Cyber Security

Cyber security is the ability to protect or defend the use of cyberspace from cyber-attacks,
according to the National Institute of Standards and Technology, USA. In simple language,
Cyber Security or Information technology security means protecting data, networks, programs
and other information from unauthorized or unintended access, destruction or change. It can be
also be defined as all operations and activities that are undertaken to minimize threats and any
kind of vulnerabilities, and enforcing required policies for prevention, data assurance, recovery
and other cyber security related operations. It encompasses all the mechanisms and processes
that protect digital equipment, information and records from illegal or unintended access,
manipulation or destruction.

Of late, in Bangladesh, the financial services industry, which is a vital component of a nations
critical infrastructure, is under persistent threat.

There has been burgeoning growth of internet users in the country. According to Bangladesh
Telecommunication Regulatory Commission, the number of internet users almost doubled in the
last two years. It shot up from 30.48 million in 2013 to 58.31 million in February 2016. With it,
came an ardent need for in-built cyber security in IT and to make people more aware about the
policies, standards and guidelines.

The emerging role of IT governance is to bridge the gap between control requirements, technical
issues and business risks. The Governance Global Practice of the World Bank supports
governments in improving access and quality of public services by developing integrated
governance solutions to address service delivery problems in their local contexts.

Improving public services requires making policymakers, public servants, and service providers
accountable to citizens, and promoting citizen engagement and trust in public institutions.

Recognising the interconnections between institutions, service delivery, and citizen trust and
engagement is especially crucial in fragility, conflict and violence settings.

The organisations undergoing change management become the easy targets of cyber criminals.
Since 2011, Bangladesh Bank was busy modernising its payment and settlement system. The
overall banking functions of the central bank had been brought under automation by
implementing the banking application package.

All the offices and departments of the BB had been brought under a computer network,
connecting around 4,000 desktops/laptops by 2012. During the computerisation phase of the BB,
it might be that the things were done out of hurry. The main thrust was on meeting the World
Banks deadline. It was not possible to pay much attention to the security details.

Usually, this transformation phase of computerisation and change management remains risk-
prone, as hackers take this chance of transition. They know that three important gears like
security, monitoring and control might be lacking at that stage. The IT security of the banking
sector in Bangladesh is in a very precarious stage and, hence, there are chances of further attacks.
In the last couple of years, CTO Forum Bangladesh has been addressing these critical issues. So
far, it has organised as many as 15 seminars on cyber security. Its pursuits to make people aware
are on. It is going to organise a conference on security jointly with Bangladesh Institute of Bank
Management this month.

Out of my 35 years of experience in IT, I have developed an impression that the organisations
are never willing to invest in IT security until and unless they are targeted and fallen as victims.
What is more important is to make the system bulletproof and to defend further attacks by raising
awareness.

Creation of platforms for future cyber-security awareness raising efforts is important. Every day,
in one way or the other, businesses are facing the threat of hacking -- phishing, ransomware, data
breach and malware attacks.

In the country, there has been a dire need of a core group of professionals consistently working
on cyber threat intelligence, data protection and encryption.

In Bangladesh, the overall situation now calls for a cyber-security legal framework and that of an
IT skill framework. It has to be a thorough assessment of the cyber security capacity, taking into
account the existing capacity, availability of relevant skills training and education institutes,
security companies, IT industry representatives, associations, professionals and multi-
stakeholders.

It is usually said that as ICT investment continues to grow, the cyber-security profile must also
be increased at par in order to enhance the effectiveness of technological capacity.

To be holistic in its approach to leverage ICT, at this juncture, Digital Bangladesh has been
trying new approaches, new innovations and new methodologies. These include, among others,
the establishment of the digital connectivity project.

It is the highest priority project of the government and expansion of the government-wide
network to its lowest tier is also important.

A survey from Security Lab has found that almost 73 percent of companies are relying on
standard endpoint security-class solutions to protect their virtual environments, potentially
leading to reduced performance and creating an excessive load on their systems.

About 34 percent of businesses remain unaware that specialised security products even exist.
According to the findings of a recent survey, only 27 percent of companies use security solutions
that are specifically adapted for virtual environments.

Of these, nearly half use agent-based solutions. Specialised agent-less and light-agent solutions
are still uncommon, and are used in just 35 percent and 15 percent of cases respectively.

