Cybersecurity involves protecting information and systems from major cyber threats, such as cyber terrorism, cyber warfare, and cyber espionage. In their most disruptive form, cyber threats take aim at secret, political, military, or infrastructural assets of a nation, or its people. Cybersecurity is therefore a critical part of any governments’ security strategy. The U.S. federal government for example, has allotted over $13 billion annually to cybersecurity since late 2010.
Cyber terrorism is the disruptive use of information technology by terrorist groups to further their ideological or political agenda. This takes the form of attacks on networks, computer systems, and telecommunication infrastructures. For example, in response to the removal of a Russian WWII memorial in 2007, Estonia was hit with a massive distributed denial of service (DDoS) attack that knocked almost all ministry networks and two major bank networks offline. The rise in such cyber terrorism attacks is measureable: in the U.S., head of Military Cyber Command Keith B. Alexander stated that cyber attacks on facilities classified as critical infrastructure in the United States have increased 17-fold since 2009.
Cyber warfare involves nation-states using information technology to penetrate another nation’s networks to cause damage or disruption. In the US and many other nation-states, cyber warfare has been acknowledged as the fifth domain of warfare (following land, sea, air, and space). Cyber warfare attacks are primarily executed by hackers who are well trained in exploiting the intricacies of computer networks and operate under the auspices and support of the nation-states. Rather than “shutting down” a target’s key networks, a cyber warfare attack may intrude networks for the purpose of compromising valuable data, degrading communications, impairing infrastructural services such as transportation and medical services, or interrupting commerce. For example, in the 2008 South Ossetia war, Russia’s initial attacks on Georgian soil were preceded by a synchronized cyber attack that crippled Georgian government websites.
Cyber espionage is the practice of using information technology to obtain secret information without permission from its owners or holders. Cyber espionage is most often used to gain strategic, economic, political, or military advantage. It is conducted through the use of cracking techniques and malware. In the US, the Office of the National CounterIntellegence Executive released a report in 2011 officially acknowledging the legitimate threat of cyber espionage and its potential to damage the United States’ strategic economic advantage. In a subsequent opinion piece in the Wall Street Journal, former Director of Homeland Security Michael Chertoff elaborated on the economic impact of China’s cyber espionage of intellectual property, which he likens to the “source code” of today’s advanced economies. Through the utilization of its massive and inexpensive workforce, China has cheaply and efficiently driven a number of these ideas directly into production. As the fruits of costly investments in research and development from the hosting nation-states, the theft of these innovations is an immense strategic and economic loss to the targets.
With cyber threats in a state of rapid and continuous evolution, keeping pace in cybersecurity strategy and operations is a major challenge to governments. Cybersecurity is a serious concern to private enterprise as well, given the threat to intellectual property and privately-held critical infrastructure. Advisory organizations such as The National Institute of Standards and Technology (NIST) and the International Organization for Standardization (ISO) have recently updated guidelines to promote a more proactive and adaptive approach that prescribes continuous monitoring and real-time assessments. These guidelines are expatiated on in the NIST 800 and ISO 27002 publications.