SlideShare a Scribd company logo

ECEM 722: How the Cyber Crime Threat Grows

Download as DOC, PDF
Guy DeMarco
Guy DeMarco

This document discusses the growing threat of cybercrime and cyberterrorism as American society becomes increasingly interconnected through digital technology and the internet. It notes that critical infrastructure systems like transportation, energy, water, healthcare and financial services all rely on internet-connected digital systems, making them vulnerable to cyber attacks that could disrupt services or endanger lives. The document advocates for improved cybersecurity measures to protect personal information, businesses, governments and critical infrastructure from online threats.

1 of 13
ECEM 722: COMMUNITY PREPAREDNESS Digital Dilemma How the Cyber Crime Threat Grows as America Becomes Interconnected Guy DeMarco 5/6/2014
On April 3, 2014, the news organization Reuters reported a massive security breach of a subsidiary of Experian Plc. The breach, according to the Reuters report, “exposed the Social Security numbers of some 200 million people to criminal activity” (Freifeld, 2014). A Vietnamese man confessed to orchestrating the breach, which enabled him to “run an underground website that offered clients access to personal data of Americans” (Freifeld, 2014). Ironically, millions of Americans use Experian (and its counterparts Equifax and Trans Union) to monitor their credit history in the event of identity theft or a data breach similar to the one that struck Experian. Many people probably requested credit reports from these companies after another major data breach that made headlines: the Target attack in November 2013. That breach, which occurred during one of Target’s busiest shopping seasons of the year, affected “approximately 40 million credit and debit card accounts” (Target Corporation, 2013). In the time between the Target attack in 2013 and the Experian attack in March 2014, cybercrimes have been reported at a number of companies, including (but not limited to): Yahoo, Affinity Gaming, Neiman Marcus, Comcast and Las Vegas Sands Corporation. Online invasions like these are becoming increasingly frequent and more difficult to stop. Yet, a growing number of Americans, public agencies and private companies continue to willingly submit personal information on the Internet. While the Internet has greatly improved communication, education and commerce, it also makes people, companies and systems vulnerable to cybercrime and cyber terrorism. Emergency managers must be ready to mitigate the potential effects of cyber attacks. They must be ready to respond to and recover from these attacks, even as they become increasingly sophisticated, and as more people, governments and businesses raise their online profiles and the likelihood that cyber terrorism will occur. 2
Today, Americans live almost their entire lives online. A hacker or computer specialist can gain access to a massive amount of information about a person’s life. Birth records, death records, criminal histories, bankruptcies, housing information can all be found on the Internet. Some of these records can be accessed at zero cost. Other information is available for the right price. Government records aren’t the only data available online. People shop online. They conduct banking transactions online. They pay their bills online. Each of these actions increases a person’s vulnerability to identity theft and/or a cyber attack. Additionally, people willingly contribute personal information such as pictures, stories, favorite movies, favorite books, etc. on social media sites such as Facebook, Twitter or Instagram. In the continuing effort to lure customers, companies are adding online features to vehicles, homes and household appliances. Even some medical devices contain “computer systems that can be vulnerable to cybersecurity breaches” (U.S. Food and Drug Administration, 2013). Governments and utilities are placing their operations online, exposing power grids, water operations, transportation infrastructures and more to cyber-attacks. As more information is placed online, the risk grows, and it affects both individuals and entire communities. One area in which cyber terrorism could affect millions of Americans is in the transportation industry. In 2013, 823,657,070 people traveled via airplanes on both domestic and international flights (Research and Innovative Technology Administration Bureau of Transportation Statistics). Amtrak, one of the leading rail companies in the United States, reached record ridership in 2012, carrying 31.2 million passengers (Amtrak, 2012). These transportation systems have long been targets for traditional terrorist methods (as evidenced by 9/11 and the 2005 London train bombings). Yet, in an effort to increase efficiency, these systems are turning to online technologies, making transportation systems vulnerable targets for 3
cyber terrorism. According to Michael Dinning with the Department of Transportation’s Volpe Center, “The FAA and the aviation industry (are) moving quickly to a next-generation or the NextGen system of air traffic control. In NextGen, we’ll be dependent on digital communications and satellite-based systems instead of our current analog and radar-based systems” (Research and Innovative Technology Administration, 2011). Planes and terminals are also increasingly relying on web-based technology. The purpose of utilizing digital systems in the airline industry is to increase efficiency, reduce wait-times and enable travelers to reach their destinations safely. While these are noble goals, relying on digital systems makes air travel vulnerable to acts of cyber terrorism. PC World stated as much in 2009, when it cited a Department of Transportation report that found more than 3,700 vulnerabilities in air traffic control – ranging from weak passwords to the ability to hack into and take control of an air traffic control system (Kirk, 2009). The vulnerabilities do not end with the airline industry. Rail and transit systems, which are increasingly using digital systems, are equally susceptible to cyber attacks. Likewise, people who travel by automobile are not immune to cyber crime. New vehicles are hitting the market that include wireless Internet capabilities, making cars increasingly vulnerable to cyber attack. The features are sold as options of convenience, but those conveniences could be costly. It is not out of the realm of possibility for a terrorist to wirelessly hack into the digital system of a plane, bus, train or automobile and use it as a missile in a 9/11-type of attack. Until online security systems are improved in the transportation industry, these transportation systems will be tempting targets for those who wish to do harm. One feature that these transportation systems all share is their reliance on power to operate. Unfortunately, reliance on digital technology leaves the nation’s energy infrastructure vulnerable to cyberterrorism. If cyberterrorists target power utilities and the plants that supply 4
power, the damage can range from crippling (i.e., widespread power outages) to catastrophic (i.e., nuclear plant shut downs). The U.S. Department of Energy is moving forward with the use of digital technology through its Smart Grid system. The DOE states the purpose of Smart Grid is to connect power plants and their customers in a developing network that is designed to provide efficient, reliable energy that is protected from natural and man-made outages (U.S. Department of Energy). The Smart Grid, however, utilizes a Supervisory Control and Data Acquisition System (SCADA) (U.S. Department of Energy). This system makes the interconnected grid vulnerable. Retired FBI Agent William Tafoya wrote of SCADA systems in 2011, “These obscure little drone-like computer systems have virtually no security, firewalls, routers, or antivirus software to protect them. They are spread far and wide across the nation, even in some of the most remote places imaginable. One anonymous hacker interviewed for a television program said, ‘SCADA is a standard approach toward control systems that pervades everything from water supply to fuel lines.’ He goes on to describe that the systems run operating systems that make them vulnerable” (Tafoya, 2011). A recent exercise that tested the security of North American power grids also showed the grids are susceptible to cyber attacks (Wald, 2014). Equally as alarming is the increasing reliance on digital technology to operate the nation’s nuclear power plants. Despite steps taken by the Nuclear Regulatory Commission in 2009 to mandate cybersecurity standards in the nuclear industry (Holt, 2014), a U.S. State Department report in 2012 conceded, “Nuclear power plants may be vulnerable to cyber-attacks, which might – in extreme cases – lead to substantial releases of radioactive material with consequent loss of lives, radiation sickness and psycho-trauma, extensive property destruction and economic upheaval” (Martellini, 2012). The continued use of cyber technology in the 5
energy industry makes the industry vulnerable to, at best, widespread disruption and economic losses and, at worst, severe damage and significant loss of life. Energy is an essential component of life in the United States. So too is water, especially in arid states such as Nevada and Arizona. Such a precious commodity could be a popular target for terrorists, and they can disrupt water service with a few clicks on a computer keyboard. Water utilities are embracing digital technology as a way of improving service for customers. According to the water utility trade magazine Water World, “With over four billion mobile devices in the world (and roughly a quarter of them smartphones), more people spend time communicating online than they do in person… For water utilities, mobility can mean a faster, more efficient way to collect data and make better decisions more quickly. By putting devices and applications in the hands of employees and customers wherever they are, field employees and customers can input service order information or requests in a more streamlined fashion” (Zhang, 2012). As with energy companies and transportation systems, the quest for improved delivery via digital technology opens the door for cyberterrorism. The threat to water utilities is two-fold according to a 2006 U.S. Army manual which states fresh water supplies and wastewater collection are the likeliest targets. “The nation has over 170,000 public water systems which include reservoirs, dams, wells, aquifers, treatment facilities, pumping stations, aqueducts and transmission pipelines. Waste collection extends to 19,500 municipal sanitary sewer systems, and 800,000 miles of sewer lines” (p. II-2). The Environmental Protection Agency states cyber attacks could cause changes in chemical treatment of water, disable delivery or overflow untreated sewage into public waterways (Environmental Protection Agency, 2012). Much like energy systems, water utilities rely on SCADA technology, making these systems vulnerable to hackers. A disruption of water service can have disastrous effects in any 6
community in America, but especially in the nation’s driest areas. Large cities such as Las Vegas, Phoenix and Los Angeles are already suffering from drought and a dwindling water supply from the Colorado River. If that supply is compromised by a cyber attack, millions of residents and businesses would feel an immediate impact. The potential for cyberterrorism could threaten their access to the west’s most precious resource. Saving lives is the primary duty of doctors, hospitals and medical facilities around the country, but that mission could be threatened by the medical industry’s digital push. When the Affordable Care Act became law in 2010, it mandated insurance coverage for most Americans. The White House estimates 7.1 million Americans have enrolled in private health coverage under the act. Among its many provisions, the act requires that health plans shift to electronic health records in an effort to cut down on paperwork and administrative costs. An increase in patients, combined with a shift to online medical records, creates a target-rich environment for cyber terrorists. In a 2013 article published in Telemedicine and eHealth, two researchers detailed the risk facing hospitals and medical systems, which are becoming increasingly interconnected. The article detailed a hypothetical attack that “began with hackers using ‘phishing’ e-mails to introduce four separate packages of malware into the hospital networks. Once planted, these packages would trigger in sequence a few days or weeks apart. The first would infect patient record databases and alter doctors’ orders, medication doses, and other information, spreading confusion and possibly causing illness and deaths. A few days later, the next program would trigger, interfering with portable devices that nurses use to record patient information. The third wave would attack the software in intensive care unit monitors, altering the data display and switching off alarms. The fourth and final wave would infect the software controlling drug infusion pumps and similar devices” (p. 62-63). The article lists health care as a 7
