Three Factors in Electronic Espionage
Internal and external threats can potentially lead to espionage or hackers gaining unauthorized access to company assets. Companies and governments may experience the following three types of harm associated with both forms of threat agents:
Security of Critical Infrastructures
In the United States, there are 16 different critical infrastructures (CIs), each requiring different management and possessing various assets, potential threats and vulnerabilities. Due to Moore’s law, the computer processing power and storage capabilities double roughly every 18 months, this presents a challenge for both IT and Cybersecurity professionals, especially as it relates to securing CIs. In contemporary networking, supervisory control and data acquisition (SCADA) and programmable logic controllers (PLCs) are connected to the internet. This creates the opportunity for hackers to disrupt operations of CIs that will adversely affect populations in regards to the availability of electricity, telecommunications, transportation, financial information and other critical assets. These types of threats can harm a private company or government entities ability to operate a CI, as well as become dangerous events that could lead to the loss of American lives.
More Technology May Not Remove Threats
Some IT staff, Cybersecurity professionals and upper management recommend installing more technology in order to address security concerns. This approach works in a few circumstances, but ultimately is regarded as not being a best cybersecurity strategy. Adding technologies like intrusion detection prevention systems (IDPS), intrusion detection systems (IDS), virtual private networks (VPNs) and levels of encryption can help staff prevent and mitigate threats going forward. However, adding new technologies does not usually keep system architecture in the best possible standard in order to eliminate threats and vulnerabilities. Some cybersecurity experts assert that more technology makes the processes of prevention and mitigation to be more complex, adding difficulty to solving security issues. It is a best cybersecurity practice to find solutions that are relevant, meaningful and enforceable.
Espionage and the CIA triad
Espionage occurs when a hacker exploits a vulnerability within a network or system, remains undetected, and observes the traffic and adjustments made to a few layers of the OSI model: physical, presentation and application layers. It is possible for hackers to remain zero-day attacks for many weeks or months without being identified or mitigated by staff. This can cause several different types of harm to companies, governments and their populations: unauthorized access to trade secrets or business operations, data regarding military defense solutions, the stealing of intellectual property, and many other harms that can affect entities and the people they serve.