Traffic Analysis/Homeland Security One of the biggest challenges currently faced by the Department of Homeland Security is guaranteeing cybersecurity. Each and every day some type of cyber crime occurs. Such crimes have the potential to affect the country's national security. This paper investigates the significance of internet traffic and analysis to Homeland Security. It will look at the importance of internet traffic and analysis to Homeland Security as well as encrypted traffic and its implications to cyber-security. The manner in which the U.S. has handled cybersecurity over the past twenty years and the methods that the government has used in this time period will be discussed. Encrypted mobile messaging applications will also be discussed. At the end of the discussions, solutions are recommended and a conclusion given.

Introduction

In the recent past, the DHS (Department of Homeland Security) and the DoD (Department of Defense) signed an agreement to enhance the cooperation between the two, with regards to improving United States' cyber-security capabilities. The agreement is aimed at specifically enhancing cyber-security cooperation on capabilities development, mission activities and strategic planning. The agreement also outlined the specific individual and joint goals and responsibilities for both departments. The most crucial element in the agreement is personnel swap, which the Department of Defense expects to improve the different lines of communication between DHS and DoD. Under the cooperation agreement, the Department of Homeland Security will appoint an individual for the position of Director of Cyber-Security collaboration who will work in the NSA (National Security Agency) and serve as the Department's liaison to the United States Cyber Command. In addition, the agreement specifies that the DHS will supply more staffs from its office to the National Security Agency, including officers from its Office of the General Counsel, Office for Civil Rights and Civil Liberties and Privacy Office (Bobby, 2010). The DoD was to, in return, send a group of experts from its Cryptologic Services Group, to the Department of Homeland security's NCCIC (National Cyber-security and Communications Integration Center) with the aim of supporting Homeland Security's cyber-security efforts and coordinating those efforts with the operations of the DoD. In spite of the significant support that both departments will be offering each other, the agreement in no way interferes with the DHS and the DoD authorities, oversight mandates, command relationships or civil and privacy liberties. One of the most important strengths of the agreement is that Homeland Security will have more access to the Department of Defense, particularly its National Security Agency and its expertise and resources.

Background

The fact that cyberspace threats are borderless in nature calls for increased collaborations between countries so as to combat the threats. International collaboration is a key component of DHS's cyber mandate of safeguarding and securing the U.S.'s cyberspace. The Department, through the NPPD (National Protection and Programs Directorate), has created several functions to boost its international cooperation programs with other nations and organizations. The functions are carried out under the Office of Cyber-security and Communications in NPPD. Several parties have, however, insisted that for the NPPD to succeed in its international collaborations program, it should streamline its functions and operations so that it can consolidate its recourses and use them to better facilitate foreign relations (DHS Can Strengthen Its International Cybersecurity Programs, 2012). The United States Computer Emergency Readiness Team also needs to improve its information-sharing with related agencies so that it can better coordinate incident response.

Cyber-security entails all operations and activities aimed to protect and secure a cyberspace and computer infrastructure, in addition to the measures aimed at restoring ICT systems and the information contained in such systems. To best protect a cyberspace, there is the need to form security policies, best practices, collect tools, form guidelines, approaches, train staff, and have the technologies. Additionally, cyber-security also involves reduction of threat/vulnerabilities, incident response and deterrence of attacks, international cooperation and recovery measures. Due to the fact that cyber-attacks are borderless in nature, there is a need for governments and international organizations to act in concert so as to develop the cyber-security policies, procedures and plans, with the objective of enhancing cooperation, incident response and deterrence operations.

In the present day world, many aspects of our day-to-day lives have been moved to computers and online systems, for instance, education (we have online research, report cards, and virtual classrooms), healthcare (computer-based equipment and medical forms), finance (online bank transactions, bank accounts, electronic paychecks and loans), governments (online filing of birth records, death records, tax records and social security), transportation (aircraft navigation, car engine systems, and traffic control signals) and communications (texting, cell phones and email). Think of how much of your own personal data is stored on your own computer or...