target, because systems have been slow to secure their digital information (Yellowlees, 2013). The threat goes beyond medical facilities and their IT systems. The Food and Drug Administration warned in 2013 that as medical devices become increasingly connected to networks, cybersecurity vulnerabilities grow and could threaten computers and mobile devices (Food and Drug Administration, 2013). Even life-saving items such as pacemakers are now susceptible to cyber attack (Wadhwa, 2012). As these examples illustrate, facilities and systems designed to save lives may actually be putting them at risk with increased use of cyber technology. The risk facing Americans does not always involve physical harm. The U.S. economy is also a tempting target. When the U.S. economy collapsed in 2008, it cost the nation trillions of dollars in lost income, lost real estate wealth and lost stock market wealth, as well as 5.5 million American jobs (Swagel, 2010). That financial crisis was the result of careless practices and reckless investments by the nation’s largest financial institutions. What if such a crisis were intentional? According to a U.S. Army training manual in 2006, “The financial sectors infrastructure includes computer networks, storage devices and telecommunications networks. This sector is also extremely vulnerable to public perception; an impression of weakness could easily result in a damaging cascading effect. Normal operations are necessary to maintain public confidence” (p. II-8). As more banking options move online and on mobile devices, the risk of a cyber attack on these institutions and platforms grows. In a statement before the House Financial Services Committee in September 2011, FBI Cyber Division Assistant Director Gordon Snow warned of the growing threat of cyberterrorism on the nation’s financial institutions. Snow stated, “The FBI is currently investigating over 400 reported cases of corporate account takeovers in which cyber criminals have initiated unauthorized ACH and wire transfers from the 8
bank accounts of U.S. businesses. These cases involve the attempted theft of over $255 million and have resulted in the actual loss of approximately $85 million” (Snow, 2011). Snow also emphasized vulnerabilities with ATMs and point of sale devices used at many retail stores. Snow stated, “A criminal affixes a skimmer to the outside or inside of an ATM to collect card numbers and personal identification number (PIN) codes. The criminal then either sells the stolen data over the Internet or makes fake cards to withdraw money from the compromised accounts… Point of Sale (POS) terminals, which are primarily used to conduct the daily sale operations in restaurants, retail stores, and places of business, have been a primary target for cyber criminals engaging in credit card fraud and have resulted in the compromise of millions of credit and debit cards the U.S.” (Snow, 2011). The Target breach mentioned earlier involved Point-of-Sale data. Equally alarming is the expansion of mobile banking technology, which gives people (and cyber criminals) access to bank account information on mobile devices. Snow stated, “Cyber criminals have successfully demonstrated man-in-the-middle attacks against mobile phones using a variation of ZeuS malware. The malware is installed on the phone through a link imbedded in a malicious text message, and then the user is instructed to enter their complete mobile information. Because financial institutions sometimes use text messaging to verify that online transactions are initiated by a legitimate user, the infected mobile phones forward messages to the criminal, thwarting the bank’s two-factor authentication” (Snow, 2011). The danger of cyber-attacks on financial institutions and platforms is two-fold. These attacks not only strike the U.S. economy and the personal finances of average Americans, they can also be used to steal identities and money that can later be used for terrorist attacks. Yet, an increasing number of banks and financial institutions are relying on digital technology and making digital 9
banking easier for customers, increasing the risk of cyber terrorism. The financial industry is certainly a vulnerable area for online attacks. With so many systems utilizing online/digital components and raising the risk of cyber terrorism, what, if any, steps can be taken to reduce the risk? The solutions range from basic, common-sense steps to complex legislation. Personal protection represents the front line of cyber security. Individuals can protect their identities, passwords, banking information, credit card numbers, etc. from falling into the wrong hands by frequently checking their bank statements for potentially fraudulent activity, utilizing anti-virus and anti-malware software on personal computers, and never giving out credit card or Social Security numbers to unknown or untrusted parties. Businesses and governments can also take steps to protect vital information and access. As outlined in the 1996 book Information Warfare, steps include (but are not limited to): performing a comprehensive risk analysis, re-examining the organization’s networks from a hacker’s standpoint, vigilantly screening potential employees, developing response plans in the event of a cyber-attack and frequently testing the security of the system for weaknesses (Schwartau, 1996). Cybersecurity should also be considered a national priority. In Cyber Attack: Protecting National Infrastructure, Edward Amoroso cited ways in which the federal government can improve cyber security. Those steps include (but are not limited to): providing warnings of potential threats, sharing information inside and outside government, analyzing cyber vulnerabilities and providing technical assistance (Amoroso, 2013). Finally, Congress and the President can pass any number of bills into law that would strengthen cyber security. Bills currently under consideration include: the Federal Information Security Amendments Act, the Cyber Intelligence Sharing and Protection Act, the Cybersecurity Enhancement Act, the Cybersecurity Act of 2012 and/or the Cybersecurity Act of 2013 (Chabrow, 2013). Each of 10
those bills would add another level of security to the nation’s infrastructure and businesses. Whether the focus is personal, business or governmental, cybersecurity must be considered a top priority moving forward. The recent attacks on digital systems in the private sector underscore the growing threat of cyber security. The U.S. possesses no shortage of enemies, many of whom are growing more sophisticated in their ability to cause the nation harm. Cyberspace may be the next battlefield in the ongoing war on terror. Yet, the American public, government and business community continue to provide new targets for the country’s enemies by making more information and systems available online. Until online security and systems are better protected from cyber attacks, the next 9/11 could occur in the digital realm. 11
BIBLIOGRAPHY Amoroso, E. (2013). Cyber Attacks: Protecting National Infrastructure. Waltham, Massachusetts: Elsevier Inc. Amtrak. (2012). Annual Report Fiscal Year 2012. Retrieved April 7, 2014, from Amtrak.com: http://www.amtrak.com/ccurl/103/360/Amtrak-Annual-Report-2012.pdf Chabrow, E. (2013, September 13). Cybersecurity Legislation: What's Next? Retrieved April 15, 2014, from BankInfoSecurity.com: http://www.bankinfosecurity.com/cybersecurity-legislation-whats- next-a-6063/op-1 Environmental Protection Agency. (2012, July). Cyber Security 101 for Water Utilities. Retrieved April 14, 2014, from EPA.gov: http://water.epa.gov/infrastructure/watersecurity/features/upload/epa817k12004.pdf Food and Drug Administration. (2013, June 13). FDA Safety Communication: Cybersecurity for Medical Devices and Hospital Networks. Retrieved April 12, 2014, from FDA.gov: http://www.fda.gov/medicaldevices/safety/alertsandnotices/ucm356423.htm Freifeld, J. F. (2014, April 3). Exclusive: U.S. states probing security breach at Experian unit. Retrieved April 5, 2014, from Reuters.com: http://www.reuters.com/article/2014/04/03/us-experian- databreach-idUSBREA321SL20140403 Holt, M. (2014). Nuclear Power Plant Security and Vulnerabilities. Washington, DC: Congressional Research Office. Kirk, J. (2009, May 7). Study: US Air Traffic Control Vulnerable to Cyberattack. Retrieved April 8, 2014, from pcworld.com: http://www.pcworld.com/article/164501/article.html Martellini, M. (2012). Cyber Security for Nuclear Power Plants. Washington, D.C.: U.S. Department of State. Research and Innovative Technology Administration. (2011, 7 December). T3 Talking Technology and Transportation Webinars. Retrieved April 2014, 7, from pcb.its.dot.gov: http://www.pcb.its.dot.gov/t3/s111207/111207.html Research and Innovative Technology Administration Bureau of Transportation Statistics. (n.d.). TranStats. Retrieved April 7, 2014, from transtats.bts.gov: http://www.transtats.bts.gov/Data_Elements.aspx?Data=1 Schwartau, W. (1996). Information Warfare. Emeryville, California: Publishers Group West. 12
Snow, G. (2011, September 14). Testimony: Cyber Security Threats to the Financial Sector. Retrieved April 13, 2014, from FBI.gov: http://www.fbi.gov/news/testimony/cyber-security-threats-to-the- financial-sector Swagel, P. (2010). The Cost of the Financial Crisis: The Impact of the September 2009 Economic Collapse. Pew Charitable Trusts. Tafoya, W. (2011, November). Cyber Terror. Retrieved April 10, 2014, from fbi.gov: http://www.fbi.gov/stats-services/publications/law-enforcement-bulletin/november- 2011/cyber-terror Target Corporation. (2013, December 19). Target confirms unauthorized access to payment card data in U.S. stores. Retrieved April 5, 2014, from Target.com: http://pressroom.target.com/news/target-confirms-unauthorized-access-to-payment-card- data-in-u-s-stores U.S. Army. (2006). Critical Infrastructure: Threats and Terrorism. Fort Leavenworth, Kansas: U.S. Army Training and Doctrine Command. U.S. Department of Energy. (n.d.). Smart Grid Investment Grant Program. Retrieved April 10, 2014, from smartgrid.gov: https://www.smartgrid.gov/recovery_act/overview/smart_grid_investment_grant_program U.S. Department of Energy. (n.d.). smartgrid.gov. Retrieved April 10, 2014, from What is the Smart Grid?: https://www.smartgrid.gov/the_smart_grid U.S. Food and Drug Administration. (2013, June 13). FDA Safety Communication: Cybersecurity for medical devices and hospital networks. Retrieved April 2014, 5, from fda.gov: http://www.fda.gov/medicaldevices/safety/alertsandnotices/ucm356423.htm Wadhwa, T. (2012, December 6). Yes, You Can Hack a Pacemaker (and Other Medical Devices Too). Forbes Magazine. Wald, M. (2014, March 12). Power Grid Preparedness Falls Short, Report Says. Retrieved April 10, 2014, from NewYorkTimes.com: http://www.nytimes.com/2014/03/13/business/energy- environment/power-grid-preparedness-falls-short-report-says.html?_r=0 Yellowlees, D. H. (2013). Brief Communication - Cyberterrorism: Is the U.S. Healthcare System Safe? Telemedicine and eHealth. Zhang, J. (2012, December 1). Water Utilities and the Digital Transformation. Water World. 13

