Lone Rangers in Cyberspace: How Can we Protect Ourselves?
| posted by Saabira ChaudhuriI've spent the last few days trying desperately to get into my hotmail account and being unable to do so. That irksome error message -- this page cannot be displayed -- is so exasperatingly embedded in my brain that I've caught the words dancing unrestrainedly through my head on the long subway ride to and from work.
The sneak preview of new email messages that MSN tantalizingly flashes at me when I sign onto messenger is the closest I can get to finding out who responded to my Craigslist posts, what my dad had to say about yesterday's abominable cricket final, whether my movie plans for tonight have been confirmed, and of course who posted on my Facebook wall. My whole week (not to mention my mood) is affected; this currently ranks pretty high on my list of the most inconvenient of inconveniences.
Wondering about how I -- a single individual -- am so disturbed by this temporary (I hope) lapse in one of my daily communication mechanisms leads me to marvel at the inordinately high levels of my dependence on my email, my cell phone, the Internet, and basically any form of digital communication/information gathering in general. It also leads me to wonder about the effect that such lapses can have on larger groups and their ability to function.
In the last decade or so, the control of fundamental processes like banking, manufacturing, communication, electricity and others have transitioned into having a heavy dependence on cyberspace for their functioning. This has undeniably decreased costs and increased productivity, but in the process it has also altered the logistics of day-to-day functioning.
The alteration has created security risks that are different and far more serious: information in the 'real world' can be locked up or stored away -- unless you can grab a key or steal someone's letters, access is restricted. In cyberspace, the possibilities are endless and the pervasive worry nowadays is that cyberattacks can cause serious disruption of critical operations on a national, possibly global scale.
A US government report on Cyberspace vulnerabilities explains: “Not only does cyberspace provide the ability to exploit weaknesses in our critical infrastructures, but it also provides a fulcrum for leveraging physical attacks by allowing the possibility of disrupting communications, hindering U.S. defensive or offensive response, or delaying emergency responders who would be essential following a physical attack.”
So what happens if one of the country's most trafficked websites is disrupted? Like Google maybe. One of Business Week's regularly obsessive articles about Google evokes the worries of George Dyson, author of Darwin Among the Machines: The Evolution of Global Intelligence, that Google, "the crude oil of the Information Economy," may pose a national security concern due to its function as a massive storehouse of vital information.
As far as I know there haven't yet been any catastrophic attacks on US information network systems so far, but I'm pretty convinced that if there were to be, the ramifications would be huge. The aforementioned government report ends with a caveat about how it cannot and should not be expected to secure networks for private enterprises and for individuals: "Each American who depends on cyberspace, the network of information networks, must secure the part that they own or for which they are responsible."
With regard to my own minor situation: admittedly, I'm not particularly tech savvy but I wouldn't call myself completely clueless either. In fact I would say a large chunk of cyber users out there possess similar knowledge to mine. When I can't even get my hotmail account to work, I'm at a loss as to how I can be expected to ready myself against potentially malicious attacks on my day-to-day communication mechanisms.
It's easy enough for the government to spout rhetoric like 'each American must do his own part,' but without any active effort to equip people with the tools and the knowledge to do so, the fundamental question that grand statements like this elicit for me is what we as individuals can really do to protect ourselves and the country’s infrastructure against such attacks.
Comment
Recent Comments | 3 Total
May 1, 2007 at 10:29am
Allen BrokkenFurther research on the general topic of government's efforts to educate the general population on Cyber threats shows a significant effort along those lines is underway. The Bush Administration's Strategy to Secure Cyberspace includes expected topics like expanding research, but has a whole section dedicated to helping the general public. Programs like the NSA's Centers for Academic Excellence in Information Assurance Education and the forth coming Department of Homeland Security Essential Body of Knowledge related to information security are huge steps in making the public more aware of the threats. The government even has a program for K-12 students handled in age appropriate manners for how to keep safe in the Cyberworld and the NSA has a whole Kids website. It may be too little too late for the older generation, but those on the technological front lines are getting their fill at an early age.
May 1, 2007 at 10:44am
Allen BrokkenThe National Strategy to Secure Cyberspace places public awareness of Information Security and Assurance as a primary goal. This strategic push has ensured programs like the NSA's National Centers for Academic Excellence in Informaiton Assurance Education http://www.nsa.gov/ia/academia/caeiae.cfm?MenuID=10.1.1.2 get the funding they need to advance security education at the collegiate level. This is just one of many programs run by the NSA to deal directly with the public. They go so far as having a kids website http://www.nsa.gov/kids/
A number of other efforts are ongoing such as the Federal Trade Commissions Identity theft awareness and deterrance programs. There are even programs for K-12 school kids on being safe on-line.
I'm a certified security professional, and the biggest issue I see is people not taking the information they are given seriously. No matter how well put together a training event is people roll their eyes and space out. Then a few weeks later that same person can't understand why their system was compromised.
Most things are very simple and take little time. I wouldn't think of walking out of my house without locking the door, or leave my car in a parking lot without locking it. Most security steps are that simple and vendors are delivering them on by default.
My biggest advice is don't be overwhelmed. You have a potential impact on national security, but for most people that potential is pretty small. Start with one simple thing. Lock your workstation when you get up from your desk. Do that consistently for a month and then worry about taking on something more complicated.
May 2, 2007 at 12:22pm
Jean ThibaudeauI think that these worries are overrated. The internet is indeed practical, but not critical.