In lieu of an abstract, here is a brief excerpt of the content:

241 More than a decade ago, cyber crime was seen as a high school “hacker” trying to break into a system to prove his or her computer savvy. What were once regarded as the simple pranks of clever minds have evolved into well-organized criminal activity threatening both world commerce and the safety and security of a country’s infrastructure. In 2010, the Internet served as a trading platform for $10 trillion in business. This number will more than double in ten years. Yet many small businesses, a little less than 50 percent of them, do not use antivirus software and even fewer of them who have such software update it on a regular basis. Because many operations do not strongly focus on securing their information , the Internet is ripe for corporate espionage and modern-day buccaneers whose sole purpose is to infiltrate network systems bent on economic havoc. Who are these people? They operate through many links and they are almost impossible to trace. They can be sitting next to you or Cyber Security: Securing Our Cyber Ecosystem Howard A. Schmidt 242 Howard A. Schmidt sitting in a room on another continent 10,000 miles away. Yet their acts are clearly malicious. Financial gain from creating malware is a common motive, so much so that criminals even provide technical support for their products. There has been enough exfiltration of personal property in this country in the past years to fill the Library of Congress over and over again. So we all must do more to protect our systems. Herein lies the heart of cyber security: security is a shared responsibility . We are all stakeholders—federal, state, and local governments, law enforcement agencies, private corporations, academia, and individual citizens. Public-private partnerships must find ways to create a technology road map to prevent the misuse and abuse of information. We must create the vision and guidelines for sharing confidential information safely. And while we work toward a solution, we must also ratchet up the fight against cyber crime. To foster greater responsibility for the protection and safety of information , the work being done in the academic and private sectors is of great interest to the federal government. The federal government is focused on encouraging a trusted identity system. I want to add that as part of this work, in 2010, the White House established the National Strategy for Trusted Identities in Cyberspace (NSTIC). The NSTIC is a response to a near-term action item in President Obama’s Cyberspace Policy Review. The strategy calls for the creation of an Identity Ecosystem. The ecosystem’s core is for the key components of a cyber transaction, namely the individual and organization identities, along with the identities of the infrastructure that handles transactions, to operate in a streamlined and safe manner, moving away from the culture of having different user names and passwords—which are often the same or never changed—for each website. In its place, individuals voluntarily choose a secure privacy-enhancing credential to verify themselves for all types of online transactions from online banking, sending email, maintaining health records, or for any other personal cyber uses. To achieve such a streamlined operation, however, security, efficiency, ease-of-use, confidence, privacy, choice, and continued opportunities for innovation must be the Identity Ecosystem characteristics. Privacy protection and voluntary participation are the fundamental building blocks needed to achieve Identity Ecosystem success. This is the road before us, and I welcome your participation on this initiative. [18.190.156.80] Project MUSE (2024-04-18 06:28 GMT) Cyber Security: Securing Our Cyber Ecosystem 243 Of course, for such a project to leap forward, there is the obvious need for complete confidence in the security of both personal and business information . This is where the Comprehensive National Cyberspace Initiative (CNCI) plays the fundamental role in addressing cyber criminal activity. The CNCI outlines a plan for sharing situational awareness among federal, state, and local governments, and private industry partners. Other initiatives are the ability to react quickly to threats and incursions, the ability to defend against cyber threats through enhanced counterintelligence, protecting the safety of information technology pathways, and strengthening the cyber security environment through expanded cyber education. Research and development are the crucial elements in assuring these safeguards. Development of resilient systems in networks for better backups will help mitigate disruptions, and development of moving target technology that floats critical information within a network will help protect information by making it harder for malicious...

Share