Recommended

Online security – an assessment of the new
Online security – an assessment of the newOnline security – an assessment of the new
Online security – an assessment of the newsunnyjoshi88
 
Delusions of-safety-cyber-savvy-ceo
Delusions of-safety-cyber-savvy-ceoDelusions of-safety-cyber-savvy-ceo
Delusions of-safety-cyber-savvy-ceoJoão Rufino de Sales
 
Cyber savvy (2)
Cyber savvy (2)Cyber savvy (2)
Cyber savvy (2)naveen p
 
NEED FOR CRITICAL CYBER DEFENCE, SECURITY STRATEGY AND PRIVACY POLICY IN BANG...
NEED FOR CRITICAL CYBER DEFENCE, SECURITY STRATEGY AND PRIVACY POLICY IN BANG...NEED FOR CRITICAL CYBER DEFENCE, SECURITY STRATEGY AND PRIVACY POLICY IN BANG...
NEED FOR CRITICAL CYBER DEFENCE, SECURITY STRATEGY AND PRIVACY POLICY IN BANG...IJMIT JOURNAL
 
111cyber crimes
111cyber crimes111cyber crimes
111cyber crimesrinushalu
 
Who Has Your Back 2014: Protecting Your Data From Government Requests
Who Has Your Back 2014: Protecting Your Data From Government RequestsWho Has Your Back 2014: Protecting Your Data From Government Requests
Who Has Your Back 2014: Protecting Your Data From Government Requests- Mark - Fullbright
 
The Cyberspace and Intensification of Privacy Invasion
The Cyberspace and Intensification of Privacy InvasionThe Cyberspace and Intensification of Privacy Invasion
The Cyberspace and Intensification of Privacy Invasioniosrjce
 
NEC Public Safety | Integrating Physical & Cyber Security
NEC Public Safety | Integrating Physical & Cyber SecurityNEC Public Safety | Integrating Physical & Cyber Security
NEC Public Safety | Integrating Physical & Cyber SecurityNEC Public Safety
 

Recommended

Online security – an assessment of the new
Online security – an assessment of the newOnline security – an assessment of the new
Online security – an assessment of the newsunnyjoshi88
 
Delusions of-safety-cyber-savvy-ceo
Delusions of-safety-cyber-savvy-ceoDelusions of-safety-cyber-savvy-ceo
Delusions of-safety-cyber-savvy-ceoJoão Rufino de Sales
 
Cyber savvy (2)
Cyber savvy (2)Cyber savvy (2)
Cyber savvy (2)naveen p
 
NEED FOR CRITICAL CYBER DEFENCE, SECURITY STRATEGY AND PRIVACY POLICY IN BANG...
NEED FOR CRITICAL CYBER DEFENCE, SECURITY STRATEGY AND PRIVACY POLICY IN BANG...NEED FOR CRITICAL CYBER DEFENCE, SECURITY STRATEGY AND PRIVACY POLICY IN BANG...
NEED FOR CRITICAL CYBER DEFENCE, SECURITY STRATEGY AND PRIVACY POLICY IN BANG...IJMIT JOURNAL
 
111cyber crimes
111cyber crimes111cyber crimes
111cyber crimesrinushalu
 
Who Has Your Back 2014: Protecting Your Data From Government Requests
Who Has Your Back 2014: Protecting Your Data From Government RequestsWho Has Your Back 2014: Protecting Your Data From Government Requests
Who Has Your Back 2014: Protecting Your Data From Government Requests- Mark - Fullbright
 
The Cyberspace and Intensification of Privacy Invasion
The Cyberspace and Intensification of Privacy InvasionThe Cyberspace and Intensification of Privacy Invasion
The Cyberspace and Intensification of Privacy Invasioniosrjce
 
NEC Public Safety | Integrating Physical & Cyber Security
NEC Public Safety | Integrating Physical & Cyber SecurityNEC Public Safety | Integrating Physical & Cyber Security
NEC Public Safety | Integrating Physical & Cyber SecurityNEC Public Safety
 
Cybertort Imp Slides For Pub. Internet
Cybertort Imp Slides For Pub. InternetCybertort Imp Slides For Pub. Internet
Cybertort Imp Slides For Pub. InternetProf. (Dr.) Tabrez Ahmad
 
Hacking Municipal Government Best Practices for Protection of Sensitive Loc...
Hacking Municipal Government Best Practices for Protection of Sensitive Loc...Hacking Municipal Government Best Practices for Protection of Sensitive Loc...
Hacking Municipal Government Best Practices for Protection of Sensitive Loc...Ben Griffith
 
Wikileaks, Hactivism, and Government: An Information War
Wikileaks, Hactivism, and Government: An Information WarWikileaks, Hactivism, and Government: An Information War
Wikileaks, Hactivism, and Government: An Information WarThomas Jones
 
American Bar Association guidelines on Cyber Security standards
American Bar Association guidelines on Cyber Security standardsAmerican Bar Association guidelines on Cyber Security standards
American Bar Association guidelines on Cyber Security standardsDavid Sweigert
 
Social media legislation
Social media legislationSocial media legislation
Social media legislationyayayaya76
 
WCIT 2014 Matt Stamper - Information Assurance in a Global Context
WCIT 2014 Matt Stamper - Information Assurance in a Global ContextWCIT 2014 Matt Stamper - Information Assurance in a Global Context
WCIT 2014 Matt Stamper - Information Assurance in a Global ContextWCIT 2014
 
Cybertorts
CybertortsCybertorts
Cybertortspanabaha
 
The CFAA and Aarons Law
The CFAA and Aarons LawThe CFAA and Aarons Law
The CFAA and Aarons LawThomas Jones
 
