The US Central Command Network Breach of 2008 Research Paper

Introduction

The September 11, 2001 terrorist attacks in the United States marked a totally new chapter in the way the United States views and responds to the issues of national and international security. The attack resulted in a series of actions by the U.S government. These actions were meant to enhance the security of all people in the United States. One of the conclusive decisions that were reached at that time was the formation of the Department of Homeland Security (DHS) in 2002. However, several concerns have been raised about the ability of the DHS in preventing major incidences of terrorism from happening across the United States (Applebaum 57). This concern is mostly pegged to the fact that the strategies that are used by terrorists have changed.

Terrorists and terrorist groups continue to make use of soft technologies to enhance crime and terror on individuals and corporations. This implies a need to secure information technology networks and systems to prevent possible breaches of information technology in what specialists refer to as cyber security. One incidence that has raised concerns over the ability of the United States government and the Department of Homeland Security to enhance security is the U.S. Central Command Network Breach of 2008. This is considered to be one of the deadliest soft attacks on the security systems of the United States and it reflects the wider issue of cyber security in the United States.

Based on the U.S. Central Command Network Breach of 2008, this paper explores the whole complex issue of cyber security in the context of the United States security and intelligence strategies and homeland security and the neutralization of the threat of terrorism. Of greater essence in the paper is the exploration of critical developments arising from the incidence and findings that can act as a basis for developing recommendations for neutralizing cyber terrorism in the United States.

The paper begins by presenting an overview of the incidence; that is, U.S Central Command Network Breach of 2008. This is followed by an exploration of different issues and cases of cyber security in the United States. In the exploration of these issues and cases, critical points are noted in line with the possibility of improving homeland security through the adoption of better strategies of dealing with cyber terrorism.

An overview of the U.S. Central Command Network Breach of 2008

As observed in the introduction, a substantial number of analysts in the field of international security consider the U.S. Central Command Network Breach of 2008 as one of the deadliest security attacks on the United States security system. This is based on the argument that the attack denoted the vulnerability of the security system of the United States to acts of terror, irrespective of the number of security policies that had been advanced after the September 11 attacks.

Lynn III (para. 1), observed that the attack, which compromised the computer networks of the United States Department of defense, resulted from the insertion of an infected flash drive into a United States’ military laptop at a US military base in the Middle East. It should be noted that the computer network of the United States security organs is considered to be extremely secure and confidential because they harbor classified information on military strategies and operations.

The infectious code uploaded itself and spread through the network of computers operated by the US Central Command. It is argued that the flash disk was placed in the computer by a foreign intelligence agency. The malicious code disseminated into the other systems to cause a ‘digital beachhead’. This means that data could be transferred with ease to servers that were under foreign control. This resulted in a lot of fear and panic over the amount of information that had been easily accessed by the adversaries.

According to Lynn III (para. 3), there have been a series of other attacks and data breaches on the security systems of the United States. Such attacks date back to 2000. The magnitude of the 2008 attack was higher, that is why it raised an alarm not only in the United States, but also across the entire world. Verton (12) observed that the Department of Homeland Security has been confronting issues of data security breaches since its establishment in 2002. The implication of this observation is that adversaries, through data breaches, have managed to acquire a substantial amount of information not only from the security networks of the United States, but also from the security networks of several other US allies (Verton (12). Thus, according to Lynn III (para. 4), the efforts of the Department of Homeland Security to secure the networks was put to real test in 2008.

Owing to the magnitude of the breach, it has been argued by a substantial number of commentators in the field of international security that cyber terrorism continues to be a challenge to the security organs in the United States. The United States, through the DHS, continues to develop and implement various initiatives. These initiatives are geared at ensuring that the security of the United States is guaranteed in this digital age (Lynn III para. 4). Even as billions of dollars are spent by the DHS in ensuring that the entire US is free from terrorism, the risks that are associated with cyber and other forms of terrorism continues to rise. This raises questions on the approach that needs to be taken in the fight against cyber terrorism. The development of better information systems and objective intelligence organs remains to be a priority for the United States when it comes to combating cyber and other forms of terrorism in the country (Applebaum 57).

Understanding cyberspace and crime

To understand cyber crime, one must be able to comprehend the cyber environment. Within the realms of security, it is important to understand that cyberspace is a space that invites many users. It is in itself an international space. Being an international space means that there are a lot of players from across the world who are free to operate in this space. Therefore, any domestic legislation that governs the operation in the cyberspace has to comply with the international statutes. In most cases, the deployment of the military intelligence to defend this space is considered to be illegal.

