Cyber security refers to a body of technological procedures carried out and designed as a means to give protection to computers, various programs and data from being attacked, or being accessed without authorization. With the constant evolution of security risks, cyber security has to ensure that it comes up with means of curbing the risks. There has been use of traditional means adopted where most resources were focused on the very important systems and major threats. This left the less risky components of various systems unattended to. However in the current environment, such an approach would be very insufficient.
In order to deal with the current environment organizations are learning to adapt a more proactive approach. For instance, the National Institute of Standards and Technology recently gave an update on its guidelines in risk assessment. The update on the guideline made a recommendation on the continuous process of monitoring and assessments in real time (Mikuzs, 2014). In accordance with Forbes, the global market for cyber security was at $75 billion in the year 2015. The market is expected to grow to $170 billion by the year 2020.
For cyber security to be effective, a coordination of efforts is very necessary. Various elements of the structure of cyber security play a major role in achieving this. They include application security, information security, operational security and disaster recovery plan.
Elements of the Structure of Cyber Security
It refers to the continuous use of hardware software and procedures that protect applications from facing threats. Applications are constantly facing threats and therefore the factor is put into consideration during the development process of an application. Security measures put up in an application ensure that there is minimal likelihood for an unauthorized form of access to manipulate the application. Actions which are carried out to ensure that applications are guarded by security are known as countermeasures. There exists a very basic software countermeasure known as a firewall. It creates a limit to the execution of files and only specific programs are allowed to handle the data. A very common countermeasure in hardware is a router. It is able to create prevention of visibility of an IP address in internet. Other countermeasures include encryption programs; anti-virus set ups, detection for spyware and authentication systems for biometrics.
This is a set of strategic means used in managing processes, tools and various policies that are necessary in the prevention and detection of threats in digitalized and non-digitalized information. The responsibilities of information security are to establish business processes which are to protect assets in information without considering the formatting of information.
Programs on information security are built under objectives of ensuring that confidentiality, integrity and availability of information is maintained. The objectives make sure that sensitive information is only given out to parties which are authorized. This ensures that privacy is maintained. The data therefore can only be accessed when authorized parties request for it. Most of the organizations employ a team of dedicated security to help maintain the information security program. The group is charged with the responsibility to conduct risk management. This is a process where vulnerability and information threat is thoroughly assessed while the best control measures are put to action. The value of an organization is dependent upon the information it has and it is therefore important for organizations to constantly maintain its credibility and earn trust from its customers.
Disaster Recovery Plan
A disaster recovery plan is a well-documented and structured approach which has instructions meant to responds to unplanned instances. The plan has precautions that help reduce the effects of a disaster that has already occurred. This is in effort to help organizations resume to its operations as quick as possible. It involves analyzing the processes of a business, risks and comes up with a recovery time objective.
The strategy should begin at a business level and come up with determinants of applications which are important to running an organization. The recovery time objective gives a description of the targeted amount of time an application of a business can be down, which is measured in seconds, minutes or hours. In order to come up with a recovery strategy, an organization should put into consideration its budget, resources, technology, data, suppliers and the position the management has on risks. All the strategies should therefore be in good alignment with the goals of an organization. Upon approval of the recovery strategies, translation into recovery plans can take place.
Operational security was initially a term used in military to describe strategies that prevent any potential adversaries. With the growing importance of information protection and management, processes of operation security have become very common in operations of a business. Operational security involves a five step process.
The first step involves identification of critical information as a means to bring to identification the kind of data that can be harmful to an organization if an adversary was to obtain it. This involves property which is intellectual, identifiable information belonging to employees and customers and any financial statements.
The second step is to be able to tell any possible representation of a threat to an organization’s important information. There may be existence of many adversaries who may be targeting information and it is important for a company to put into consideration any possible competitor or hackers.
The next stage involves analysis of vulnerabilities. The organization looks into any potential weakness that may make it vulnerable to any adversaries. Possible lapses into electronic or physical processes which are designed to give protection against threats are identified.
The fourth stage involves assessing and determining the threat level associated with any possible risk. Most of the organizations create a rank on the risks depending on factors such as chances of occurrence and the level of damage an attack would bring to an organization. The higher the risk, the more important will it be for an organization to come up with controls to manage the risks.
The last stage involves application of the appropriate countermeasures. A plan to mitigate any possible risk is put up, and to start with, those which bring the highest risk are considered.
