What are the Weaknesses of Our Cybersecurity?

Written By Todd Mitchell

The three weaknesses of our cybersecurity are the difficulty in determining the geographic location of the cybercriminal; the evolving of mobile devices into our national security networks; and the legal ambiguities of taking offensive actions (Theohary & Rollins, 2009).

The significance of these risks is that society is growing ever more dependent on mobile devices and the globe is shrinking with travel and telecommuters.  Do you think the government should supply mobile devices to all employees who travel? Would it be acceptable to let employees bring their own devices (BYOD) and connect to the critical infrastructure? This dilemma is one of the big ones facing most organizations now. Mobile devices introduce another layer of vulnerabilities into a network.  The significance of not determining the correct geographic location is that we may wrongfully accuse a country of conducting a cyber-attack. There are several methods to become anonymous on the internet with the use of proxy servers, or MAC spoofing from a public hotspot (Placid & Wynekoop, 2011). These methods are difficult to unravel and find the true location without the help of the legal system. In the US a court may order the ISP to provide information. However, in a foreign country that may not cooperate it can be impossible to obtain anything useful. The significance of having an offensive cyber warfare strategy is we can chase the perpetrator back into their yard and take actions to disrupt their ability to cause further harm. How is this different from the ground or air offensive actions we take?

I recommend mobile devices, even the BYOD ones, be outfitted with mobile device management (MDM) software such as Knox (Khoo, 2013).  This allows the hardening of the device by a company managed system of temporarily disabling features that may cause vulnerabilities.

I recommend we take offensive actions when appropriate and approved by the same means and rule set of other military actions. The cyber technologies have advanced so fast that the legal, regulatory, and ethical analyses cannot keep up (Gjelton, 2013). I recommend we prevent anonymous users from other countries from causing harm by building a culture of safety in this country of internet users.

 

References

Gjelten, T. (2013). First strike. World Affairs, 175(5), 33-43. Retrieved from http://ezproxy.umuc.edu/login?url=http://search.ebscohost.com.ezproxy.umuc.edu/login.aspx?direct=true&db=poh&AN=84418344&site=eds-live&scope=site

Khoo, B. L. (2013). How to fit BYOD into an enterprise mobility strategy. (cover story). NetworkWorld Asia, 10(3), 12-14. Retrieved from http://ezproxy.umuc.edu/login?url=http://search.ebscohost.com.ezproxy.umuc.edu/login.aspx?direct=true&db=bth&AN=91254476&site=eds-live&scope=site

Placid, R., & Wynekoop, J. (2011). Tracking down anonymous internet abusers: Who is john doe? Florida Bar Journal, 85(9), 38-40. Retrieved from http://ezproxy.umuc.edu/login?url=http://search.ebscohost.com.ezproxy.umuc.edu/login.aspx?direct=true&db=a9h&AN=67630853&site=eds-live&scope=site

Todd Mitchell
Previous

Is Outsourcing Security Management safe?
Next

What is a CISO? What are they Responsible for?