Security

1. Cyberwarfare refers to politically motivated hacking to conduct sabotage and espionage. It is a form of information warfare sometimes seen as analogous to conventional warfare, and in 2013 was, for the first time, considered a larger threat than Al Qaeda or terrorism, by many U. S. intelligence officials.
2. U. S. government security expert Richard A. Clarke, in his book Cyber War (May 2010), defines “cyberwarfare” as “actions by a nation-state to penetrate another nation’s computers or networks for the purposes of causing damage or disruption. The Economist describes cyberspace as “the fifth domain of warfare,” and William J. Lynn, U. S. Deputy Secretary of Defense, states that “as a doctrinal matter, the Pentagon has formally recognized cyberspace as a new domain in warfare . . . [which] has become just as critical to military operations as land, sea, air, and space. “
3. In 2009, President Barack Obama declared America’s digital infrastructure to be a “strategic national asset,” and in May 2010 the Pentagon set up its new U. S. Cyber Command, headed by General Keith B.

Alexander, director of the National Security Agency (NSA), to defend American military networks and attack other countries’ systems. The EU has set up ENISA (European Network and Information Security Agency) which is headed by Prof. Udo Helmbrecht and there are now further plans to significantly expand ENISA’s capabilities. The United Kingdom has also set up a cyber-security and “operations centre” based in Government Communications Headquarters (GCHQ), the British equivalent of the NSA. In the U. S. owever, Cyber Command is only set up to protect the military, whereas the government and corporate infrastructures are primarily the responsibility respectively of the Department of Homeland Security and private companies. In February 2010, top American lawmakers warned that the “threat of a crippling attack on telecommunications and computer networks was sharply on the rise. “According to The Lipman Report, numerous key sectors of the U. S. economy along with that of other nations, are currently at risk, including yber threats to public and private facilities, banking and finance, transportation, manufacturing, medical, education and government, all of which are now dependent on computers for daily operations. In 2009, President Obama stated that “cyber intruders have probed our electrical grids. “

The Economist writes that China has plans of “winning informationised wars by the mid-21st century”. They note that other countries are likewise organizing for cyberwar, among them Russia, Israel and North Korea. Iran boasts of having the world’s second-largest cyber-army.

James Gosler, a government cybersecurity specialist, worries that the U. S. has a severe shortage of computer security specialists, estimating that there are only about 1,000 qualified people in the country today, but needs a force of 20,000 to 30,000 skilled experts. At the July 2010 Black Hat computer security conference, Michael Hayden, former deputy director of national intelligence, challenged thousands of attendees to help devise ways to “reshape the Internet’s security architecture”, explaining, “You guys made the cyberworld look like the north German plain. “

Assignment 2. “Prepare a written briefing for a Board (you can choose any company real or imaginary) explaining why they should increase or decrease their security in relation to the threat of terrorism. ” BRIEFING ON THE THREAT OF TERRORISM POSED TOWARDS TELECOMS ORGANISATIONS OPERATING IN AFRICA Purpose: The purpose of this briefing note is to present an overview of terrorist threats within Africa, spesifically towards the Vodacom organisation operating in the Democtratic Republic of Congo (DRC) and to make recommendations on how to mitigate the risk.

Background: Terrorism: “the United Nations General Assembly has condemned terrorist acts using the following political description of terrorism: “Criminal acts intended or calculated to provoke a state of terror in the general public, a group of persons or particular persons for political purposes are in any circumstance unjustifiable, whatever the considerations of a political, philosophical, ideological, racial, ethnic, religious or any other nature that may be invoked to justify them. http://en. wikipedia. org/wiki/Definitions_of_terrorism Terrorism has become a global threat and is not just confined to the theatre of war, it is also not only targeted at nations involved in those conflicts like the United States (9/11) and Great Britain (the July 7 London Bombings) but also with any nation and organization that is seen as an ally of such nations.

