Security Precautions

Study Guide

The new rules of war

Much comment has been made about the ethics of cyber warfare, or disabling an enemy's resources or information through malicious use of a computer.  The United States Government is quickly adapting its policy and trying to become a cyber-warfare superpower while also making sure that they don't violate the civil liberties of both citizens and non-citizens.  It seems that the definition of the enemy has become blurred.  While it is generally accepted that the government is able to spy on any data transmitted over the net, much debate remains over whether this is ethical.

September 11th left us all crying for better surveillance against the "bad guys."  In order to appease various civil liberties groups in the U.S. dealings in cyber espionage and warfare have been somewhat "under the table," until now.  It will be interesting to see whether American's will be willing to forego privacy in the interest of security.

Surveillance and September 11th

Is it ethical for the U.S. to spy on suspected terrorists?  Should the U.S. have been able to reconstruct cellular phone calls from that fatal crash on September 11th?  Are we glad that we had the ability to do this?  Does this scare anyone?  Many issues such as this will have to be resolved in order to move forward as a country in the coming months.

What is Cyberterrorism?

Cyberterrorism is the use of computers as weapons by politically motivated groups who spread fear to the masses and attempt to force governments to change their policies. It is extremely difficult to determine the identity of most cyberattacks and there is no published evidence linking a widespread attack with international terrorist groups. But cyberattacks have continued to increase in regularity. Experts disagree on the extent of damage that could be caused by a coordinated cyberattack against our country. Countries that rely the most upon computer networks such as the United States have the most to lose.

Ethical Problems with Cyberwarfare

The main ethical issue with cyberwarfare is that it breaks the rules of military engagement. During cyberwarfare noncombatants are deliberately targeted in order to disrupt computer networks. Electrical generation, transportation, water, financial services, and telecommunications all become targets instead of a group of military personal. The private sector is the new ground zero for this emerging form of warefare.

  1. Importance of Network Security

      Today, unlike the past, much of our infrastructure is not composed of physical buildings and machinery, but instead is our fragile communications network. Without it we are crippled. In fact, it has already been recognized that our communications network is so key, that it has become of great importance to national security. "...the security of information systems and networks (is) the major security challenge of this decade and possibly the next century...there is insufficient awareness of the grave risks we face in this arena." Redefining Security, Joint Security Commission. With the increasing importance of this network's security, (due to its rising influence and our own rising dependence upon it) comes an ethical responsibility to keep this crucial system in working order.
  2. Why does the responsibility of network security fall upon all of us?

      Normally this tremendous responsibility falls upon the shoulders of our government, and the only part we have in it is to not hinder the government and even help out when necessary. However, due to the nature of the internet, everyone has a responsibility. This is due to the nature of our internet. Our internet is insecure by nature, it is a distributed system, built with flexibility, scalability and efficiency in mind (not security!). Due to this fact, many attacks are likewise distributed like the infamous Distributed Denial of Service attacks of early 2000. It thus follows that one of the best response is some form of distributed security measure. For the government to impose such restrictions would be indubitable rouse protest from every corner of the globe from the American Civil Liberties Union to privacy advocates. Thus, it falls upon the shoulders of each computer user and particularly system administrators of large networks to help ensure the safety and security of our network.
  1. Distributed Denial of Service

      This form of attack can down almost any website, crippling any e-commerce business. This attack is based on a tactic of slowly taking over other computers perhaps weeks or even months ahead of time. When the time of the attack has come, a few central computers send out signals to its hosts (other compromised computers) which may send out still yet more signals to its hosts, telling them to attempt connections with a targeted site (the victim). The victim would then be suddenly barraged by hundreds of thousands of connection requests from all ends of the world, overwhelming its capacity and preventing its normal function. An infamous example of this form of attack is the fiasco that occurred in early 2000, where many notable and popular sites where taken down. This particular form of attack emphasizes how network security is a community effort. If each user, or each system administrator took time to make it a little hard for hackers to take over their computers and use them as hosts, such attacks would be rare indeed.
  2. Is network security all that big of a problem?

      Many people are still unaware of the threat posed by this problem. As recent as December of 1999, a survey done on network security showed that 88% of small to medium sized businesses, had no form of security protocol implemented. Yet, we all know how deadly the attack that came barely two months later that crippled many reputable businesses like Yahoo, eBay, Amazon,,, ZDNet (a popular technology news site), and online brokerage E-Trade. Believe it or not, we are even more dependent on these sites today, and yet the threat has not lessened appriciablly. This is a huge barrier against e-commerce. This does not even take into account the critical systems that might be targeted like airports, which are now in danger. To make matter worse, all that you hear is just the tip of the iceberg, numerous attacks happen everyday, but companies tend to hush them up to preserve their reputation.

      I leave you with a quote
      "What is scary about this is as we've become more dependent on technology and its availability, we become more vulnerable to any 18-year-old in a garage anywhere in the world," said Mark Rasch, a former federal prosecutor who is a computer security consultant at Global Integrity in Reston.

  3. Ethical obligations?

      "Security in the Internet is a community effort," said Ron Dick (FBI head of computer crime investigations). As a system administrator, responsible for the well being of the computers under you, you are also responsible in making them secure both to protect your self and others (by preventing your computers from being hosts). In addition to track hackers, what you really need is intense cooperation among the private sector. As a citizen in a society governed by law, aren't you obligated to help in enforcing the law? Thankfully, the government and the private sector are coming together.

Index of Topics - Study Guide