A Discussion of Cybersecurity Today



Cybersecurity is an umbrella term that incorporates different IT strategies that protect networks:

  1. Identity Management - validates individuals accessing the network to verify that they are who they say they are; monitors activity on the network

  2. Risk Management - identifies network vulnerabilities and threats preemptively; determines appropriate countermeasures based on the sensitivity of data

  3. Incident Management - execute responses when security events threaten the network

These strategies together create the framework for cybersecurity through which we will investigate our cyberinfrastructure and recommend courses of action.


What is Cybersecurity?

“Cybersecurity risks pose some of the most serious economic and national security challenges of the 21st Century.”

    -White House 2009 Cyberspace

      Policy Review (source)

“We are building our lives around our wired and wireless networks.  The question is, are we ready to work together to defend them?”

    -FBI (source)

Huge Breach at Princeton, N.J. Payment Processor, 2008

A data breach at Heartland Payment Systems compromised tens of millions of credit and debit card transactions.  Heartland processes transactions for MasterCard and Visa.  They found a piece of malicious software planted within the company’s processing network that would record card data as it was being sent for processing.  The software would steal names, credit and debit card numbers, and expiration dates.  The data stolen included the information encoded into the magnetic stripe built onto cards, which allows for the construction of counterfeit cards.  While this was a huge and surprising breach, the most surprising thing is how nearby it happened.  Heartland Payment Systems is located at 90 Nassau St. in Princeton. (source)

U.S. Student Hackers Participate in Cybersecurity Competition, 2010

Teams of high school students across the country gathered at the seventh Annual Cyber Security Awareness Week competition to fight for scholarships and prizes by solving simulated cybersecurity issues.  The CIA and NSA watched the approximately 300 gifted students compete, reflecting encouragement from government sources.  Recruiters from the government believe that these sorts of competitions are crucial to take would-be cyber-criminals and turn them into highly sophisticated cyber-defenders.  The hosts of the competition stated that they are trying to change the negative image of a hacker and encourage gifted students to become the “good guys” in the battle over cyberspace.  These sorts of small gestures can begin to build the framework by which cybersecurity can become a more important part of our actions and attitude as a nation.  (source)

Lockheed Martin and Carnegie Mellon Team Up to Work on Cybersecurity, 2011

Lockheed Martin is the largest provider of federal government information technology.  Carnegie Mellon is home to CyLab, one of the largest cyber security research and education centers in the world.  Lockheed Martin has opened a new lab space near Carnegie Mellon’s campus, where the two will work together to research concepts and technologies to improve upon our current cyber-operations and cyberinfrastructure.  The advanced research being conducted in this partnership between private enterprise and researchers will help provide government agencies with stronger protection against cyberattacks.  This can be seen as an example of a public-private partnership, since Lockheed Martin works so closely with the government and funding is coming from both public resources and private investment.  This partnership demonstrates the gradual shift occurring in the U.S. as the government and firms realize how crucial cybersecurity is.  We hope to see more partnerships and research collaborations like this in the future in order to achieve our cybersecurity goals.  (source)

Current Events

What is Cyberinfrastructure?

Cyberinfrastructure consists of our data acquisition, data storage, data management, data mining, and other computing and information processing services that take place over digital communication lines (e.g. the Internet) for consumers, businesses, and governments.  Cyberinfrastructure consists of both physical and non-physical structures.

A Technology and Society Approach

“Cyberspace underpins almost every facet of modern society and provides critical support for the US economy, civil infrastructure, public safety, and national security.”

    -White House 2009

      Cyberspace Policy Review    


We can consider cybersecurity and the issues surrounding it through a technology and society approach:

Innovation and Maturation

The interconnectedness of our society has increased at an alarming rate in recent decades.  Along with this innovation in the Internet and information technology comes issues of security.  President Obama has noted, “The digital infrastructure’s architecture was driven more by considerations of interoperability and efficiency than of security” (source).  This growth is the innovation, but increases in security may be the much needed maturation, as rises in interconnectivity have exposed us to a new array of risks and dangers.  We must consider how to innovate new cybersecurity measures, both practices and technologies to combat cybercriminals and attacks.

Systems and Standardization

The Internet and our information systems are very complex, interconnected systems, and often weaknesses exist because of a lack of standardization or understanding of the system.  In order to improve our cybersecurity, it is important to address the issues in our current system and identify where weaknesses lie.  Are firewalls and encryption methods as effective as we like to think?  Evidence says that we may be too reliant and trusting of these security measures.  We can consider a possible role for standardization to play in the process in order to prevent weaknesses.  The government is currently working, via means such as Obama’s recently appointed Cyber-Security Coordinator, on strengthening our domestic networks.

Risk and Failure

Since the world of cybersecurity is very new, many of the risks and much of our understanding of it comes from examples of failures and breaches that have taken place already.  Our “Case Studies” page uses examples of failures to illuminate some of the possible risks that exist in our cyberinfrastructure, whether it is for business, government, or individuals.  In the field of cybersecurity, solutions have not been particularly proactive as of yet - often security measures are taken only as a response to previous failures.  There is a difficultly in identifying risks since breaches are not always easy to identify, and so we must investigate new ways of encourage involved parties to notice their vulnerabilities and take appropriate action to prevent failure.

Ethics and Expertise

Ethics has become a serious issue in cyberspace recently.  The Internet is fabulous tool for free communication and exchange, but if people are at risk, does the government have a right to be involved?  In order to increase their own cybersecurity, people on the Internet may have to give up some of the freedoms that have traditionally come with access to cyberspace.  There is also an issue with expertise - do businesses not know what is best for themselves when it comes to investing in cybersecurity?  We believe there are market externalities that the government can act on fixing, since companies tend to underestimate their cybersecurity risk.  But who is the expert at estimating these risks?  Cyberattacks are hard to track and it is very difficult to obtain an accurate estimate of the damage caused, making it difficult, by a technology and society approach, to understand the full effect.  Without understanding the level of harm being caused, there are inherent issues when determining the proper expert and ethical response.

Our Goal and Argument

We will see, over the investigation in this website, that a technology and society approach leads to a recommendation of certain actions.  While we do not recommend giving the government full control of our cybernetworks, it is important for the government to partner with other involved parties (private firms and individuals) to increase awareness of the risks involved in information technology so we can encourage more action in the future as research continues on the topic.  We will argue that society seems to be moving in the right direction when it comes to cybersecurity, but we still tend to underestimate the risk and more action must be taken.  While the nature of cyberinfrastructure does not lend itself to drastic, immediate changes, we need to start encouraging more attention be paid to cybersecurity, hopefully before a huge breach forces us to pay attention.