This question has been answered
Question

Week 4Please read the following three readings and answer with one page. Respond to the following question:

In an increasing wired world, Cyber-attacks are frequent and protecting against such attacks are expensive. (Module E) What are Corporate responsibilities, what actions should corporations take to protect the financial privacy of Individuals, and who should bear the cost of protection?

2 Attachments
China’s cyber war Washington Post Editorial Board, Published: December 15, 2011 CHINA IS waging a quiet, mostly invisible but massive cyber war against the United States aimed at stealing its most sensitive military and economic secrets and obtaining the ability to sabotage vital infrastructure. This is, by now, relatively well known in Washington, but relatively little is being done about it, considering the enormous stakes involved. What exactly is happening? Hackers mostly backed by the People’s Liberation Army are trying daily to penetrate the computer systems of U.S. government agencies, defense contractors, technology firms, and utilities such as power and water companies — not to mention the private e-mail accounts of thousands of Americans. To an alarming degree, they are succeeding. In recent years hacks have been reported of the State, Defense and Commerce departments; Lockheed Martin; Google, which said its source code and the e-mail accounts of senior government officials were targeted; and the computer security company RSA, which protects critical networks through the SecureID system. “The computer networks of a broad array of U.S. government agencies, private companies, universities and other institutions — all holding large volumes of sensitive economic information — were targeted by cyber espionage ,” said a report issued in October by the Office of the National Counterintellingence Executive . “Much of this activity originated in China.” As in the case of other novel and slowly developing threats — international terrorism in the 1990s comes to mind — the U.S. response has been slowed by bureaucratic infighting, poor information-sharing and a failure to prioritize the problem above more familiar business with Beijing. The Pentagon has set up a cyber-command, but it has the authority to protect only military networks; the Department of Homeland Security jealously guards its prerogative to guard domestic civilian targets. Government agencies often don’t share sensitive intelligence with companies, while many companies are reluctant to report on penetrations of their networks. A further difficulty is identifying exactly where cyber-attacks originate and connecting them to their government sponsors. Predictably enough, the Chinese government aggressively denies any involvement in the attacks on U.S. agencies and companies — which makes it difficult for diplomats to pressure for a cease-fire. But an encouraging report in the Wall Street Journal this week said that U.S. intelligence agencies had managed to identify many of the Chinese groups, and even individuals, including a dozen cells connected to the People’s Liberation Army. This should provide an opportunity for the Obama administration to more directly confront the problem. It should demand that Beijing shut down the military-backed groups; if it does not do so, they could be subjected to countermeasures, including sanctions against individuals. Congress could also consider legislation punishing companies connected to the Chinese military if the cyber war does not cease. Yes, such responses have the potential to roil relations between Washington and Beijing. But the Chinese offensive — and the economic and national security threats it poses — is simply too important to ignore.
Background image of page 1
DOD spending $500B on 6 preparations for cyber war February 28, 2012 5:42 PM Meghan Kelly Venturebeat.com Cyber war is more than a threat; it is something the Department of Defense is spending money on as we speak. Deputy Secretary of Defense Ashton Carter outlined six ways the DOD is taking action today, as well as legislation he believes can help the government act quickly against hackers at home and abroad. “Cyber will overtake terrorism as the persistent gnawing … kind of threat and danger,” said Carter at the RSA Conference in San Francisco today. “The market, both economic and political, undervalues security at the moment. Doesn’t see it. Doesn’t fully get it. This is wrong, this is a mistake.” The DOD is charged with protecting the United States not only with ships, airplanes, and tanks but also with cyber weapons. Former National Security Agency director Mike McConnell pointed out that if terrorists find their way into our banks, the ensuing economic havoc could result in greater devastation than that of 9/11. He said the US must be prepared not only to defend itself on the Internet but also to fight back. Six core DOD missions speak to this responsibility: 1. Developing and preparing to use weapons of cyber warfare 2. Preparing the U.S. for what the battlefield may look like 3. Listening for and analyzing defense intelligence over the Internet 4. Defending both classified and unclassified networks 5. Creating technology using the DOD’s and the NSA’s “weight and resources” and distributing them to Homeland Security, law enforcement agencies, and partners 6. Protecting these tools and infrastructure with the military. The DOD is spending half a trillion dollars to run these projects, according to Carter. He says he has never heard of anyone wanting to cut the budget back. Indeed, he would like to increase the spending if he can find worthy areas to develop. However, despite governmental support, he wants the technology sector to help push the agenda further. The legislation Carter is pushing for would allow the government to act more freely with the public sector to develop tools. He explained it would enable the government to share threat information with the private sector and would enable public companies to report intrusions “without liability or trust concerns.” It would also allow members of the private sector to share threat information with each other “without liability or trust concerns.” And, if passed, it would force companies to report intrusions to the government. Carter is aware that legislation and bullet points are small steps but asks that the security industry understand that “trying to get our act together as a country … is not an easy thing to do.” “Of course, we were involved in birthing the Internet itself,” said Carter, “We have a history here, and we’re going to continue it.”
Background image of page 2

