U.S. Policy to Prevent a Cyber Attack - Part 2

Difficulties and Needs of a Computer Forensics Program

Legal Evidence. By most estimates, 90 percent of legal evidence resides in computer systems rather than on paper. Cases involving corporate trade secrets, personal and commercial disputes, employment discrimination, misdemeanor and felony crimes, and personal injury can be won or lost solely with the introduction of recovered e-mail messages and other electronic files and records (Philpott, n.d.).  Hence, it is important that companies preserve their computer-stored data for the required duration of time.

Trained Computer Forensics Specialist. Computer forensics analysis is becoming increasingly useful to businesses. Computers can contain evidence in many types of human resources proceedings including sexual harassment suits, allegations of discrimination, and wrongful termination claims. Specialists can find evidence in electronic mail systems, network servers, and individual employee’s computers. However, due to the ease with which perpetrators can manipulate computer data, the court could likely reject the data as evidence if a trained computer forensics specialist does not perform the search/analysis (Anonymous, n.d.a).

National Computer Forensic Institute. In March 2007, the U.S. Department of Homeland Security (DHS) opened the National Computer Forensic Institute in Hoover, Alabama, to assist in the field of computer forensics and digital evidence analysis. The U.S. Secret Service is developing this institute along with partial funding from the department’s National Cyber Security Division. It serves as a national cybercrimes training facility where they offer training and equipment to state/local police officers and prosecutors/judges (Philpott, n.d.).

Difficulties and Needs to Effect Results in Public and Private Venues

Private Sector Role in Cybercrime Control. Effective and efficient control of cybercrime requires more than cooperation among law enforcement agencies. We cannot understate the role of communications and IT industries in designing crime-resistant products that facilitate detection and investigation. Furthermore, actual collaboration of private sector organizations with public law enforcement agencies is already a fact-of-life in some countries. For example, with 680,000 subscribers, Pacific Century Cyberworks (PCCW) is Hong Kong’s largest Internet service provider (ISP) with a dedicated department that helps Hong Kong Police (HKP) conduct joint investigations (Grobsky, 2007).

FBI Reaches Out to Private Sector. For a decade, federal law enforcement officials preached the gospel of private-sector cooperation. The need has long been obvious, but Dan Larkin, Unit Chief of the FBI’s Internet Crime Complaint Center, said the government is getting serious about the effort. “We need to go after these partnerships more aggressively,” said Larkin. The stakes in the game of cat and mouse between law enforcement and cyber criminals are getting higher. Spam and cybercrime are really about the money. There are people making a lot of money out there,” he said (Philpott, n.d.).

Government and Industry on the Defensive. In recent years, computer crimes have increased rapidly and have overtaken the ability of the government and private sector to protect their systems fully. “We are constantly in the reactive mode,” says Jerry Dixson, director of the National Cyber Security Division at the DHS. Long gone are the days of young whiz kids hacking into computers to fulfill curiosity or to prove their computer prowess. Today’s cyber criminals are technologically agile, perceptive, and evasive. “Software we found through investigations has gotten really sophisticated. It almost requires a PhD,” Dixson says (Wagner, 2007).

Central Communications Platform. The bottom line need is this: Many Wall Street IT executives say that the most effective way to deal with the twin threats posed by hackers and cyberterrorists is to form, using a private website, a unified effort between the government and private sector to create a central communications platform to alert and disseminate information about such attacks (Mearian, 2002).  The State of New Jersey has NJ-Alert, which is an emergency alert system that sends messages to subscribers through their emails and cell phones. During times of emergency (such as natural disasters and terrorist threats), this system allows agencies to contact the public quickly. Alerting the public of an emergency and telling them how to respond to it properly provide the greatest amount of public safety (NJ-Alert, 2008).