ESICS Briefing on THE TERRORISM THREAT LINKED TO THE LIBYAN CRISIS states “obviously on the top of the list of likely targets for Colonel Gaddafi are the United Kingdom and France, they are closely followed by the United States (an old and usual enemy of Libya but also by the Arab countries taking part in the coalition, every single national participating in the operations could be seen as a legitimate target. ” In stating this the point that I am making is, although Vodacom is a South African operation, we must take into concideration that Vodafone, a British entity is our major hareholder and the building where our head office is located, Building Gulf Oil is an American institution. Thus it would be a grave mistake to make the assumption that the company cannot be seen as a target of militant action and sensationalism. Current Situation: STRATEGIC ENVIRONMENT Emerging Terrorist Networks “As al-Qaeda has syndicated its ideology and violence, its affiliates and adherents in Africa and the Arabian Peninsula have become increasingly networked and adaptable in their recruiting, training, financing, and operations.

Violent extremist organizations, insurgents, and criminal organizations are exploiting weak governance and under-governed spaces, and remain determined to harm the United States, our partners and Allies, and innocent civilians. ” General Carter Ham, USA Commander, USA Africa Command in his address to the Senate of Armed Services Committee, 2 March 2013(sic). Terrorist organisations are operating in numerous African countries now including but not limited to: Country| Active Terrorist Networks (only major listed)|

Cameroon| Al Qaeda – Movement for Democracy and Development (MDD)| Chad| Al Qaeda – Movement for Democracy and Justice in Chad (MDJC) +2| Egypt| Al Qaeda + 11| Eritrea| Al Qaeda – Eritrean Islamic Jihad Movement (EIJH)| Ethiopia| Al Qaeda – Ethiopian Islamic Jihad Movement (EIJH) + 6| Kenya| Al Qaeda – Al Shabaab| Libya| Al Qaeda – Libyan Islamic Fighting Group (LIFG)| Morocco| Al Qaeda – Moroccan Combatant Islamic Group (MCIG)| Nigeria| Al Qaeda – Boko Haram| Somalia| Al Qaeda – Al-Shabaab| Sudan | Al Qaeda – Sudan People Liberation Army (SPLA) – Hezbollah| Syria| Al Qaeda – Al Nusra| Tanzania| Al Qaeda – People Liberation Party|

Zambia| Riyadus-Salikhin Reconnaissance – Al Nusra| Source: http://en. wikipedia. org/wiki/Terrorism and www. crimicweb. org “The Horn of Africa is Africa’s bridge to the Middle East. That fact explains much about the complex interrelationships between differing Islamic cultures within Africa, from east to west. ” (John Harbeson, The War on Terrorism in Africa; Princeton N. Lyman from Africa in World Politics p7) Vodacom Congo has up till now not considered terrorism to be a significant threat to business operations but rather conventional security threats as in fire, arson, bomb threats and armed robbery to name but a few.

Recommendations: The risk management department recommends that the company review all emergency response, disaster recovery and business continuity protocols. Establishing contingency plans is suggested; general training for all employees would result in more efficient response should an emergency occur and is highly recommended. It is imperative that all security measures are reevaluated and a gap analysis be conducted. Recommended areas where improvements are needed: * Access and egress control policies should be enforced for effective visitor control and especially with vehicles entering premises and deliveries of parcels. Do an assessment of all CCTV and monitoring services and place additional cameras where needed. * At the moment the local security service provider is ill equipped, there are no personal body scanners available at the building entrances. * There is no equipment available to search vehicles, i. e. stemmed mirrors etc. * Retraining of security personnel, the security officers have not been trained on what to look for and how to search vehicles and people properly. * General housekeeping, rubbish collection and building perimeters. (Security Management Bulletin no: 6.

Countermeasures of threats of terrorist action) Training for these officers should focus on the following types of terrorist attack: * Person borne IED (improvised explosive device) * Vehicle borne IED * Bombs directed against property and infrastructure, delivered in trucks, vehicles, packages, briefcases, laptop bags and also in postal items * Fire bombs using chemicals and incendiaries * Improvised mortar attacks * Riots and civil disturbance * Kidnapping for ransom and extortion * Armed robbery, fraud and credit card fraud for financing purposes * Assassination of key figures Security Management Bulletin no: 6. Countermeasures of threats of terrorist action) In a nutshell the security department should do a threat analysis and identify areas where the terrorist would want to: * Penetrate * Avoid * Exploit * Attack Jason A, 16 April 2013, Boston Marathon Bombings, in his briefing after the bombings, also suggest that it should be noted that due to the recent attacks in Boston, that security at airports across the United States and Great Britain has increased substantially. Business travelers are advised to allow extra time to get to the ticket counters and to their gates.

