Effectiveness of U.S. Infrastructure Programs - Part 2

International and Local Efforts to Combat Cyberterrorism

This section covers international and local efforts to combat cyberterrorism.  We look at securing our cyber infrastructure, our national strategy to secure cyberspace, and local and international efforts to combat cyberterrorism.

Securing Our Cyber Infrastructure. To secure our cyber infrastructure against manmade and natural threats, our federal, state, and local governments work with the private sector to prevent damage, unauthorized use, and exploitation of our cyber systems.  Also, we are enhancing our ability and procedures to respond in the event of an attack or major cyber incident.  The National Strategy to Secure Cyberspace and the National Infrastructure Protection Plan’s (NIPP’s) Cross-sector Cyber Security plan guide our efforts (Anonymous, 2007).

National Strategy to Secure Cyberspace. Following the 9/11 attacks, then President George W. Bush acted quickly to secure our information and telecommunications infrastructure.  The President created the Critical Infrastructure Protection Board and launched a public-private partnership to create a National Strategy to Secure Cyberspace.  Issued in February 2003, this National Strategy provides a roadmap to empower all Americans to secure the part of cyberspace they control, including a variety of new proposals aimed at the following five levels: (1) the home user and small business, (2) large enterprises, (3) sectors of the economy, (4) national issues, and (5) global issues (Anonymous, 2002).

Local Efforts. Thousands of citizens all across the country have contributed to the effort by contributing their views in Town Hall meetings, on interactive websites, or by participating in one of the dozens of participating groups and associations.  State and local governments and state and local law enforcement have also united to prepare their own cyber security strategies (Anonymous, 2002).  In the spring of 2008, I certified and became a member of the San Marcos (California) Community Emergency Response Team (CERT) as well as a disaster services worker (DSW) with the Unified San Diego County Emergency Services Organization (USDCESO).  I am a counterterrorism specialist with the San Marcos CERT doing my little part to combat cyberterrorism at the local community level.

International Efforts. Cybercrime is a major international challenge.  However, attitudes about what comprises a criminal act of computer wrongdoing may still vary from country to country.  The European Union (EU) has established the Critical Information Infrastructure Research Coordination Office (CI2RCO).  That office is responsible for examining how its member states are protecting their critical infrastructures from possible cyber attacks.  The project identifies research groups and programs focused on IT security in critical infrastructures (Rollins & Wilson, 2007).

A consultative assembly of 43 countries, the Council of Europe, based in Strasbourg, France, adopted the Convention on Cybercrime in 2001.  The Convention, which became effective in July 2004, is the first and only international treaty to deal with breaches of law “over the Internet or other information networks.”  The Convention requires participating countries to update and harmonize their criminal laws against hacking, infringements on copyrights, computer-facilitated fraud, child pornography, and other illicit cyber activities (Anonymous, 2001; Rollins & Wilson, 2007).  To date, 8 of the 42 countries that signed the Convention have already completed the ratification process (Rollins & Wilson, 2007).

An Evaluation of the Effectiveness of U.S. Infrastructure Programs

In this section, I evaluated the effectiveness of U.S. infrastructure programs by looking at the sectors of critical infrastructure and key resources (CI/KR), pervasiveness of IT, fear, and collective security approach and model.

Sectors of CI and KR. The United States has identified 17 sectors of CI and KR, each with cross-cutting physical, cyber, and human elements.  These 17 sectors include (1) Agriculture and Food, (2) Banking and Finance, (3) Chemical, (4) Commercial Facilities, (5) Commercial Nuclear Reactors, Materials, and Waste, (6) Dams, (7) Defense Industrial Base, (8) Drinking Water and Water Treatment Systems, (9) Emergency Services, (10) Energy, (11) Government Facilities, (12) Information Technology, (13) National Monuments and Icons, (14) Postal and Shipping, (15) Public Health and Health Care, (16) Telecommunications, and (17) Transportation Systems (Anonymous, 2007).

IT is interwoven through all CIs. Information technology is essential to virtually all of the nation’s CIs from the air traffic control system to the aircraft themselves, from the electric power grid to the financial and banking systems, and obviously, from the Internet to communication systems.  Hence, this reliance of all of the nation’s CIs on IT makes all of them vulnerable to sabotage through their computer or telecommunication systems (National Research Council, 2003; Gershman, 2004).

