Boggiano 1

Claudia Boggiano

Susan Browning

ENG112_65

6 May 2017

Why You Should Care About Cyber Security

What is the biggest threat facing our nation? Is it terrorism or cyber security?

While people may fear terrorism because it is often violent and widely reported, the

greater danger is cyber security. It's a complicated issue that is hard to explain and

often ignored by average Americans. The cyber threat doesn't just affect our military,

but it affects every company, every level of government, and every individual - even our

children. This paper will summarize research and interviews into current trends relating

to cyber threats and security on a national level.

Thirty years ago most people could easily live without interacting with a

computer. Today that is no longer the case. The Internet in one way or another touches

almost every aspect of our lives. Personal computers went mainstream starting in the

1980s, and the Internet went mainstream in the 1990s. This technology has led to

massive changes for both ordinary people and companies. From personal services like

online banking or health records to business operations like nuclear power plants or air

traffic control, all these areas are managed in the cyber world. How can we protect our

personal life and institutions from being hacked? When attacked how can we defend

ourselves? Some people find this topic fascinating. Others find it disconcerting that

everyone is so vulnerable while simultaneously so relatively powerless to protect

themselves.
 Boggiano 2

Over the past 20 years more and more of the average citizen's life is managed,

transacted, and tracked via computers and the Internet. This migration to the Internet

has only accelerated as computers have gotten smaller and become devices in our

pocket - the mobile phone. Our locations are tracked by our phones, our driving records

are monitored by toll transponders, our spending habits are tracked by credit card

purchases, our health records are electronic, and even our most intimate secrets,

fetishes, and insecurities are tracked by Google Searches. "Danny Sullivan of Search

Engine Land recently remarked on This Week in Google that We're more honest with

Google than we are with our spouse.'" With all of this confidential information now in a

digital format, how does the average person know who has access to it and if it is

secure?

More and more business processes are being automated. This automation

applies to every business from a bank to the railway company to the nuclear power

plant. Where once a person would sit and pull levers or push buttons, now computers

control almost all functions of business' operations. Even in the grocery store, we are

moving towards self-checkout. As an individual how do I know that I am safe from a

cyber attack in our voting booths or the nuclear power plant? If I am a CEO of a

company, how do I know that my business is safe?

What if our private information or a company gets hacked? What does hacking

even mean? According to Google, hacking involves the "use of a computer to gain

unauthorized access to data in a system." By this definition, every electronic system of

data storage is vulnerable to hacking. Hacking might happen by an insider employee

 Boggiano 3

that accesses information in a file, by a state actor, or a criminal. Some recent hacking

examples might help illustrate what hacking means from a practical standpoint.

Two examples of inappropriate access hacking involve President Obama and

Edward Snowden. In 2008, Private contract employees working for the U.S.

Department of State have repeatedly accessed U.S. Sen. Barack Obama's passport

records over the past three months. As citizens, we trust that information provided to

the government for services is safely handled. Unfortunately, it seems that trust is

misplaced because even the President himself was not safe from being hacked. Edward

Snowden was a contractor for the National Security Agency (NSA), which helps defend

the nation. In 2013, "Snowden downloaded up to 1.5 million top secret files," before

handing the data to journalists. His hacking and the subsequent disclosures have fueled

debates over national security and information privacy.

The best recent example of state-sponsored hacking involved the Chinese

government's hacking of US government security clearance files. A state actor is a

computer hacker sponsored by a foreign country. In 2014, the Chinese hacked the US

Government's Office of Personnel Management's files. They obtained the personnel

records and security clearance data for 22.1 million federal employees past and

present. "U.S. officials said the breaches rank among the most potentially damaging

cyber heists in U.S. government history because of the sufficient detail in the files.

Officials said hackers accessed not only personnel records of current and former

employees but also extensive information about friends, relatives, and others listed as

references in applications for security clearances for some of the most sensitive jobs in

government." These personnel and security clearance files contain more than just
 Boggiano 4

biographical information about employees. Since employees with a security clearance

are at risk of being blackmailed, these forms list every intimate detail of a person's life.

All of that information is now in the hands of a foreign government. Even if someone

hadn't worked for the US government in 20 years, their information was still disclosed.

The last type of hacking is criminal. Unfortunately, this is likely the most common

form of hacking though it often goes unreported. Therefore it is hard even to compile

reliable statistics quantifying hacking by type and damage. Criminal hackers usually

want financial gain. They might accomplish this by hacking credit cards and bank

accounts or by stealing corporate secrets to sell to competitors or playing the stock

market.

Why is hacking so prevalent? "One reason is simply that the Internet was

conceived without any form of security in mind." Even worse, the cyber risks only get

worse as the computer systems themselves get more complicated. This means that

fewer and fewer people have an end to end knowledge of the entire system. Imagine a

building so large that it is nearly impossible to catalog every window and door. If you

were the building manager and didn't even know how many doors there are, how could

you possibly know if they are all locked?