World Energy Focus - Ottobre 2016
World Energy Focus - Ottobre 2016World Energy Focus - Ottobre 2016
World Energy Focus - Ottobre 2016WEC Italia
 
Don't Panic. Making Progress on the 'Going Dark' Debate
Don't Panic. Making Progress on the 'Going Dark' DebateDon't Panic. Making Progress on the 'Going Dark' Debate
Don't Panic. Making Progress on the 'Going Dark' DebateFabio Chiusi
 
CIR Magazine - Cyber Readiness, key to survival
CIR Magazine - Cyber Readiness, key to survivalCIR Magazine - Cyber Readiness, key to survival
CIR Magazine - Cyber Readiness, key to survivalMorgan Jones
 
Oxford Internet Institute 19 Sept 2019: Disinformation – Platform, publisher ...
Oxford Internet Institute 19 Sept 2019: Disinformation – Platform, publisher ...Oxford Internet Institute 19 Sept 2019: Disinformation – Platform, publisher ...
Oxford Internet Institute 19 Sept 2019: Disinformation – Platform, publisher ...Chris Marsden
 
Cybersecurity A Community Approach - 20151109
Cybersecurity A Community Approach - 20151109Cybersecurity A Community Approach - 20151109
Cybersecurity A Community Approach - 20151109Frank Backes
 
Cybersecurity Whistleblower Protection Guide
Cybersecurity Whistleblower Protection GuideCybersecurity Whistleblower Protection Guide
Cybersecurity Whistleblower Protection GuideBenjamin Tugendstein
 
Privacy and Access to Information Law - Lecture 1
Privacy and Access to Information Law - Lecture 1Privacy and Access to Information Law - Lecture 1
Privacy and Access to Information Law - Lecture 1James Williams
 
Big Data and Privacy
Big Data and PrivacyBig Data and Privacy
Big Data and Privacymjsale781
 
Concept paper-on-igf-2014-istanbul-turkey-from-nepal-s-perspective-docx (1)
Concept paper-on-igf-2014-istanbul-turkey-from-nepal-s-perspective-docx (1)Concept paper-on-igf-2014-istanbul-turkey-from-nepal-s-perspective-docx (1)
Concept paper-on-igf-2014-istanbul-turkey-from-nepal-s-perspective-docx (1)Shreedeep Rayamajhi
 
3 vol11no2
3 vol11no23 vol11no2
3 vol11no2sumawk
 
Voting power point 112119-1
Voting power point 112119-1Voting power point 112119-1
Voting power point 112119-1IbrahimIbrahim168
 
Cybersecurity report
Cybersecurity reportCybersecurity report
Cybersecurity reportKevin Leffew
 
RCC K&L / KNVvK themadag Slim hergebruik van restwarmte 22 okt. 2015 - Algeme...
RCC K&L / KNVvK themadag Slim hergebruik van restwarmte 22 okt. 2015 - Algeme...RCC K&L / KNVvK themadag Slim hergebruik van restwarmte 22 okt. 2015 - Algeme...
RCC K&L / KNVvK themadag Slim hergebruik van restwarmte 22 okt. 2015 - Algeme...RCCKL
 
بحث الهند
بحث الهندبحث الهند
بحث الهندEhssan Nassiaf
 

More Related Content

What's hot

Hacking Municipal Government Best Practices for Protection of Sensitive Loc...
Hacking Municipal Government Best Practices for Protection of Sensitive Loc...Hacking Municipal Government Best Practices for Protection of Sensitive Loc...
Hacking Municipal Government Best Practices for Protection of Sensitive Loc...Ben Griffith
 
Wikileaks, Hactivism, and Government: An Information War
Wikileaks, Hactivism, and Government: An Information WarWikileaks, Hactivism, and Government: An Information War
Wikileaks, Hactivism, and Government: An Information WarThomas Jones
 
American Bar Association guidelines on Cyber Security standards
American Bar Association guidelines on Cyber Security standardsAmerican Bar Association guidelines on Cyber Security standards
American Bar Association guidelines on Cyber Security standardsDavid Sweigert
 
Social media legislation
Social media legislationSocial media legislation
Social media legislationyayayaya76
 
WCIT 2014 Matt Stamper - Information Assurance in a Global Context
WCIT 2014 Matt Stamper - Information Assurance in a Global ContextWCIT 2014 Matt Stamper - Information Assurance in a Global Context
WCIT 2014 Matt Stamper - Information Assurance in a Global ContextWCIT 2014
 
Cybertorts
CybertortsCybertorts
Cybertortspanabaha
 
The CFAA and Aarons Law
The CFAA and Aarons LawThe CFAA and Aarons Law
The CFAA and Aarons LawThomas Jones
 
World Energy Focus - Ottobre 2016
World Energy Focus - Ottobre 2016World Energy Focus - Ottobre 2016
World Energy Focus - Ottobre 2016WEC Italia
 
Don't Panic. Making Progress on the 'Going Dark' Debate
Don't Panic. Making Progress on the 'Going Dark' DebateDon't Panic. Making Progress on the 'Going Dark' Debate
Don't Panic. Making Progress on the 'Going Dark' DebateFabio Chiusi
 
CIR Magazine - Cyber Readiness, key to survival
CIR Magazine - Cyber Readiness, key to survivalCIR Magazine - Cyber Readiness, key to survival
CIR Magazine - Cyber Readiness, key to survivalMorgan Jones
 
Oxford Internet Institute 19 Sept 2019: Disinformation – Platform, publisher ...
Oxford Internet Institute 19 Sept 2019: Disinformation – Platform, publisher ...Oxford Internet Institute 19 Sept 2019: Disinformation – Platform, publisher ...
Oxford Internet Institute 19 Sept 2019: Disinformation – Platform, publisher ...Chris Marsden
 
Cybersecurity A Community Approach - 20151109
Cybersecurity A Community Approach - 20151109Cybersecurity A Community Approach - 20151109
Cybersecurity A Community Approach - 20151109Frank Backes
 
Cybersecurity Whistleblower Protection Guide
Cybersecurity Whistleblower Protection GuideCybersecurity Whistleblower Protection Guide
Cybersecurity Whistleblower Protection GuideBenjamin Tugendstein
 
Privacy and Access to Information Law - Lecture 1
Privacy and Access to Information Law - Lecture 1Privacy and Access to Information Law - Lecture 1
Privacy and Access to Information Law - Lecture 1James Williams
 
Big Data and Privacy
Big Data and PrivacyBig Data and Privacy
Big Data and Privacymjsale781
 
Concept paper-on-igf-2014-istanbul-turkey-from-nepal-s-perspective-docx (1)
Concept paper-on-igf-2014-istanbul-turkey-from-nepal-s-perspective-docx (1)Concept paper-on-igf-2014-istanbul-turkey-from-nepal-s-perspective-docx (1)
Concept paper-on-igf-2014-istanbul-turkey-from-nepal-s-perspective-docx (1)Shreedeep Rayamajhi
 
3 vol11no2
3 vol11no23 vol11no2
3 vol11no2sumawk
 
Cybersecurity report
Cybersecurity reportCybersecurity report
Cybersecurity reportKevin Leffew
 

What's hot (20)

Cybertort Imp Slides For Pub. Internet
Cybertort Imp Slides For Pub. InternetCybertort Imp Slides For Pub. Internet
Cybertort Imp Slides For Pub. Internet
 
Hacking Municipal Government Best Practices for Protection of Sensitive Loc...
Hacking Municipal Government Best Practices for Protection of Sensitive Loc...Hacking Municipal Government Best Practices for Protection of Sensitive Loc...
Hacking Municipal Government Best Practices for Protection of Sensitive Loc...
 
Wikileaks, Hactivism, and Government: An Information War
Wikileaks, Hactivism, and Government: An Information WarWikileaks, Hactivism, and Government: An Information War
Wikileaks, Hactivism, and Government: An Information War
 
American Bar Association guidelines on Cyber Security standards
American Bar Association guidelines on Cyber Security standardsAmerican Bar Association guidelines on Cyber Security standards
American Bar Association guidelines on Cyber Security standards
 
Social media legislation
Social media legislationSocial media legislation
Social media legislation
 
WCIT 2014 Matt Stamper - Information Assurance in a Global Context
WCIT 2014 Matt Stamper - Information Assurance in a Global ContextWCIT 2014 Matt Stamper - Information Assurance in a Global Context
WCIT 2014 Matt Stamper - Information Assurance in a Global Context
 
Cybertorts
CybertortsCybertorts
Cybertorts
 
The CFAA and Aarons Law
The CFAA and Aarons LawThe CFAA and Aarons Law
The CFAA and Aarons Law
 
World Energy Focus - Ottobre 2016
World Energy Focus - Ottobre 2016World Energy Focus - Ottobre 2016
World Energy Focus - Ottobre 2016
 
Don't Panic. Making Progress on the 'Going Dark' Debate
Don't Panic. Making Progress on the 'Going Dark' DebateDon't Panic. Making Progress on the 'Going Dark' Debate
Don't Panic. Making Progress on the 'Going Dark' Debate
 
CIR Magazine - Cyber Readiness, key to survival
CIR Magazine - Cyber Readiness, key to survivalCIR Magazine - Cyber Readiness, key to survival
CIR Magazine - Cyber Readiness, key to survival
 
Oxford Internet Institute 19 Sept 2019: Disinformation – Platform, publisher ...
Oxford Internet Institute 19 Sept 2019: Disinformation – Platform, publisher ...Oxford Internet Institute 19 Sept 2019: Disinformation – Platform, publisher ...
Oxford Internet Institute 19 Sept 2019: Disinformation – Platform, publisher ...
 
