Kussmann 1

Kevin Kussmann
Dr. Erin Dietel-McLaughlin
WR 13300
7 November 2014
Technological Threats and Government Protection
There is no doubt that technology shapes the way individuals think, act, interact, and live.
Technology is an integral part of nearly everyones lives, and it is at the center of todays
society. Whether it is a car, smartphone, laptop, or tablet, most individuals are dependent on
technology in their everyday life. There are great benefits that come from the use of technology,
but those benefits also come with many costs. One of the main costs is the threats and
vulnerabilities that individuals are exposed to because of their dependence on technology.
Hackers can access endless amounts of information without individuals consent due to the fact
that virtually any technology can be hacked into. In addition to small scale threats, the national
dependence on technology exposes citizens and governments to threats through cyber-attacks
and cyber terrorism. Unfortunately, individuals typically do not have the knowledge nor means
to protect themselves from the risks that they face from technology every day. Because of this,
the United States government then becomes responsible to protect its citizens from the cyber
threats that they face. The government is taking some measures currently to help protect its
citizens, but there is still a lot of work that needs to be done in order to truly protect the citizens.
In looking to learn more about the threats from technology and how the government must protect
its citizens from these threats, it is important to look first at the threats that individuals face every
day, second, the current safety and protection that the government provides, and finally, what the
government needs to do in the future to protect its citizens with regards to technology.

Kussmann 2
One of the main threats that the average person faces on the internet is internet viruses.
Viruses can be obtained by going on contaminated websites or downloading files on the internet
that have a virus. According to Microsoft, Computer viruses are small software programs that
are designed to spread from one computer to another and to interfere with computer operation.
Viruses can shut down computers at random times, cause data loss, allow hackers to steal
personal information, or even make a computer completely unusable (McBride 1). Clearly, these
threats that common viruses cause can end up causing a lot of damage. According to a 2009
article in The Telegraph, a British Newspaper, 12 million people suffered a computer virus
attack in the last six months while 95 percent of people claim to use some sort of antivirus or
firewall software (Khan 1). Many people are under the false impression that they are being
protected from software, such as antivirus software, because of the strong advertising and claims
that the software companies make. Viruses are a very common threat that most people with
internet access face, and the consequences of contracting a computer virus can be detrimental,
leaving internet users vulnerable.
An emerging threat that many people are starting to become the victim of is threats
regarding credit cards. Millions of Americans use their credit cards on a daily basis. Credit card
numbers can be stolen through a variety of methods, however, and hackers can get away with
using other peoples credit cards to buy virtually whatever they want. What is most shocking
about credit card fraud is how easy it is for people to obtain credit card numbers. An article titled
How to Buy Stolen Credit Cards from the 'Amazon of Cybercrime' describes the process as to
how people can buy stolen credit card information off of an internet website based in Russia. The
user-friendly website allows users to purchase everything they need to use the stolen credit or
debit card all for only four dollars (Wagenseil 1). In addition to the ease of access to credit card

Kussmann 3
information via the internet, hackers can also access credit card information through devices
called skimmers. These skimmers are small devices that can be installed at common places, such
as gas stations or ATMs, in a matter of seconds (Credit Card Thieves Target 1). Skimmers
steal enough credit card information to make an exact copy of the card. They are virtually
unnoticeable, so individuals are especially vulnerable to having their information taken. Credit
cards are another example of technology that we depend on that exposes us to new threats. These
threats are very hard for individuals to protect themselves from, and the danger that citizens face
from using credit cards requires government protection.
In addition to the threats that come from the internet and credit cards, our everyday uses
of technology, such as cars and cell phones, also pose serious security threats. Virtually any
piece of technology can be manipulated and hacked into. For example, cars can be remotely
hacked into and controlled. In a 2013 Forbes article, researchers showed that they could hack
into the computers on a car and control its engine, jerk the steering wheel, slam on its brakes, and
much more (Greenberg 1). The fact that a hacker could remotely control an individuals car
poses a huge threat to the safety of individuals. Since citizens do not have the expertise to protect
themselves from this car hacking, they must turn to the government for protection. Another
example of technology that can be hacked into is cell phones. As cell phones become more
common than PCs, hackers are turning to manipulating cell phone networks. A Reuters article
written in December 2011 says, Security experts have previously identified a small number of
viruses designed to infect smartphones, allowing hackers to take control of the devices and force
them to make calls or send text messages (Virki 1). Most Americans have cell phones; they can
be hacked into and taken over. Once again, individuals do not have the means to protect
themselves from hackers using the networks that their phones operate on. This leads individuals

