A nation's critical infrastructures include all the assets, systems, and functions vital to national security, economic development as well as public health and safety. Critical infrastructures encompass basic necessities such as food, water, energy and transportation, but also banking and financial systems, public health institutions, emergency services, postal services, shipping and information technology and telecommunications. Significantly, ALL critical national infrastructures today rely on computers and information networks for their effective operation. Increasingly, many of the critical systems and institutions are being connected to the public Internet. Indeed, no modern nation or business can truly function without information technologies. The critical infrastructures' increasing reliance on networked systems and the Internet has increased the risk of cyber-attacks that could harm our nation's infrastructures. Cybersecurity refers to both the mitigation of and defense against attacks on information technology infrastructure. Cybersecurity is a major concern of both the government, the private sector.
As businesses engage in global e-commerce, they need to know how to protect themselves, their employees, and their customers against an array of information security risks. Enterprises want to know that they can safely engage in the innovative delivery of products and services using computer networks and Internet-connected delivery channels. As Internet access improves, cybersecurity is also increasingly becoming a point of concern in homes. After all, users of computer systems must be able electronically create, access, process and disseminate information securely. This reality of our growing dependence on interconnected computer systems makes cybersecurity a shared responsibility. Each of us has a role to play in making computer networks and systems safer, more secure and resilient. The risks to national and economic security associated with the compromise or failure of a nation's cyber infrastructure assets means that their protection requires a concerted public-private partnership. In the region, the Caribbean Telecommunications Union has placed a focus on cybersecurity as part of its broader Internet governance mandate. The organisation is now working closely with its member states, the private sector and even civil society groups to help governments to develop cybersecurity plans to protect themselves, their economies and citizens.
Regional governments are slowly recognizing that they have to create an enabling environment for the protection of digital assets and the prosecution of cyber-crime. Beyond policy, countries also need the tools to monitor and evaluate the technical robustness and integrity of national networks.
Cyber security beyond anti-virus
There are many challenges to improving cybersecurity for critical infrastructures. Ignorance is chief among them. For most organisations, cybersecurity is largely synonymous with anti-virus software and corporate firewalls. These are necessary elements of cybersecurity-much as locks on doors and burglar alarm systems are necessary elements on physical security. However, door locks and burglar alarms are entirely insufficient if one is dealing with a terrorist attack or foreign invasion. In the same way, cybersecurity goes beyond anti-virus and firewalls, extending to a number of infrastructural technologies that can be used to better protect critical infrastructures from cyber attacks, including access control technologies, system integrity technologies, cryptography, audit and monitoring tools, and configuration management and assurance technologies. Organisations like the Caribbean Network Operators Group (CaribNOG) play an important role in raising both the awareness and technical competency of those entrusted with safeguarding our networks.
CaribNOG is a regional community of computer network administrators and security professionals "dedicated to exchanging technical information and experiences related to the management of IP networks in the Caribbean region." The CaribNOG group is a good example of the largely unknown forces that work behind the scenes to keep the Internet running in the face of unpredictable, potentially devastating threats. For example, on April 1, a rumoured attack on the world's Domain Name System (DNS) servers by a group known as Anonymous failed to materialize. The threat triggered a swift, fast-paced, multi-million-dollar global effort to beef up the Domain Name System.
Among those leading the effort was packet clearing house, a US-based non-profit responsible for defending vital pieces of Internet infrastructure. The good news is that investment in strengthening the global Domain Name System will now reach the Caribbean in the form of new root servers. PCH and the Internet Corporation of Assigned Names and Numbers (ICANN) are both now in the process of scheduling the installation of root servers in the region, with a priority on countries that have Internet Exchange Points. Out of the threat has come tremendous benefit for the region's Internet infrastructure. Many enterprises still ignoring persistent weaknesses could learn from the combination of proactive and defensive strategies that averted global cyber-disaster.
Long-term investment
In addition to the immediate need for cybersecurity strategies that addresses existing cyber-threats, there is a need for longer-term research that anticipates the dramatic growth in the use of computing and networks in the coming years. Cybersecurity requires a commitment to long-term efforts, such as the development of standards, research into cybersecurity vulnerabilities and technological solutions for these problems. It also requires the translation of research results into relevant products and services. In this regard, the University of the West Indies and other regional tertiary institutions need to step up research efforts and encourage academic focus and contribution relevant to our peculiar technology environment. Some of the long-term research areas include tools for ensuring privacy, embedding fault-tolerance in systems, self-managing and self-healing systems, and re-architecting the Internet. In light of the global nature of cyber-crime, and in the absence of a coherent national or regional cyber-security framework, the business community needs to take decisive steps to protect their intellectual and economic interests. At the same time, governments need to take urgent action to ensure that citizens, critical infrastructure and national interests are effectively protected. Cybersecurity is important. The threats are real and dangers ever-present. A multi-faceted strategic assault requires a multi-faceted strategic defense. It is not sufficient to be afraid or to remain in ignorance. Governments, businesses and users need to be informed, be alert and most importantly, actively engaged in defending themselves and protecting their assets.
Bevil Wooding is an Internet strategist with the US-based research firm, Packet Clearing House and the chief knowledge officer at Congress WBN, an international non-profit organisation. Follow on Twitter:
@bevilwooding, and Facebook: facebook.com/bevilwooding