Kaspersky Lab is a privately owned entity operating in 200 countries, including Bangladesh.
According to them, Bangladesh is one of the countries on the top hit list of impending cyber
attacks.
Wire-transfer processes and other operations need constant screening. Clearly, the time demands
for creation of a position of a cyber security officer (CSO) in financial entities, corporations,
businesses, organisations and institutions. More than 80 percent of Bangladesh is now covered
by wireless networks.

Now, as we make steps ahead, we make digital footprints. Bangladesh ranks 107 out of 139 in
the Global Competitiveness Index, 115 out of 138 in the Networked Readiness Index (2011) and
134 out of 183 in the United Nations e-Government Survey 2010.

Finally, mobile, cloud computing, IoT (internet of things) and cognitive computing are expected
to be the technologies that will shape the near future the most.

No Bangladesh government website or data centres or any other infrastructure faced any problem
in the global ransomeware attack, which affected computers in nearly 100 countries on Friday.

However, there were infections at individual level in Bangladesh, reports our staff
correspondent.

A top executive of Asian TV yesterday said four of their desktops were affected Friday evening.

About preventing this type of attack, Sumon suggested arranging backups of data and being
cautious about opening or receiving files.

Tarique Barkatullah, director of National Data Center at Bangladesh Computer Council, said,
We have checked out all the government web sites and other infrastructure and found no
issues.

In March Microsoft itself advised its customers about the attack and released a software update
for Windows 10, said Barkatullah.

In the wake of the attack, Microsoft said it had taken the "highly unusual step" of releasing a
patch for computers running older operating systems including Windows XP, Windows 8 and
Windows Server 2003, reports CNN.

Cyber security experts across the globe rushed to restore systems yesterday after an
unprecedented global wave of cyberattacks that struck targets ranging from Russia's banks to
British hospitals and a French carmaker's factories.

The hunt was on for the culprits behind the assault, which was being described as the biggest
cyber ransom attack ever, reports AFP.

State agencies and major companies around the world were left reeling by the attacks which
blocked access to files and demanded ransom money, forcing them to shut down their computer
systems.

"The recent attack is at an unprecedented level and will require a complex international
investigation to identify the culprits," said Europol, Europe's policing agency.
The attacks, which experts said affected dozens of countries, used a technique known as
ransomware that locks users' files unless they pay the attackers a designated sum in the virtual
Bitcoin currency. Mikko Hypponen, chief research officer at the Helsinki-based cyber security
company F-Secure, told AFP that the attack was "the biggest ransomware outbreak in history",
saying that 130,000 systems had been affected.

He said Russia and India were hit particularly hard, in large part because the older Windows XP
operating software was still widely used in the countries.

The attacks apparently exploited a flaw exposed in documents leaked from the US National
Security Agency (NSA).

French carmaker Renault was forced to stop production at sites in France and Slovenia, saying
the measure was aimed at stopping the virus from spreading.

In the United States, package delivery group FedEx acknowledged it had been hit by the
malware and said it was "implementing remediation steps as quickly as possible."

Russia's interior ministry said that some of its computers had been hit by a "virus attack" and that
efforts were underway to destroy it.

The country's central bank said the banking system was hit, and the railway system also reported
attempted breaches.

The central bank's IT attack monitoring centre "detected mass distribution of harmful software"
but no "instances of compromise", it said.

Russia's largest bank Sberbank said its systems "detected in time attempts to penetrate bank
infrastructure".

Germany's Deutsche Bahn computers were also impacted, with the rail operator reporting that
station display panels were affected.

In a statement, computer security group Kaspersky Labs said it was "trying to determine whether
it is possible to decrypt data locked in the attack -- with the aim of developing a decryption tool
as soon as possible."Meanwhile, a cyber security researcher told AFP he had accidentally
discovered a "kill switch" that could prevent the spread of the ransomware.

The researcher, tweeting as @MalwareTechBlog, said that the discovery was accidental, but that
registering a domain name used by the malware stops it from spreading. Computers already
affected will not be helped by the solution.But @MalwareTechBlog warned that the "crisis isn't
over" as those behind it "can always change the code and try again".

The malware's name is WCry, but analysts were also using variants such as WannaCry.
Britain's National Cyber Security Centre and its National Crime Agency were looking into the
UK incidents, which disrupted care at National Health Service facilities, forcing ambulances to
divert and hospitals to postpone operations.

