>Users:   login   |  register       > email         > people    


Cyber Attack
By William Sturgeon
Published: 10/10/2016

Computer-attack This article was originally published on Corrections.com on December 12, 2010.

Did You Hear the Wakeup Call

Over the past week hackers brought down numerous web sites to include MasterCard. The reason for these attacks was the arrest of Julian Assange in England, he is the purported head person of WikiLeaks, a web site that has leaked millions of pages of military and United States State Department secrets. He was not arrested for leaking classified information, but for rape charges lodged against him in Sweden.

In support of Mr. Assange, “an anonymous group of ‘hacktivists’, which is behind what it calls “Operation Payback”, claimed on Twitter that it was responsible for disrupting the credit card group’s (MasterCard’s) website.” [1]

Of course, I immediately thought of how secure are the United Kingdom’s web sites, especially those associated with Her Majesty’s Prison Service. If this group of “hacktivists” can disrupt, shutdown, and/or interrupt a sophisticated web site like MasterCard, one must be concerned about their governmental web site. I have some familiarity with HMPS and it is a very professional group of people. Yet with all of the new technology being developed and/or adapted, it is difficult for governmental agencies worldwide to keep up with the ever-evolving trends.

After considering the United Kingdom’s cyber security, my thoughts wandered to the United States and the number of prisons and jails systems, both public and private, that are here in the United States. How prepared are these numerous and diverse correctional systems for an all out cyber attack? Additionally, I pondered the following:
  • What part of the facilities operations are controlled by computers that are connected to the web?
  • How secure is the agency’s email system?
  • How secure are offender files (Especially release date information)?
  • How secure are transportation routes and schedules?
  • How secure are personnel files?
  • How secure are payroll records?

As correctional systems evaluate their system’s ability to repel hackers, it should also be looking for past attempts to gain entry and ascertain if their system has been penetrated. It is crucial to determine where the hackers went (in the system) what they did, and what they left behind, if anything.

I learned throughout my career that very often policies, procedures, or protocols are violated and/or ignored, adapted or disregarded by personnel, who are not authorized to do so, to increase efficiency or to make the work environment more comfortable. I am mentioning this because during my time, policies and procedures dealing with adding any equipment to the emergency generator (s) were ignored. I would be willing to bet that there are computers (agency and private) with classified information on them. Additionally I would bet that there are CD’s with classified information on them floating around. In addition, there are probably computers attached to the network without the proper security programs.

I am not criticizing correctional agencies; for all of us this is a new world. With all of the physical security issues correctional administrators have to address, they now have to insure that their agencies’ cyber communications are secure from cyber attack. Here is was I do know about cyber security: we are all still learning.

By arresting Julian Assange, the correctional career field is now open to cyber attacks to all of its web-based systems by the hacker community/”hacktivists”.

The internal security of information that is stored and maintained electronically is another area that I believe must be reviewed. Some of our nation’s most secure secrets were laid open to the world because of the actions of a Private First Class who had been subjected to detailed and comprehensive background investigations before being granted a security clearance. These background investigations far surpass the background investigations that most correctional personnel are subjected to when they are hired.

Some steps that I would take if I were a working for an agency today:
  • Establish access control for all personnel. Only those at the appropriate level should have total access to all of the sensitive information.
  • Access should be based “STRICTLY” on the old philosophy of “Need To Know”! I have found “OPEN and COMPLETE ACCESS” to be the practice in a great many correctional agencies. This is a common practice because it is EASY for people to access information.
  • Compartmentalization and restricted access is something I really believe in. Restrict, restrict, restrict the amount of access any single person is permitted.
  • Another thing I have always had an issue with (even when it came to me on printouts) is the amount of OPEN information that is disseminated system wide.
  • Printers should be maintained in an area where there is a supervisor.
  • No CD player, cell phones, etc., should be permitted in the work areas where sensitive materials are electronically stored.

Most correctional agencies are electronically connected to a statewide computer system and therefore dependent on the state’s security protocols and technicians.

Finally, I would recommend that correctional administrators have their systems and policies and procedures reviewed by a cyber security professional. I am recommending that this cyber security professional be someone from outside of state government. My rationale for this recommendation is that private firms are more up to date with the current trends in cyber attacks, in my opinion. I would also recommend that as part of this vulnerability test, the firm attempts to hack the files. The most important thing is that you start today to secure all of your cyber systems and the information they contained.

[1] Financial Times, December 9, 2010

Visit the Bill Sturgeon page

Other articles by Sturgeon:


Comments:


Login to let us know what you think

User Name:   

Password:       


Forgot password?





correctsource logo




Use of this web site constitutes acceptance of The Corrections Connection User Agreement
The Corrections Connection ©. Copyright 1996 - 2017 © . All Rights Reserved | 15 Mill Wharf Plaza Scituate Mass. 02066 (617) 471 4445 Fax: (617) 608 9015