Cybersecurity Vulnerabilities Facing IT Managers Today
University of Maryland University College
Two factors increase the stakes of the cyber struggle. Tactically and operationally, the increasing dependence of modern technologically advanced forces (especially U.S. forces) on networks and information systems create new kinds of exploitable vulnerabilities. Second, as modern societies including the militaries that mirror them have continued to evolve, they have become ever more dependent on a series of interconnected, increasingly vulnerable “critical infrastructures” for their effective functioning. These infrastructures not only have significantly increased the day-to-day efficiency of almost every part of our
…show more content…
The United States Computer Emergency Readiness Team (US-CERT) has provided a “high level overview” of cyber vulnerabilities for control systems. Within this overview, US-CERT includes the following vulnerabilities: wireless access points, network access points, unsecured SQL databases, poorly configured firewalls, interconnected peer networks with weak security, and several others. Similarly, the National Institute of Standards and Technology (NIST) has published the “Risk Management Guide for Information Technology Systems” (2002). This guide establishes a multi-step system analysis which IT managers can use to assess their network vulnerabilities, measure the potential of each vulnerability occurring with respect to the threat’s source, motivation, and actions, whilst developing recommendations and documentation to counteract the vulnerabilities found within the assessment. The NIST guide views vulnerabilities from the perspective of the potential consequence(s) of an exploited vulnerability. Following the US-CERT overview and NIST guide can be helpful from an IT management perspective, as both provide enterprise-level guidance on structuring network systems with respect to vulnerabilities and both apply a system level view of analyzing vulnerability. However, both are lacking specificity, from the sense of how an external threat can tactically exploit a system.
Cybersecurity and Exploitation: Examples
Prabhaker Mateti, in the chapter