Pictures on social media showed screens of NHS computers with images demanding payment of
$300 (230 pounds, 275 euros) in Bitcoin, saying: "Ooops, your files have been encrypted!"

It demands payment in three days or the price is doubled, and if none is received in seven days
the files will be deleted, according to the screen message.

"Ransomware becomes particularly nasty when it infects institutions like hospitals, where it can
put people's lives in danger," said Kroustek, the Avast analyst.

A hacking group called Shadow Brokers released the malware in April claiming to have
discovered the flaw from the NSA, Kaspersky said.

Although Microsoft released a security patch for the flaw earlier this year, many systems have
yet to be updated, researchers said.

"Unlike most other attacks, this malware is spreading primarily by direct infection from machine
to machine on local networks, rather than purely by email," said Lance Cottrell, chief scientist at
the US technology group Ntrepid.

Some said the attacks highlighted the need for agencies like the NSA to disclose security flaws
so they can be patched. Asian governments and businesses reported some disruptions from the
WannaCry ransomware worm Monday but cybersecurity experts warned of a wider impact as
more employees turned on their computers and checked emails.
The ransomware that has locked up more than 200,000 computers in more than 150 countries has
been mainly spread by email, hitting factories, hospitals, shops and schools worldwide.
Most of the attacks are arriving via email, so there are many land mines waiting in peoples
in-boxes, said Michael Gazeley, managing director of Network Box, a Hong Kong-based
cybersecurity company, reports The Japan Times.
In China, the worlds second-largest economy, energy giant PetroChina said payment systems at
some of its gas stations were hit, although it had been able to restore most of the systems. Several
Chinese government bodies, including police and traffic authorities, reported they had been
impacted by the hack, according to posts on official microblogs.
The official China Daily newspaper, citing Chinese tech firm Qihoo 360, said that at least
200,000 computers had been affected in China, with schools and colleges particularly hard-hit.
A spokesman for the Hong Kong Exchanges and Clearing, one of the regions biggest bourses,
said all systems were so far working normally. We remain highly vigilant, he said.
Companies have warned users and staff not to click on attachments or links. One school in South
Korea barred its pupils from using the internet. Taiwans government appeared to have escaped
major infection, possibly because regulations there require all departments to install software
updates as soon as they are available.
South Koreas presidential Blue House office said nine cases of ransomware were found in the
country, but did not provide details on where the cyberattacks were discovered.
In Australia, Dan Tehan, the government minister responsible for cybersecurity, said just three
businesses had been hit by the bug, despite worries of widespread infection. There were no
reported cases in New Zealand.
Cybersecurity experts said the spread of the ransomware had slowed since its appearance Friday
but that the respite might only be brief.
For one thing, the attackers or copycat attackers may have developed new versions of the worm,
although a British-based security researcher who thwarted an earlier version of the worm said
most of these reports had been proven false.
In Hong Kong, Gazeley said his team had found a new version of the worm that didnt use email
to lure victims.
Instead, it loaded scripts onto hacked websites where users who clicked on a malicious link
would be infected directly. He said it was too early to tell how many websites had been affected.
Gazeley added that several major companies in Asia had been hit by the ransomware, but the
last thing they want to do is come out in public and admit it. He declined to elaborate.
The initial WannaCry attack had paralyzed computers that run Britains hospital network,
Germanys national railway and scores of other companies and government agencies worldwide
in what was believed to be the biggest online extortion scheme ever.
Microsoft blamed the U.S. government for stockpiling software code that was used by
unknown hackers to launch the attacks. The hackers exploited software code from the National
Security Agency that leaked online.
The companys top lawyer said the government should report weaknesses they discover to
software companies rather than seek to exploit them.
An equivalent scenario with conventional weapons would be the U.S. military having some of
its Tomahawk missiles stolen, attorney Brad Smith wrote on Microsofts blog.
The nonprofit U.S. Cyber Consequences Unit research institute estimated that total losses would
range in the hundreds of millions of dollars, but not exceed $1 billion.
Most victims were quickly able to recover infected systems with backups, said the groups chief
economist, Scott Borg.
Infected computers appear to largely be out-of-date devices that organizations deemed not worth
the price of upgrading or, in some cases, machines involved in manufacturing or hospital
functions that proved too difficult to patch without possibly disrupting crucial operations,
security experts said.
Microsoft released patches last month and Friday to fix a vulnerability that allowed the worm to
spread across networks, a rare and powerful feature that caused infections to surge on Friday.
But new variants of the rapidly replicating worm were discovered Sunday and one did not
include the so-called kill switch that allowed researchers to interrupt its spread Friday by
diverting it to a dead end on the internet.
Ryan Kalember, senior vice president at Proofpoint Inc. which helped stop its spread, said the
version without a kill switch was able to spread but was benign because it contained a flaw that
wouldnt allow it to take over a computer and demand ransom to unlock files. However, he said
its only a matter of time before a malevolent version exists.
I still expect another to pop up and be fully operational, Kalember said. We havent fully
dodged this bullet at all until were patched against the vulnerability itself.
The attack held users hostage by freezing their computers, popping up a red screen with the
words, Oops, your files have been encrypted! and demanding money through online bitcoin
payment $300 at first, rising to $600 before it destroys files hours later.
The ransomware attack was particularly malicious, because if just one person in an organization
clicked on an infected attachment or bad link, all the computers in a network would be infected,
said Vikram Thakur, technical director of Symantec Security Response.
Thats what makes this more troubling than ransomware was a week ago, Thakur said.

