This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.
96. There is a need for a strategy to counter the threat of cyber terrorism at various levels as discussed earlier. As this study focuses on the threat to Global economy and especially measures to be taken by private corporations, it is not taking into account offensive counter measures. A recommended strategy or an approach is discussed in the succeeding paras.
97. Mitigation Strategy. A comprehensive plan to counter threat of Cyber terrorism should include the following[i]:-
- Be Proactive. Organizations and the general public should be more proactive in dealing with cyber terrorism issues by keeping up to date on the latest information related to threats, vulnerabilities and incidents and they should be more committed in improving their information security posture. Organizations should always be looking to improve upon their existing security infrastructure. Organizations should deploy multi-level security architecture instead of the single-tier ones in order to protect themselves better. Critical activities such as security audits should be performed more often to reduce redundancies in the security implementation.
- Security Organizations at National Level. There is a need for a cyber security centre at National level with primary roles as conducting cyber security research, developing performance standards, fostering public-private sector communication and information analysis and infrastructure protection.
- Sharing of cyber intelligence data/information for, enhancement of defensive electronic security and private/public partnerships.
- International Cooperation. Governments have a great role to play in facilitating cross-border co-operation in putting in place legislation and treaties that would serve as effective checks on cyber-terrorism. An "International Protocol" should be signed by all nations to effectively combat cyber-terrorism, appropriate legislation, based on agreed international codes, to regulate the use of the Internet without unduly compromising the privacy of individuals.
- Develop Best Security Practices. Organizations should ensure that they develop and deploy a tested set of best security practices. To start with they should adopt existing international standard guidelines for information security such as ISO17799 or BS7799. These standards provide the detailed steps that should be taken to secure organizations from an information security standpoint.
- Increase Security Awareness. It is important to increase the awareness on cyber terrorism issues to the masses; it would assist in developing communities that are more proactive in dealing with information security issues. Security training programs can assist people to equip themselves with the right skills and knowledge that are needed to protect their computer and networks systems effectively.
- Strict Cyber Laws. This would assist in controlling cyber terrorism attacks as terrorist will rethink about their actions. Also it will encourage the development of efficient cyber security practices.
- Establish Business Continuity and Disaster Recovery Plans.
- Cooperation with Various Firms and Working Groups. Organizations as well as the general public should establish working relationships or arrangements with public and private bodies that could assist with various issues related to cyber terrorism. Thus by exchanging information on such issues on a regular basis, it would create a pool of much needed experts in the field of cyber terrorism in order to increase resistance in general from such attacks.
- Encourage Research And Development for Indigenisation. Organizations especially from the public sector should support research and development activities of personalized security tools such as firewalls and IDS. The main advantage of pursuing this approach rather than buying off the shelf product is that it will leave the perpetrators in the dark over the actual capabilities that the targets possess and reduce the risk of any software company being exploited by terrorist organizations.
- Technical Treatment of Computer Attacks. Following strategy for technical treatment of computer attacks may be followed:-
Business continuity and disaster recovery plans should be in place in all organizations to included incident response activities and should involve two main activities of repair and restoration to fix the problem and restoration with pre-specified arrangements with hardware, software and service vendors, emergency services, public utilities and others.
- Clear and consistent information security policies and procedures.
- Vulnerability assessments to identify security weaknesses at individual installations.
- Correction of identified network/system security weaknesses.
- Reporting of attacks to help better identification and communicate vulnerabilities and necessary corrective actions.
- Damage assessments to re-establish the integrity of information compromised by an attacker.
- Awareness training to ensure that computer users understand the security risks associated with networked computers and practice good security.
- Assurance that network managers and system administrators have sufficient time and training to do their jobs.
- Prudent use of firewalls, smartcards and other technical solutions.
- An incident response capability to aggressively detect and react to attacks and track and prosecute attackers.
98. No security system is foolproof, however the process has to be dynamic and protective measures needs to be updated depending upon the emerging nature of threat and also there is a need for less dependence on an automated system for critical national infrastructure and the need for human oversight and intervention.
99. This dissertation has endeavoured to analyse as to how much the global economy is dependent on IT in the new era of globalization, to what extent are the economic infrastructure vulnerable to the threat of cyber terrorism and the efficacy of existing strategy to counter this threat before suggesting a mitigation strategy.
100. Technology has revolutionized the means available to the terrorists and globalization has increased the vulnerability of every individual. Terrorists are extensively using the cyber space to instill fear amongst the societies. What is important is to identify and make sure our vulnerabilities are not exposed and we do not fall prey to cyber terrorists. With the implementation of strategic security measures, increase in the number of user education and awareness training programs, and more collaboration between the industry, government and the general public, we would be able to protect ourselves better. The battle against cyber terrorism is going to be continuous one and we must be prepared to focus more on the aspect of information security when performing the various activities in our daily lives.
101. Presently attacks on information infrastructure that have been so far detected, are mostly the handiwork of amateurs and, as non-state actors and rouge states realise the potential of use of cyber space, disaster is in the offing. However it is not advisable for any risk management approach to merely disregard the threats discussed on the basis that they are far-fetched and fanciful. As competition between corporations for profit increase, and consumer expectations grow, there may soon be a time that, for some corporations, even a limited disablement may be fatal or nearly so to its continued existence. Now is the time for nations to formulate strategies and allocate funds to ensure security of critical infrastructure, to include, transport system, telecommunications, banking, stock market, research laboratories and sectors dependent on information systems.
102. Even though use of cyber space for acts of terrorism is a new form of threat, it has proved to be a very challenging one. So far, significant progress has been made through industry and government initiatives in many countries to protect against cyber attacks. Security is not a onetime model. It is dynamic as the existing pattern of actual Cyber terrorism attacks does not provide a clear basis for predicting the nature of futuristic probable attacks. It, therefore, mandates a constant review and an ongoing research agenda. However, the implementation of strategic security measures and improved working relationships among the various bodies including the industry, the government and the general public provide all of us a strong hope of countering this threat. Cyber Terrorism is here to stay and will be the means of future war and massive efforts are required to protect the critical infrastructure which form the basis of global economy and hence safeguard nations' interest.
- Toby Blyth, op. cit.