"Your work is to discover your world and then with all your heart, give yourself to it."

Sunday, April 4, 2010

Shifting the Burden- Cyber Security


Shifting the Burden/Addiction- Cyberspace Security


Definition: Instead of “doing the right thing” and implementing a fundamental solution, the policy focuses on a short-term superficial solution that lead distracts resources from what really ought to be done.


Over the last several years, the United States has faced new threats and challenges by use of the internet and other technology more and more in daily routines. Conflict is no longer limited to the battlefield- opponents are using technology and the vulnerability of networks to get a step up on competitors. Cyberspace is composed of all the interconnected networks that store information and provide services across the globe.


Foreign groups have been known to access networks at the White House, Congress, NASA, DHS, DOD and many leading American companies (Google just this month). These foreign actors access the networks with the intent of stealing valuable information which can impact the economy, national security, etc. Today, the United States relied very heavily on cyberspace to conduct day-to-day personal activities, health care, and military and government operations. Threats come not only from foreign governments and state actors, but from cyber criminals as well.


This CLD demonstrates the vulnerabilities and misperceptions associated with the use of networks and cyberspace.


Loop R1- “Everything’s Fine”: This loop shows that there is a belief that networks are secure and when they are perceived to be secure, the government and businesses are making efforts to incorporate the new technologies and cyberspace into their daily routines. For example, hospitals are making efforts to put all of their files in a “secure” date base. Then a few months down the road there is an issue- could be small or it could totally paralyze the industry depending on the threat. There is a delay in the system here because oftentimes, a threat is not discovered immediately. New security measures will likely be put in place after an incident completing the loop where the belief is that the network is secure from criminals.


Loop B1- “Check-ups”: This loop shows that when the security measures in the networks are being updated and keeping up with threats rather than only acting in crisis, the level of security risk will stay to a minimum. This could also be described as doing routine “check-ups” instead of only acting when an issue arises.


Loop B2: This loop is characterized by people trying to incorporate cyberspace and technology into their everyday life or business and not seeing the potential security risks that happen months or years down the road; hence a delay in the system. Unfortunately, as we have all experienced, when an issue arises the system is usually out of service for a few hours if not days. Sometimes, rather than “fix” the old system, a newer system is available which make people more apt to incorporating the “untouchable” technology. Supposedly the “untouchable” technology won’t fall for the old tricks… and that is true in some cases but the criminals just develop new threats for the new technology.


So how do we combat this issue?


Right now, there is no streamlined approach to tackling cyber criminals or protected the infrastructure. It will be important for law enforcement and technology specialists in businesses to work together to develop a more effective security system. Also by streamlining the security with a high cost but low risk system and one that is constantly being modified and adapted, it would likely be harder for criminals to break the system. Certainly, this would require sincere effort for everyone involved in the technology, but as they say- you are only as strong as your weakest link.