Dyson College of Arts and Sciences

The resultant potential threats against the myriad vulnerabilities that exist in these newer technologies make our smartphones, tablets, and other computing devices permeating our society increasingly vulnerable to attack. The growing consequences associated with successful cyber-attacks have even farther-reaching outcomes that rarely enter the mindset of most citizens. Recent cyber-attacks upon our nation's vulnerable banks, for example, occur with such ferocity and frequency that the news of the events are often ignored by casual observers who, having seen this picture many times before, seem unconcerned or otherwise disconnected from the reality that the financial losses to our financial institutions will adversely affect them, although the reality is usually entirely different from these false perceptions. Just as attacks over the past fifteen years may have, on occasion disrupted our ability to safely and effectively use the myriad computing devices permeating society, so too could sustained, more ferocious attacks lead to consequences that go beyond the logical realm (such as the nuisance of interrupted availability of Internet-based gaming, education, e-Commerce and e-Business activities), transcending into the physical realm, causing actual physical damage (inoperable water dam gates, air traffic control systems, and disruptions in our energy grid, for example). Since the dawn of the new millennium, Americans (and America itself ) have become targets from attacks by nefarious individuals, criminal groups (private & state- sponsored) and even national armies (Iran, North Korea and China, for instance), and these persistent threat vectors have grown in magnitude so as to be coined by a new phrase that has entered our lexicon—the Advanced Persistent Threat (APT). The APT has its roots in the all-too-public but frequently denied hacking activities emanating mostly from China, together with threats from other government—and criminal- sponsored entities that collectively have resulted in the theft of hundreds of billions of dollars' worth of currency, intellectual property, and state/military secrets too numerous to list here. By examining some of the recent, more highly publicized cyber-attacks against the backdrop of the relatively new 20 Critical Security Controls, and even against more current successful cyber-attacks that resulted in sustaining actual physical damage, prescriptive suggestions for accelerating implementation of the controls is made to better defend the nation against a threat that like terrorism, has and will further permeate our society for the foreseeable future. AMERICA'S CRITICAL INFRASTRUCTURE While many Americans enthusiastically embrace the latest communication and computing technologies that are made available in the early 21st century (and have indeed become ubiquitous in our modern society, as in the popularity of the smartphone), so too have many firms and industries providing services that we as a nation collectively depend upon to keep that society flourishing. These essential service providers have come to automate many of their functions, depending upon such ubiquitous technologies as the Internet, GPS, and automated machine equipment. Without the services they collectively provide, society would breakdown—fast. 59

• Cover