Cybersecurity A Community Approach - 20151109
Cybersecurity A Community Approach - 20151109Cybersecurity A Community Approach - 20151109
Cybersecurity A Community Approach - 20151109
 
Cybersecurity Whistleblower Protection Guide
Cybersecurity Whistleblower Protection GuideCybersecurity Whistleblower Protection Guide
Cybersecurity Whistleblower Protection Guide
 
Privacy and Access to Information Law - Lecture 1
Privacy and Access to Information Law - Lecture 1Privacy and Access to Information Law - Lecture 1
Privacy and Access to Information Law - Lecture 1
 
Big Data and Privacy
Big Data and PrivacyBig Data and Privacy
Big Data and Privacy
 
Concept paper-on-igf-2014-istanbul-turkey-from-nepal-s-perspective-docx (1)
Concept paper-on-igf-2014-istanbul-turkey-from-nepal-s-perspective-docx (1)Concept paper-on-igf-2014-istanbul-turkey-from-nepal-s-perspective-docx (1)
Concept paper-on-igf-2014-istanbul-turkey-from-nepal-s-perspective-docx (1)
 
3 vol11no2
3 vol11no23 vol11no2
3 vol11no2
 
Voting power point 112119-1
Voting power point 112119-1Voting power point 112119-1
Voting power point 112119-1
 
Cybersecurity report
Cybersecurity reportCybersecurity report
Cybersecurity report
 

Viewers also liked

RCC K&L / KNVvK themadag Slim hergebruik van restwarmte 22 okt. 2015 - Algeme...
RCC K&L / KNVvK themadag Slim hergebruik van restwarmte 22 okt. 2015 - Algeme...RCC K&L / KNVvK themadag Slim hergebruik van restwarmte 22 okt. 2015 - Algeme...
RCC K&L / KNVvK themadag Slim hergebruik van restwarmte 22 okt. 2015 - Algeme...RCCKL
 
Proceso de paz (1)
Proceso de paz (1)Proceso de paz (1)
Proceso de paz (1)William Pico
 
Properties of matter
Properties of matterProperties of matter
Properties of matterlatasant123
 
NOSANN IT Scope of Services
NOSANN IT Scope of ServicesNOSANN IT Scope of Services
NOSANN IT Scope of ServicesMahmoud Abdullah
 
RCC K&L / KNVvK themadag Slim hergebruik van restwarmte 22 okt. 2015 - Opening
RCC K&L / KNVvK themadag Slim hergebruik van restwarmte 22 okt. 2015 - OpeningRCC K&L / KNVvK themadag Slim hergebruik van restwarmte 22 okt. 2015 - Opening
RCC K&L / KNVvK themadag Slim hergebruik van restwarmte 22 okt. 2015 - OpeningRCCKL
 
Olfactory Detection of Human Cancer by Dogs. A Review of Research and Results
Olfactory Detection of Human Cancer by Dogs. A Review of Research and ResultsOlfactory Detection of Human Cancer by Dogs. A Review of Research and Results
Olfactory Detection of Human Cancer by Dogs. A Review of Research and ResultsNaomi O'Donoghue
 
157302_030715_nonsecure
157302_030715_nonsecure157302_030715_nonsecure
157302_030715_nonsecureSam Brown
 
социальная работа с инвалидами лучинская
социальная работа с инвалидами лучинскаясоциальная работа с инвалидами лучинская
социальная работа с инвалидами лучинскаяluchinskaya
 
Bloodbond, Nov 2014
Bloodbond, Nov 2014Bloodbond, Nov 2014
Bloodbond, Nov 2014Rachel Holt
 

Viewers also liked (13)

RCC K&L / KNVvK themadag Slim hergebruik van restwarmte 22 okt. 2015 - Algeme...
RCC K&L / KNVvK themadag Slim hergebruik van restwarmte 22 okt. 2015 - Algeme...RCC K&L / KNVvK themadag Slim hergebruik van restwarmte 22 okt. 2015 - Algeme...
RCC K&L / KNVvK themadag Slim hergebruik van restwarmte 22 okt. 2015 - Algeme...
 
بحث الهند
بحث الهندبحث الهند
بحث الهند
 
Proceso de paz (1)
Proceso de paz (1)Proceso de paz (1)
Proceso de paz (1)
 
Properties of matter
Properties of matterProperties of matter
Properties of matter
 
NOSANN IT Scope of Services
NOSANN IT Scope of ServicesNOSANN IT Scope of Services
NOSANN IT Scope of Services
 
RCC K&L / KNVvK themadag Slim hergebruik van restwarmte 22 okt. 2015 - Opening
RCC K&L / KNVvK themadag Slim hergebruik van restwarmte 22 okt. 2015 - OpeningRCC K&L / KNVvK themadag Slim hergebruik van restwarmte 22 okt. 2015 - Opening
RCC K&L / KNVvK themadag Slim hergebruik van restwarmte 22 okt. 2015 - Opening
 
Finance_Apache
Finance_ApacheFinance_Apache
Finance_Apache
 
NoSQL as Not Only SQL
NoSQL as Not Only SQLNoSQL as Not Only SQL
NoSQL as Not Only SQL
 
Olfactory Detection of Human Cancer by Dogs. A Review of Research and Results
Olfactory Detection of Human Cancer by Dogs. A Review of Research and ResultsOlfactory Detection of Human Cancer by Dogs. A Review of Research and Results
Olfactory Detection of Human Cancer by Dogs. A Review of Research and Results
 
One Databyse To Rule 'em All
One Databyse To Rule 'em AllOne Databyse To Rule 'em All
One Databyse To Rule 'em All
 
157302_030715_nonsecure
157302_030715_nonsecure157302_030715_nonsecure
157302_030715_nonsecure
 
социальная работа с инвалидами лучинская
социальная работа с инвалидами лучинскаясоциальная работа с инвалидами лучинская
социальная работа с инвалидами лучинская
 
Bloodbond, Nov 2014
Bloodbond, Nov 2014Bloodbond, Nov 2014
Bloodbond, Nov 2014
 

Similar to ECEM 722: How the Cyber Crime Threat Grows

THE PROFESSIONALIZATION OF THE HACKER INDUSTRY
THE PROFESSIONALIZATION OF THE HACKER INDUSTRYTHE PROFESSIONALIZATION OF THE HACKER INDUSTRY
THE PROFESSIONALIZATION OF THE HACKER INDUSTRYijcsit
 
INFORMATION ASSURANCE AND SECURITY 1.pdf
INFORMATION ASSURANCE AND SECURITY 1.pdfINFORMATION ASSURANCE AND SECURITY 1.pdf
INFORMATION ASSURANCE AND SECURITY 1.pdfEarlvonDeiparine1
 
Chapter-2.docx
Chapter-2.docxChapter-2.docx
Chapter-2.docxAmir Khan
 
“Weapons of Mass Disruption - Council on Foreign Relations”
“Weapons of Mass Disruption - Council on Foreign Relations”“Weapons of Mass Disruption - Council on Foreign Relations”
“Weapons of Mass Disruption - Council on Foreign Relations”Jeff Kaplan
 
The Biggest Cyber and Physical Security Threats to Critical Infrastructure FM...
The Biggest Cyber and Physical Security Threats to Critical Infrastructure FM...The Biggest Cyber and Physical Security Threats to Critical Infrastructure FM...
The Biggest Cyber and Physical Security Threats to Critical Infrastructure FM...Fas (Feisal) Mosleh
 
Cybersecurity | Risk. Impact. Innovations.
Cybersecurity | Risk. Impact. Innovations.Cybersecurity | Risk. Impact. Innovations.
Cybersecurity | Risk. Impact. Innovations.Vertex Holdings
 
Review DNI WTAs for 2015 and 2016 (see attached). Compare and con.docx
Review DNI WTAs for 2015 and 2016 (see attached). Compare and con.docxReview DNI WTAs for 2015 and 2016 (see attached). Compare and con.docx
Review DNI WTAs for 2015 and 2016 (see attached). Compare and con.docxronak56
 