Kussmann 4
no choice but to turn to the government for hopeful protection. As the number of threats that
people face increase, their vulnerability increases as well, and the necessity of government
protection grows and grows.
On a more international level, cyberterrorism is a very real threat that most governments,
especially the United States, face. Cyberterrorism is a new method of terrorism where attacks are
carried out through hacking or technology. One example of cyberterrorism can be seen through
the Stuxnet worm attack on an Iranian nuclear reactor. Stuxnet was a very complicated form of
malware that targeted an Iranian nuclear reactor and caused it to malfunction while sending
signals to the workers on the reactor that everything was working well with the reactor (Chen 59). This attack showed governments around the world that no country is safe to a cyberterrorist
attack. According to Dr. Thomas Chen, a professor of cybersecurity, The discovery of the
Stuxnet malware in July 2010, and its analysis over the next several months, was widely believed
to have been a landmark event in cybersecurity, because it showed that cyberattacks against
industrial control systems, hypothesized for a long time, are actually possible (ix). Stuxnet
showed that major attacks are possible and can cause major damage to both governments and
private companies or industries. Since the threats from cyberterrorism are so prominent, the
United States government must protect not only its citizens, but also itself from cyberterrorist
attacks.
With all of the technological threats that the United States government faces, government
safety is called into question. The government currently has a lot of gaps in their security, and
government safety is important to the protection of citizens. A government hearing titled Cyber
Attack: Is the Government Safe? assess the security of the government in relation to cyberattacks. In this hearing, when discussing the information at stake that hackers can access, Senator

Kussmann 5
Joseph Lieberman of Connecticut says, It covers everything from the movements of our armed
forces and the deployment of our most powerful weapons to accumulated data about the
economy and the financial markets, to support for our transportation networks, to the most
private information about the American people, such as tax, wage, and medical records. The
information is wide open to exploitation, from pranksters to terrorists (3). Lieberman goes
on to say that government websites, such as the FBI and Department of Defense, get hacked
almost on a daily occurrence (Cyber Attack 4). Government and civilian security is not safe in
the hands of the government systems. Government websites and databases that contain massive
amounts of information get hacked often, which jeopardizes the safety and privacy of the citizens
of the United States. This information is meant to be highly confidential, as it contains secrets
that could make our nation very vulnerable to attacks. Clearly, there is more that needs to be
done to secure these government systems and protect the United States government and its
citizens. In another government hearing titled Cyber Insecurity: Hackers are Penetrating Federal
Systems and Critical Infrastructure, when talking about government and private computer
system networks, James Langevin, a Representative in Congress from Rhode Island, said that,
They are networks that are vulnerable to malicious hacking (4). The government systems that
are currently in place simply are not safe enough and are vulnerable to hacking and attacks. Their
vulnerabilities expose them to attacks that hurt both the government and its citizens. To support
the findings in the two previous government hearings, the aforementioned Stuxnet article
discusses critical US infrastructures and says, Cybersecurity tends to be a low priority for
system administrators, and systems are difficult to patch. Consequently, many vulnerabilities
continue to exist (Chen 18). With cybersecurity being a low priority, progress toward safer
government systems is nearly unattainable. The government needs to begin making changes

Kussmann 6
regarding cybersecurity, to help protect itself and its citizens. According to the International
Committee of the Red Cross, the necessity of cybersecurity is twofold: first, increasing
dependence on computer systems causes civilian infrastructure to be vulnerable, and secondly,
civilian dependence on the internet causes civilian vulnerability (Droege 538-539).
The government does currently take measures to help protect its citizens from all of the
threats and vulnerabilities that they face. According to Bernadette Schell and Clemens Martin in
Cybercrime, the two main government agencies that address cybersecurity are the Department of
Homeland Security and the United States Computer Emergency Response Team (195-198). The
Department of Homeland Security is a very broad organization that covers several different areas
of safety in the United States. Its focus on cyber safety and protection is relatively small, so
although the Department of Homeland Security does work with local governments to provide
some local security, its outreach is not enough to truly protect the citizens of the United States.
The United States Computer Emergency Response Team (US-CERT), has a mission to provide
cybersecurity to both citizens and the government directly. The US-CERT can help protect
individuals by allowing people to submit reports on incidents and providing information to
citizens on cybersecurity through mailing lists and feeds (US-CERT 1). US-CERT also responds
to larger security threats. Although these functions of US-CERT are a good start for
cybersecurity, they do not extend far enough. Simply providing mailing lists to those who wish
to subscribe to security updates does not reach enough citizens nor provide them with enough
real protection from the wide variety of threats that they face, as described earlier. An
organization that is designed to help government systems against cyber-attacks and
cyberterrorism is the Federal Information Security Management Act (FISMA). The goal of
FISMA is to provide guidelines and standards for technological security for critical information

