Cybersecurity Issues

 
 

Cyberinfrastructure is a piece of technology that is too large  and interconnected to be be managed by an individual, business or even government.  It is a tool that everyone has access to in many forms.  In this sense, cybersecurity is a public good.  There are certain externalities in the field: questions arise over who is responsible to take care of a risk that undoubtedly affects us all.  In turn, who is responsible for the costs when it fails to serve its purpose, affecting multiple people?  The benefits and potential costs of a healthy cyberinfrastructure are great and shared by all. 


Interconnectivity

One of the aspects of cyberinfrastructure that makes the challenges of cybersecurity unique is the magnitude of contributors and participants on any given network.  Through this piece of technology so many different kinds of people, and people who do not know each other, rely on each other to prevent communicable cyber bugs from being shared; it is often hard to differentiate between victims and perpetrators of cyber attacks.  The many opportunities that come from being able to collaborate with millions of network users comes with the risks of anonymity and difficulty of regulating. 


Intangibility

One of the biggest issues with addressing cybersecurity is that it is very hard to see and measure.  An attack could occur without any affected party being aware that information was taken or compromised.  Someone can propagate a virus or be a DDoS agent or carry a worm without noticing.  Additionally, because of how quickly and anonymously cyberattacks travel, it is very difficult for government and other interested parties to track the prevalence of cyberattacks in order to best address the issues they create.


 

Cybersecurity as a Public Good

Distributed Denial of Service Attacks

Stats

(source)

Issues in Cybersecurity

Identity Management - It is often difficult to determine if identity has been compromised; there is no immediate affect when identity is compromised.  Additionally, identity breaches are often impossible to track, since the purpose behind them is that the network cannot differentiate between the real you and the impostor.


Risk Management - Affected parties are often unsure of how much they suffer because of cyberattacks and, even if they are aware of their losses, they often do not invest properly because of the intangibility of cyberspace.  Many companies do not adequately value their cybersecurity and do not manage their risk appropriately because of this.  A lack of public knowledge and education leads people to believe that they are not at risk - it is often this people who become accidental carries of worms or viruses.


Incident Management - Most businesses, individuals, and the federal government are entirely unprepared for a large scale security breach.  Because very few breaches of significant, life-altering magnitude have occurred to our federal networks, the U.S. government has not properly managed its resources for a large-scale incident.  Incident management in cybersecurity can be difficult because we are still not sure how a large breach will come to exist and what it will affect.  Often government actions are reactive instead of proactive, but if we continue to expand and depend on our cyberinfrastructure, the damage done by a large attack could be absolutely devastating if the government does not plan ahead.

Basic Email-Transferred Viruses

The Pathway of a Computer Worm

Food for Thought!

Cybersecurity has some issues similar with

typical security: a truly robust cybernetwork cannot

even be compromised by the employees who build or monitor it, much like how a single employee cannot cause a nuclear meltdown at a power plant.  One notable case study is that of a disgruntled AT&T employee who left the company with a laptop containing social security numbers and personal information of employees.  He was a security employee, usually responsible for keeping this information safe, but this led to a breach for the company.