Government Technology

At Issue: 6 Things You Can Do to Defend Against Cyberattacks



Buggy Code?

September 5, 2012 By

Gen. Keith B. Alexander, head of the United States Cyber Command, warned recently that between 2009 and 2011, cyberattacks on American infrastructure has increased seventeen-fold. Attacks on critical infrastructure such as water, electricity, communication and computer networks are escalating, and would have serious consequences if successful. That puts a heavy burden on cities and counties to protect their systems, especially with reduced budgets, few staff and fewer jurisdictions having chief information security officers.

Attacks are a problem around the globe. A just-released 2012 Norton Cybercrime Report, for example, said that 1.5 million people fall victim to cybercrime daily, at a cost of $110 billion annually. Two-thirds of adults online have been the victim of cybercrime at some time, and nearly half of them have fallen victim to malware, viruses, hacking, scams fraud and theft in the past year.

For those dreaming of a silver bullet to solve the problem, Steven Bellovin, Columbia University professor of computer science, said a few years ago that "the odds on anyone ... finding a magic solution to the computer security problems are exactly zero. Most of the problems we have are due to buggy code, and there's no single cause or solution to that. In fact, I seriously doubt if there is any true solution; buggy code is the oldest unsolved problem in computer science, and I expect it to remain that way."

So in the absence of a panacea for this infuriating, expensive and seemingly intractable problem, what can cities and counties do to protect themselves — especially if their IT departments have been slashed, with not a chief information security officer in sight?

There is no single way to avoid getting sick, and likewise no single way to avoid all cyberattacks. But there are numerous strategies to reduce one’s chances for trouble. Will Pelgrin, CEO of the Center for Internet Security, likens it to layers of an onion, and there are simple steps anyone can take to reduce the likelihood of a successful attack on computers, data and systems. Here are two very basic steps you can take. You’ve no doubt heard them before, but that’s because they are fundamental to security:

1. Use Strong Passwords and Firewalls: Passwords are inconvenient, especially strong ones, as they are hard to remember. But like the keys to the front door, passwords allow entry to systems and data. You can check the strength of your password here. Pelgrin said not to use the same password for your home computer or home system that you use at work. It would be like using the same key for your house, car, office and storage facility. If someone makes a copy of that one key, they have access to everything. If hackers get into one system, they can try that password on any other systems (social networks, mobile devices, etc.) that you use. “Keep your city or county password strong and don’t use it anywhere else,” and change passwords regularly, said Pelgrin,.

The next layer of the defensive onion is a firewall. Many people don’t know what they are for, and don’t activate them. If someone knocks at your front door, you would most likely find out who they are and what their business is before inviting them in. A firewall does that for your computer. It analyzes traffic coming from the Internet, for example, that’s going into your computer system. The firewall allows some traffic and stops others based on operating rules designed to protect your computer or system from attacks. Most firewalls offer a choice of “on” or “off.” To have this layer of protection, make sure your firewall is on.

2. Use Anti-Virus Software and Keep it Updated: Viruses are so named because they make copies of themselves, and infect computer systems by traveling from computer to computer over the Internet or wirelessly. They can erase, change or steal information — even hijack your computer and allow someone else to use it. Your protection against biological viruses are immunizations and isolation; your protection against digital viruses is anti-virus software and behavioral measures such as not opening suspicious email. Anti-virus software should always be installed and kept updated, said Pelgrin.

Pelgrin recommended the Australian government's security mitigation strategies, which include the following items:

3. Applications: Patch applications such as PDF viewer, Microsoft Office and Java within two days of threat notification.

4. Operating System: Use the latest operating system version and patch within two days for vulnerabilities.

5. Access: Restrict the number of users with administrative access privileges to those who actually need access.

6. Whitelist: Whitelist applications to help prevent malicious software and other unapproved programs from running, e.g. by using Microsoft Software Restriction Policies or AppLocker.

Risk will never be eliminated, said Pelgrin, but a jurisdiction can reduce exposure significantly with a few simple actions.The last  four items above, he said, by themselves would prevent 85 percent of all cyberattacks.


| More

Comments

Laura Fucci    |    Commented September 10, 2012

The issue is so large, it is difficult to know where to start. I don't know if we'll ever reach 100% protection, but perhaps we can take a page from the book of our friends 'down under' on how to simplify this. Check out their page at: http://www.dsd.gov.au/infosec/top-mitigations/top35mitigationstrategies-list.htm. They list 35 mitigation strategies for cyber intrusions. By implementing the top four strategies, they eliminated 80% of the intrusions responded to in 2010. It is a good start.


Add Your Comment

You are solely responsible for the content of your comments. We reserve the right to remove comments that are considered profane, vulgar, obscene, factually inaccurate, off-topic, or considered a personal attack.

In Our Library

White Papers | Exclusives Reports | Webinar Archives | Best Practices and Case Studies
Improving Emergency Response with Digital Communications
Saginaw County, Mich., increases interoperability, communication and collaboration with a digital voice and data network, as well as modern computer-aided dispatch.
Reduce Talk Time in Your Support Center by 40%
As the amount of information available to citizens and employees grows each year, so do customer expectations for efficient service. Contextual Knowledge makes information easy to find, dropping resolution times and skyrocketing satisfaction.
Emerging Technology Adoption in Local Government
In a recent survey conducted by Government Technology, 125 local government leaders shared their challenges, benefits and priorities when adopting emerging technologies such as cloud, mobility and IP. Read how your jurisdiction’s adoption of technology compares to your peers.
View All

Featured Papers