Mobility Cybersecurity in a Global World of Security Breaches
In this article, the author explores new domains of global mobility or new insights gained from re-examining establish cybersecurity topics. Further, the article demonstrates a focus on comprehensive up-to-date literature reviews while including qualitative methodology and touching on theoretical developments.
The advancement and challenges of mobile security, the unlimited potential of mobility, and how to determine which type of mobile device is best suited for the user and organization are extremely important issues. We all are aware that our work is more mobile. Laptops and notebook computers are being integrated into the mobile infrastructure but the challenges of managing and securing these mobile platforms remains a priority. The U.S. Federal Agencies, Department of Defense, and the Private Sector have had a vision that mobility increases productivity and efficiency from military command and control requirements, telework, fieldwork, telehealth, and to (RFID) inventory management. However, mobility cybersecurity has been overlooked and under-played by these three key sector users. What are the 2016-2020 Mobility Cybersecurity issues and can they be addressed? This article will focus on comprehensive literature reviews while including qualitative methodology and touching on theoretical developments.
A Real Threat to National Security
Tom Farley, President of the New York Stock Exchange wrote on January 2, 2016, “No issue today has created more concern within corporate C-suites and boardrooms than cybersecurity risk. With the ability to shatter a company’s reputation with their customers and draw criticism from shareholders, lawsuits from affected parties, and attention from the media, the threat of cyber risk is ubiquitous and insidious. No company, region, or industry is immune, which makes the responsibility to oversee, manage, and mitigate cyber risk a top-down priority in every organization.”
Ashton Carter, U.S. Secretary of Defense, wrote in April 17, 2015, “the US relies on the internet and the systems and data of cyberspace. This reliance leaves all of us…vulnerable in the face of a real and dangerous cyber threat… state and non-state actors…steal U.S. intellectual property to undercut our technological and military advantage.”
Consumers in the world and the U.S. are all aware that their work and social media is becoming mobile. Smartphones, Personal Digital Assistants (PDAs), Laptops, Notebooks, Tablets, Watches, and Standalone Computers have been integrated into the Global Mobile Infrastructure but the challenges of managing and securing these mobile platforms still remains a priority. Silicon Valley California Tech Firms and Federal Agencies expect that mobility will increase productivity and efficiency from military operations…to inventory management. How will this trend affect the warfighter? How real is that expectation in light of the massive hacking attacks? What are the Mobility Cybersecurity issues that exist for military commands and governmental organizations? Are there any “new” domains of global mobility or new technology insights that might have the potential to maximize wireless cybersecurity?”
By definition, Cybersecurity is "the process of protecting information by preventing, detecting, and responding to (cyber) attacks." As part of cybersecurity, (private and government) organizations should consider the management of internal and external threats and vulnerabilities to protect information assets and the supporting infrastructure from technology based attacks.” Once anyone enters the “Cyber World” they soon learn that this cyber world also consists of cyber criminals, State sponsored cyber espionage trade craft, recreational hackers, identity thieves, industrial spies, and just private companies wanting to gain personal information to sell.
Mobility has increased and with it the cyber risk. In 2015, global mobile subscribers reached 4.6 billion. During the same period, Mobile Broadband Networks increased by 69%. In America, 90% of the populations have a cell phone and 58% own a smartphone. Since 2014 mobile data has been growing ten times. Smartphones are now outselling PCs. Companies like Dell and HP are scrambling to refocus their hardware platforms toward the Global Mobility Market. Landline and Satellite Broadband spectrum is running out and hence the global networks are slowing down. Mobility to mobility connections will reach one billion by 2020.
Cyber hacking is becoming easier as advanced mobile devices are now well integrated within the Global Internet. With the “sharing” dictates of the Obama Administration Cyber Directive 21 and others, military personnel and Federal Agencies must use the same networks that consumers access every day. This reality is not new as mobile devices face similar threats affecting PC-platforms connected to the Internet. Mobile devices contain sensitive and personal information thus key targets for global criminals or sovereign state actors. In 2011, records show that new cyber mobility vulnerabilities increased 42%. Further in the same year, $174 million data records were involved in data thefts. Ninety-five percent of compromised records contained sensitive personal information.
