Neena Kapur | The IT Ambassador
A year of cyber
Published: Monday, December 10, 2012
Updated: Monday, December 10, 2012 15:12
As the end of the year approaches, we can make New Year’s cyber resolutions, which will hopefully be more effective than our usual “I’ll eat healthier next year”-type resolutions, and we can reflect on the year that passed, a year that was significant in the cyber world for many reasons.
The year 2012 opened our eyes to the evolving strategies for cyber attack. The year 2012 saw attacks from two incredibly sophisticated pieces of malware. The Flame virus, detected in early May, went undetected in computer systems for over two years. Its subtle presence and lengthy implementation process illustrated how cyber tools of espionage can be “watching” for years without being detected.
Shamoon, a virus that hit the Saudi Aramco Oil Company in August, is now considered the most destructive piece of malware used to this day, as it destroyed the hard-drives of more than 60 percent of Aramco’s computers. This virus is significant because it is suspected that this attack was retaliation from Iran, a country that has been the target of many large-scale cyberattacks — the most damaging ones from the United States and Israel. If Shamoon truly was a response to previous attacks, it could be indicative of the changing dynamics of unsavory cyber actions — the shift from spurious cyberattacks to directed cyber warfare.
The second reason that 2012 was a big year for the cyberworld was that it showed us that sophisticated code doesn’t necessarily mean more powerful code because of a trickle down effect. The Shamoon virus, as mentioned above, was not nearly at the levels of sophistication that past viruses, like Duqu, Flame and Stuxnet, were. Much of code contained pieces of off-the-shelf code and premade software. And, despite Shamoon’s patchwork design, it was incredibly damaging. Additionally, over the past year there has been a significant proliferation of domestic cyber hacking incidents. Techniques from sophisticated malware have trickled down to less-sophisticated coders, giving them the ability to attack domestic Internet users. No longer are large corporations or federally sponsored organizations the target — individual computer users have now been added to the pool of potential victims.
The third reason why 2012 is a big year for the cyber world is that the world saw an amazing increase in awareness of the importance of cybersecurity. Through both action and future plans, the federal government has shown that it is committing itself to taking steps to enhance cybersecurity and address the issue of cyberattacks. In October, Obama signed the Presidential Policy Directive 20, the first piece of cyber legislation in the United States. Though this Directive only establishes guidelines for dealing with a cyber attack, it emphasizes the fact that a strong defensive front is the best form of offense in the cyberworld, an important step in identifying effective cyber strategy. Though the Cyber Security Act of 2012 was shot down — not once, but twice — it makes for a good New Year’s resolution, and, hopefully, sets goals for the next year. The Pentagon has already started drafting cyber policy for security breaches, and Obama has made it very clear that cybersecurity will no longer take the backseat.
Through the trials and tribulations of the cyber world in 2012, we have learned a lot. We have learned more about the immense capability of the cyber realm, and, in response, we are finally taking actions to address this new area of policy. Reflections have been made, resolutions are in place, and now all we can hope for is that this resolution — to bolster cybersecurity and ensure that it is a national priority — doesn’t turn into a resolution that is discarded and pushed aside.
Neena Kapur is a sophomore majoring in international relations and computer science. She can be reached at Neena.Kapur@tufts.edu.