Kussmann 7
infrastructure (FISMA 1). These guidelines and standards are supposed to be fully in effect by
August 15 2015 (FISMA 1). As important as having guidelines and standards are, in order to
have effective protection there must be action alongside these guidelines. This area is where
FISMA falls short. The government needs more planning, action, and legislation to fully protect
itself from cyber-attacks and cyberterrorism and to protect its citizens from these threats as well.
As Senator Fred Thompson says in Cyber Attack: Is the Government Safe?, there is still no
organization-wide approach to preventing cyber attacks and the security program management is
totally inadequate (2).
The government must take major steps heading forward to help protect its citizens from
the threats that they face. There are two main ways that the government can protect its citizens
better moving forward. First of all, the government needs to expand the functions of government
programs and departments currently put in place. For example, the aforementioned US-CERT
and FISMA programs can be greatly expanded. The US-CERT can help protect United States
citizens from technological threats that they face by informing internet users about proper
security and being safe on the internet. The US-CERT could do this by teaming up with major
internet browsers, such as Safari, Google Chrome, Internet Explorer, and Firefox, to relay
informational messages to new users about safety on the internet. These messages could serve
the same purpose as security and safety warnings as seen in cars, where there are different
warnings and messages. Although some may not heed the warning that the message
communicate, this would equip citizens who may not know much about internet security with the
access to knowledge to protect themselves. As previously discussed, FISMA has some good
guidelines and standards for cybersecurity in government divisions. FISMA needs to integrate
more action into these guidelines, however. This action could be helpful by doing a full sweep of

Kussmann 8
government systems and reanalyzing the security of those systems with new guidelines that
would enhance security, benefiting these systems. By providing action to help fix systems that
are inadequate, FISMA could help to provide real solutions and enhance cybersecurity.
Secondly, the government needs to use legislation to protect its citizens from the
technological threats that they face. One way that the government could use legislation to protect
its citizens from threats is by establishing common safety requirements for government systems.
In Cyber Attack: Is the Government Safe? a manager of critical infrastructure protection for
Cisco Systems Inc. says, There are no standards across the board for security posture
assessments or penetration tests (45). If the government were to standardize security analysis
completely, then there would be one common way to assess how secure a system is from a
threat. Government legislation is needed in order to create a common set of standards for
analyzing the security of a system. When the flaws of a system can be located, it is much easier
to fix them. Another approach for enhancing cybersecurity and protection of citizens through
legislation would be fixing current problems that have already been identified, such as regulation
of Social Security Numbers (SSNs). In a government study by the United States Government
Accountability Office (GAO), the GAO set out to find how easy it was to find peoples social
security numbers from internet resellers. In short, the study found that out of the 21 websites that
they tried to buy SSNs from, they were able to receive one complete SSN and four truncated
SSNs, concluding that there are easy ways to access someones social security number (Social
security numbers 3). The truncated SSNs were in different formats, since there are no guidelines
as to how to truncate SSNs, and by stitching together 2 of the truncated SSNs, the GAO was able
to purchase full SSNs that way as well (Social security numbers 3). The government needs to
regulate the truncating of SSNs so that it is not possible to access someones SSN for purchase

Kussmann 9
on the internet. Legislation needs to set these standards and protect citizens in the future.
Purchasing SSNs on the internet is just one example of confidential personal information being
too accessible via the internet. The government needs to locate other areas like SSNs and help to
regulate that personal information as well. A third way that legislation can help protection
citizens from threats is by implementing new laws. A July 2012 article in The Telegraph states,
The US must adopt a law to protect the country from cyber-attacks, the head of the National
Security Agency said (1). Further legislation by the United States government is needed to
help protect the nation from large scale cyber-attacks. As the threat of these attacks increase,
legislation becomes increasingly vital. To add on to the possible additional function of the USCERT, the article in The Telegraph says that the cybersecurity industry could function similar to
the way that the police and fire departments function, responding immediately to a situation or
threat (1). The US-CERT could act as this police department of the internet and give citizens a
feeling of security while responding to threats in real time. The United States government is
currently not doing enough to protect its citizens from the threats that they face from technology.
By implementing new legislation and making better use of current cybersecurity programs in
place, the government can greatly increase the security of the nation and its citizens from the
threats and vulnerabilities that they face from technology.
As much as protection from the government is needed from technological threats, some
may argue that protection from the government may infringe on the privacy of citizens. Some
believe that privacy is more important, whereas protection is not required. When discussing
cybersecurity and the privacy that some expect with cybersecurity, an article titled
Cybersecurity & Privacy: Three Federal Proposals says, Privacy, for most consumers and
citizens, includes the right to be left alone, but it also includes the right to choose how, when, and

