few years ago criminals hacked into the private data of members of the World Economic Forum (WEF). Not only did vital personal information thus become public property, attempts were made to siphon off money from their bank accounts through credit card. In addition to economic and military espionage, there is now cyber warfare as well. Criminals or terrorists could use cyberspace to paralyse communications infrastructure, international financial systems or critical government services.

While nations have established rules of the game on land, sea, air and outer space, there are no such rules in the fifth common domain: cyberspace. There are four options in terms of response: prevention, detection, rapid response and mitigation.

EastWest Institute (EWI), one of the leading US think tanks, launched a major initiative to map the dangers and define/coalesce the areas of cooperation. EWI co-chairman-designate Ross Perot Jr, together with a host of sponsors like AT&T, Dell Services and Huawei Corporation, is hosting the World’s First Cyberspace Summit from May 3 to 5 in Dallas, which headquarters some of the world’s leading IT companies.

There will be 450-or-so dignitaries and experts at the summit, which could eventually come to be known as “the Dallas Process.”

Its stated goals are to: (1) launch an international awareness campaign by governments, businesses and individuals about the growing threats to economic stability and security; (2) identify the problems, with particular emphasis on those that pose a common threat; and (3) facilitate joint action and new agreements through intensive working-group interaction in the critical sectors of finance, energy, telecoms and essential government services.

The many malicious actors, with various motives, have similar techniques and have shared integrated domains. The consequences are hard to predict, but the worst-case scenarios are alarming.

During a consultation organised by EWI on cybersecurity in Brussels in February, the institute’s vice chairman, Armen Sarkissian, a former prime minister of Armenia who is chairman of the Eurasia House International, laid down the following aims: (1) articulation of new goals for worldwide cybersecurity and the steps needed to achieve them; (2) stimulation of progressive improvement in the way global cybersecurity is reviewed, managed, and implemented; and (3) bringing together leading policymakers, specialists, business executives, community leaders and journalists from around the world for a debate on defining and understanding international cybersecurity approaches, concerns and solutions.

A star-studded panel comprising Michael Dell of Dell Computers, Udo Helmbrecht, executive director of European Network and Information Agency (ENISA), Philip Reitinger of the US Department of Homeland Security, and Teri Takai, technology advisor to the governor of California, concluded that while not working well on the tactical level, worldwide cybersecurity cooperation was practically non-existent at the strategic level.

As one delegate put it: “We are quickly running out of time.” Breakthrough groups headed by senior executives from AT&T, Cisco, PayPal, Deloitte and American Airlines targeted workable solutions, prioritising ICT, Finance, Essential government Services, National Security, Media, Transportation and Energy.

Melissa Hathaway, formerly of the US National Security Council, said, “The groundwork for international cooperation will have to be laid and more top-down methods may be urgently needed by unhindered public-public, private-private and public-private cooperation.” EWI president John Mroz added that “cyberspace today is like the Wild West. It does not enjoy the international community’s setting of basic agreements, rules and procedures.

“The best weapon against the online thieves, spies and vandals who threaten global business and national security will be international regulation of cyberspace. People have to realise the Internet is an integral part of every country, politically, socially and business-wise. Not to focus on cybersecurity is playing with fire.”

Some of the key problems policymakers are facing today in cyberspace, including putting national security against the privacy of individuals, are: (1) a clear lack of a commonly agreed definition of what cybersecurity means; (2) lack of effective integration of technical, business, legal, defence and international policy competencies on a level that has not happened so far; (3) inadequacy of current diplomatic assets assigned to the problem, which reflects a lack of political commitment at high levels; (4) inadequacy of the commercial drivers for building security into network equipment, networks and services, the inadequacy being the result of a lack of consumer awareness of the risk exposure they face and a lack of leadership and commitment from those in control; (5) the fact that while states have the right to organise offensive and defensive assets for information operations of a strategic character to affect the strategic intentions of other states, international law does not adequately regulate these assets; (6) lack of regulation of three levels of information warfare: political, military strategic and military tactical; (7) nations’ thinking about their online security being too parochial for collaboration on crafting global cyber regulations.

To quote Harry D Raduege, Jr., conceivably the world’s foremost expert in cyberspace security who is a former lieutenant general in the US air force, cyberspace has become “a battlefield where adversaries are launching cyber attacks of increasing sophistication. The world has dealt with the threat of weapons of mass destruction…in the past. However, in the world of cyberspace, we are now confronted with a new WMD. If we (Americans) do not prepare now, we could one day face a cyber attack that could cripple our government, our economy and our security.”

An incisive comment from China’s Tang Lan and Zhan Zui: “Information technology and the Internet have become comparable to nuclear forces. During the Cold War nuclear deterrence was able to keep US and Soviet ambitions in check. Based on that logic, cyber deterrence should play a clear role in the information age. But the anonymity, the global reach, the scattered mature, and the interconnections of global works greatly reduce the efficiency of nuclear deterrence and can even render it completely useless. The spread of information technology and Internet also produces an increasing number of vulnerabilities and weaknesses that can be easily exploited.”

With experts in the US, China, indeed from all over the world, feeling so concerned about the vulnerability of the state and its citizens to cyber attacks, what are we in Pakistan doing to forestall such a potentially devastating threat?
Taken From: The News

Advertisements

Leave a comment

Filed under Uncategorized

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s