Policies that guide the sector
With the increased role that information technology plays, cyber sector has become an important part of an economy. Policies have been put up to ensure that the sector is handled with the meaningfulness that it deserves.
State governments have increased public visibility of firms that have weak security. In the year 2003, California gave a notice of a security breach act which makes it a requirement to disclose details on any event should there be a company which has security breach and intends to maintain personal information of its citizens. The personal information is inclusive of name, license numbers, credit card information and social security digits. Many states have incorporated the example given by California. The policies on breach notifications make it possible for firms to be punished due to failure in security. The policies also create incentives for companies to be in a position where they voluntarily invest in cyber security in order to avoid any loss on reputation that may result from cyber-attacks.
Governments have also come up with policies on businesses which maintain contact with their countries. The policies dictate that businesses should ensure that they maintain reasonable security levels. The same security level should be extended to business partners.
Policies on allocating more resources to research and establishing collaboration with the private sectors have been established. In the year 2003, the United States president’s national strategy aimed at securing cyber space put the department of homeland security in charge of any recommendations on security (Cavetry, 2014). The department was also responsible for researching on national solutions. The plan requires that cooperation exist between the government and industries. In the year 2004, $4.7 billion was allocated towards cyber security by the government.
The United States and United Kingdom governments have come up with a system of establishing joint cyber cell which operates in each of the two countries. The cell allows staff from each agency to be co-located. It is meant to concentrate on topics related to cyber defense and ensure that information and any data related to cyber threats is shared in a quicker means. To make it easier for businesses to get advice and services, the governments have given accrediting to firms who work in responding to cyber incidences. The governments have also ensured supply of products in cyber security by providing assurance on commercial products.
Functions of the cyber sector
The sector is charged with the responsibility of identifying and understanding the context under which a business operates and possible risk that may occur. This is of major importance because those developing software meant to curb any possible risk do it appropriately, having the appropriate knowledge on them.
The sector is also charged with responsibility to protect and contain any possible cyber security incidence. They ensure that that they offer training to staff on current issues in cyber security every now on then so that they are able to keep up with the changes.
The sector is also charged with responsibility to detect any occurrence of a cyber-security issue. They are supposed to implement the right activities that help identify any cyber security event in time.
The sector is also responsible for ensuring that they recover and restore services that might have been affected by an event related to cyber security. The team should be in a position where they recover in time to minimize any impact that has occurred.
Instruments Involved In Determining Standards and Procedures
Several groups are involved in development of cyber security procedures and standards. They are international groups, national groups, industrial and governmental. A standard development organization refers to an organization in charge of coming up with standards based on international, regional and national basis.
An example of an international Standard development organization is the Internet engineering Task Force. It is involved in evolution related to internet architecture as well as internet operations. It is composed of several workgroups with each group focusing on its element of internet security. Some of the topics addressed by each of these groups are protocols of authentication, public key infrastructure and internet protocols. An example of a regional standard development organization is the European Telecommunications Standards institute. It comes up with telecommunication standards in Europe. Some of the standard activities involve electronic signatures and lawful interception. An example of a National standard development organization is the American National Standards Institute. However, it is important to note that the institute is involved in administration and coordination of the voluntary standardization system in the United States. It sponsors working groups related to security. An example of an association is the association for Automatic Identification. It is involved in development of security standards in area such as barcodes. In the government of the United States, the National Institute of Standards and Technology is charged with developing standards for information systems of the Federal government.
Changes to Regulations in the Sector in Post 9/11 Era
The evolution and sophistication of cyber threats prompts for changes in regulations in the sector. The 9/11 attack was proof that much needed to be improved in the security sector. The security industry has however worked towards improvement of the cyber security sector. For instance, proactive technology such as development of anti-viruses has been conducted.
In 2013, former President Obama came with a proposal on improving infrastructure of cyber security. The policy seeks to improve the already existing private and public partnerships by coming up with an enhancement on timelines which information flow between the Department of Homeland security and companies of infrastructure.
In January 2015, the president came up with a cyber-proposal. It was made to ensure that the United States was ready to cope with an increase in the number of cyber-crimes. It emphasized on importance of sharing information related to cyber security between the private and public sector. The government would be in position to be aware of the challenges private firms’ experience. As a result, the government would be in a position to know what United States should be protected against. Law enforcement authorities were also to be modernized and well equipped with tools that facilitate dealing with cyber-crimes.
In 2016, the president came up with a cyber-security national action plan whose aim was to come up with long-term strategies as a means of protecting the United States against cyber threats. The plan was to make the public aware of growth in cyber-crimes, come up with protections on cyber security, assist in protecting Americans’ personal information as well as give information to Americans on how digital security can be controlled.