This argument results from the observation that the military embraces acts of espionage in its bid to defend operations in the cyberspace. However, it is apparent that incorporating attributes of cyber security within the international law is quite daunting because of the complexity of the cyberspace. The level of vulnerability of countries’ security and other networks invites countries to implement their own policies and decisions to protect their interests when it comes to the use of the cyberspace (O’Connell 187).

What countries need to do is to ensure that they minimize sets of actions that can cause further cyber breaches as they attempt to protect their networks and security systems from cyber crime. This means that the use of offensive tactics is undesirable, especially when countries use their military to patrol the cyberspace, yet it is quite hard to minimize the possible use of such tactics when military intelligence is deployed (O’Connell 187-189). There are many pointers to the fact that the war on cyber terrorism is being militarized. This makes the war on cyber terrorism more complex to deal with as acts of espionage are invited into the cyber security missions such as the U.S. Central Command Network Breach of 2008 (O’Connell 195).

According to Bucci, Rosenzweig and Inserra (para. 3), the competition between the United States and other countries is quite high. This means that countries can use terrorist groups and other criminal organizations to further their agendas in the cyberspace. This depicts a new dimension to the whole issue of cyber security.

Cyber security in the United States

Bucci, Rosenzweig and Inserra (para. 1) observed that the United States faces a lot of challenges from the threats that come from cyber terrorism. The freedom of the United States’ citizens to advance online transactions and the economic viability of businesses in the United States is also greatly hampered due to the threats of cyber breaches. The freedom and privacy of individuals and organizations has to be harnessed through a set of incisive policies.

Failure to take incisive action results in further exposure of individuals and organizations to the risks of cybercrime. This jeopardizes the potential of individuals and other organizations to benefit from the online platform. Data breaches are not only advanced by terror groups, but also other countries as depicted by the competition for power and supremacy between the United States and other countries in the world, like Iran and China, among others.

The increase in the incidences of cyber terrorism as pointed out by the commentary on the U.S. Central Command Network Breach of 2008 does not indicate a massive failure of the U.S. intelligence, but it points to the need for the Department of Homeland Security to approach the problem from a broader perspective. This is a bid to seek for more effective ways of reducing the rampant cases of data breaches. As of today, the problem of cyber terrorism has spilt to the economic sector where data breaches in company database results in loss of billions of dollars.

Therefore, the changing scope of cyber terror is a pointer to the fact that the Department of Homeland Security needs to be proactive in terms of the nature of cyber security policies and strategies on cyber security. The policies and strategies could play a critical role in limiting the level of exposure of government and private agencies and organizations to cyber terrorism (“Cybersecurity Cyber Breaches Hit 90% Of U.S. Firms” 8).

The broadening cases of cyber terrorism in the United States

According to a survey that was conducted in the United States to ascertain the rate of cyber breaches, 90 percent of businesses in the United States have experienced cyber breaches. The percentage covers only the 12 month period under which the survey was done. According to the survey that was sponsored by Jupiter Network, the costs for 41 percent of afflicted firms were approximated at $500,000.

Incidences of cyber breaches seemed to be on the rise, with 77 percent of the respondents in the survey arguing that it was becoming harder to detect and control such attacks. All kinds of businesses are vulnerable to cyber attacks. The results of the study further indicate that the resilience of many business organizations to cyber attacks remains quite low due to the fact that most firms are ill equipped when it comes to preventing cyber breaches on their enterprises and network systems. Also, cyber terrorists target different types of information technology tools like laptops and cell phones (“Cybersecurity Cyber Breaches Hit 90% Of U.S. Firms” 8).

The survey coincides with the research by Schreier (7), who observed that terrorism has been largely extended to the cyberspace at an alarming pace. The cyberspace has been converted into a conflict theatre as different forms of conflicts, which include political, military and of late economic conflicts, being manifested in the cyberspace. Hacking of computers and servers is a commonly reported phenomenon in the contemporary political economy. This reflects the broadening scale of soft violence and the difficulty to stop such violence, despite the fact that it poses serious concerns over the safety of firms and individual citizens (Schreier 7).

According to Schreier (9), cyber espionage has become a routine activity by different groups and is considered to be an expansion of the ancient efforts to gather information on the intentions, capabilities, and the secrets of the opponent. In the contemporary politicized world, opponents refer to political targets or enemies. At any given level, cyber espionage entails the search for personal, classified, and corporate data, as well as information on patents and intellectual property rights. Cyber terrorists often manipulate the data to fit the course that they are pursuing.