There are long queues at the check-in counter and the duration of the security process has increased due to additional random bag searches. Hotel security has increased as well; travelers are advised to adhere to corporate security policies as well as local policies. In saying that if employees travel to the United States or the United Kingdom for the purpose of visiting Vodacom’s parent company or any other business travel, it is advised to monitor local media for additional security measures. This will also apply to the other countries mentioned where known terrorist cells are operating. Conclusion

A school of thought that postulates “as major disasters never occur at a time or in a manner that may be anticipated, pre-catastrophe planning is futile” is a gross abdication of reponsibilty and cannot be supported. (Security Management bulletin 5. Disaster Planning) Vodacom Congo has clear ties with the United Kingdom due to alliances and shareholding agreements, Vodacom’s offices are located in a building owned by an American entity and the building is shared by Chevron Oil which is an American owned company, it would therefore be foolish not to recognize the direct threat to the company, it’s employees and assets. It would be surprising if many businesses and orginisations could avoid the consequences of terrorism at some time in their existance”. (Security management Bulletin 5. Disaster Planning) It is therefore imperative that urgent security focus is placed on the threat that terrorism poses to the company and its operations, large walk in customer care areas are prime targets where lots of people gather. A balance of security measure are very important to maintain a vigilant level of protection without creating too much discomfort to the employees, visitors, business partners and customers.

References Martin Gill, The Handbook of Security. 2006 The Security Institute. Security Management Bulletin 5. Emergency Procedures – Major Disasters. Rachel Briggs, R. and Edwards, C. The business of resilience. DEMOS 2006 The Security Institute. Security Management Bulletin No: 6. Countermeasures to threats of terrorist action. John Harbeson, The War on Terrorism in Africa; Princeton N. Lyman from Africa in World Politics p7 Human Rights Watch: In the name of security, www. hrw. org Wikipedia Website: http://en. ikipedia. org/wiki/Terrorism Michael Burleigh; Al-Qaeda and a Decade of Terror Andre Burstin; European Strategic Intelligence and Security Center (ESISC), Boko Haram and the Risk of Terrorism in Northern Cameroon; 01 April 2012 Claude Moniquet, European Strategic Intelligence and Security Center (ESISC), The Terrorist Threat Linked to the Libyan Crisis. 2011 Jason A; Boston Marathon Bombing, Aon Crisis Management Consulting/ Global Risk Consulting. p4 Subscriber Journal, 16 April 2013

 Introduction

Mobile devices such as smartphones, PDAs, tablets, and netbooks have become an integral part of everyday business operations. Millions of people log into their company’s secure network on mobile devices via wireless Internet or even accessing their email, making sensitive data more susceptible to data theft and hacking. Mobile technology is advancing at such a fast pace, making it harder for IT managers to keep up with newly emerging threats. Since the smartphone emerged in the business scene, cybercrime has increased exponentially.

Data security has now become the main focus for most IT managers in larger corporations. What are some of the risks associated with using mobile devices in business operations? Human error is the biggest risk associated with data security when it comes to using mobile devices. This is mostly due to loss of theft of a smartphone or other mobile device. In a study conducted in Washington DC last year, taxi drivers counted the number of mobile phones that were left behind in taxis over a six month period. Over eighty-three hundred phones were recovered.

That was almost twenty-five times the number of laptops that were left in the taxis during the same period. Although all corporate laptops are password protected, few have password protection on their mobile devices. (Phifer) “According to Credent Technologies, eighty-eight percent of mobile devices carry valuable information- from patient, customer and employee records, financial statements, and passwords,” (Phifer). Because so few people PIN-lock their phones, all of this sensitive data can easily fall in to the hands of a hacker.

