Sunday, June 27, 2010

Cyber Security Threats


Cyber Security Threats - Organization and Definitions

The world of information security attacks and threats in growing in power and sophistication with nation backed Cyber attacks emerging. Although constituting isolated attacks so far the new wave of Cyber attacks are more prevalent and dangerous. And, with the advent of (often hostile) national

involvement in Cyber offensives, the risk to our nation's National Security is real and potentially devastating. This is particularly as the net expands in both scope and sophistication,

The world of Cyber Warfare, attacks and threats is real and potentially devastating to defense and commerce. While substantial efforts are underway to counter the threat, great effort is required to establish standard definitions and concepts.

And we, as a nation, are not ready to defend against a coordinated, powerful Cyber attack from within and well from beyond our shores. Although substantial dollars are budgeted for Information

and Cyber security, the management and planning for an effective long term defense against Cyber terrorists. Greater effort on planning and organizing defenses and offensive scenarios of Cyber Security is required and one of the first steps is the definition of Cyber/Information Terms and concepts.

In addition, greater organizational focus is required to properly mobilize and utilize the nation's resources. At present there are three major agencies (Defense Information Systems Agency (DISA), the National Security Agency (NSA) and the Department of Homeland Security (DHS). Each agency addresses the needs of a different sector of the Federal Community (military, intelligence and civilian) but there is significant overlap and duplication of effort. To this end, President Obama has proposed an oversight agency, (CyberCom) that will coordinate and integrate the efforts of the agency responsible for each sector. This should result in significant efficiencies in the prevention of Cyber Security attacks.

The world of Information Assurance/Cyber Security is very broad and many of the terms are often used interchangeably and many times wrong when defining a particular Information Assurance problem. What is needed to help reduce the high level of confusion is a list of standard terms that are universally accepted. A sample (but not exclusive listing ) of terms can be found at Information Security Types. This guide brings precision to the term usage of Cyber world terminology and provides a starting point or framework of understanding.

In addition, a centralized technical research database is required that operates in real time and is universally accepted by the entire cyber security community. This database would contain relevant classified and unclassified technical information about new products, processes and regulations that have proven effective against Cyber attacks. A research database has been developed by the Defense Technical Information Center (DTIC) and steps are underway to update and expand this tool in the fight against Cyber attacks. But, a great deal of effort is required before the initiative is truly powerful and accepted.

No comments:

Post a Comment