Why computers will never be safe
Why computers will never be safeWhy computers will never be safe
Why computers will never be safeCAST
 
Fundamentals of information systems security ( pdf drive ) chapter 1
Fundamentals of information systems security ( pdf drive ) chapter 1Fundamentals of information systems security ( pdf drive ) chapter 1
Fundamentals of information systems security ( pdf drive ) chapter 1newbie2019
 
Bulletinof theAtomicScientistsIT IS 5 MINUTES TO MID.docx
Bulletinof theAtomicScientistsIT IS 5 MINUTES TO MID.docxBulletinof theAtomicScientistsIT IS 5 MINUTES TO MID.docx
Bulletinof theAtomicScientistsIT IS 5 MINUTES TO MID.docxRAHUL126667
 
Cyber war a threat to indias homeland security 2015
Cyber war a threat to indias homeland security 2015Cyber war a threat to indias homeland security 2015
Cyber war a threat to indias homeland security 2015Ajay Serohi
 
Cyber Threat to Public Safety Communications
Cyber Threat to Public Safety CommunicationsCyber Threat to Public Safety Communications
Cyber Threat to Public Safety CommunicationsKory Edwards
 
Cyber Threat to Public Safety Communications
Cyber Threat to Public Safety CommunicationsCyber Threat to Public Safety Communications
Cyber Threat to Public Safety CommunicationsKory Edwards
 
CYBERWAR: THE NEXT THREAT TO NATIONAL SECURITY
CYBERWAR: THE NEXT THREAT TO NATIONAL SECURITYCYBERWAR: THE NEXT THREAT TO NATIONAL SECURITY
CYBERWAR: THE NEXT THREAT TO NATIONAL SECURITYTalwant Singh
 

Similar to ECEM 722: How the Cyber Crime Threat Grows (20)

THE PROFESSIONALIZATION OF THE HACKER INDUSTRY
THE PROFESSIONALIZATION OF THE HACKER INDUSTRYTHE PROFESSIONALIZATION OF THE HACKER INDUSTRY
THE PROFESSIONALIZATION OF THE HACKER INDUSTRY
 
The Professionalization of the Hacker Industry
The Professionalization of the Hacker IndustryThe Professionalization of the Hacker Industry
The Professionalization of the Hacker Industry
 
28658043 cyber-terrorism
28658043 cyber-terrorism28658043 cyber-terrorism
28658043 cyber-terrorism
 
INFORMATION ASSURANCE AND SECURITY 1.pdf
INFORMATION ASSURANCE AND SECURITY 1.pdfINFORMATION ASSURANCE AND SECURITY 1.pdf
INFORMATION ASSURANCE AND SECURITY 1.pdf
 
Terrorist Cyber Attacks
Terrorist Cyber AttacksTerrorist Cyber Attacks
Terrorist Cyber Attacks
 
Internet Security Threat
Internet Security ThreatInternet Security Threat
Internet Security Threat
 
Chapter-2.docx
Chapter-2.docxChapter-2.docx
Chapter-2.docx
 
“Weapons of Mass Disruption - Council on Foreign Relations”
“Weapons of Mass Disruption - Council on Foreign Relations”“Weapons of Mass Disruption - Council on Foreign Relations”
“Weapons of Mass Disruption - Council on Foreign Relations”
 
The Biggest Cyber and Physical Security Threats to Critical Infrastructure FM...
The Biggest Cyber and Physical Security Threats to Critical Infrastructure FM...The Biggest Cyber and Physical Security Threats to Critical Infrastructure FM...
The Biggest Cyber and Physical Security Threats to Critical Infrastructure FM...
 
Cybersecurity | Risk. Impact. Innovations.
Cybersecurity | Risk. Impact. Innovations.Cybersecurity | Risk. Impact. Innovations.
Cybersecurity | Risk. Impact. Innovations.
 
Cyberterrorism
CyberterrorismCyberterrorism
Cyberterrorism
 
Review DNI WTAs for 2015 and 2016 (see attached). Compare and con.docx
Review DNI WTAs for 2015 and 2016 (see attached). Compare and con.docxReview DNI WTAs for 2015 and 2016 (see attached). Compare and con.docx
Review DNI WTAs for 2015 and 2016 (see attached). Compare and con.docx
 
Why computers will never be safe
Why computers will never be safeWhy computers will never be safe
Why computers will never be safe
 
Fundamentals of information systems security ( pdf drive ) chapter 1
Fundamentals of information systems security ( pdf drive ) chapter 1Fundamentals of information systems security ( pdf drive ) chapter 1
Fundamentals of information systems security ( pdf drive ) chapter 1
 
Bulletinof theAtomicScientistsIT IS 5 MINUTES TO MID.docx
Bulletinof theAtomicScientistsIT IS 5 MINUTES TO MID.docxBulletinof theAtomicScientistsIT IS 5 MINUTES TO MID.docx
Bulletinof theAtomicScientistsIT IS 5 MINUTES TO MID.docx
 
Tema 5.cybersecurity
Tema 5.cybersecurityTema 5.cybersecurity
Tema 5.cybersecurity
 
Cyber war a threat to indias homeland security 2015
Cyber war a threat to indias homeland security 2015Cyber war a threat to indias homeland security 2015
Cyber war a threat to indias homeland security 2015
 
Cyber Threat to Public Safety Communications
Cyber Threat to Public Safety CommunicationsCyber Threat to Public Safety Communications
Cyber Threat to Public Safety Communications
 
Cyber Threat to Public Safety Communications
Cyber Threat to Public Safety CommunicationsCyber Threat to Public Safety Communications
Cyber Threat to Public Safety Communications
 
CYBERWAR: THE NEXT THREAT TO NATIONAL SECURITY
CYBERWAR: THE NEXT THREAT TO NATIONAL SECURITYCYBERWAR: THE NEXT THREAT TO NATIONAL SECURITY
CYBERWAR: THE NEXT THREAT TO NATIONAL SECURITY
 