The massive attack of the 'WannaCry' ransomware virus that infected computers around the
world prompted a Monday surge in cybersecurity stocks as investors sought safety.

Although the attack appeared to slow as the work week opened, investors reacted as a few major
companies reported new computer problems potentially related to the outbreak that began
Friday. The malware affected computers in at least 150 countries, according to a report by the
European Unions Europol law enforcement agency.

Running Windows? How to protect against the big ransomware attack

The attack chiefly struck computers in Europe and Asia, largely sparing North America. The
WannaCry virus spreads among computers running on Microsoft's Windows operating systems,
infecting and then locking individual machines. Affected users receive an electronic message
demanding a ransom to be paid in the electronic currency called Bitcoin.

Electronics giant Hitachi (HTHIY) said the Japanese company's computer systems had
difficulties sending and receiving emails and opening attached files, problems that corporate
officials said were believed to be related to the attack. However, the problems had not hurt
Hitachi's business operations.

In the wake of the attacks, the PureFunds ISE Cyber Security exchange traded fund (HACK)
closed 3.2% higher at $30.69 a share Monday.
Shares of Palo Alto Networks (PANW), a Santa Clara-Cal.-based company with security
platforms aimed at limiting cybersecurity risk, similarly ended the day up 2.7% higher at
$119.61.

Symantec (SYMC), a global security and information management company headquartered in

Mountain View, Cal., closed at $32 a share, 3.2% higher.

Cyberattack: Monday brings new threat as workweek begins

Shares of Cisco Systems (CSCO), a San Jose-based company that develops and markets
electronic networking hardware, closed up 2.3% at $34.23.

Fortinet (FTNT), a Sunnyvale, Cal. firm that provides network and content security, along with
secure access products, finished the day 3.4% higher at $40.45 a share.

Shares of Proofpoint (PFPT), a Sunnyvale, Cal. company with products that help protect against
cyber threats and compliance risk, closed nearly 7.4% higher at $86.05.

Meanwhile, Microsoft (MSFT) shares closed fractionally higher at $68.43. Brad Smith, the
company's president and chief legal officer, said in a Sunday blog post that The Redmond,
Wash.-based tech giant was working to contain the attack. The effort included aiding users of
older Microsoft systems no longer supported by the company, he wrote. Cyber security
researchers have found technical clues they said could link North Korea with the global
WannaCry "ransomware" cyber attack that has infected more than 300,000 machines in
150 countries since Friday.
Symantec and Kaspersky Lab said on Monday some code in an earlier version of the
WannaCry software had also appeared in programs used by the Lazarus Group, which
researchers from many companies have identified as a North Korea-run hacking
operation.
"This is the best clue we have seen to date as to the origins of WannaCry," Kaspersky
Lab researcher Kurt Baumgartner told Reuters.
At this time, all we have is a temporal link, Eric Chien, an investigator at Symantec,
told the New York Times. We want to see more coding similarities to give us more
confidence.

