Verified Document

Looking Into Traffic Analysis For Homeland Security White Paper

Traffic Analysis/Homeland Security One of the biggest challenges currently faced by the Department of Homeland Security is guaranteeing cybersecurity. Each and every day some type of cyber crime occurs. Such crimes have the potential to affect the country's national security. This paper investigates the significance of internet traffic and analysis to Homeland Security. It will look at the importance of internet traffic and analysis to Homeland Security as well as encrypted traffic and its implications to cyber-security. The manner in which the U.S. has handled cybersecurity over the past twenty years and the methods that the government has used in this time period will be discussed. Encrypted mobile messaging applications will also be discussed. At the end of the discussions, solutions are recommended and a conclusion given.

Introduction

In the recent past, the DHS (Department of Homeland Security) and the DoD (Department of Defense) signed an agreement to enhance the cooperation between the two, with regards to improving United States' cyber-security capabilities. The agreement is aimed at specifically enhancing cyber-security cooperation on capabilities development, mission activities and strategic planning. The agreement also outlined the specific individual and joint goals and responsibilities for both departments. The most crucial element in the agreement is personnel swap, which the Department of Defense expects to improve the different lines of communication between DHS and DoD. Under the cooperation agreement, the Department of Homeland Security will appoint an individual for the position of Director of Cyber-Security collaboration who will work in the NSA (National Security Agency) and serve as the Department's liaison to the United States Cyber Command. In addition, the agreement specifies that the DHS will supply more staffs from its office to the National Security Agency, including officers from its Office of the General Counsel, Office for Civil Rights and Civil Liberties and Privacy Office (Bobby, 2010). The DoD was to, in return, send a group of experts from its Cryptologic Services Group, to the Department of Homeland security's NCCIC (National Cyber-security and Communications Integration Center) with the aim of supporting Homeland Security's cyber-security efforts and coordinating those efforts with the operations of the DoD. In spite of the significant support that both departments will be offering each other, the agreement in no way interferes with the DHS and the DoD authorities, oversight mandates, command relationships or civil and privacy liberties. One of the most important strengths of the agreement is that Homeland Security will have more access to the Department of Defense, particularly its National Security Agency and its expertise and resources.

Background

The fact that cyberspace threats are borderless in nature calls for increased collaborations between countries so as to combat the threats. International collaboration is a key component of DHS's cyber mandate of safeguarding and securing the U.S.'s cyberspace. The Department, through the NPPD (National Protection and Programs Directorate), has created several functions to boost its international cooperation programs with other nations and organizations. The functions are carried out under the Office of Cyber-security and Communications in NPPD. Several parties have, however, insisted that for the NPPD to succeed in its international collaborations program, it should streamline its functions and operations so that it can consolidate its recourses and use them to better facilitate foreign relations (DHS Can Strengthen Its International Cybersecurity Programs, 2012). The United States Computer Emergency Readiness Team also needs to improve its information-sharing with related agencies so that it can better coordinate incident response.

Cyber-security entails all operations and activities aimed to protect and secure a cyberspace and computer infrastructure, in addition to the measures aimed at restoring ICT systems and the information contained in such systems. To best protect a cyberspace, there is the need to form security policies, best practices, collect tools, form guidelines, approaches, train staff, and have the technologies. Additionally, cyber-security also involves reduction of threat/vulnerabilities, incident response and deterrence of attacks, international cooperation and recovery measures. Due to the fact that cyber-attacks are borderless in nature, there is a need for governments and international organizations to act in concert so as to develop the cyber-security policies, procedures and plans, with the objective of enhancing cooperation, incident response and deterrence operations.

In the present day world, many aspects of our day-to-day lives have been moved to computers and online systems, for instance, education (we have online research, report cards, and virtual classrooms), healthcare (computer-based equipment and medical forms), finance (online bank transactions, bank accounts, electronic paychecks and loans), governments (online filing of birth records, death records, tax records and social security), transportation (aircraft navigation, car engine systems, and traffic control signals) and communications (texting, cell phones and email). Think of how much of your own personal data is stored on your own computer or...

