Sunday, July 19, 2015

MASSIVE CYBERATTACKS - WHAT DO WE LEARN?...

It is no longer a matter of if the U.S. will fall victim to massive cyberattacks, it is just a matter of when. At least that seems to be the consensus of the National Security Agency, among other high-profile watchdogs.
The NSA recently stated that the country needs to be prepared for the possibility of more high-level cyberattacks — attacks like the one which targeted the U.S. Office of Personnel Management (OPM), leaving millions of sensitive government records exposed. And considering the massive attack is believed to have gone undetected for a year, there’s certainly plenty of cause for concern.
Last week the U.S. government confirmed the two cyberattacks on OPM ultimately compromised over 21 million Social Security numbers, 19.7 million forms with data and 1.1 million fingerprint records, THE WALL STREET JOURNAL REPORTED.
Navy Admiral Michael Rogers, who currently serves as both the Director of NSA and Commander of the U.S. military Cyber Command, is quite sure this will not be the last time attacks of this magnitude hit the U.S.
“I don’t expect this to be a one-off,” Rogers said while speaking at the London Stock Exchange as part of an effort to raise awareness of cybersecurity threats in the financial sector, adding the incidents have forced the government to take a closer look at its cybersecurity policies, WSJ reported
While no official communication may be sent to victims of the recent attacks for some time, OPM confirmed anyone who went through a security clearance background investigation performed by the office since 2000 should assume their information was affected by the data breach.
Earlier this month the agency outlined the steps it plans to take in order to assist potential victims. The office will offer a comprehensive suite of monitoring and protection services to individuals whose sensitive information was compromised, including full service identity restoration support and victim recovery assistance and identity theft insurance.
Rogers explained that while the government continues to work through the aftermath of what happened at OPM, one of the remaining questions revolves around how to determine the “right vision for the way forward in how we are going to deal with things like this.”
Rogers also confirmed that though Cyber Command is in charge of protecting Defense Department networks, it was not given the responsibility of defending OPM.
“We are in a world now where, despite your best efforts, you must prepare and assume that you will be penetrated,” he explained during the event. “It is not about if you will be penetrated, but when.”
Rogers said cooperation between both companies and the government is needed in order to truly protect networks. “Cyber to me is the ultimate partnership, Rogers said. “There is no single entity out there that is going to say: ‘Don’t worry, I’ve got this.’”
Bwana Chris Gibson, Mkurugenzi mkuu wa CERT (Computer Emergence Response Team) ya Nchini Uingereza yenye dhamana ya kubaini na kudhibiti uhalifu mtandao nchini humo ametangaza rasmi kuunga mkono kauli  ya mwaka huu ya wanausalama mitandao ambayo Niliizungumzia rasmi na kuitolea ufafanuzi katika mkutano wa wanausalama mitandao tulipo kutana jijini Johannesburg mwaka huu mwezi wa Tano mwishoni
Kauli hii ya ushirikiano nilipo izungumzia, wataalam wote katika mkutano huo waliiunga mkono na sasa kupitia mkutano wa wanausalama mitandao wanchi ya uingereza uliokamilika Jijini London Mkuurugenzi mkuu wa CERT ya nchini Uingereza amesisitizia  hili kwa kusema vita dhidi ya uhalifu mtandao itakua ngumu kama ushirikiano utakua hafifu.