Mobile users often auto save their username and passwords to avoid monotonous reentry. This gives the hacker access to any information available to theft victim. Another major risk associated with the use of mobile devices is mobile malware. Most mobile operating systems lack the anti-virus and other security feature that are found on laptops. This makes mobile devices susceptible to viruses such as Trojan and worms. Doombot is a Trojan virus that is designed to affect all mobile operating platforms such as Android, iOS, and blackberry. It is transferred through MMS and Bluetooth (Panda Security).

What are some techniques used by IT managers to minimize security risks with mobile devices? It is vitally important to the cyber security of a company for IT managers to constantly be assessing the security of their network. Some important steps managers are taking are education, visualization, conservative defaults, hard switching, and most importantly manager and employee training. Educating employees about the risks of using mobile devices is important because the human element poses the greatest risk to the cyber security of the company.

Its important for the firm to have a training program in place so all employees know how to protect themselves and the company. Visualization is also important in constant uphill battle of cyber security. Managers must constantly be looking for the latest threats against the network and try to find a solution before a breach occurs. Conservative default settings on the firm’s network prevent employees from viewing non-secure websites and also from downloading files from places from outside the company’s network.

This would allow employees to still download attached files from intra-company email but would prevent the downloading of files that might be infected with a virus. (Nykodym) IT managers also use outside contractors to monitor a company’s network security. Companies like BlueFire Mobile Security cater to the rapidly expanding reliance on mobile devices. Their services provide protection for lost or stolen devices, information encryption, and security while on the Internet. They also offer protection for a company’s wired network as well.

They provide intrusion prevention, firewall, authentication, and encryption for the entire network. Contracts with companies like BlueFire are often made with smaller firms or with firms who want to reduce the size and budget of their IT department. (Computer Security Update) How significant was the increase of cyber attacks when mobile devices became part of everyday life? Smartphones exploded on the business scene in the mid 2000s. They provided the convenience of accession of vital information from anywhere.

According to Sharia Panela’s article for GMA News , “between 2007 and 2012, small and medium businesses reported steadily increasing web attacks. Malware, phising, and other types of violation surged by 35 percent while email attacks soared by 12 percent” (Panela). All of these types of attacks are in a large part due to the lack of security on mobile devices. In Norton’s 2012 Cybercrime Report, the total price tag on consumer data cybercrime was $110,000,000,000. China leads the pack with a total loss of $46 billion and the Unites States coming in second with a total loss of $21 billion.

With Apps for everything from mobile banking to syncing work and personal email, people have more sensitive data on their phone than ever before. The Cybercrime report concludes with the changing face of cybercrime. The new frontier for hackers is social media websites and new mobile devices. (Palmer) Conclusion: With all of the new developments in cyber security hackers always seem to be one step ahead. Smartphones and other mobile devices have become such an important part of everyday business employees. These devices are a virtual candy store for hackers, a one-stop shop for all of the data stored on the device.

If the device is lost or stolen, it can be used to access the internal network of the firm and extract private data about customers or financial information. Mobile Security has come to the forefront of the IT department’s agenda in larger data driven firms. Although they implement measures to prevent security breaches, the human element is the most damning. Managers need to provide educational programs for their employees to learn about proper use of mobile devices on company networks.

Works Cited

1. “Computer Security Update. ” Computer Security Update. 8. 4 (2007): 1-4.
2. Web. 4 Nov. 2012. Nykodym, Nick. “Journal of Politics and Law. ” Journal of Politics and Law. 5. 1 (2012): 1-6.
3. Web. 4 Nov. 2012. Palmer, Adam. “Norton Cybercrime Report 2012. ” Norton Cybercrime Report 2012. (2012): n. page.
4. Web. 4 Nov. 2012. Panela, Sharia. “Personal gadgets raise risk of cybercrime in workplace. ” GMA News Online. GMA Network Inc. , 18 2012.
5. Web. 4 Nov 2012. Phifer, Lisa. “Business Communications Review. ” Business Communications Review. (2007): 23-25.
6. Web. 4 Nov. 2012. “Virus Encyclopedia . ” Panda Securities. Panda Worldwide

Possibility of a terrorist attack is real in any nation in the world more so in the United States and all other nation that seem to support our policies. Though this country has been a victim in the past we may not be in a position to guarantee that we can not be stricken again, it can happen anytime as the terrorist have been known to strike at the least expected time and in the least expected places.