On September 23, 2015, the largest breaches in US history was directed at the Office of Personnel Management (OPM) in Washington DC. The OPM said “hackers were able to steal the fingerprints of 5.6 million people, up from the 1.1 million estimate it offered more than a month ago. More than (21.5) million people lost their records as part of the breach, and OPM’s new estimate means that roughly one-quarter of all those affected lost fingerprint data, in addition to information about their health, financial history and families. The fingerprint records were collected as part of background checks conducted since at least 2000 for some of the most sensitive government posts, including law enforcement, military, foreign service and judicial positions. Congressional lawmakers have alleged Chinese hackers were behind the attack.” According to the USAF Times, “troops, civilians, contractors subjected to background checks since the year of 2000 were exposed in the breach (social security numbers, residency and education information, employment history, health information, criminal and financial information, notes and data from investigators).” Also during the same period, US health insurers and other companies were hacked. It is naïve to believe that the data stolen will not be traded or shared with other nations. The result is clear that future harassment, surveillance, hacking, retaliation, recruitment and identity theft will be occurring outside of the U.S. as well as here in the U.S. homeland. In this case, the U.S. Government proved that it is powerless to stop the level of sophisticated global hacking. Edward Snowden was the easiest hacker as all he had to do was take a memory “storage stick” and just download what he wanted. Today, Snowden is being elevated by the media as a technology genius who stole NSA data to protect the world.
Victims of advanced cyber-espionage network are global. In 2013, Kaspersky Lab’s researchers spent several months analyzing malware, which targets specific organizations mostly in Eastern Europe, former USSR members and countries in Central Asia, but also in Western Europe and North America. According to Kaspersky Labs, Global criminals focus on Government, Diplomatic Missions, Research Institutes, Trade and Commerce, Nuclear and Energy Research, Oil and Gas, Military, and Aerospace (Boeing, Lockheed, Northrup Grumman, BAE). “The campaign, identified as ‘Rocra’, short for ‘Red October’, is currently still active with data being sent to multiple command-and-control servers, through a configuration which rivals in complexity the infrastructure of the Flame malware. Registration data used for the purchase of C&C domain names and PE timestamps from collected executables suggest that these attacks date as far back as May 2007.Beside traditional attack targets (workstations), the system is capable of stealing data from mobile devices, such as smartphones (iPhone, Nokia, Windows Mobile); dumping enterprise network equipment configuration (Cisco); hijacking files from removable disk drives (including already deleted files via a custom file recovery procedure); stealing e-mail databases from local Outlook storage or remote POP/IMAP server; and siphoning files from local network FTP servers.” During Kaspersky’s investigation, they uncovered more than 60 domain names used by the attackers to control and retrieve data from the victims. The domain names map to several dozen IPs located mostly in Russia and Germany.
It would appear in 2016 that anyone who is on the wireless networks will be “cyber-bate.”Smartphones and personal digital assistants (PDAs) give users mobile access to email, the internet, GPS navigation, and many other applications. Security such as firewalls, antivirus, and encryption, are uncommon on mobile phones, and mobile phone operating systems are not updated as frequently as those on personal computers. Mobile social networking applications sometimes lack the detailed privacy controls of their PC counterparts. Civilian and military users are oblivious to the lack of security on their mobility devices. Mobile applications for social networking store a wealth of personal information that is a target for criminals. According to LifeLock.com, “Identity thieves illegally buy, sell and trade personal information on black market internet sites around the world. There over 100,000 global criminal websites.”
PDAs and Smart phones pose unusual security risk. If the wireless platform can allow the user to send and receive text messages from the internet, the risk is high. Although this is a great feature, an attacker has the ability to (1) Abuse the user’s Service, (2) Lure the user into a malicious website or convince the user to install malicious code on portable devices, (3) Use the smart phone or PDA of the user in an attack, and (4) Gain access to account information during financial transactions.
Big Government Seeking to Define Mobility Security versus Privacy
Apple Stands Firm! Apple has come out against moves to weaken encrypted data before This section of the article is only available for our subscribers. Please click here to subscribe to a subscription plan to view this part of the article.
This section of the article is only available for our subscribers. Please click here to subscribe to a subscription plan to view this part of the article.