What can a person do? First, an individual should recognize that "the computer-

security situation is out of control." Second, everyone should dedicate some time to

learning the basic best practices. Some quick examples include securing your data with

strong passwords and don't use the same password for different logins. For higher

security, download a password management service like LastPass that generates

secure passwords and stores them encrypted in your private account. All you need to
 Boggiano 5

know is your Master password and the plugin on your computer, laptop or the

application on your phone. You no longer need to memorize complicated passwords.

The goal of following best practices is not to be the weakest target. Often hackers will

pursue the easiest target available. To paraphrase Thomas Friedman's proverb,

imagine you are a member of a herd of gazelles in Africa, and when the sun comes up

you need to run faster than the slowest gazelle, or you will be killed. It is similar with

hacking; no one wants to be the easiest target.

The last thing a person can do is to demand accountability from government and

corporations. A lot of innovations, frameworks, and rules will have to be created to deal

with this brave new world of cyber security. What should those new regulations

regarding cyber security and the Internet be? The honest answer is no one knows right

now. Here's a quick example to illustrate. If the governor of North Carolina has a cyber

security unit in the National Guard, could the governor order a strike against Russian

hackers to defend an ongoing cyber attack against critical infrastructure within the

state? Previously, the governor would never have sent National Guard soldiers to

physically attack Russia but in the cyber world that is absolutely a possibility. So whole

new approaches are needed to deal with the issue of cyber security.

By understanding what hacking means, individuals, companies, and

governments can start to assess the risks and plan how to defend against such threats.

For the optimists, there is hope that businesses and government are finally taking cyber

threats seriously. For the pessimists, "today is a paradise for attackers," and it is not

clear how the state of cyber security will get any better.
 Boggiano 6

Works Cited

Cerrudo, Cesar. Why Cybersecurity Should Be The Biggest Concern Of 2017. Forbes,

Forbes Magazine, 17 Jan. 2017,

www.forbes.com/sites/forbestechcouncil/2017/01/17/why-cybersecurity-should-

be-the-biggest-concern-of-2017/#69e203164094.

Economist, The. Organized Crime Hackers Are The True Threat To American

Infrastructure. Business Insider, Business Insider, 11 Mar. 2013,

www.businessinsider.com/organized-crime-hackers-are-the-true-threat-to-

american-infrastructure-2013-3.

Edward Snowden. Wikipedia, Wikimedia Foundation,

en.wikipedia.org/wiki/Edward_Snowden.

Gable, Detlev, et al. Cyber risk: Why cyber security is important. White & Case LLP

International Law Firm, Global Law Practice, 1 July 2015,

www.whitecase.com/publications/insight/cyber-risk-why-cyber-security-

important.

Gillin, Paul. Are we more honest with Google than with our spouse? The Spiceworks

Community, 15 Oct. 2014, community.spiceworks.com/topic/605938-are-we-

more-honest-with-google-than-with-our-spouse.
 Boggiano 7

Glick, Bryan. Finding Solutions. Together. Five concerns and five solutions for

cybersecurity - Global Economic Symposium, 2010, www.global-economic-

symposium.org/knowledgebase/the-global-polity/cybercrime-cybersecurity-and-

the-future-of-the-internet/proposals/five-concerns-and-five-solutions-for-

cybersecurity.

Google. Google, www.google.com/webhp?sourceid=chrome-

instant&ion=1&espv=2&ie=UTF-8#q=what does hacking mean.

Magid, Larry. Why Cyber Security Matters To Everyone. Forbes, Forbes Magazine, 1

Oct. 2014, www.forbes.com/sites/larrymagid/2014/10/01/why-cyber-security-

matters-to-everyone/#34a56e8c1fd0.

Morag McGreevey, Morag. Why is Cyber Security Important? Investing News

Network, 20 Oct. 2016, investingnews.com/daily/tech-investing/cybersecurity-

investing/why-is-cyber-security-important.

Nakashima, Ellen. Hacks of OPM databases compromised 22.1 million people, federal

authorities say. The Washington Post, WP Company, 9 July 2015,

www.washingtonpost.com/news/federal-eye/wp/2015/07/09/hack-of-security-

clearance-system-affected-21-5-million-people-federal-authorities-

say/?utm_term=.8bc07bf00e9c.
 Boggiano 8

National Security Agency | Central Security Service. NSA.gov, www.nsa.gov/.

Szoldra, Paul. This is everything Edward Snowden revealed in one year of

unprecedented top-Secret leaks. Business Insider, Business Insider, 16 Sept.

2016, www.businessinsider.com/snowden-leaks-timeline-2016-9.

The Fable of the Lion and the Gazelle. Quote Investigator, Quote Investigator, 5 Aug.

2011, quoteinvestigator.com/2011/08/05/lion-gazelle/.

Thibodeau, Patrick. Update: Obama passport records breached; IT system flagged

violation. Computerworld, Computerworld, 20 Mar. 2008,

www.computerworld.com/article/2537876/security0/update--obama-passport-

records-breached--it-system-flagged-violation.html.