I will be quick to point out that in the recent future there has been a trend as far as terrorist attacks are concerned. They have been targeting specific places with the most prone areas being the crowded areas. Their aim is to cause as much panic as possible. In the previous terror attacks lives has been lost and massive destruction of property witnessed in all these instances.

There have been growing fears that terrorist might strike key economic infrastructures in this country. This has caused great fear as such an attack could bring cascading and social impacts. In this paper I will describe a hypothetical nuclear terrorist attack giving a clear analysis on its effect on various aspects of American systems.

Nuclear attack has never been a comfortable subject in America, it is feared that such a thing would inflict damage that has never been witnessed in the American history. The fact remains that such an attack is possible in the American soil and the perpetrators of such an attack would be aiming to strike in an areas where they would cause the greatest damage ever having the kind of effects never seen before. The infrastructure in the picture would be one which carries a big number of people at one particular time; in this case I will assume an airport would be the key target.

At one given time there are beehive activities in the key airports in the country. Many people are traveling from one point to the other not forgetting that there are others who are permanently located in such a facility either as workers of a particular airline or even there to provide security for the passengers. The point is that the human traffic is always high. (Allison, G 2005)

If such an attack occurred ,it would be at the least expected time, though our country security systems have the mechanisms to detect terrorist intention and prevent them before they occur they are not always hundred percent accurate, therefore at times they might miss some of the details.

The attack given its nature would have catastrophic effects a whole airport might be destroyed as a result of the blast and fires; this would not spare the adjacent infrastrucres also. Deaths would be as a result of either as a result of the fire or due to the radiation poisoning that would occur given the nature of the attack.

The effects of such an attack would be devastating both in the short term and long time. The deaths that would occur from such a catastrophic incidence would be many given the target and the type of weapon that have been used. Nuclear weapons are very dangerous as they have very lethal effects not only on a short term period but also in the future due to the radioactive materials involved. It would pose a danger for those who were directly involved in the accident and also those who would come in to help in the evacuation process.

It is a kind of a situation that many would not want to imagine can happen in our country but given that nuclear technology is available in the so called the rogue states such an attack can occur in our soil. Evacuation would not just be a simple process since the chemicals involved are very dangerous, it would require some specialized equipment to avoid contamination of those involved. Such equipment does not come cheaply therefore the cost involved in the process would be high meaning this would have some serious economic implications in the future.

The massive destruction of property would occur meaning the important infrastructure would be destroyed paralyzing the entire operations of the airport and its adjacent premises. This would eventually affect the economic activities in the area and beyond since transport and other activities would be affected. Terror attacks bring some very unpleasant effects on those affected.

The terrorist intention is to make the targets psychologically tormented if not physically injured, nuclear terrorist attack would have even more effects given it nature, the effects would be long term as the chemicals involved are very dangerous, it would affect those who were present at the time of the incidence and also those who were not there and may come into contact with the radioactive rays emitted during the attack. (Leventhal, P and Yonah, A 1986)

The security systems of this country would be largely be affected knowing that such an attack would be hard to tackle as it might be impossible to send army to fight nuclear terrorists given that most of them are well organized groups which are sponsored by the rogue states. It would bring new challenges as far as war on terror is concerned.

This might not be unexpected but it poses a serious threat on our security system. They need to be up to the challenge, since they have concentrated too much energy fighting other type of terrorism such that much resource has not been used to address such an issue.

The system would have to prepare itself enough to meet the challenges posed b y this type of the welfare. They have to come up with the strategy to detect and prevent such a catastrophic attack in future.

A terrorist if this magnitude occurring in our country would definitely mean that our security system has been lapse as they were not able to detect it early. Given it nature which would require a lot of preparation before hand making it easy for the security personnel to smell a rat and take the necessary action.

The fact that it has occurred may most likely indicate that much was not done or some of them were involved. This would call for a serious mitigation measures to be taken so as to prevent such an attack in the future and if possible or as it should be, thorough security checks as provided by the law carried out to avoid such a disaster.