American officials said Monday that they had also seen the same similarities, the
newspaper reported.
Both firms said it was too early to tell whether North Korea was involved in the attacks,
which crippled the NHS on Friday and became one of the fastest-spreading extortion
campaigns on record.
The cyber companies' research will be closely followed by law enforcement agencies
around the world, including Washington, where US President Donald Trump's
homeland security adviser said on Monday that both foreign nations and cyber
criminals were possible culprits.

The two companies said they needed to study the code more and asked for others to help with the
analysis. Hackers do reuse code from other operations, so even copied lines fall well short of
proof.

US and European security officials told Reuters it was still too early to say who might be behind
the attacks, but they did not rule out North Korea as a suspect.The Lazarus hackers, acting for
impoverished North Korea, have been more brazen in pursuit of financial gain than others, and
have been blamed for the theft of $81 million from a Bangladesh bank.They were also blamed
for the attacks on Sony Pictures Entertainment - in retaliation for the comedy film The
Interview - and on Polish banks in February. The North Korean mission to the United Nations
was not immediately available for comment. The perpetrators had raised less than $70,000
from users looking to regain access to their computers, according to Trump homeland
security adviser Tom Bossert.
"We are not aware if payments have led to any data recovery," Mr Bossert said, adding
that no federal government systems had been affected.

Some private sector cyber security experts said they were not sure if the motive of the attack was
primarily to make money, noting that most large ransomware and other types of cyber extortion
campaigns pull in millions of dollars of revenue.

"I believe that this was spread for the purpose of causing as much damage as possible," said
Matthew Hickey, co-founder of British cyber consulting firm Hacker House.

The countries most affected by WannaCry to date are Russia, Taiwan, Ukraine and India,
according to Czech security firm Avast. The number of infections has fallen dramatically since
Friday's peak when more than 9,000 computers were being hit per hour. Earlier on Monday,
Chinese traffic police and schools reported they had been targeted as the attack rolled into Asia
for the new work week, but no there were no major disruptions.

Authorities in Europe and the United States turned their attention to preventing hackers from
spreading new versions of the virus.

Beyond the immediate need to shore up computer defenses, the attack has turned cyber security
into a political topic in Europe and the United States, including discussion of the role national
governments play. In a blog post on Sunday, Microsoft Corp President Brad Smith confirmed
what researchers already widely concluded: the attack made use of a hacking tool built by the US
National Security Agency (NSA) that had leaked online in April.
He poured fuel on a long-running debate over how government intelligence services should
balance their desire to keep software flaws secret - in order to conduct espionage and cyber
warfare - against sharing those flaws with technology companies to better secure the internet.

On Monday, Mr Bossert sought to distance the NSA from any blame."This was not a tool
developed by the NSA to hold ransom data. This was a tool developed by culpable parties,
potentially criminals or foreign nation-states, that were put together in such a way as to deliver
phishing emails, put it into embedded documents, and cause infection, encryption and locking,"
Mr Bossert said.

Russian President Vladimir Putin, noting the technology's link to the US spy service, said it
should be "discussed immediately on a serious political level.""Once they're let out of the lamp,
genies of this kind, especially those created by intelligence services, can later do damage to their
authors and creators," he said.

The accidental hero who halted the global spread of an unprecedented ransomware attack by
registering a garbled domain name hidden in the malware has warned the attack could be
rebooted.

The ransomware used in Fridays attack wreaked havoc on organisations including FedEx and
Telefnica, as well as the UKs National Health Service (NHS), where operations were
cancelled, X-rays, test results and patient records became unavailable and phones did not work.

But the spread of the attack was brought to a sudden halt when one UK cybersecurity researcher
tweeting as @malwaretechblog, with the help of Darien Huss from security firm Proofpoint,
found and inadvertently activated a kill switch in the malicious software.

Disruption from cyber-attack to last for days, says NHS Digital as it happened

British prime minister thanks NHS staff for working overnight after attack of unprecedented
scale

The researcher, who identified himself only as MalwareTech, is a 22-year-old from south-west
England who works for Kryptos logic, an LA-based threat intelligence company.

I was out having lunch with a friend and got back about 3pm and saw an influx of news articles
about the NHS and various UK organisations being hit, he told the Guardian. I had a bit of a
look into that and then I found a sample of the malware behind it, and saw that it was connecting
out to a specific domain, which was not registered. So I picked it up not knowing what it did at
the time.
The kill switch was hardcoded into the malware in case the creator wanted to stop it spreading.
This involved a very long nonsensical domain name that the malware makes a request to just as
if it was looking up any website and if the request comes back and shows that the domain is
live, the kill switch takes effect and the malware stops spreading. The domain cost $10.69 and
was immediately registering thousands of connections every second.

