Page 64 - Cyber Warnings
P. 64
Khoo, Harris, and Hartman (2010) stated that enterprises have become reliant on the
internet for their information infrastructure. Khoo et al. also stated that businesses realize that
security goes beyond technical issues. Other issues like confidentiality, integrity, and the
availability of information are critical to the organization’s success. Keeping information secure
for customers is a top priority. As more organizations use the information infrastructure that
uses the internet, it becomes a need for legislation to secure cyber space is also important.
Research concerning systems security provides an understanding that although security
has become more of a priority to organizations, but for other organizations, security is not a
simple task and organizations struggle with how to secure the system over the long-term. In
fact, many organizations have misconceptions of what systems security actually means. Also,
many organizations treat systems security as separate from other projects. Unfortunately, the
DoD is one organization that does not see security systems as a project (Morris, 2012).
Data Collection
Two case studies were analyzed for this study that had major breaches in security at
some time in the last 13 years. A comparison was made between the Department of Defense
(2001) and the Veteran’s Administration (2013) to understand how the breaches had occurred
and what could be done.
Department of Defense
At the Department of Defense (DoD), a code red worm attack on the White House
infected over 395,000 Internet and client systems in 2001. This attack happened in 14 hours
because of several vulnerabilities in the federal government’s hosting and general systems. The
attack also created $2.6 billion in damages, while infecting 2,000 host systems per minute
(Miller, 2013). The DoD used trace analysis results obtained from data collecting and using a
global detection worm spread.
The global detection worm spread examined all host systems and their infected
properties in all geographical locations, and examined Internet service providers (ISP) and top
domains. Results showed that the code red worm was focused mostly on small business and
home-based systems, and it leached into the White House because of weaknesses in the
federal government host systems (Miller, 2013).
Veteran’s Administration
The Veteran’s Administration experienced a breach due to poor implementation of the
C&A program. The breach happened in 2013 and was the result of an employee’s actions. Jerry
Davis was a deputy assistant secretary for the VA’s office of Information Technology. He stated
in documents obtained by Federal New Radio, that he was forced to rubber stamp 250 security
certification for IT agency systems (Miller, 2013). Davis would later suggest, in a letter to
Congress, that he did not want to sign the documents because he did not think the C&A process
was secure. Davis said he did what was required as a condition for release from the VA to take
a job as the CIO of NASA Ames in Moffet Field, CA.
64 Cyber Warnings E-Magazine – September 2016 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