Is your computer or the system fully secure? This is where cyber-security comes in -- it involves all the protective measures aimed at deterring cyber-attacks, and securing our computer systems (Cyber security Awareness, 2012). The growing volume and increasingly sophisticated nature of attacks targeting data theft, phishing scams and other vulnerabilities require that we stay vigilant in protecting our computers and ICT systems. The chart below shows the most common types of cyber attacks witnessed nowadays. (Cyber Crime Statistics and Trends [Infographic]
Attack Types

Viruses, malware, worms, trojans

50%

Criminal insider

33%

Theft of data-bearing devices

28%

SQL injection

28%

Phishing

22%

Web-based attacks

17%

Social engineering

17%

Other

11%

The internet has empowered people like never before. Even adolescents with the right skills can effectively disable traffic control systems, manipulate stock trading and steal personal information from online databases. What such individuals can easily do on their own, criminals groups can also do. In fact, organized crime groups have been involved in cybercrime for quite some time now. Cyber-security experts, scholars, law enforcement agencies and governments contend that traditional criminal groups are becoming more and more involved in electronic crimes. However, available data shows that cyber criminals are more likely to be loosely linked to online networks rather than be strong members of criminal organizations. In the past few years, extremist organizations have also been found to use cybercrime to finance their activities. For instance, Imam Samudra, the mastermind of the 2002 Indonesia bombings, is reported to have called on his followers to use credit card fraud to finance their militant activities.

Other important things to look at include:

Data Breach by Industry (Cyber Crime Statistics and Trends [Infographic]

Industry

Medical/Healthcare

38.9

Business

35.1

Educational

10.7

Government/Military

9.9

Banking/Credit/Financial

5.3

Importance of Internet Traffic and Analysis/Implications/Mobile Messaging

Traffic analysis is defined as the process of intercepting and looking at online communications with the aim of making inferences from the patterns of communications. Such an analysis can be done even when the online communications/messages cannot be decrypted (Kiran and Anish, 2015). This type of analysis best works with large volumes of messages, in that the higher the number of messages intercepted, the more that can be deduced from that information. Traffic analysis can be done by agencies for counter intelligence or military intelligence. It can also be used by criminal organizations, making it a concern to cyber-security experts. Knowing who is communicating with whom, at what time and for what duration, can give clues to an attacker about information that one might rather that he or she should not know.

The size of the packets being exchanged amidst two hosts could also be important data for an attacker, even though they are not able to see the traffic contents. Observing a short bout of single-byte payload packets having regular pauses between every packet may signify an interactive session amidst two hosts, whereby every packet signifies a keystroke (Kiran and Anish, 2015). Huge packets maintained over time have a tendency of signifying transfer of files amidst hosts, also showing the host that is sending and the one that is the recipient of the file. On its own, this data may not be very detrimental to the network's security; however, a creative attacker shall be capable of combining this data with other data to evade intended security procedures (Northcutt, 2015). An article on a mechanism founded on traffic behavior, which assists in the identification of P2P users, and even goes further to differentiate the kind of P2P application being utilized was run by Focus. IP/TCP lends itself to traffic analysis to the point that "fingerprinting" of systems is possible. Fyodor's NMAP site has a tutorial, which intensively elaborates this; however, NMAP functions through sending packets to stimulate the host. Also, it is possible to passively fingerprint; Tenable's Passive Vulnerability Scanner and Source Fire's RNA are examples of commercial devices to passively fingerprint. A powerful free device known as P0f is also available. In accordance to Honeynet project, the following areas are vital in OS fingerprinting. Mobile devices intents or identities cannot be verified. Hence, nodes need to cooperate for the integrity of the network's operation. Nodes might, however, decline to cooperate through not forwarding packets for others, so as not to wear out its resources (Northcutt, 2015). Other certain aspects that make the job of secure communication in informal wireless networks challenging, are a promiscuous operation mode, mobility of nodes, restricted processing power, and restricted availability of resources, like bandwidth, memory and battery power.

High ranked U.S. officials…

Sources used in this document:
References

Bobby, M. (2010, November 10). Harvard National Security Journal. Harvard National Security Journal -- DoD-DHS Memorandum of Understanding Aims to Improve Cybersecurity Collaboration. Retrieved January 27, 2016, from http://harvardnsj.org/2010/11/dod-dhs-memorandum-of-understanding-aims-to-improve-cybersecurity-collaboration/

(2012). DHS Can Strengthen Its International Cybersecurity Programs. Retrieved January 27, 2016, from http://www.oig.dhs.gov/assets/Mgmt/2012/OIGr_12-112_Aug12.pdf

(2015, May 10). Fox News - Breaking News Updates -- Latest News Headlines -- Photos & News Videos. 'Terrorism has gone viral': U.S. officials, lawmakers warn of growing jihad-inspired attacks -- Fox News. Retrieved January 27, 2016, from http://www.foxnews.com/politics/2015/05/10/mccaul-terrorism-has-gone-viral.html

