Individuals pose threat to cyberspace

Two University of Cincinnati professors, James Stever and Richard Harknett, co-authored a paper focusing on the threat individuals can be to cybersecurity.

“The Cybersecurity Triad: Government, the Private Sector Partners and the Engaged Cybersecurity Citizen” reflects the same mindset of Washington administrators who are reexamining the policy on cybersecurity.

The third prong of the three-tiered concept is individuals are largely overlooked as a threat to national security.

“Individuals practicing poor cybersecurity actually contribute unwittingly to national vulnerabilities because their computers and other devices can be used by those with malevolent intentions,” said Stever, acting head of the department of political science.

It’s not to say that individuals intentionally harm the cyber network, but rather through ignorance.

People can open an e-mail or an attachment with a virus and not even know what they did, said Kevin McLaughlin, assistant vice president of information security and special projects at UC.

On the other side of the spectrum, the motivation behind computer hackers is rooted in several causes, including money.

“It’s no longer pleasure or somebody saying, ‘Hey, see what I did,’” McLaughlin said. “Now there are financial gains. They can capture passwords, including online banking.”

The authors recommend that people take the initiative to learn the proper way to move through cyberspace, according to the paper.

One of the first steps is to change their attitudes toward the cyber community from a private, personal concern to that of a public good.

“In the cyber world, one person’s negligence jeopardizes other people’s security,” Stever and Harknett said. “Hence, cybersecurity is a public good.”

By definition, a public good must be responded to with the notion of civic duty and responsibility. Yet, the concept of the Internet being a public good is only one of many perspectives.

“It’s a great area of debate,” McLaughlin said. “In my viewpoint, the Internet is a shared resource on the professional side. It’s a performance and business-enhancing tool. But on the personal side I agree with them completely.”

Despite differing opinions, information technology experts agree that a couple of the best ways to get the information to people is through presentations and seminars.

Harknett and Stever suggest that individuals voluntarily attending seminars, or that complete a seminar, results in the reward of a password to computer operating systems.

UCit already provides brown-bag lunch seminars for faculty and staff and presentations for students, especially on protection within social networking Web sites.

“We’re very aware of internal and external threats posed by individuals,” McLaughlin said.
When the Internet first became available to the general masses, it was decided that the government would have few restrictions toward what people could and could not do with it.

“In avoiding empowering the State, cyberspace has evolved toward the other extreme of open anarchy,” said Harknett, associate professor of political science. “The possibility of cyber-attacks that dismantle financial, transportation, electrical, water and energy infrastructures is not the stuff of science fiction.”

Hackers are getting smarter; they are able to protect themselves against getting caught now more than ever.

“It’s going to point back to you, so it looks like you did it,” McLaughlin said. “You’re just collateral damage.”

Because individuals might not know whether or not they load viruses onto their personal or business computers, a virus or malware can exist for months before being detected.
The paper is the one of the first steps toward creating a safer cybespace.

“We would hope that the reality of threat would help in changing the population’s approach,” Stever said. “But unfortunately, it may not happen until a major attack occurs.”