ECEM 722: How the Cyber Crime Threat Grows

  • 1. ECEM 722: COMMUNITY PREPAREDNESS Digital Dilemma How the Cyber Crime Threat Grows as America Becomes Interconnected Guy DeMarco 5/6/2014
  • 2. On April 3, 2014, the news organization Reuters reported a massive security breach of a subsidiary of Experian Plc. The breach, according to the Reuters report, “exposed the Social Security numbers of some 200 million people to criminal activity” (Freifeld, 2014). A Vietnamese man confessed to orchestrating the breach, which enabled him to “run an underground website that offered clients access to personal data of Americans” (Freifeld, 2014). Ironically, millions of Americans use Experian (and its counterparts Equifax and Trans Union) to monitor their credit history in the event of identity theft or a data breach similar to the one that struck Experian. Many people probably requested credit reports from these companies after another major data breach that made headlines: the Target attack in November 2013. That breach, which occurred during one of Target’s busiest shopping seasons of the year, affected “approximately 40 million credit and debit card accounts” (Target Corporation, 2013). In the time between the Target attack in 2013 and the Experian attack in March 2014, cybercrimes have been reported at a number of companies, including (but not limited to): Yahoo, Affinity Gaming, Neiman Marcus, Comcast and Las Vegas Sands Corporation. Online invasions like these are becoming increasingly frequent and more difficult to stop. Yet, a growing number of Americans, public agencies and private companies continue to willingly submit personal information on the Internet. While the Internet has greatly improved communication, education and commerce, it also makes people, companies and systems vulnerable to cybercrime and cyber terrorism. Emergency managers must be ready to mitigate the potential effects of cyber attacks. They must be ready to respond to and recover from these attacks, even as they become increasingly sophisticated, and as more people, governments and businesses raise their online profiles and the likelihood that cyber terrorism will occur. 2
  • 3. Today, Americans live almost their entire lives online. A hacker or computer specialist can gain access to a massive amount of information about a person’s life. Birth records, death records, criminal histories, bankruptcies, housing information can all be found on the Internet. Some of these records can be accessed at zero cost. Other information is available for the right price. Government records aren’t the only data available online. People shop online. They conduct banking transactions online. They pay their bills online. Each of these actions increases a person’s vulnerability to identity theft and/or a cyber attack. Additionally, people willingly contribute personal information such as pictures, stories, favorite movies, favorite books, etc. on social media sites such as Facebook, Twitter or Instagram. In the continuing effort to lure customers, companies are adding online features to vehicles, homes and household appliances. Even some medical devices contain “computer systems that can be vulnerable to cybersecurity breaches” (U.S. Food and Drug Administration, 2013). Governments and utilities are placing their operations online, exposing power grids, water operations, transportation infrastructures and more to cyber-attacks. As more information is placed online, the risk grows, and it affects both individuals and entire communities. One area in which cyber terrorism could affect millions of Americans is in the transportation industry. In 2013, 823,657,070 people traveled via airplanes on both domestic and international flights (Research and Innovative Technology Administration Bureau of Transportation Statistics). Amtrak, one of the leading rail companies in the United States, reached record ridership in 2012, carrying 31.2 million passengers (Amtrak, 2012). These transportation systems have long been targets for traditional terrorist methods (as evidenced by 9/11 and the 2005 London train bombings). Yet, in an effort to increase efficiency, these systems are turning to online technologies, making transportation systems vulnerable targets for 3
  • 4. cyber terrorism. According to Michael Dinning with the Department of Transportation’s Volpe Center, “The FAA and the aviation industry (are) moving quickly to a next-generation or the NextGen system of air traffic control. In NextGen, we’ll be dependent on digital communications and satellite-based systems instead of our current analog and radar-based systems” (Research and Innovative Technology Administration, 2011). Planes and terminals are also increasingly relying on web-based technology. The purpose of utilizing digital systems in the airline industry is to increase efficiency, reduce wait-times and enable travelers to reach their destinations safely. While these are noble goals, relying on digital systems makes air travel vulnerable to acts of cyber terrorism. PC World stated as much in 2009, when it cited a Department of Transportation report that found more than 3,700 vulnerabilities in air traffic control – ranging from weak passwords to the ability to hack into and take control of an air traffic control system (Kirk, 2009). The vulnerabilities do not end with the airline industry. Rail and transit systems, which are increasingly using digital systems, are equally susceptible to cyber attacks. Likewise, people who travel by automobile are not immune to cyber crime. New vehicles are hitting the market that include wireless Internet capabilities, making cars increasingly vulnerable to cyber attack. The features are sold as options of convenience, but those conveniences could be costly. It is not out of the realm of possibility for a terrorist to wirelessly hack into the digital system of a plane, bus, train or automobile and use it as a missile in a 9/11-type of attack. Until online security systems are improved in the transportation industry, these transportation systems will be tempting targets for those who wish to do harm. One feature that these transportation systems all share is their reliance on power to operate. Unfortunately, reliance on digital technology leaves the nation’s energy infrastructure vulnerable to cyberterrorism. If cyberterrorists target power utilities and the plants that supply 4
  • 5. power, the damage can range from crippling (i.e., widespread power outages) to catastrophic (i.e., nuclear plant shut downs). The U.S. Department of Energy is moving forward with the use of digital technology through its Smart Grid system. The DOE states the purpose of Smart Grid is to connect power plants and their customers in a developing network that is designed to provide efficient, reliable energy that is protected from natural and man-made outages (U.S. Department of Energy). The Smart Grid, however, utilizes a Supervisory Control and Data Acquisition System (SCADA) (U.S. Department of Energy). This system makes the interconnected grid vulnerable. Retired FBI Agent William Tafoya wrote of SCADA systems in 2011, “These obscure little drone-like computer systems have virtually no security, firewalls, routers, or antivirus software to protect them. They are spread far and wide across the nation, even in some of the most remote places imaginable. One anonymous hacker interviewed for a television program said, ‘SCADA is a standard approach toward control systems that pervades everything from water supply to fuel lines.’ He goes on to describe that the systems run operating systems that make them vulnerable” (Tafoya, 2011). A recent exercise that tested the security of North American power grids also showed the grids are susceptible to cyber attacks (Wald, 2014). Equally as alarming is the increasing reliance on digital technology to operate the nation’s nuclear power plants. Despite steps taken by the Nuclear Regulatory Commission in 2009 to mandate cybersecurity standards in the nuclear industry (Holt, 2014), a U.S. State Department report in 2012 conceded, “Nuclear power plants may be vulnerable to cyber-attacks, which might – in extreme cases – lead to substantial releases of radioactive material with consequent loss of lives, radiation sickness and psycho-trauma, extensive property destruction and economic upheaval” (Martellini, 2012). The continued use of cyber technology in the 5
  • 6. energy industry makes the industry vulnerable to, at best, widespread disruption and economic losses and, at worst, severe damage and significant loss of life. Energy is an essential component of life in the United States. So too is water, especially in arid states such as Nevada and Arizona. Such a precious commodity could be a popular target for terrorists, and they can disrupt water service with a few clicks on a computer keyboard. Water utilities are embracing digital technology as a way of improving service for customers. According to the water utility trade magazine Water World, “With over four billion mobile devices in the world (and roughly a quarter of them smartphones), more people spend time communicating online than they do in person… For water utilities, mobility can mean a faster, more efficient way to collect data and make better decisions more quickly. By putting devices and applications in the hands of employees and customers wherever they are, field employees and customers can input service order information or requests in a more streamlined fashion” (Zhang, 2012). As with energy companies and transportation systems, the quest for improved delivery via digital technology opens the door for cyberterrorism. The threat to water utilities is two-fold according to a 2006 U.S. Army manual which states fresh water supplies and wastewater collection are the likeliest targets. “The nation has over 170,000 public water systems which include reservoirs, dams, wells, aquifers, treatment facilities, pumping stations, aqueducts and transmission pipelines. Waste collection extends to 19,500 municipal sanitary sewer systems, and 800,000 miles of sewer lines” (p. II-2). The Environmental Protection Agency states cyber attacks could cause changes in chemical treatment of water, disable delivery or overflow untreated sewage into public waterways (Environmental Protection Agency, 2012). Much like energy systems, water utilities rely on SCADA technology, making these systems vulnerable to hackers. A disruption of water service can have disastrous effects in any 6
  • 7. community in America, but especially in the nation’s driest areas. Large cities such as Las Vegas, Phoenix and Los Angeles are already suffering from drought and a dwindling water supply from the Colorado River. If that supply is compromised by a cyber attack, millions of residents and businesses would feel an immediate impact. The potential for cyberterrorism could threaten their access to the west’s most precious resource. Saving lives is the primary duty of doctors, hospitals and medical facilities around the country, but that mission could be threatened by the medical industry’s digital push. When the Affordable Care Act became law in 2010, it mandated insurance coverage for most Americans. The White House estimates 7.1 million Americans have enrolled in private health coverage under the act. Among its many provisions, the act requires that health plans shift to electronic health records in an effort to cut down on paperwork and administrative costs. An increase in patients, combined with a shift to online medical records, creates a target-rich environment for cyber terrorists. In a 2013 article published in Telemedicine and eHealth, two researchers detailed the risk facing hospitals and medical systems, which are becoming increasingly interconnected. The article detailed a hypothetical attack that “began with hackers using ‘phishing’ e-mails to introduce four separate packages of malware into the hospital networks. Once planted, these packages would trigger in sequence a few days or weeks apart. The first would infect patient record databases and alter doctors’ orders, medication doses, and other information, spreading confusion and possibly causing illness and deaths. A few days later, the next program would trigger, interfering with portable devices that nurses use to record patient information. The third wave would attack the software in intensive care unit monitors, altering the data display and switching off alarms. The fourth and final wave would infect the software controlling drug infusion pumps and similar devices” (p. 62-63). The article lists health care as a 7