Harknett, R., & Stever, J. (2015). The Cybersecurity Triad: Government, Private Sector Partners, and the Engaged Cybersecurity Citizen. Journal of Homeland Security and Emergency Management, 6(1).
(2013). Homeland Security. Privacy Impact Assessment for EINSTEIN 3 - Accelerated (E3A). Retrieved January 27, 2016, from http://www.dhs.gov/sites/default/files/publications/privacy/PIAs/PIA%20NPPD%20E3A%2020130419%20FINAL%20signed.pdf
KESSLER, G., & RAMSAY, J. (2012). Paradigms for Cybersecurity Education in a Homeland Security Program. Journal of Homeland Security Education, 2. Retrieved January 27, 2016, from http://www.journalhse.org/sft710/kesslerramsayjhsearticlefinal.pdf
Kiran, & Anish. (2015). Secure Hidden Routing in Mobile Ad Hoc Networks. International Journal of Advanced Research in Computer Science and Software Engineering, 5(4). Retrieved January 27, 2016, from http://ijarcsse.com/docs/papers/Volume_5/4_April2015/V5I4-0510.pdf
(2012). MOHS. Cyber security Awareness. Retrieved January 26, 2016, from http://www.homelandsecurity.ms.gov/Pages/cyber.aspx
Northcutt, S. (2015). Cyber Security master's degree -- Information Security Master's Degree. Traffic Analysis. Retrieved January 26, 2016, from http://www.sans.edu/research/security-laboratory/article/traffic-analysis
(2012). OIG/DHS HomePage. DHS Needs to Address Portable Device Security Risks. Retrieved 27, 2016, from http://www.oig.dhs.gov/assets/Mgmt/2012/OIG_12-88_Jun12.pdf
(2013). Web Design Company - Dubai Website Design and Web Application Development Company. Cyber Crime Statistics and Trends [Infographic]. Retrieved February 4, 2016, from http://www.go-gulf.com/blog/cyber-crime/
Cite this Document:
Copy Bibliography Citation

Related Documents

Homeland Security and Preparedness, Response, Activities and
Words: 2666 Length: 8 Document Type: Capstone Project

Homeland Security and Preparedness, Response, Activities and Programs in Disaster Response or Disaster Recovery The focus of this study is the homeland security issue as it relates to the preparedness of the U.S.A. government and citizens in response to the emergencies that may emerge. The research question in this study is one that asks in light of the past disasters experienced by the United States such as the events of September 11,

Challenges Facing the Department of Homeland Security With New Technology...
Words: 1922 Length: 6 Document Type: Research Paper

Department of Homeland Security is clearly start-up: How quickly can DHS be up and running? The department formally began operating on January 24, 2003, and by March 1 had absorbed representatives from most of its component parts. The formal process of transferring agencies is expected to be completed by September 30, 2003, but analysts suggest full integration of agencies will take at least several years. Notwithstanding, as a practical matter,

Trafficking Victims Protection Reauthorization Act
Words: 11509 Length: 42 Document Type: Dissertation or Thesis complete

Government The Trafficking Victims Protection Reauthorization Act Final Project / Dissertation Degree: Juris Doctorate Specialized Major: Specialization: Constitutional Law Full Address: The Trafficking Victims Protection Reauthorization Act This paper reviews the rights and protection that a state and federal government official provides to citizens that have been the subject of human trafficking crimes. Citizens need the protection of the police and other law enforcement officials to report human trafficking crimes and to protect and assist those that need

National Security Implications of Transnational Organized Crime
Words: 3380 Length: 9 Document Type: Essay

National Security Implications of Transnational Organized Crime The paper deals with three important aspects, one the National Security, second the crime -- organized in many ways, and the third rogue nations that pose a threat. National security is to be understood in multiple contexts. Firstly the physical security of the nation from alien threats, and intrusions, secondly damages to vital infrastructure and thirdly anti-national activities by organizations that may lead to

Transportation - Security Contemporary Transportation
Words: 6826 Length: 25 Document Type: Research Proposal

By federal law, all passenger airliners now feature cockpit doors that are locked by the pilots from inside the cockpit. Likewise, pilot training now includes the specific instructions not to open the door in response to any occurrence or emergency in the passenger cabin; instead, pilots are under instructions to land the aircraft immediately in response to any perceived emergency that would have previously been cause to investigate beyond

Human Trafficking the State Department of the
Words: 6416 Length: 20 Document Type: Research Paper

Human Trafficking The State Department of the U.S. Government has for the past ten years issued an annual report on the state of laws governing human trafficking. The latest report shows that most of the world's industrialized countries have enacted laws to protect against human trafficking. This includes recognizing that human trafficking is a problem and having taken steps to address the issue (Wu & Zifcak, 2010). Most countries in the

Sign Up for Unlimited Study Help

Our semester plans gives you unlimited, unrestricted access to our entire library of resources —writing tools, guides, example essays, tutorials, class notes, and more.

Get Started Now