U.S. Policy to Prevent a Cyber Attack

National Strategy Document and Cyber Security Plan.  In order to secure our cyber infrastructure against manmade and natural threats, our federal, state, and local governments, along with the private sector, are working together to prevent damage to and unauthorized use and exploitation of our cyber systems. We also are enhancing our ability and procedures to respond to an attack or major cyber incident. The National Strategy to Secure Cyberspace and the National Institute of Public Policy’s Cross-Sector Cyber Security plan are guiding the U.S.’s efforts (Anonymous, 2007).

The National Strategy to Secure Cyberspace document defines how the DHS ensures information security and protects cyberspace. This document covers three strategic objectives to secure cyberspace as follows (Bullock, Haddow, Coppola, Ergin, Westerman, & Yeletaysi, 2006):

1. Prevent cyber attacks against America’s critical infrastructures.
2. Reduce national vulnerability to cyber attacks.
3. Minimize damage and recovery time from cyber attacks that do occur.

Telecommunications Program and Cyber security Policy. The United States needs robust telecommunication services to manage national defense, disaster response, and other emergency services. The Program on Telecommunications and Cyber security Policy is concerned with issues relating to (1) protecting and maintaining a resilient telecommunications industry and infrastructure, (2) protecting against or responding to cyber attacks on telecommunication, network, or computer infrastructure, and (3) regulatory policy relating to telecommunications infrastructure and spectrum management, ownership, and control (Anonymous, n.d.b).

Cyber Safehavens. The Internet provides an inexpensive, anonymous, geographically unbounded, and largely unregulated virtual haven for terrorists. Our enemies use the Internet to develop and disseminate propaganda, recruit new members, raise and transfer funds, train members on weapons use and tactics, and plan operations. Terrorist organizations can use virtual safehavens based anywhere in the world regardless of their members’ or operatives’ location. Internet use, however, also creates opportunities for us to exploit. To counter terrorists using the Internet as a virtual sanctuary, we discredit terrorist propaganda by promoting truthful and peaceful messages. We ultimately seek to deny the Internet to the terrorists as an effective safehaven for their propagandizing, proselytizing, recruiting, fundraising, training, and operational planning (Anonymous, 2006).

Startling Security Gaps. America’s government and defense contractors have been victimized by an unprecedented rash of cyber attacks over 2006-2007, forcing the United States to launch a new operation to fight off intrusions. In an article headlined “The New E-Spionage Threat,” Business Week disclosed that a probe of the attacks on sensitive computer networks uncovered “startling security gaps.” “It’s espionage on a massive scale,” Paul Kurtz, a former high-ranking national security official, told the magazine. In 2007, government agencies reported nearly 13,000 “cyber security incidents” to the DHS, three times the number from 2005. Incidents involving the military’s networks rose 55 percent in 2007. Private targets, such as defense contractors, are also vulnerable and information gleaned from their computers could pose a serious security risk (Anonymous, 2008).

Strengths and Weaknesses of the U.S. Policy

Currently No Rules. The United States is working to prevent attacks on military, government, and private computer networks, but any aggressive response raises legal, civil rights, and policy questions that we should address, said a U.S. military adviser in November 2007. At the moment, “there are no rules” about what government or private entities can do if terrorists attack their networks, said Andrew Palowitch, chief technology officer for Science Applications International Corporation’s Intelligence and Security Group and senior adviser to the Pentagon. Given more than 37,000 attempted breaches of government and private programs and 80,000 attacks on military networks in fiscal 2007 alone, some would argue that the United States was already in a “cyber war,” he said in a speech at Georgetown University in Washington, DC. However, he said he was not speaking for the Pentagon (Shalal-Esa, 2007).

Current Policies Prevent United States. Senior military officials have spoken out recently on U.S. cyber strategy saying the country urgently needs to develop new policies and procedures for fighting in the cyber domain. Current U.S. cyberwarfare strategy is dysfunctional, said Gen. James Cartwright, commander of the Strategic Command (Stratcom), in a speech at the Air Warfare Symposium in Orlando, Florida, in February 2007.  Offensive, defensive, and reconnaissance efforts among U.S. cyber forces are incompatible and do not communicate with one another, thereby, resulting in a disjointed effort, Cartwright said (Rogin, 2007).

