Abstract
Data compromised by hackers, network outages, computer viruses and other factors affect our lives in ways that ranges of inconvenient to life-threatening. As the number of mobile users, digital applications and data networks increase, so do the opportunities for exploitation. Through the course of this paper we will be covering: what is cyber security, antivirus programs, preventing cyberattacks, and how to strengthen passwords.
.What Is Cyber Security
Cybersecurity is the body of technologies, processes and practices designed to protect networks, computers, programs and data from attack, damage or unauthorized access. In a computing context, the term security implies cybersecurity.
Governments, military, corporations, financial
…show more content…
One of the most problematic elements of cybersecurity is the quickly and constantly evolving nature of security risks. The traditional approach has been to focus most resources on the most crucial system components and protect against the biggest known threats, which necessitated leaving some less important system components undefended and some less dangerous risks not protected against (Rouse, 2010). Such an approach is insufficient in the current environment. Adam Vincent, CTO-public sector at Layer 7 Technologies (a security services provider to federal agencies including Defense Department organizations), describes the problem:
"The threat is advancing quicker than we can keep up with it. The threat changes faster than our idea of the risk. It 's no longer possible to write a large white paper about the risk to a particular system. You would be rewriting the white paper constantly... (Rouse, 2010)”
(Vincent, 2010)
To deal with the current environment, advisory organizations are promoting a more proactive and adaptive approach. The National Institute of Standards and Technology (NIST), for example, recently issued updated guidelines in its risk assessment framework that recommended a shift toward continuous monitoring and real-time assessments. According to a December 2010 analysis of U.S. spending plans, the federal government has allotted over $13 billion annually to cybersecurity
In his viewpoint essay titled "Diversity in Cybersecurity Tools: A National Security Issue," Wolf presents credible arguments for security, based on his experience in the field, thorough research, and alarming warnings. Chad Wolf's credibility is anchored in his experience as the former acting secretary of the US Department of Homeland Security. This position granted him firsthand exposure to national security matters and the decision-making process, affirming his authority on the matter. Wolf strategically references his position and expertise to reinforce his argument by providing specific examples from his time at DHS. He recalls, "I have firsthand knowledge of this type of chaos.
The EO13636 chief objective is to improve the Cybersecurity Framework of principles and determine what the best practices are that may possibly be taken to decrease the threat from all cyber dangers. Under EO13636, The Department of Homeland Security (DHS), National Security Staff, and The Office of Management and Budget (OMB) will coordinate with additional investors to advance the Cybersecurity Framework. National Institute of Standards and Technology executives are asking that everyone who is involved take an active role in the development of this Framework (Fischer et al., 2013)
As technology advances across the globe, the potential for new types of threats arise. The DHS realized that since 1997, cyber-based attacks on federal systems have continued to increase at an alarming rate. This threatens our countries national security because cyber-based attacks are ever expanding and have continued to be one-step ahead of the DHS, until 2003.
H.R. 1731, the National Cybersecurity Protection Advancement (NCPA) Act, is bipartisan bill passed unanimously by the Committee on Homeland Security. This pro-privacy, pro-security bill ensures the sharing of cyber threats is transparent and timely. It strengthens the NCCIC’s role as the lead civilian interface for cyber threat information sharing by: Providing liability protections for the voluntary sharing of cyber threat indicators and defensive measures with the NCCIC or private-to-private. Granting liability protections for private companies to conduct network awareness of their own information systems. Allowing companies to operate defensive measures and conduct network awareness on information systems they own or operate. The NCPA Act also ensures personal information
In order to understand the true problems with these plans in place, we must first discuss what these practices are. In early 2016, former President Obama created a Cybersecurity National Action Plan or CNAP, for short. The issue of cybersecurity is a very big one in the United States and President Obama knows and understands the true importance of this issue. The CNAP discusses some of the most important concerns over this topic and does the best it can to combat it with the best of its ability. This plan includes things such as establishing a commission on enhancing national cybersecurity using experts from outside the government, a proposal of a $3.1 billion dollar Information Technology Modernization Fund to help modernize and replace old information about this subject in the government, and invest close to $19 billion dollars for cybersecurity (The President’s National Cybersecurity Plan: What You Need to Know).
Cybersecurity is very important today for every company, business, enterprise, agency, and even the government. The National Institute of Standards and Technology (NIST) has developed a cybersecurity framework to help companies to comply with standards, measurements, and technology to enhance economic security (NIST.gov). NIST 's cybersecurity framework is made of thee basic elements such as Framework core, framework
By defining key controls based on cyber threats (translated into business risks), an organization can more easily right-size the its control set and adapt it to their needs. Risk assessment processes that are near real-time, gated by the change control process, provide continuous feedback on the sufficiency of controls within an
Controls everywhere isn’t pragmatic – and this approach would be too expensive! However, Board of Directors are looking for evidence that cyber security risks are being proactively identified and addressed. The National Association of
As technology and innovation advances, the Department of Defense must be ready to conform to protect cyberspace from cyber criminals. In order for the Department of Defense to effectively manage cyber space, it is extremely important that the Department of Defense develop and implement constant training programs for new and existing customers so that they are aware and prepared for any cyber attack or vulnerability that may be present. Employees must also be held accountable for proper maintenance and use of information. Programs should be created to move employees throughout various roles and duties within the Department of Defense to prevent both a single point of failure, as well as any situation that may arise due to job complacency. Real world scenarios should be created and rehearsed unknowingly to employees, this could prevent another security breach such as Operation Buckshot Yankee. The Department of Defense and the Defense Advanced Research Projects Agency should continue to develop software that can not be exploited. By maintaining these programs and growing with cyber space as innovation continues to grow and advance, the Department of Defense will be able to successfully defend the United States from any major attack that foreign nations or cyber criminals
The National Association of Corporate Directors (NACD) expects organizations to know their current and future risks with information to back them. Every company’s leadership team should ask themselves some basic questions in order to understand cybersecurity risk as it applies to themselves;
Therefore, it is important to reform current organizational deficiencies which hinder current cyber-warfare efforts, adopt a new doctrine relevant to the new threat, and make cyber-warfare one of the United States Government’s top national security priorities.
According to Olavsrud, "Cybercrime, along with the increase in online causes (hacktivism), the increase in cost of compliance to deal with the uptick in regulatory requirements coupled with the relentless advances in technology against a backdrop of under investment in security departments, can all combine to cause the perfect threat storm. Organizations that identify what the business relies on most will be well placed to quantify the business case to invest in resilience, therefore minimizing the impact of the unforeseen." (Olavsrud, 2014)
Unfortunately, with the rise of interests and increasing in exports it was only a matter of time before the industry of aerospace, defense, and security was going to experience cybersecurity threats. In this industry, vulnerabilities such as compromised Personally Identifiable Information (PII), Distributed Denial of Service (DDoS) attacks on the critical infrastructure to attacks such as economic espionage exist. “Agencies and companies are facing significant and ongoing cybersecurity and safety threats, while at the same time confronting nontechnical issues including budget uncertainty, an evolving national strategy, and how, when, where, and if information can be shared among impacted agencies and industries” (Aerospace & Defense
The increasing volume and sophistication of cyber security threats including targeted data theft, phishing scams and other online vulnerabilities demand that we remain vigilant about securing our systems and information.
One of the largest problems is that though there is a government organization, DARPA, they do not act as they need to (Gervais 526). The National Research Council, who is supposed to audit the United States’ computers, has not put out a report since 1991 (Gervais 526). International governments and “decision makers” are trying to understand ways of avoiding technological attacks, but have difficulty as cyber warfare changes often making it difficult to understand what we already have (Gervais 526).