Washington State Senate Hearings on Cyber Security

Cyber insurance is one of today's essential requirements. Yet, it has evolved into a problem that must be managed rather than a problem that must be resolved by the IT department. Just as pollution was a key result of the industrial revolution, so are security flaws associated with internet use. Cyber-attacks are a problem that plagues today's society. Many individuals, entities, groups, and even nation-states purposefully abuse computer networks, personal computers, infrastructures, and information systems by inserting malicious code into a responsive system in order to alter, steal, or destroy a specific target. The main factors in cyber-attacks are, first, unauthorized access to a system, second, target system and lastly the attacker gaining something (Schell 22). These activities have presently become sophisticated and increasingly dangerous since their resulting consequences can either compromise data or further lead to cyber crimes.

Washington State Senate Hearings on Cyber Security

The issue of cyber-attacks has grown to a level that it affects all industries though the types of attacks depend on the organization and what they deal with on a daily basis. Cyber-attacks come in different forms, and mostly it depends on the kind of information the attacker is looking for in an entity.

There are several types of attacks that an organization might be vulnerable too. They include malware which is a code with a malicious intent that typically destroys an envisioned target or steals data in the computer. Secondly, Man in the Middle (MITM) who obtains information from the end user and the entity they are communicating with and use one point to their advantage. Thirdly, phishing, they send emails that look genuine to trick the user. It includes a link that directs the victim to a dummy site meant to steal their information (AlEroud, Ahmed and Izzat 155). Fourthly, password attacks where a third party gains access to one's system by cracking their password. Additionally, Denial-of-Service (DoS) attacks where the perpetrator sends high volumes of traffic or data through a particular network to the point where the system is overloaded and cannot function anymore (Evenson et al. 123). Lastly, Rogue Software that appears as pop-up windows and alerts arise which warn and advise the user to their network and on how to download a security software that will safeguard their network. By clicking yes to any of the requests presented the rogue software gains access to one’s computer.

With the acknowledgment of these notorious methods of attacks, just as stated in the Washington Senate Hearing, the Office of the Chief Information Officer should implement a process that would ensure the detection of such attacks and further respond to such instances with immediacy. Whether the cyber security incidents are deliberate or accidental, the OCIO must develop plans and procedures to manage these occurrences when they arise to prevent any security breach in the nation.

The Implications of the Stuxnet Attack

Stuxnet goes down in history as one of the ingeniously complex cyber weapons than turned around the face of warfare. It wreaked havoc in Iran causing the disablement of control systems that were running the Iranian centrifuges that enrich uranium (Hopkins para. 9). The self-replicating virus destroyed the Iranian nuclear program. The introduction of this Malware caused the cyber world to release other weapons through unknown individuals. Stuxnet opened a door of possibilities for hackers and those intending to release cyber weapons to enemy nations.

In the last decade, threats to national prosperity and security have increased in the form of cyber-attacks (Korner para. 5). In the near future, most nations and people will attack using the cyber in the quest of rendering the governments vulnerable. Thus, it is of essence that the US prepares itself in this warfare. The US should then work on its range of cyber weapons so as to wage cyber warfare against any attack posed by enemies.

Whistleblower Disclosure of Classified Information

The former Director of the CIA and a well-known retired General David Petraeus recently got charged for the removal and retention of classified information that he shared with his lover. The classified material presented to the partner in the form of notebooks. The eight journals that Petraeus released contained the identity of covert officers, intelligence capabilities, war strategy, quotes, diplomatic, and deliberative discussions that were conducted in meetings of the high-level national council (Chappell para. 3). Petraeus also sent an email in which he promises to give the black book to his lover.

His conviction was a two-year probation coupled with a $40,000 fine (Chappell para. 2). This sentence created a lot of debate not only from the media but concerned parties and previously convicted individuals on similar charges. The media suggested that the government was not concerned with protecting classified information but rather on silencing whistleblowers. The public’s sentiment was that if the leaks were the real concern, Petraeus would have received a harsh punishment just like in the case of other accused leakers.

Cyber Attack on the US Office of Personnel Management

The US human resource department in the federal government which oversees the legal minutiae of the hire and promotions of federal employees as well as their benefits and pension recently faced a cyber-attack (Korner para. 1). One morning the security engineer set out to decrypt a portion of the Secure Socket Layer (SSL). The engineer noticed that his decryption efforts exposed the system to an unusual bit of outbound traffic. It was a signal pinging to opmsecurity.org whereas did not have any such domain.

When the engineer and other colleagues dug a little deeper, they located the source (mcutil.dll) a software component belonging to McAfee. Digging deeper they found that mcutil.dll hid a piece of malware that gave it access to the server of the agency. A group of engineers from the US Computer Emergency Readiness Team set out a command post in the windowless subbasement from down the hall from where the hack got discovered. Since the Office of Personnel Management’s network could not be trusted, the engineers improvised their own. They logged in workstations and servers that they sealed using customized firewalls.

The program found was PlugX a remote access tool used by the Chinese for hacking. The Malware penetrates through firewalls because it slightly tweaks making it unrecognizable. The search of the Malware found that along this breach was the presence of .rar files which are used to shrink files for exfiltration efficacy (Korner para. 23). The PlugX program had penetrated ten machines in the department. Regrettably, some machines were very vital to the entire network. Even the Jumpbox was which was used to log into other servers got affected.

By gaining access to the Jumpbox, the hackers gained access to every detail of the OPM’s digital terrain. Several sensitive information, as well as employees' social security numbers, their addresses, and personal details, were leaked to the hackers. The engineers later managed to annihilate the threat which was found to have its bases in China.

Conclusion

As days go by, criminals gain sophistication in their cyber-attacks tactics. People, businesses and even the government becomes vulnerable to these attacks. Just like the society uses vigilance to curb all other types of crimes, the same need to be employed to deal with cyber criminals. The first step to initiate is prevention which is a better option than cure. Taking all the precautionary measures ensures a big percentage of security.

Work Cited

AlEroud, Ahmed, and Izzat Alsmadi. "Identifying Cyber-Attacks On Software Defined Networks: An Inference-Based Intrusion Detection Approach." Journal Of Network & Computer Applications 80 (2017): 152-164. Business Source Complete. Web. 2 Feb. 2017.

Chappell, Bill. “Petraeus Sentenced to 2 Years’ Probation, Fine For Sharing Classified Info.” NPR. NPR, 23 Apr. 2015. Web. 03 Feb 2017.

Evenson, Jeff, Jonathan Cofsky, and Adrian Almazan. "The Art Of Cyber War -- Asymmetric Payoffs Lead To More Spending On Protection." Black Book - The Art Of Cyber War - Asymmetric Payoffs Lead To More Spending On Protection (2010): 1-188. Business Source Complete. Web. 2 Feb. 2017.

Hopkins, Nick. “Stuxnet Attack Forced Britain to Rethink the Cyber War.” The Guardian. Guardian News and Media, 30 May 2011. Web. 04 Feb. 2017.

Korner, Brendan I. “Inside the Cyberattack That Shocked the US Government.” Wired. Conde Nast, 23 Oct. 2016. Web. 03 Feb. 2017.

Schell, Roger R. "Cyber Defense Triad For Where Security Matters." Communications Of The ACM 59.11 (2016): 20-23. Business Source Complete. Web. 2 Feb. 2017.