Government Its Own Worst Enemy in Cyber War


Cyber-Security-SoftwareEver a man ahead of his time, Albert Einstein once said, “I know not with what weapons World War III will be fought, but World War IV will be fought with sticks and stones.”

Were he alive today, the only thing he likely would change about his statement would be how World War III would be fought. He surely would look at the threats posed by cyber attacks and surmise the most dangerous weapon of the next world war to be an invisible terror delivered electronically. He would note that the threat could come from any nation state – it would not even have to be a world power – delivered with complete stealth, hit at the most sensitive systems ,cripple infrastructures, topple economies and create chaos -- all before even a single soldier was wounded.

The question is, has World War III already begun?

There is no Fate…

Cyber-Security-ThreatTwo months ago, the Department of Defense (DoD), the organization U.S. citizens probably think should be the most versed in protecting itself against cyber attacks, revealed that it had been the victim of the largest digital attack on a U.S. Government agency when 24,000 sensitive files were pilfered by an unidentified nation state in March.

This revelation came shortly before a report of the General Accounting Office (GAO) that openly questioned the DoD’s ability to keep up with the threats of cyberspace. Among the chief issues identified by the GAO were the multiple and often contradictory government publications that discuss how to handle cyber threats. These documents cannot even come to a consensus regarding terminology and job responsibilities as pointed out in a recent piece on Government Info Security about cyber security, which stated:

GAO cites a U.S. Joint Forces Command report that found DoD employs 18 different cyber position titles across combatant commands to identify cyberspace forces. ‘This can cause confusion in planning for adequate types and numbers of personnel,’ the GAO says. ‘Because career paths and skill sets are scattered across various career identifiers ... there are cases in which the same cyber-related term may mean something different among the services.’

So if the government can’t figure out who does what, what means what or just plain “who is this?” how can we honestly expect it to keep everything in this country that is run or managed by a computer system from being shut down by a cyber attack? Per Government Info Security, that would include “7 million computer devices, linked on over 10,000 networks with satellite gateways and commercial circuits that are composed of innumerable devices and components.”

The Battle Has Just Begun

The Intelligence and National Security Alliance this week released a report in response to what it sees as growing concerns of the U.S. government’s ability to defend itself against a major cyber attack. The report calls for the joint factions of the government to engage in coordinated efforts with private enterprise and the educational system to:

...mitigate risks associated with the threat, enhance our ability to assess the effects of cyber intrusion, and streamline cyber security into a more efficient and cost-effective process based on well-informed decisions.

Software-Cyber-AttackHopefully, these joint entities will realize what the Department of Homeland Security realizes – that any cyber security policy needs to include structural analysis of application software. By identifying areas where the applications in use may not live up to optimal software quality standards, the government can work toward plugging the holes and give cyber infiltration efforts fewer points to breach.

But software is the key. The enemy, to paraphrase “John Connor” from Terminator 3,  “is software in cyberspace”…although if the government cannot coordinate its efforts into one, cohesive plan, the even bigger enemy of the U.S. Government’s efforts to protect itself from cyber attack may be the government itself.

  This report describes the effects of different industrial factors on  structural quality. Structural quality differed across technologies with COBOL  applications generally having the lowest densities of critical weaknesses,  while JAVA-EE had the highest densities. While structural quality differed  slightly across industry segments, there was almost no effect from whether the  application was in- or outsourced, or whether it was produced on- or off-shore.  Large variations in the densities in critical weaknesses across applications  suggested the major factors in structural quality are more related to  conditions specific to each application. CRASH Report 2020: CAST Research on  the Structural Condition of Critical Applications Report
Open source is part of almost every software capability we use today. At the  very least libraries, frameworks or databases that get used in mission critical  IT systems. In some cases entire systems being build on top of open source  foundations. Since we have been benchmarking IT software for years, we thought  we would set our sights on some of the most commonly used open source software  (OSS) projects. Software Intelligence Report <> Papers
Making sense of cloud transitions for financial and telecoms firms Cloud  migration 2.0: shifting priorities for application modernization in 2019  Research Report
Jonathan Bloom
Jonathan Bloom Technology Writer & Consultant
Jonathan Bloom has been a technology writer and consultant for over 20 years. During his career, Jon has written thousands of journal and magazine articles, blogs and other materials addressing various topics within the IT sector, including software development, enterprise software, mobile, database, security, BI, SaaS/cloud, Health Care IT and Sustainable Technology.
Load more reviews
Thank you for the review! Your review must be approved first
You've already submitted a review for this item