Threats against the Sector
Malware is widely used by cyber criminals. They use it to lock up people’s computers and charge lots of money to unlock and retrieve data back. Malware also makes it easier to steal personal information.
Users contribute greatly to many cyber incidences witnessed. For instance, a person who is in charge of administering a server may choose to erase all information in it and back it up using a keystroke (Vande, 2017). The behavior is not easy to predict but it is important for organizations to monitor and address such a behavior since it poses a risk to a company
Budgets also pose a great risk to the sector in that it becomes difficult for a security sector to get the needed budget for a stable security program. It is very unfortunate that budgets are mostly acquired after a company has experienced an incidence that greatly affects the company.
An Attack on Military Sector
On March 7th 2017, wiki leaks came up with a publication on data which contained 8761 documents which had been stolen from Central Intelligence Agency (CIA). The documents were inclusive of operations on spying and tools for hacking. The wiki leaks claim that the documentation discloses most of the arsenal that CIA uses for hacking. If the tools revealed are legitimate, CIA would be facing a great problem in that the public view of the agency and its operations would be altered.
An Attack on Private Company
In February 2017, an internet company known as cloud flare made an announcement that a bug it experienced brought about leakage of sensitive information on customer data. The company is charged with responsibility to offer security to websites of their customers. The data leakage is said to have possibly began in September 2016. Some search engines like web may have cached the data automatically creating a situation where users’ Uber account passwords and cryptography keys of cloud flare, easy to find.
An Attack on Financial Sector
A ransom ware known as Petya hit Ukrainian central bank causing disruptions in its operations. The ransom ware was a project whose intention was to raise revenue by causing confusion in bank operations. The ransom ware however experienced flaws just like an inefficient system of payment and was discovered in good time.
198 Million Records on Voters Exposed
On June 19 2017, it was discovered that there existed a database that was capable of being accessed by the public. The component of the database was information on 198 million United States voters. The database was hosted on an Amazon S3 server and as much as some of the data was protected, much information was accessible to any person using the internet. This posed a risk to institutions involved.
Companies should develop a habit of updating lists they possess on assets on a monthly basis. This is important because in cases where a cyber-attack has occurred, insurance companies may need receipts presented in an orderly form. It is important to have serial numbers as well as ensuring that an update on the same copy has been uploaded in two different files.
Companies should ensure that they go through browser certificates and delete the expired ones. It is okay to make it possible for users to receive error messages when they are routed to an expired source since they will not be affected by an inevitable attack (Taplin, 2016). It is important to have a key management system.
Organizations should ensure that they set up regular meetings with security team and IT department. This creates an environment where concerned can be voiced. The team is also informed on importance of security. It is during this time that important assets are visited and in the process, something new might be discovered and investigations begin.
Organizations should also ensure that new people hired in the security team are well oriented and trained. This will ensure that they are aware of how an organization operates. They should be constantly evaluated and appraised to be sure that they are efficient and effective.
Cavelty, M. D. (2014). Breaking the cyber-security dilemma: Aligning security needs and removing vulnerabilities. Science and Engineering Ethics, 20(3), 701-715.
Von Solms, R., & Van Niekerk, J. (2013). From information security to cyber security. computers & security, 38, 97-102.
Choucri, N., Madnick, S., & Ferwerda, J. (2014). Institutions for cyber security: International responses and global imperatives. Information Technology for Development, 20(2), 96-121.
Vande Putte, D., & Verhelst, M. (2014). Cyber crime: Can a standard risk analysis help in the challenges facing business continuity managers?. Journal of business continuity & emergency planning, 7(2), 126-137.
Taplin, R. (Ed.). (2016). Managing Cyber Risk in the Financial Sector: Lessons from Asia, Europe and the USA (Vol. 129). Routledge.
Glenn, C., Sterbentz, D., & Wright, A. (2016). Cyber Threat and Vulnerability Analysis of the US Electric Sector (No. INL/EXT–16-40692). Idaho National Lab.(INL), Idaho Falls, ID (United States).
Lagazio, M., Sherif, N., & Cushman, M. (2014). A multi-level approach to understanding the impact of cyber crime on the financial sector. Computers & Security, 45, 58-74.
Mikusz, M. (2014). Towards an understanding of cyber-physical systems as industrial software-product-service systems. Procedia CIRP, 16, 385-389.