Fear of Cyberterrorism. Policymakers and the public today see the threat of a terrorist attack on IT, or cyberterrorism, as being one of the greatest dangers to the United States.  As the first director of the Department of Homeland Security (DHS), Tom Ridge (2002; Gershman, 2004) warned in April 2002, a “terrorist can sit at one computer connected to one network and can create worldwide havoc.”  The notion of cyberterrorism links the fear of random, violent victimization with the distrust and outright fear of computer technology (Pollitt, 1997; Gershman, 2004).  This union compounds the fear of cyberterrorism (Gershman, 2004).

Collective Security Approach Needed. Protecting the CI from cyber attack is of great import to nations today.  It is also important for global security and prosperity.  In recent years, the threat posed has changed from what once appeared as an unstructured threat from adventurous hackers, to a structured, hostile attack on elements of the CIs of different countries.  In some cases, governments and organizations with substantial resources are increasingly backing such attacks.  To respond properly to this threat to security and prosperity, we need a strong, international solution grounded in a political framework, for isolated technical or legal solutions will not work.  Moreover, efforts to confront structured hostile threats on a national level have been less than successful, and the technology employed has not been adequate to seal the systemic vulnerabilities in the IT-dependent CI.  We need a collective security approach to protect the global CI (Bryen, 2002).

International Treaty Approach Goes Wanting. Dr. Stephen Bryen, managing director of Aurora Defense, concluded that much important security work has been carried out internationally in a wide variety of forums.  However, efforts have fallen short of a formal international treaty approach to the problem.  The key benefit of such an approach is that it represents a political means to combat a problem, which threatens the CI of many countries.  Furthermore, ultimately, it may undermine collective global security and peace (Bryen, 2002).

Collective Security Model. The collective security model – in the form of a treaty organization – is an appropriate response to a structured, hostile threat from cyberterrorists.  In today’s environment of increasing connectivity of global network systems, the framework described above bears the essential features that such an organization would require if we expect to challenge successfully the problem of structured cyberterrorism.  For nations to protect adequately their future critical network infrastructures, a need exists to consider such a collective approach as the way forward (Bryen, 2002).

Conclusion

Technology makes life easier and more efficient for all of us.  However, computer crime threatens our commercial and personal safety.  Computer forensics has become an indispensable tool for law enforcement.  In the digital world, as in the physical world, the goals of law enforcement must balance with the goals of maintaining personal liberty and privacy.  American criminal investigators have wrestled with these same issues for over 200 years.  Currently, we lack a national framework for curricula and training development with no gold standard for professional certification.

Cybercrime is a major international challenge.  We need a collective security approach to protect the global CI.  The Convention on Cybercrime, which became effective in July 2004, is the first and only international treaty to deal with breaches of law over the Internet or other information networks.  Policymakers and the public today see the threat of a terrorist attack on IT, or cyberterrorism, as being one of the greatest dangers to the United States.  Cyber security is a community issue.  By keeping our eyes open and applying effective techniques, organizations will prevent attacks and recover quickly after an attack.  However, we still are not where we must be to possess effective infrastructure programs in the United States.

References

Anonymous (2001, November 23). Convention on cybercrime. Council of Europe, ETS [European Treaty Series] No. 185, Budapest, 25 pp.

Anonymous (2002, July). National Strategy for Homeland Security. Washington, DC: Office of Homeland Security.

Anonymous (2007, October). National Strategy for Homeland Security. Washington, DC: Homeland Security Council.

Bryen, S. (2002, May 20). A collective security approach to protecting the global critical infrastructure. The author discussed this paper at the ITU [International Telecommunication Union] Workshop on Creating Trust in Critical Network Infrastructures, held in Seoul, Republic of Korea, on 20-22 May 2002, Document: CNI/09, 17 pp.

Gershman, J. (2004, September). A Secure America in a Secure World. Foreign Policy in Focus (FPIF) Special Report. Silver City, New Mexico: Interhemispheric Resource Center (IRC), 29 pp.

National Research Council (2003). Information Technology for Counterterrorism: Immediate Actions and Future Possibilities. Washington, DC: National Academies Press, p. 2.

Pollitt, M. (1997, October). Cyberterrorism – fact or fancy. Proceedings of the 20th National Information Systems Security Conference. Retrieved from http://www.cs.georgetown.edu/~denning/infosec/pollitt.html.

Ridge, T. (2002, April 23). Remarks by Homeland Security Director Tom Ridge to the Electronics Industries Alliance. Retrieved at http://www.eia.org/events/springconf/remarks_ridge_1.phtml.

Rollins, J., & Wilson, C. (2007, January 22). Terrorist capabilities for cyberattack: Overview and policy issues. CRS [Congressional Research Service]Report for Congress, Order Code RL33123, 28 pp.

###