MalwareTech explained that he bought the domain because his company tracks botnets, and by
registering these domains they can get an insight into how the botnet is spreading. The intent
was to just monitor the spread and see if we could do anything about it later on. But we actually
stopped the spread just by registering the domain, he said. But the following hours were an
emotional rollercoaster.

Initially someone had reported the wrong way round that we had caused the infection by
registering the domain, so I had a mini freakout until I realised it was actually the other way
around and we had stopped it, he said.

MalwareTech said he preferred to stay anonymous because it just doesnt make sense to give
out my personal information, obviously were working against bad guys and theyre not going to
be happy about this.

He also said he planned to hold onto the URL, and he and colleagues were collecting the IPs and
sending them off to law enforcement agencies so they can notify the infected victims, not all of
whom are aware that they have been affected.

He warned people to patch their systems, adding: This is not over. The attackers will realise
how we stopped it, theyll change the code and then theyll start again. Enable windows update,
update and then reboot.

He said he got his first job out of school without any real qualifications, having skipped
university to start up a tech blog and write software.
Its always been a hobby to me, Im self-taught. I ended up getting a job out of my first botnet
tracker, which the company I now work for saw and contacted me about, asking if I wanted a
job. Ive been working there a year and two months now.

But the dark knight of the dark web still lives at home with his parents, which he joked was so
stereotypical. His mum, he said, was aware of what had happened and was excited, but his dad
hadnt been home yet. Im sure my mother will inform him, he said.

Its not going to be a lifestyle change, its just a five-minutes of fame sort of thing. It is quite
crazy, Ive not been able to check into my Twitter feed all day because its just been going too
fast to read. Every time I refresh it its another 99 notifications.

Proofpoints Ryan Kalember said the British researcher gets the accidental hero award of the
day. They didnt realise how much it probably slowed down the spread of this ransomware.

The time that @malwaretechblog registered the domain was too late to help Europe and Asia,
where many organisations were affected. But it gave people in the US more time to develop
immunity to the attack by patching their systems before they were infected, said Kalember.

The kill switch wont help anyone whose computer is already infected with the ransomware, and
its possible that there are other variants of the malware with different kill switches that will
continue to spread.

The malware was made available online on 14 April through a dump by a group called Shadow
Brokers, which claimed last year to have stolen a cache of cyber weapons from the National
Security Agency (NSA).

Ransomware is a type of malware that encrypts a users data, then demands payment in exchange
for unlocking the data. This attack used a piece of malicious software called WanaCrypt0r 2.0
or WannaCry, that exploits a vulnerability in Windows. Microsoft released a patch (a software
update that fixes the problem) for the flaw in March, but computers that have not installed the
security update remain vulnerable. The ransomware demands users pay $300 worth of
cryptocurrency Bitcoin to retrieve their files, though it warns that the payment will be raised
after a certain amount of time. Translations of the ransom message in 28 languages are included.
The malware spreads through email.
This was eminently predictable in lots of ways, said Kalember. As soon as the Shadow
Brokers dump came out everyone [in the security industry] realised that a lot of people wouldnt
be able to install a patch, especially if they used an operating system like Windows XP [which
many NHS computers still use], for which there is no patch.

Security researchers with Kaspersky Lab have recorded more than 45,000 attacks in 74
countries, including the UK, Russia, Ukraine, India, China, Italy, and Egypt. In Spain, major
companies including telecommunications firm Telefnica were infected.

By Friday evening, the ransomware had spread to the United States and South America, though
Europe and Russia remained the hardest hit, according to security researchers Malware Hunter
Team. The Russian interior ministry says about 1,000 computers have been affected. A
cyberattack is sweeping the world, infecting thousands of computers and demanding their
owners pay a ransom or risk losing all their data. The threat, which has affected the FedEx
shipping company, several hospitals in the UK, a major Spanish telecommunications company,
and many more, makes even more urgent the need to improve U.S. cybersecurity both within
the federal government and throughout our internet-connected society.