These breaches result in a negative impact on the sustainability of the targeted organizations and individuals. The sensitive information that is accessed by the adversaries can be used against the targets. This means that, to a larger extent, the actions of the targets are weighed down by the adversaries. Acts of cyber espionage are much more pervasive compared to cyber warfare. This observation comes from the assessment of the impacts of access and publication of 250,000 classified US embassy cables in 2010 by WikiLeaks. This denoted another major breach on Government data since the 2008 Central Command Network Breach (Schreier 9).

The ability of the United States to defend and assure its citizens of security depends on its ability to attain cyber power. As research denotes an increase in cyber breaches, a lot of concerns are raised over the ability to secure the cyber environment in the United States. According to Schreier (14), cyber power is the ability to control the events in the cyberspace. This, in turn, enables a country to use the cyberspace to its advantage; influencing events in the operational environment, thereby helping the country to meet the security objectives.

This means that to claim cyber power, a given government must have the capacity to neutralize the potential of adversaries to comprehend and control any form of operations in the cyber space. This just shows how this is a security burden considering the fact that the adversaries are in their own ways masteries of the Information Technology Systems and continue to use their potential to mount attacks in the cyberspace, such as the case of the Central Command Network Breach and an array of other incidences of cyber breaches that have been witnessed thereafter.

According to Glenny and Kavanagh (287), most people across the world are unable to keep up with the pace of technological developments across the cyberspace. In addition, the diplomatic tactics that are deployed by different countries seem incapable of dealing with the challenges that are posed to military and intelligence agencies by the people who advance offensive acts in the cyberspace. The growth in inter-country probing over the network and cyber data breaches has also taken a center stage in the fight against cyber terrorism. An example is the ‘Titan Rain’, which refers to an operation by the United State government whose main aim was to probe into the acts of possible US security network security breach by China. Acts of espionage have been combined with cyber crime to bring about a complex environment that makes it difficult to develop appropriate policies to deal with cyber terrorism.

With assistance from the DHS, the United States military has come up with a new Cyber Command to enhance the capacity of the United States to patrol the virtual world. However, there are still a lot of issues to confront. Most of the issues revolve around privacy, individual rights, access, and privacy of data networks. Deterrence is no longer favored in the contemporary world order; yet the tactic taken through the Cyber Command denotes the deployment of tactics of deterrence. Tactics that show signs of deterrence are bound to result in a more volatile environment in the cyberspace where more cyber criminals are bound to respond to the patrols that are made in the cyberspace (Glenny and Kavanagh 293).

The United States has come in the limelight over the development of policies that encourage data breaches in other countries as it seeks to secure its networks. Under the Offensive Cyber Effects Operations (OCEO), directives are issued by the United States President to plan and execute cyber attacks on the security networks of other countries. However, it should be noted that the planned launch attacks are based on intelligence information that points to the existence of cyber terrorists in a certain country (Martin para. 1-3).

Cyber breaches and the security of markets

Cyber breaches in companies results in an immense effect on the operations of markets. This is according to Morse, Raval, and Wingender (263-273) study. The United States, similar to many other markets across the region and the world at large, embraces an open market system. An abnormal negative stock price return is often witnessed after a company announces a cyber breach on its data. This persists over a number of years. Data breaches in the business sector have a negative connotation on the performance of company stocks in the stock markets. The fact that the effects are sustained means that the ability of the affected companies to steady their operations is impaired, resulting in extended periods of negative performance.

Most companies in the United States have adopted the e-business practices. While this is a competitive strategy, it also has profound implications on the state of cyber security in the United States considering the fact that companies have become the key targets of cyber terrorists. Therefore, the fundamental question that needs to be answered at this point is how the government of the United States can ensure that the customers who transact on the e-commerce platform are protected from incidences of cyber fraud through hacking and phishing. According to Bucci, Rosenzweig and Inserra (para. 3), the United States’ companies lose approximately $250 each year due to cybercrime. This figure is bound to rise if incidences of cyber crime are not minimized.

According to Raval and Wingender (271), firms that operate in the financial services sector are on the upper side when it comes to possible losses in market capitalization due to data breaches. The rationale behind this is that terrorists are looking for money to finance their activities. Since most of the terror networks lack a regular source of income, cyber terrorism is considered to be the main source of finance for them. However, this does not mean that business-to-business firms in the product market are spared. Research denotes that a number of large companies have already reported possible data breaches, with major drops in sales being recorded after the announcements.

According to the US Department of Homeland Security (para. 1), cases of information security breaches have gone high. Therefore, collaboration between the government and private sector is critical if at all the department is to attain any considerable level of success in the war against cyber crime. There is a wide range of resources that can help small and medium businesses, as well as large businesses to enhance protection of their enterprises from cyber security risks like fraud, theft, and abuse.