End of preview

Looming cyber-attack threatens major banks December 13th, 2012 12:01 AM ET By Pam Benson CNN Senior National Security Producer Some of the nation's biggest banks are at risk of a massive cyber-attack in 2013 that could potentially siphon funds from unsuspecting customers, according to a leading digital security firm. The fraud campaign, known as Project Blitzkrieg , is a credible threat, the Internet security firm McAfee Labs concluded in a new report. The malware has been lying dormant in U.S. financial systems and is scheduled to go active by the spring of 2013, McAfee researchers concluded. The project "appears to be moving forward as planned," the report states. People familiar with the study said some 30 financial institutions are targets of the campaign. They include Fidelity, E*Trade, Charles Schwab, PayPal, Citibank, Wachovia, Wells Fargo, Capital One, Navy Federal Credit Union and others. Information about the intended cyber-attack was discovered in September by the Internet security firm RSA during the course of monitoring a web chat room that the company says was run by a Russian hacker known as vorVzakone. According to the report, the Russian was believed to be using the chat room to recruit fellow hackers to steal assets from bank accounts as part of a criminal enterprise. At the time, there were doubts about the credibility of the threat, with some experts suggesting it was part of a Russian law enforcement sting. "Our researchers have been pouring into this and what they have found, they actually found somewhere between 300 to 500 devices in the U.S. that have actually been infected with the particular malware that this individual is talking about," said Pat Calhoun, a senior vice president at McAfee. "That, combined with some additional research we’re doing, has led us to believe this is true. This is actually a real operation that this individual is planning to launch sometime before spring 2013." The McAfee report states, "The targets are U.S. banks, with the victims dispersed across various U.S. cities, according to the telemetry data. Thus this group will likely remain focused on U.S. banks and making fraudulent transactions." Calhoun said that McAfee has access to the malware and, through reverse engineering, has learned much about its capability and targets. "We see the IP addresses and names of banks and so on or references to URLs." Calhoun said the behavior of the Trojan suggests it is a variant of a previous known strain called Gozi. RSA labeled this latest version, Gozi Prinimalka. But it's a tedious task dissecting the malware, and the company is still trying to figure out how it would create fraudulent bank transactions, Calhoun said. Based on their analysis, the McAfee researchers believe the plan is to attack a small group of bank customers.
Background image of page 1
"This strategy is necessary if the attackers hope to succeed in transferring several million dollars over the course of the project," the report states. "A limited number of infections reduces the malware's footprint and makes it hard for network defenses to detect its activities." But Calhoun said the fact the malware has been detected allows for a defense to be mounted. "Since we know about it, we will be able to protect against it," Calhoun said. "We're working very closely with law enforcement and a lot of the potential targets to make sure they understand this and know how to behave or how to protect themselves against it." Wells Fargo, the only financial institution to respond to questions about preparations it might be taking to thwart the potential attack, said it was watching for the threat. "Security is core to our mission and safeguarding our customers' information is at the foundation of all we do," Wells Fargo said in a statement. "We constantly monitor the environment, assess potential threats, and take action as warranted." The Department of Homeland Security, which takes the lead for the government on cyber security issues, had no comment on the McAfee report or Project Blitzkrieg.
Background image of page 2

End of preview

Answered by Expert Tutors
1 Attachment
Cyber security.docx
docx
Subject: Business, Finance
China's cyber war Washington Post Editorial Board, Published: December 15, 2011 CHINA IS waging a quiet, mostly invisible but massive cyber war
Get unstuck

303,122 students got unstuck by Course
Hero in the last week

step by step solutions

Our Expert Tutors provide step by step solutions to help you excel in your courses