Is your computer or the system fully secure? This is where cyber-security comes in -- it involves all the protective measures aimed at deterring cyber-attacks, and securing our computer systems (Cyber security Awareness, 2012). The growing volume and increasingly sophisticated nature of attacks targeting data theft, phishing scams and other vulnerabilities require that we stay vigilant in protecting our computers and ICT systems. The chart below shows the most common types of cyber attacks witnessed nowadays. (Cyber Crime Statistics and Trends [Infographic]
Attack Types

Viruses, malware, worms, trojans

50%

Criminal insider

33%

Theft of data-bearing devices

28%

SQL injection

28%

Phishing

22%

Web-based attacks

17%

Social engineering

17%

Other

11%

The internet has empowered people like never before. Even adolescents with the right skills can effectively disable traffic control systems, manipulate stock trading and steal personal information from online databases. What such individuals can easily do on their own, criminals groups can also do. In fact, organized crime groups have been involved in cybercrime for quite some time now. Cyber-security experts, scholars, law enforcement agencies and governments contend that traditional criminal groups are becoming more and more involved in electronic crimes. However, available data shows that cyber criminals are more likely to be loosely linked to online networks rather than be strong members of criminal organizations. In the past few years, extremist organizations have also been found to use cybercrime to finance their activities. For instance, Imam Samudra, the mastermind of the 2002 Indonesia bombings, is reported to have called on his followers to use credit card fraud to finance their militant activities.

Other important things to look at include:

Data Breach by Industry (Cyber Crime Statistics and Trends [Infographic]

Industry

Medical/Healthcare

38.9

Business

35.1

Educational

10.7

Government/Military

9.9

Banking/Credit/Financial

5.3

Importance of Internet Traffic and Analysis/Implications/Mobile Messaging

Traffic analysis is defined as the process of intercepting and looking at online communications with the aim of making inferences from the patterns of communications. Such an analysis can be done even when the online communications/messages cannot be decrypted (Kiran and Anish, 2015). This type of analysis best works with large volumes of messages, in that the higher the number of messages intercepted, the more that can be deduced from that information. Traffic analysis can be done by agencies for counter intelligence or military intelligence. It can also be used by criminal organizations, making it a concern to cyber-security experts. Knowing who is communicating with whom, at what time and for what duration, can give clues to an attacker about information that one might rather that he or she should not know.

The size of the packets being exchanged amidst two hosts could also be important data for an attacker, even though they are not able to see the traffic contents. Observing a short bout of single-byte payload packets having regular pauses between every packet may signify an interactive session amidst two hosts, whereby every packet signifies a keystroke (Kiran and Anish, 2015). Huge packets maintained over time have a tendency of signifying transfer of files amidst hosts, also showing the host that is sending and the one that is the recipient of the file. On its own, this data may not be very detrimental to the network's security; however, a creative attacker shall be capable of combining this data with other data to evade intended security procedures (Northcutt, 2015). An article on a mechanism founded on traffic behavior, which assists in the identification of P2P users, and even goes further to differentiate the kind of P2P application being utilized was run by Focus. IP/TCP lends itself to traffic analysis to the point that "fingerprinting" of systems is possible. Fyodor's NMAP site has a tutorial, which intensively elaborates this; however, NMAP functions through sending packets to stimulate the host. Also, it is possible to passively fingerprint; Tenable's Passive Vulnerability Scanner and Source Fire's RNA are examples of commercial devices to passively fingerprint. A powerful free device known as P0f is also available. In accordance to Honeynet project, the following areas are vital in OS fingerprinting. Mobile devices intents or identities cannot be verified. Hence, nodes need to cooperate for the integrity of the network's operation. Nodes might, however, decline to cooperate through not forwarding packets for others, so as not to wear out its resources (Northcutt, 2015). Other certain aspects that make the job of secure communication in informal wireless networks challenging, are a promiscuous operation mode, mobility of nodes, restricted processing power, and restricted availability of resources, like bandwidth, memory and battery power.

High ranked U.S. officials…