The ability of the US government to enhance the level of cyber security is dependent on the level of vigilance that is embraced by every individual who advances their transactions on the internet in the United States. A collaborative effort between different stakeholders, among them the Federal Trade Commission and the Federal Communications Commission, with help from the Department of Homeland security is a desired move as far as making of efficient plans on cyber security is concerned (U.S. Department of Homeland Security para. 1-2).

Cyber Security and the legislative environment in the United States

Cyber security forms part of the concerns and policies on terrorism in the United States. Again, this can be traced to the sets of policies that were developed after the September 11 attacks. The need to develop a law to safeguard the United States from cyber terrorism resulted from a series of incidences of unauthorized access and disclosure of personal data on a large scale. To be precise, the data breach that occurred at ChoicePoint necessitated the placement of the issue of cyber security on the legislative agenda of the United States.

Following the report on data breach in the company, other companies also came out and reported similar data breaches. The investigations that followed these reports revealed that over fifty million people were direct victims of data breach in the reported companies (Regan 1105). This reiterated that problems of securing data networks had begun far much earlier and were already on the legislative agenda of the U.S Congress before the 2008 security breach.

According to Regan (1105-1106), aspects of the cyber security, as was to be addressed by the United States Congress, were focused on three key dimensions. These were: weaknesses of the federal laws as it appertained to the protection of personal information, the prevalence of a wide range of data management practices from which the problem of data security breaches emanated, and the prevalence of the State Law, specifically in the State of California, which seemed effective in addressing the data security breaches.

This implies that the laws that prevailed in almost all states in the United States were deemed ineffective in dealing with cyber security breaches. From 2005, different Acts have been developed in different sectors. These Acts are meant to prevent data security breaches, at the same time having provisions on how to compensate the victims of cyber crime (Regan 1105-1112).

There exists confusion between privacy issues and data security in the modern times. Information security and privacy of information in the United States reflect each other. Normative and tangible consequences on individuals and organizational practices should be the focus of the policies and legislation on cyber security. Therefore, legislations should not only focus on individuals, but also organizations and organizational practices that either reduce or increase the chances of a data breach (Regan 1114-1115).

Conclusion and Policy recommendations

Conclusion

From the research conducted in the paper, it is worthwhile to conclude that cyber terrorism is an issue that has gained ground in the United States. The increase in incidences of cyber crime in the United States denotes that cyber terrorism is real. Cases of cyber breaches in the United States can be traced to as early as ten years ago. The U.S. Central Command Network Breach of 2008 is just an indicator of the scale of cyber terrorism in the world and a pointer to the need for more efficient policies for enhancing cyber security in the United States. Several policies and laws on cyber security had already been enacted by the United States Congress long before the 2008 Central Command Network Breach.

Therefore, the scale of the breach in this case denoted the need for re-assessment of the policies and legislations on cyber security by paying attention to the complexity of the cyberspace and the broadening cases of cyber crime in the United States. Cyber security has to be pictured from the global perspective. With cyber crime having taken root in different sectors, it is important for the United States government, especially the Department of Homeland Security, to foster a participatory approach in dealing with cyber terrorism. The need for such an approach comes from the findings of the research, which shows that nearly every individual and organization in the United States is vulnerable to cybercrime.

Policy recommendations

The United States can still be proactive in the war on cyber crime through the promotion of a local environment that is not only receptive, but also aware of the risks that are associated with the use of information technology. According to Applebaum (57), approaching cyber terrorism from the national level leaves many other smaller systems vulnerable to the threat of terror. Therefore, the best thing that can be done is to increase the capacity of the citizens to protect their networks and detect any attempts of cyber breaches on these smaller networks.

This is a desirable step and is a sign of approaching the problem of cyber security from the ground instead of the top level. In this way, the level of cyber vigilance at the individual and corporate levels will be enhanced. This will give the government and the Department of Homeland Security more time to focus on the modalities of protecting government systems. According to Regan (1107), individuals need to know the kind of information within their domain and how such information is supported on the larger network. Understanding the different data management practices and the capacity of individuals to address the security concerns over personal data begins with this step.

The Offensive Cyber Effects Operations (OCEO) often work on the negative when it comes to homeland security. The offensive cyber attacks on foreign military and government networks without ascertaining the source of hacking invites hostile responses from different players, including the terrorists. Therefore, as far as incidences of cyber breaches continue to be witnessed across different sectors in the United States, there is a need to take a more holistic approach when trying to get down to the root of this security problem. The best way is to engage other governments from where the source of the threat seems to come from. This is a cooperative approach that seeks to deal with the root cause of the problem and ensure security for the US data networks. In the contemporary globalized world, the security of any other nation is dependent on the state of security in all other states.

