In this new networked age, the currency of cyberspace is information. It is both a valued asset and a medium of exchange, and it defines the worth of a use of cyberspace, whether in a government, military or commercial context. But, as with all currencies, information must be safeguarded if it is to retain its value to its user. And, never before has information security been so vital to the operation of those three institutions.
The cyberthreat to government, the military and the global economy increases with the reliance on information systems for everyday use. Not only does the ubiquity of cyberspace become more intense, but also the types of applications become more varied. As a result, the ways that a cybersaboteur or thief can menace information have magnified in both style and substance.
New technologies entering everyday use have created new vulnerabilities for cyberspace. Wireless access is emerging across the landscape, and with it comes a new entry portal for malicious cybernavigators. The U.S. Defense Department, recognizing the rapid migration to wireless network access among its forces, has issued new information security guidelines for upcoming wireless access technologies. This is not merely protecting assets against a possible threat; the new wireless devices being fielded among the troops have the potential to lead a marauder directly into the most comprehensive networks in the Defense Department information arsenal.
And, the value of information accessible to network marauders has increased exponentially. As more elements of the critical infrastructure are networked online, more ripe targets appear to malevolent cybernauts. Seeking greater efficiencies through cyberspace, both government and industry have created access to vital databases and operational controls. These vital elements now are open to attack by all manner of hostile intruders.
Amid these new targets and vulnerabilities, new types of damaging attacks have emerged. Viruses that had serious impacts on cyberspace only a few years ago now seem mundane compared to the latest threats emerging from hostile computers. Complicating this threat picture is the expansion of the field of adversaries. Previously, hacker vandals tended to pose the greatest threat to network security, and organized crime was the biggest danger to online financial assets. Now, these and other cyberspace denizens have been joined by terrorists who conceivably could launch any type of attack on all kinds of assets. Their goal would not be profit or political statement; instead these network nihilists would seek simply to damage or destroy targets that are valuable to the Free World.
Securing cyberspace is no easy task, but there is no alternative. Successive U.S. administrations have worked with industry to ensure the protection of critical infrastructure assets, but results have been mixed. Vulnerabilities have grown at a greater rate—concurrent with increased threats—than have security measures.
Nowhere is this more evident than in the U.S. government itself. As federal departments and agencies rely on cyberspace to a greater degree to provide service to the citizen, vital information remains at risk to malevolent computer users. A recent congressional study determined that roughly half of all federal departments and agencies do not receive satisfactory grades for their information security measures. In some cases, specific government agencies do not even have an inventory of online information assets, let alone vulnerabilities. For some government organizations, the problem seems too big to get their arms around.
Everyone knows there is a problem; everyone knows about the problem; and everyone recognizes that the problem must be dealt with quickly. However, measures to provide cyberspace information assurance still fall short of truly effective security. Ironically, the ongoing heroic efforts of information security personnel may fade into the background when a cyberspace attack severely damages the critical infrastructure. Then the blame game will begin, and critics will have a field day feasting on government and industry. To prevent this from becoming a worse-case scenario, information officers must join with their government and industry leaders to redouble their efforts at protecting the vital infostructure. Simply put, there is no alternative to effective information security.
The August issue of
SIGNAL Magazine, which focuses on the security challenges and solutions for the future, is in the mail on August 2, 2004, to AFCEA members and subscribers. To obtain a copy, contact
AFCEA Member Services.
—The Editor