Itakumbukwa mwaka 2013 CERT ya uingereza ilizindua CISP – Cybersecurity Information Sharing Partnership, iliyodhamiria kutoa fursa ya kukuza ushirikiano wa kubadilishana taarifa za uhalifu mtandao nchini humo huku mashirika binafsi na serikali zikitegemewa kupiga hatua dhidi ya uhalifu mtandao.
Hili la kushirikiana kwa taarifa za uhalifu mitandao baina ya makampuni pamoja na serikali nililitolea ufafanuzi katika mkutano wa wanausalama mitandao 2014 Nchini Cyprus na kusema imefika wakati makampuni yakawa na tabia ya kutoa twakwimu stahiki za uhalifu mtandao sanjari na inteligensia ya uhalifu huu ili kuhakiki namna ya uhalifu huu unavyo fanyika unabainishwa na kutoa fursa ya udhibiti kupatikana mapema.
Maelezo hayo ambayo baadae yaliweza kuingizwa katika moja ya jarida la usalama mitandao, Nilielezea kwa kina namna hatua ya ushirikiano wa kupeana taarifa za uhalifu mtandao baina ya Makampuni inavyoweza kusababisha uhalifu ulioathiri kampuni moja au nchi moja kutojirudia kwa nyingine kwani tayari kutakua na ufahamu wa uhalifu usika kutokana na kushirikiana katika kubadilishana taarifa za uhalifu mtandao baina ya makampuni au Nchi.
Aidha, katika kuongezea juu ya hili bado naona changamoto kubwa  kwa mataifa mengi ikiwemo Tanzania ni kutokuwepo na mikakati madhubuti ya kutambua na kubaini uhalifu mtandao sanjari na kuchukua hatua za haraka kudhibiti mara unapokua umetokea kituambacho kimeendelea kusababisha uhalifu huu kuendelea kushika kasi zaidi hivi sasa.
Takwimu zinaonyesha Asilimia zaidi ya 71 ya uhalifu mtandao umeendelea kutikisa anga ya usalama mitandao na kubainika kwake kumechukua  zaidi ya miezi mitatu kitu ambacho ni hatari na kinarudisha nyuma ushindi dhidi ya uhalifu mitandao.
Nchini Marekani Udukuzi uliogundulika wiki mbili zilizo pita uliosababisha taarifa za watu zaidi ya Milioni Arubaini na moja kuibiwa na wahalifu mtandao ambapo kwa sasa taarifa hizo zimeendelea kuzua  mijadala mirefu baina ya wanausalama mitandao baada ya kubainika uhalifu huo umechelewa kugundulika na tayari athari kubwa imeonekana kutokana na tukio hilo, jambo ambalo limepelekea  mkuu wa FBI wa Nchi ya Marekani kuthibitisha mategemeo yake ya matukio kadhaa mfano wa hilo kutokana na udhaifu wa ugunduzi wa mapema wa matukio ya uhalifu mtandao
Hili bado libaki kua funzo kwetu kwani yote hayo yanayo jiri katika mataifa mengine yanaweza kujirudia barani Afrika na hasa Nchini Tanzania. Udhaifu wa kuto shirikiana katika kupeana taarifa za uhalifu mtandao bado ni changamoto kwetu nabado tumekua tukitegemea mabadiliko katika udhibiti wa uhalifu huu
Mfano, uhalifu Mtandao Aina Ya “Spearfishing” bado umeendelea kutoa athari kubwa  nchini Tanzania na kumekua na jitihada ndogo za kukuza uelewa dhidi ya uhalifu huu huku kuubaini na kudhibiti kua bado kuko chini. CERT ya nchini Tanzania yenye dhamana ya kubaini na kuzuia uhalifu mtandao kabla ya kuleta athari Nchini inakila sababu ya kujifunza zaidi kutoka kwa wengine na kuhakiki inaingiza katika vitendo yale ya msingi yanayopatikana ili kuhakiki Taifa linaendelea kubaki salama.
Aida, Nitoe wito kua kama ilivyo udhibiti wa uhalifu wa kawaida ambapo unapelekea mtu momoja kuweka milango, Madirisha na mengineo na baadae kuunda vikundi binafsi vya sungu sungu kuweza kuimarisha ulinzi na baadae kutegemewa Polisi wenye dhamana ya ulinzi wa raia na mali zao kuuendeleleza ulinzi – Dhana hii lazima ielekezwe katika mitandao ambapo kila mmoja anapaswa kujua anadhamana ya kujiweka salama binafsi na kuunganisha nguvu baina ya vikundi vidogo huku vitengo venye dhamana ya kulida mitandao katika ngazi ya taifa kuendelea kutoa msaada stahiki.
Posted by on

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)