The war against terror in the cyberspace cannot be easily achieved unilaterally because of the fact that the cyberspace is highly internetworked and cyber breaches can emanate from any point in the world. To attain an environment that is free from cyber crime in the United States, there is a need to embrace the efforts of cooperation with other countries in order to ensure that there is a total crackdown on cyber terrorists. Acts of offensive cyber attacks invite more acts of espionage and increase the probability of cyber breaches, thereby making the U.S. cyberspace more prone to cyber attacks. Cyber crime needs to be fought in such a way that it does not enhance cyber war. Cyber war is the main cause of the wide scale cyber crime in the United States today.

As far as the device of a competitive strategy to help firms attain stronger competitive positions in the market is concerned, there is a need to incorporate risk information in the operations of companies. Cyber insecurity in one company has collateral effects on other companies. Again, this indicates the need for collective responsibility and awareness of cyber threats and the need to ensure that cyber security is prioritized by all organizations. A large percentage of the Americans embrace investments, which means that they are exposed to the risks that are associated with possible cyber breaches on companies. Securing the lives of the Americans begins with ensuring that their state of the economy is high to enable people absorb other shocks from natural and man-made causes.

Each business has to be enlightened by the government so that risks are considered just as the business firms consider taking advantage of the prevailing business opportunities in the market. This is one of the best ways through which companies can remain vigilant on their data, making it easy for them to detect any possible cyber breaches. At this point, it is critical to borrow from the contemporary views of the U.S Department of Homeland Security, which notes that there is a need to embrace a shared responsibility to win the war against cyber terrorism. This utterance comes from the observation that cyber terrorism, either directly or indirectly, affects everyone in the United States.

The other thing that points to the future of cyber security and law is that the United States needs to push for the development of an international law that is critical in protecting entities that are willing to cooperate in the war against cyber crime. This is done in a bid to foster a cooperative environment instead of the prevailing hostile environment where there is lack of desirable cooperation in the war against cyber crime. Effective sharing of information on data breaches is impeded by the fact that most entities fear to do so because of the supposed exposure to more cyber threats from cyber criminals. A law that guarantees these entities legal protection is necessary to encourage volunteering of cyber information in the crackdown on cyber crime.

The government of the United States should be willing to share critical information with the private sector. Such a step is necessary for updating the players in the private sector about the possible risks that they face from cyber crime. It is easy for the private sector to build capacity if they have information on the possible dangers of terrorism on their organizations. The private sector may also have crucial information, but it is hard for them to share this information with the government without confidence in the government.

Works Cited

“Cybersecurity Cyber Breaches Hit 90% Of U.S. Firms.” Information Management Journal 45.6 (2011): 8-8. Print.

Applebaum, Anne. “Homeland Security Hasn’t Made Us Safer.” Foreign Policy 184(2011): 57-57. Print.

Bucci, Steven P., Paul Rosenzweig and David Inserra. A Congressional Guide: Seven Steps to U.S. Security, Prosperity, and Freedom in Cyberspace. 2013. Web.

Glenny, Misha, and Camino Kavanagh. “800 Titles But No Policy—Thoughts on Cyber Warfare.” American Foreign Policy Interests 34.6 (2012): 287-294. Print.

Lynn III, William J. “Defending a New Domain: The Pentagon’s Cyber Strategy.” Council on Foreign Relations. 2010. Web.

Martin, Patrick. Obama’s “Cyberwarfare First Strike”: Using Offensive Cyber Effects Operations (OCEO) to Destabilize Countries. 2013. Web.

Morse, Edward A., Vasant Raval, and John R. Wingender. “Market Price Effects of Data Security Breaches.” Information Security Journal: A Global Perspective 20.6 (2011): 263-273. Print.

O’Connell, Mary Ellen. “Cyber Security without Cyber War.” Journal of Conflict Security Law 17.2 (2012): 187-209. Print.

Regan, Priscilla M. “Federal Security Breach Notifications: Politics And Approaches.” Berkeley Technology Law Journal 24.3 (2009): 1103-1132. Print.

Schreier, Fred. DCAF Horizon 2015 Working Paper No. 7 On Cyberwarfare. 2013. Web.

U.S. Department of Homeland Security. Cybersecurity is Everyone’s Business. 2013. Web.

Verton, Dan. “DHS Seeks Real-World Data On Security Breaches.” Computerworld 38.38 (2004): 12-12. Print.