As I mentioned in my intro, I am resisting the temptation to throw in the towel and embrace a career as an event planner (always thought that would be my back up.) Though I am still on track to use my international affairs degree in a relevant manner, my search for a summer job has led me outside the security policy box. I applied for a job at the zoo. As a penguin. Just kidding. On a more somber note, when I arrived for the open interviews this morning there were around 30 people hoping for a spot as an assistant in the gift shop. The applicants ranged in age from teenager to adult. Perhaps this is normal but given the volume of applicants, I cannot help but think this is the sign on of the times. During my interview, when asked about my availability, I explained that I have a Wednesday morning obligation.
I am part of a Toastmaster's club. No, this has nothing to do with bread. It is a public speaking club that creates a forum to practice both prepared and impromptu speaking. The people in my club are fantastic, but often we speak more about matters relating to the club than our own lives. Eventually a friend asked me what I am interested in. I started to describe security policy and that by security I mean national security and not night club bouncers or airport police. He immediately said that he had to send me an article he read recently in the Wall Street Journal. As if putting his finger on the pulse, he sent me an article about... cyber security. I generally try to avoid complicated technology pursuits, I use the internet to read articles and view the latest confirmation that Sarah Palin would be better off as a mime on Youtube, but despite its sci-fi name, cyber security is an issue we must embrace.
Cyber security has been debated for years but recently came back into the spotlight after the famed internet blackout during Egypt's January revolution. I was in Cairo at the time. I can tell you there was very real frustration that a government would have the power to throw the kill switch on a country's internet. Admittedly we used the blackout as an excuse to revert to old-school yet still highly entertaining methods of communicating that involved safe houses, meeting spots and search parties. While surviving an internet blackout during an ongoing revolution is thrilling, it highlights what a delicate balance cyber security demands.
On one side of the coin is the fight to ensure internet freedom. On the other is the ability to protect ourselves from and respond to cyber attack. Today I would like to discuss the latter. The WSJ article that my friend sent to me describes the Pentagon's plan to implement what I see as a bad idea. Given that cyber attacks can be defined as acts of war, the U.S. could respond to such attacks using traditional military force. The Pentagon believes that any attack sophisticated enough to cause the damage worthy of a military response would require state level resources, therefore justifying an attack on a country. While arguably legal, implementing this strategy would do more harm than good. The Pentagon itself admits that it is still difficult to determine the source of an attack, a critical piece of information if a military retaliation is in order. Additionally, the precedent that would result from this strategy has strong potential to lead the U.S. into multiple foreign conflicts with the inevitable opportunity for escalation. The article cites the war in Afghanistan as a response to terrorism as the type of response covered under this strategy. Finally, the incongruity in fighting cyber warfare with conventional weapons is too obvious to ignore. Just as terrorism cannot be fought state to state, cyber warfare will also require limited, nuanced technique grounded in solving the root of the problem as opposed to punishing the result.
With any luck some of my attention this summer will be dedicated to zoo related activities (plush fruit bat anyone?) but I will also be keeping up with the cyber security debate. In the meantime, Bloomberg News reported that the most common password on the internet is 123456. I think it is time that we as citizens do our part to step up our own cyber security.
It's not just the top password that gets us in trouble, but perhaps the list of the top ten outlines how lazy we are in creating passwords:
ReplyDelete1. 123456
2. 12345
3. 123456789
4. Password
5. iloveyou
6. princess
7. rockyou *
8. 1234567
9. 12345678
10. abc123
* Note: this list was sourced from the RockYou website.
Regardless where you source it from, you'll find that they're relatively the same across the board. The only reason number one is 123456 is that more and more websites started requiring six characters instead of five. Thus, 123456 replaced 12345 as the most common password.
Another way you can ensure that your passwords are safe is to go to every site that you have an account on. Click the forgotten password link. This will usually send you an email to help you re-login. Upon receiving this email, you'll see one of two things. Either a link back to the website allowing you to create a new password, or your password itself spelled out plainly in the email. If the latter is the case, this website does not store your password encrypted. Therefore, if their database was to get hacked, they would now have access to all of the passwords stored in it.
I highly recommend against using any website that stores your password in plain text. If you decide you MUST use this website, you should send an email to whatever support link you can find on the website and request that they move to encrypted passwords. If enough people did this we could substantially increase security across the web through this one small action.
Happy browsing! :-)