President Trumps new executive order on cybersecurity for federal computer networks and key
elements of the countrys infrastructure such as the electricity grid and core communications
networks builds meaningfully on the work of the Obama administration. It focuses on matters
of common and bipartisan concern, meaning it is likely to avoid the disquiet and disorganization
generated by other recent executive orders.

Cybersecurity is ultimately an exercise in risk management. Given the range of possible threats
and the pace at which they may appear, it is impossible to protect everything, everywhere, all the
time. But it is possible to make sure that the most valuable resources (such as particular networks
and systems, or specific data) are properly protected by, at minimum, good cyber-hygiene and
ideally, more.

The executive order seeks to do just that, by calling on Cabinet secretaries and the heads of other
federal agencies to follow the Framework for Improving Critical Infrastructure Cybersecurity,
created by the National Institute of Standards and Technology under the Obama administration.
That framework also figures prominently in the final report of Obamas Commission on
Enhancing National Cybersecurity.
Three key topics of the executive order are of particular interest because they suggest significant
new developments in the federal governments approach to cybersecurity. The order rightly
highlights cyber-deterrence, the process of discouraging prospective attackers from actually
trying to breach our systems. In addition, the order correctly identifies the electricity grid as
needing stronger security as well as the militarys warfighting capabilities.

Stepping up cyber-deterrence

One crucial element that has been largely missing from American cybersecurity efforts so far is
cyber-deterrence. Just as nuclear deterrence let countries with nuclear weapons know that
launching a nuclear attack would mean their own swift and sure destruction, cyber-deterrence
involves making clear to prospective adversaries that attacks will either be too unlikely to
succeed, or will be met by certain and severe retribution.

The executive order asks a wide group of senior government officials the secretaries of
Commerce, Defense, Homeland Security, State and Treasury, plus the attorney general, the
governments top trade negotiator and the director of national intelligence to develop options
for deterring cyber-adversaries (without specifying any in particular).

Deterrence must, by nature, be multi-dimensional: It has to include a variety of obstacles to

incoming attacks, as well as potential consequences for attackers. Coordinating diplomacy,
military and economic efforts will be crucial to presenting a unified front to would-be
adversaries.

This is not to say that a one-size strategy will fit all. To the contrary, besides a robust general
posture, the U.S. must also tailor its specific deterrence efforts to make sure they are effective
against individual potential adversaries.

Protecting the grid and the militarys warfighting capabilities

The executive order also calls for additional protection of the electricity grid against
cyberattacks. The potential is not hypothetical: Ukraines grid was attacked twice, in December
2015 and December 2016.
And it calls attention to the militarys industrial base, including its supply chain which
collectively produces, delivers and maintains weapons systems and component parts that are
necessities for the Department of Defense. A successful cyber-attack on key suppliers could
hamstring Americas armed forces as much as a physical incursion against them on the
battlefield.

Yet, as important as it is to identify and remedy existing vulnerabilities, the better course is
always to design computer systems securely in the first place. The executive order focuses more
on the former than the latter, since we must work with the capabilities and equipment we have,
rather than just those we would wish to have.

More generally, the executive order discusses and reinforces the basic principles of good cyber-
hygiene. For instance, it emphasizes the significant risks to departments and agencies, and the
citizens they serve, if known vulnerabilities remain unrepaired. For instance, without proper
protections, taxpayer records, Social Security data and medical records could be stolen or
fraudulently altered.

Sadly, this is a vital issue. Recent testimony from the Government Accountability Office
documents the widespread problems government agencies have failing to install routine security
upgrades and even using software so outdated the company that created it no longer supports it.

But the executive order also looks to a future federal government that takes advantage of cloud
computing and the Internet of Things. The document not only calls for safeguarding existing
networks and data; it declares the importance of systematic planning for future technological
upgrades and advances, to manage risk effectively. Maintenance and modernization both matter,
and both must be done securely.

Overall, the order is a solid document, with guidance that is both measured and clear. Key to its
success and ultimately to the countrys security in cyberspace will be the relationship the
government builds with private industry. Protecting the country wont be possible without both
groups working in tandem.

The increasing use of the internet and social media has made cyber security even more important
that it was before. Growing cyber threats such as data theft, phishing scams and other cyber
vulnerabilities demand that users should remain vigilant about protecting data. It is essential to
understand the varied type of risks and vulnerabilities that exists in the Internet world. For every
user, it is important to think before connecting to someone using online medium. Users should
also think prior to sharing any information with other users through the internet.