What are the Cyber Threats in the USA?
USA

What are the Cyber Threats in the USA?

Cybercrime is a global problem that is dominating the entire world. It poses threat to individual security and an even bigger threat to large international companies, banks and governments. Now large organized crime rings function as startups and often employs highly skilled individuals constantly creating innovative attacks. Most companies build up security walls in the form of security software to stop these types of attacks. But no matter how secure we are cybercrimes are nowhere to end. The former director of the Federal Bureau of Investigation (FBI), James B Comey said at a security conference “The United States faces real cybersecurity threats from criminals, terrorists, spies and malicious cyber actors.”  More we indulge ourselves into the world of technology, the more we are into the trap of cyber threat.

Financial agencies, government agencies and individual people are at risk of cybercrime. The U.S Secret Service has reported a marked increase in the quality, quantity and complexity of cybercrime targeting both private industry and critical infrastructure, according to William Noonan who was then a Deputy Special Agent in charge of the U.S. Secret Service Criminal Investigation Division. In 2014 Global Economic Crime Survey found that 7% of the U.S organizations lost $1 million or more due to cybercrime incidents in 2013, compared to 3% of global organizations. Furthermore, 19% of the U.S entities reported a financial loss of $50000 to $1 million compared with 8% of worldwide respondents. The main type of cybercrime in the U.S includes tax refund fraud, corporate account takeover, identity theft, theft of sensitive data and theft of intellectual property.

Tax refund fraud has become rampant in recent years. An article from the October 2012 issue of the Journal of Accountancy relayed a single incident where three defendants were charged with filing more than 5000 tax returns using a social security number of deceased taxpayers to claim fraudulent refunds of $14 million. A second Journal of Accountancy article quotes a U.S Treasury Inspector General of Tax Administration report that suggests that the IRS failed to notice 1.5 million tax returns associated with potential identity theft-related fraudulent tax refunds over $5.2 billion for the 2011 tax season. Cybercriminals engaging in this activity used to hack victims’ financial banking credentials, used software to hijack one of its computers remotely and steal funds from the entities bank account, often costing the entities thousands of dollars. According to David Nelson, FDIC cyber fraud and financial crimes section specialists, small and mid-size businesses and their financial institutions suffered about $120 million loss due to electronic funds transfer fraud in the third quarter of 2009 up from about $85 million from two years earlier.

The components that attract the attention of cybercriminals include sensitive data such as unencrypted credit card information stored by a business, personally identifiable information, trade secrets, source code, customer information and employees. The cost to this type of cybercrime can be high and involve both public image and financial costs related to loss of business, legal fees and increasing security measures. In 2012 at the North Carolina Department of revenue, cybercriminals broke into the department’s computer system and stole 3.6 million social security numbers and 3,87,000 credit and debit card numbers.

Intellectual property including commercial, copyrighted materials, music, movies and books is also at risk of being stolen. Days are gone when the music owners were the top victims of cybercrime in the past decade and the era has come for commercial entities that hold copyrights or patents need to also remain on guard. Intellectual property theft becomes a very complicated issue when state-sponsored hackers act as intruders. For example, according to the New York Times, Chinese hackers have stolen product blueprints, manufacturing plans, pricing documents, negotiation strategies and another proprietary information form a large number of commercial entities in the United States.

According to the FBI, intellectual property theft is a priority for its criminal investigation program.  According to a report in the New York World several online gambling sites were attacked in January 2014 by DDoS (distributed denial of service) which used a new type of assault called New York Time Protocol Amplification Attack. The criminals exploited the publicly accessible NTP server for the accomplishment of this type of attack. The NTP servers were manipulated to produce and attack for some specific target. In the year 2012 major banks and financial companies of the U.S were attacked by the DDoS. The victim corporations included the Bank of America, the U.S Bank, Regional Financers etc. Attackers have cut the customers for online services of an extended period. Yet another cyber-attack which the United States is vulnerable to is cyber terrorism.

In 2001 the USA faced terrorist attacks both by the traditional way as well as through cyberspace. On September 11, 2001, one passenger jet plane crashed into the World Trade Centre in Manhattan another jet crashed into a helipad near the Pentagon in Washington DC. Ramzi Yousef the World Trade Centre bomber stored detailed plans to destroy U.S. airliners in encrypted files on his laptop. Within a few days, the U.S. faced the anthrax attack when the spores had been sent by post to spread anthrax in the country. In January 2012, the Citadel Trojan virus had been cut into the mobile channel. It was one of the most advanced Trojans of the commercial banking system. The incremental pace of cybercrime accelerated and sophisticated nature of cybercrime and repeated attacks to urgently respond to these issues.

Legislative framework has to be scrutinized and revised from time to time to get proper control on cybersecurity. Cybersecurity plays a complex role that needs to be addressed. It is a broad concept for which there is no agreed definition. It can be defined as approaches intended to protect information systems including technologies such as devices networks, software and information from various forms of attack. This concept has been considered in various bodies like the Interagency Committee on National Security System has defined it as “the ability to protect or defend the use of cyberspace from cyber-attacks. Accordingly, section 773 of the Cybersecurity Act, 2010 defined cybersecurity as synonymous to information security under section 3532 (b)(1) of the U.S. Constitution.

Since the 1980s many statutes have been adopted for cybersecurity with the 1974 Privacy Act as the foundation for all of it. The major acts include the Counterfeit Access Device and Computer Fraud and Abuse Act, 1984 which is specially designed to prevent the attacks on computer systems, mainly used by banks for interstate and foreign commercial use. The Electronic Communication Privacy Act, 1986 (ECPA) which is planned to protect from unauthorized electronic spying.  The Computer Security Act, 1987 has given a mandate for developing cybersecurity standards for federal computer systems which have to be done by the National Institute of Standard and Technology (NIST); also, it has made the secretary of commerce responsible for the supervision of security standards. The Paperwork Reduction Act,1995, under which the Office of Management and Budget (OMB) also made responsible for developing cybersecurity policies. The Homeland Security Act, 2002 which made the Department of Homeland Security (DHS) responsible for some cybersecurity responsibilities other than homeland security.

The U.S. Department of Homeland Security revealed that hackers targeted the U.S. Census Bureau in a possible attempt to collect bulk data, alter registration information, compromise census infrastructure, or conduct DoS attacks. The Cyber Security Research and Development Act, 2002 reinforced the research responsibility on the National Science Foundations (NSF), NIST to address the technical progress of methods of cybercrime which can be translated for cybersecurity. The E-Government Act, 2002 which is adopted as a guide for IT management professionals to make information and services available online in a protected manner to prevent cybercrime. Yet another important legislation is the Federal Information Security Management Act, 2002 (FISMA) which clarified the responsibilities of different agencies regarding cybersecurity, established the central federal incident centre to take care of cybersecurity, and again reinforced the Role of Secretary of Commerce responsible for the supervision of national security standards.  All are mainly based on the security of data and technology to supervise and prevent any kind of security violation. Every federal agency is responsible for maintaining cybersecurity for their information system enabling special sections with separate responsibilities.