Information Assurance is regarded as a shadowy, sophisticated and comprehensive topic by many, wherein they expect some IT professional to scan the system to arrest malicious virus outbreak, install security updates and potentially block your access to particular sites. On a superficial level, the user may take this as an attempt to deter them from accessing their favorite sites or slow down the system or network gateway. In contrary, Information Assurance is integral to every organization’s information systems risk management plan to ensure and protect data and systems’ confidentiality, integrity and availability. This will serve as a guarantee that information will be available to authorized users when they require driving the organizations’ objectives.
Information stored in the system comes under attack from multiple sources in diverse forms. The spectrum spans from a malicious code getting the system infected, loss of computer holding critical information, illegitimate privileged access by a sulky employee to complex cyber terrorism pulled off by organized groups or foreign agencies. Experts are of the opinion that cyber attacks have assumed such deadly and sophisticated nature that numerous governments have erected specialized organizations to tackle with this problem and combat the threat of cyber terrorism.
The potential to bring about human fatalities and economic downfall is awe-inspiring. The possibilities are ripe that if the government information systems are compromised in any manner, a disaster can occur. International cyber terrorists are increasingly targeting the vulnerabilities in the information systems to cause havoc. Many foreign experts are focusing their economic and technical resources to unearth the loopholes in the rival nation’s information systems security policies.
You can search over the internet and lay your hands on a wide range of sophisticated tools that can automatically track the vulnerabilities in a system without asking for a technically sound manipulation by the user. A foreign cyber attacker or terrorist organization may direct their malicious attack to Government Information Systems riding on the easy to use features of such tools.
The vulnerabilities that can be easily exploited are:
- Social engineering attacks wherein a gullible user will be misled into revealing vital personal or critical information like system passwords to a source that disguises itself as legitimate.
- Distributed Denial of Service (DDoS) attacks that are intended to overwhelm a network and bring it to a standstill blocking all communication channels.
- Malicious codes and malwares like worms, viruses, Trojans that are created and deployed with the explicit aim of infiltrating, damaging and destroying an information system.
Several instances have brought to light the seriousness and extent of damage, wherein government and financial systems have been literally paralyzed by serial cyber attacks of large and sophisticated nature. The damage of human life and property has been overwhelming.
The criticality of war-time missions engaged in by DoD information systems, deterring the occurrence of such scenarios is imperative. Such an objective can be achieved by implementing a broad-based and all-encompassing Information Assurance architecture involving security policies and practices equally applicable to regular system users, leaders and information assurance experts. It is equally important that every authorized participant in the information transaction should stay alert to detect potential threats, maintain the integrity of Information Assurance and situational awareness, adhere to Operational Security (OPSEC) techniques, and eventually bring to the notice of their Information Assurance team or local Military Intelligence (MI) unit any suspicious events or incidents.
A concerted effort from all involved will go a long way to safeguard the interests of local, Army and DoD systems.