  • 8. target, because systems have been slow to secure their digital information (Yellowlees, 2013). The threat goes beyond medical facilities and their IT systems. The Food and Drug Administration warned in 2013 that as medical devices become increasingly connected to networks, cybersecurity vulnerabilities grow and could threaten computers and mobile devices (Food and Drug Administration, 2013). Even life-saving items such as pacemakers are now susceptible to cyber attack (Wadhwa, 2012). As these examples illustrate, facilities and systems designed to save lives may actually be putting them at risk with increased use of cyber technology. The risk facing Americans does not always involve physical harm. The U.S. economy is also a tempting target. When the U.S. economy collapsed in 2008, it cost the nation trillions of dollars in lost income, lost real estate wealth and lost stock market wealth, as well as 5.5 million American jobs (Swagel, 2010). That financial crisis was the result of careless practices and reckless investments by the nation’s largest financial institutions. What if such a crisis were intentional? According to a U.S. Army training manual in 2006, “The financial sectors infrastructure includes computer networks, storage devices and telecommunications networks. This sector is also extremely vulnerable to public perception; an impression of weakness could easily result in a damaging cascading effect. Normal operations are necessary to maintain public confidence” (p. II-8). As more banking options move online and on mobile devices, the risk of a cyber attack on these institutions and platforms grows. In a statement before the House Financial Services Committee in September 2011, FBI Cyber Division Assistant Director Gordon Snow warned of the growing threat of cyberterrorism on the nation’s financial institutions. Snow stated, “The FBI is currently investigating over 400 reported cases of corporate account takeovers in which cyber criminals have initiated unauthorized ACH and wire transfers from the 8
  • 9. bank accounts of U.S. businesses. These cases involve the attempted theft of over $255 million and have resulted in the actual loss of approximately $85 million” (Snow, 2011). Snow also emphasized vulnerabilities with ATMs and point of sale devices used at many retail stores. Snow stated, “A criminal affixes a skimmer to the outside or inside of an ATM to collect card numbers and personal identification number (PIN) codes. The criminal then either sells the stolen data over the Internet or makes fake cards to withdraw money from the compromised accounts… Point of Sale (POS) terminals, which are primarily used to conduct the daily sale operations in restaurants, retail stores, and places of business, have been a primary target for cyber criminals engaging in credit card fraud and have resulted in the compromise of millions of credit and debit cards the U.S.” (Snow, 2011). The Target breach mentioned earlier involved Point-of-Sale data. Equally alarming is the expansion of mobile banking technology, which gives people (and cyber criminals) access to bank account information on mobile devices. Snow stated, “Cyber criminals have successfully demonstrated man-in-the-middle attacks against mobile phones using a variation of ZeuS malware. The malware is installed on the phone through a link imbedded in a malicious text message, and then the user is instructed to enter their complete mobile information. Because financial institutions sometimes use text messaging to verify that online transactions are initiated by a legitimate user, the infected mobile phones forward messages to the criminal, thwarting the bank’s two-factor authentication” (Snow, 2011). The danger of cyber-attacks on financial institutions and platforms is two-fold. These attacks not only strike the U.S. economy and the personal finances of average Americans, they can also be used to steal identities and money that can later be used for terrorist attacks. Yet, an increasing number of banks and financial institutions are relying on digital technology and making digital 9
  • 10. banking easier for customers, increasing the risk of cyber terrorism. The financial industry is certainly a vulnerable area for online attacks. With so many systems utilizing online/digital components and raising the risk of cyber terrorism, what, if any, steps can be taken to reduce the risk? The solutions range from basic, common-sense steps to complex legislation. Personal protection represents the front line of cyber security. Individuals can protect their identities, passwords, banking information, credit card numbers, etc. from falling into the wrong hands by frequently checking their bank statements for potentially fraudulent activity, utilizing anti-virus and anti-malware software on personal computers, and never giving out credit card or Social Security numbers to unknown or untrusted parties. Businesses and governments can also take steps to protect vital information and access. As outlined in the 1996 book Information Warfare, steps include (but are not limited to): performing a comprehensive risk analysis, re-examining the organization’s networks from a hacker’s standpoint, vigilantly screening potential employees, developing response plans in the event of a cyber-attack and frequently testing the security of the system for weaknesses (Schwartau, 1996). Cybersecurity should also be considered a national priority. In Cyber Attack: Protecting National Infrastructure, Edward Amoroso cited ways in which the federal government can improve cyber security. Those steps include (but are not limited to): providing warnings of potential threats, sharing information inside and outside government, analyzing cyber vulnerabilities and providing technical assistance (Amoroso, 2013). Finally, Congress and the President can pass any number of bills into law that would strengthen cyber security. Bills currently under consideration include: the Federal Information Security Amendments Act, the Cyber Intelligence Sharing and Protection Act, the Cybersecurity Enhancement Act, the Cybersecurity Act of 2012 and/or the Cybersecurity Act of 2013 (Chabrow, 2013). Each of 10
  • 11. those bills would add another level of security to the nation’s infrastructure and businesses. Whether the focus is personal, business or governmental, cybersecurity must be considered a top priority moving forward. The recent attacks on digital systems in the private sector underscore the growing threat of cyber security. The U.S. possesses no shortage of enemies, many of whom are growing more sophisticated in their ability to cause the nation harm. Cyberspace may be the next battlefield in the ongoing war on terror. Yet, the American public, government and business community continue to provide new targets for the country’s enemies by making more information and systems available online. Until online security and systems are better protected from cyber attacks, the next 9/11 could occur in the digital realm. 11
  • 12. BIBLIOGRAPHY Amoroso, E. (2013). Cyber Attacks: Protecting National Infrastructure. Waltham, Massachusetts: Elsevier Inc. Amtrak. (2012). Annual Report Fiscal Year 2012. Retrieved April 7, 2014, from Amtrak.com: http://www.amtrak.com/ccurl/103/360/Amtrak-Annual-Report-2012.pdf Chabrow, E. (2013, September 13). Cybersecurity Legislation: What's Next? Retrieved April 15, 2014, from BankInfoSecurity.com: http://www.bankinfosecurity.com/cybersecurity-legislation-whats- next-a-6063/op-1 Environmental Protection Agency. (2012, July). Cyber Security 101 for Water Utilities. Retrieved April 14, 2014, from EPA.gov: http://water.epa.gov/infrastructure/watersecurity/features/upload/epa817k12004.pdf Food and Drug Administration. (2013, June 13). FDA Safety Communication: Cybersecurity for Medical Devices and Hospital Networks. Retrieved April 12, 2014, from FDA.gov: http://www.fda.gov/medicaldevices/safety/alertsandnotices/ucm356423.htm Freifeld, J. F. (2014, April 3). Exclusive: U.S. states probing security breach at Experian unit. Retrieved April 5, 2014, from Reuters.com: http://www.reuters.com/article/2014/04/03/us-experian- databreach-idUSBREA321SL20140403 Holt, M. (2014). Nuclear Power Plant Security and Vulnerabilities. Washington, DC: Congressional Research Office. Kirk, J. (2009, May 7). Study: US Air Traffic Control Vulnerable to Cyberattack. Retrieved April 8, 2014, from pcworld.com: http://www.pcworld.com/article/164501/article.html Martellini, M. (2012). Cyber Security for Nuclear Power Plants. Washington, D.C.: U.S. Department of State. Research and Innovative Technology Administration. (2011, 7 December). T3 Talking Technology and Transportation Webinars. Retrieved April 2014, 7, from pcb.its.dot.gov: http://www.pcb.its.dot.gov/t3/s111207/111207.html Research and Innovative Technology Administration Bureau of Transportation Statistics. (n.d.). TranStats. Retrieved April 7, 2014, from transtats.bts.gov: http://www.transtats.bts.gov/Data_Elements.aspx?Data=1 Schwartau, W. (1996). Information Warfare. Emeryville, California: Publishers Group West. 12
  • 13. Snow, G. (2011, September 14). Testimony: Cyber Security Threats to the Financial Sector. Retrieved April 13, 2014, from FBI.gov: http://www.fbi.gov/news/testimony/cyber-security-threats-to-the- financial-sector Swagel, P. (2010). The Cost of the Financial Crisis: The Impact of the September 2009 Economic Collapse. Pew Charitable Trusts. Tafoya, W. (2011, November). Cyber Terror. Retrieved April 10, 2014, from fbi.gov: http://www.fbi.gov/stats-services/publications/law-enforcement-bulletin/november- 2011/cyber-terror Target Corporation. (2013, December 19). Target confirms unauthorized access to payment card data in U.S. stores. Retrieved April 5, 2014, from Target.com: http://pressroom.target.com/news/target-confirms-unauthorized-access-to-payment-card- data-in-u-s-stores U.S. Army. (2006). Critical Infrastructure: Threats and Terrorism. Fort Leavenworth, Kansas: U.S. Army Training and Doctrine Command. U.S. Department of Energy. (n.d.). Smart Grid Investment Grant Program. Retrieved April 10, 2014, from smartgrid.gov: https://www.smartgrid.gov/recovery_act/overview/smart_grid_investment_grant_program U.S. Department of Energy. (n.d.). smartgrid.gov. Retrieved April 10, 2014, from What is the Smart Grid?: https://www.smartgrid.gov/the_smart_grid U.S. Food and Drug Administration. (2013, June 13). FDA Safety Communication: Cybersecurity for medical devices and hospital networks. Retrieved April 2014, 5, from fda.gov: http://www.fda.gov/medicaldevices/safety/alertsandnotices/ucm356423.htm Wadhwa, T. (2012, December 6). Yes, You Can Hack a Pacemaker (and Other Medical Devices Too). Forbes Magazine. Wald, M. (2014, March 12). Power Grid Preparedness Falls Short, Report Says. Retrieved April 10, 2014, from NewYorkTimes.com: http://www.nytimes.com/2014/03/13/business/energy- environment/power-grid-preparedness-falls-short-report-says.html?_r=0 Yellowlees, D. H. (2013). Brief Communication - Cyberterrorism: Is the U.S. Healthcare System Safe? Telemedicine and eHealth. Zhang, J. (2012, December 1). Water Utilities and the Digital Transformation. Water World. 13