Kussmann 10
to whom to reveal bits of information (Childe 19). If the government provides more security to
its citizens, some of this privacy and right to choose may be affected. This concern that some
may have is a valid concern, and when the government drafts legislature to enhance
cybersecurity, this fear must be taken into account. With the recent allegations and concerns of
privacy surrounding the National Security Agency, the government must be careful to not
interrupt the privacy of its citizens in its conquest for security. The government needs to maintain
communication with its citizens when drafting legislation so that people may voice their
concerns regarding privacy.
In todays society, technology rules how people communicate and live their everyday
lives. Technology presents an endless amount of benefits to people, but it also exposes citizens to
various threats and exposes their personal information. Citizens do not have the means nor
expertise to protect themselves from these threats, so they must turn to the government for
protection from these threats and vulnerabilities. The threats that individuals face daily, such as
credit card fraud, viruses, and cell phone hacking, was first examined. Next, government security
was analyzed by the safety of the government itself, through the ratings of current government
systems and threats of cyberterrorism, and what the government currently does to protect its
citizens, through current organizations that are meant to provide cybersecurity. Finally, steps for
the future safety and protection of citizens were suggested through new legislation and
enhancing current government programs. Moving forward, cybersecurity should be a main
concern for the government due to the threats that technology causes. Great urgency is needed as
the stability of tomorrow relies on the security and protection of technology today.

Kussmann 11
Works Cited
Chen, Thomas. Cyber Terrorism After STUXNET. Dept. of the Army, 2014.

Childe, Kerry. "Cybersecurity Privacy: Three Federal Proposals." Scitech Lawyer 8.3 (2012): 1821.

"Credit Card Thieves Target Gas Pumps, ATMs, Restaurants With 'Skimmers'." ABC. 19 Jul
2014 2014.

Cyber Attack is the Government Safe? : Hearing before the Committee on Governmental Affairs,
United States Senate, One Hundred Sixth Congress, Second Session, March 2, 2000., 2000.

Cyber Insecurity Hackers are Penetrating Federal Systems and Critical Infrastructure : Hearing
before the Subcommittee on Emerging Threats, Cybersecurity, and Science and Technology
of the Committee on Homeland Security, House of Representatives, One Hundred Tenth
Congress, First Session, April 19, 2007., 2009.

Droege, Cordula. "Get Off My Cloud: Cyber Warfare, International Humanitarian Law, and the
Protection of Civilians." International review of the Red Cross 94.886 (2012): 533-78.

"FEDERAL INFORMATION SECURITY MANAGEMENT ACT (FISMA)." National Institute

of Standards and Technology.

Greenberg, Andy. "Digital Carjackers.(Charlie Miller and Chris Valasek Testing Cars' Security
Vulnerabilities)(Technology / Security)." Forbes 192.2 (2013): 44.

Kussmann 12
Khan, Urmee. "12 million people suffered a computer virus attack in the last six months." The
Telegraph. 13 May 2009 2009.

McBride, Thomas. "Computer Virus Fact Sheet." 5 May 2014 2014. University of Houston
Downtown.

Schell, Bernadette Hlubik, and Clemens Martin. Cybercrime: A Reference Handbook. Santa
Barbara: ABC-CLIO, 2004.

Social Security Numbers Internet Resellers Provide Few Full SSNs, but Congress should
Consider Enacting Standards for Truncating SSNs : Report to Congressional Requesters.,
2006.

"US must Adopt Cyberattack Law, Says NSA Chief the US must Adopt a Law to Protect the
Country from Cyber-Attacks, the Head of the National Security Agency Said on Monday,
Insisting that it would Respect Privacy.(NEWS)." Telegraph Online (2012).

"US-CERT United States Computer Emergency Readiness Team." <https://www.us-cert.gov/>.

Virki, Tarmo. "GSM Networks Vulnerable to Hacking: Researcher." Information Company

(2011).

Wagenseil, Paul. "How to Buy Stolen Credit Cards from the 'Amazon of Cybercrime'." Tom's
Guide US. 17 Feb 2014 2014.

"What is a computer virus?" Microsoft. <http://www.microsoft.com/security/pc-security/viruswhatis.aspx>.