Gen. Roland Keys, commander of Air Combat Command, told reporters at the conference that current policies prevent the United States from pursuing cyber threats based in foreign countries. Technology has outpaced policy in cyberspace, he said. The United States should take added aggressive measures against foreign hackers and websites that help others attack government systems, Keys said. It may take a cyber version of the 2001 terrorist attacks for the country to realize it must re-examine its approach to cyberwarfare, he added (Rogin, 2007).

Workplace Policies Possess both Good and Bad Traits. Although flexible work schedule and telecommuting policies tend to increase the productivity and satisfaction of employees (Kundu, 1999), these labor policies can place employers at risk as related to cyber attacks. The policy of flexi-time can increase the risk of cyber attacks because employees work nontraditional hours. These hours may give dishonest or disgruntled employees a better opportunity to steal, modify, or view secure information. The policy of telecommuting can also compromise cyber security because it offers hackers another way into a company’s system. In addition, it is unlikely that home network connections are as secure as work connections (Jacknowitz, n.d.).

Conclusion

It is important that companies preserve their computer-stored data for the required duration of time. Due to the ease with which perpetrators can manipulate computer data, the court could likely reject the data as evidence if a trained computer forensics specialist does not perform the search/analysis. It is important that ISPs help law enforcement to conduct joint investigations. The stakes in the cat and mouse game is getting higher. Spam and cybercrime are really about the money. There are people making a lot of money out there. To curtail cybercrimes, there must be a unified effort between government and the private sector.

References

Anonymous (n.d.a). Overview of Computer Forensics Technology – Part I. Retrieved from www.charlesriver.com/resrcs/chapters/1584503890_1stChap.pdf.

Anonymous (n.d.b). The Program on Telecommunications and Cyber security Policy. The Global Information society Project. Retrieved from http://www.telecom-program.org/.

Anonymous (2006, September). National Strategy for Combating Terrorism. Washington, DC.

Anonymous (2007, October). National Strategy for Homeland Security. Washington, DC: Homeland Security Council.

Anonymous (2008, May 25). US battling ‘new espionage threat’ – cyber attacks. Newsmax.com. Retrieved from http://news.newsmax.com/?Z6OD.ZdVAp2FmyHW-TtemhQZzXlztfR1Z.

Bullock, J. A., Haddow, G. D., Coppola, D., Ergin, E., Westerman, L., & Yeletaysi, S. (2006). Introduction to Homeland Security, Second Edition. Oxford, United Kingdom: Elsevier Butterworth-Heinemann.

Grobsky, P. (2007, October 13). Requirements of prosecution services to deal with cybercrime. Crime Law Soc Change, 47, 201-223.

Jacknowitz, A. (n.d.). Cyber attacks! Trends in US corporations. The Business Forum. Retrieved from http://www.bizforum.org/whitepapers/rand001.htm.

Kundu, K. (1999, November 23). Telecommuting: Work is virtually something you do, not somewhere you go. Future Trends. Employment Policy Foundation.

Mearian, L. (2002, March 4). Wall Street seeks cyberterror defenses. Computerworld, 36(1), p. 7.

NJ-Alert (2008). New Jersey Alert System website. Retrieved March 19, 2008, from http://www.njalert.org/.

Philpott, D. (n.d.). Special report: Computer forensics and cyber security. Homeland Defense Journal, 12 pp.

Rogin, J. (2007, February 13). Cyber officials: Chinese hackers attack ‘anything and everything.’ FCW.com. Retrieved from http://www.fcw.com/online/news/97658-1.html.

Shalal-Esa, A. (2007, November 27). US working to respond to growing cyber attacks. Reuters. Retrieved from http://www.reuters.com/article/companyNewsAndPR/idUSN2753754120071127.

Wagner, B. (2007, October). Electronic attackers: Computer crimes keep government and industry on the defensive. National Defense, pp 24-26.

###