OPENINGThe modern era of computers, technology, global connection, and innovation has brought many positive changes into the lives of almost all people in the world. Stores and offices could most likely become a thing of the past. With an unbelievable change in technology, however, comes many trials and threats that seem logically insoluble. Despite the feeling of security that each one of us as Americans may think that we have, the fact of the matter is that someone somewhere knows one’s personal information. Anyone can somehow find a backdoor, exploit a logical solution to being locked out of something that is not there or effortlessly crack a passcode into a system or server that most likely has one’s personally identifiable information. PART ONE – THE PROBLEMThere is a specific unprecedented possibility, known as the “Digital Pearl Harbor” (DPH). Despite those who claim that the likelihood of a DPH is small (Armerding, 2017), this would be an unprecedented worst-case scenario that could affect private business. It can be supposed that almost all smartphones, web servers, and national infrastructure related to technology were hacked into by either an enemy foreign power, terrorist group, or a highly skilled international criminal with matchless capabilities.
According to PKware, “It could take the form of sabotage against our critical infrastructure, an attack on the global financial system, or an attempt to undermine our national defenses” (McCrate, 2018). It is unlikely that any of our present antiviruses and security skills would be a match for this threat if it is ever to come to fruition. A business must have a plan to recover from such an event, specifically a DPH. A business needs to have a plan in case such a disaster were to strike.
One article from Entrepreneur website specifies a specific six-point plan of how just that can be done. The steps are to 1) Find out what happened, 2) Seek Legal advice, 3) Communicate Early and Often, 4) Eliminate the Problem, 5) Rebuild, and 6) Revisit your security plan (Richmond, 2011). In the case of a foreign attack on national cyber-infrastructure, chances are that these steps may be the same for a private business. Chances are also, however, that they might not be. Legal experts according to Step 2 may not be able to help after the disaster strikes and Steps 4 and 6 may not be entirely possible. It could be suggested that it might be easier for small businesses to technologically recover, as a cyber-attack would presumably have a greater interest in damaging overall national infrastructure through large businesses.
These original steps were designed for small businesses, which as of 2011 were increasingly becoming a target for hackers or “cyber-crooks” (Richmond 2011). But for both small businesses and large corporations, the economic drawback just might be equally devastating. This paper can assign a set of alternate steps that apply to all businesses in case a DPH were to take place. The new steps could be to 1) Find out what happened, 2) Have Legal advice prepared already in advance, 3) Communicate Early and Often, 4) Cut the Problem down to size, 5) Rebuild, and 6) Revisit your security plan. The Security plan itself should probably revolve around which security technologies a business could invest in, its attitude towards cyber-crime in general, keeping its financial and personally identifiable records on a separate drive, and investing in an offshore account that could help a business recover from the worst of situations.
The ultimate focus of this paper is to highlight how a particularly large business can recover from and possibly regain its assets lost from this hypothetical digital catastrophe.The term, “Digital Pearl Harbor” was first coined by the former top national security chief, Mr. Richard A. Clarke, and the term was also used by former Defense Secretary Leon Panetta. This DPH situation is one in which the “US critical infrastructure is vulnerable to a catastrophic cyber attack” (Armerding, 2017) and in which a foreign attacker would be responsible (Bumiller, 2012).
The article in which Secretary Panetta’s statement was described states that we are just as behind when it comes to cyber-security as we were in the early millennium. It also talks about a precedent and event for such and the problems that a business might have to cope with in response to this. There were several technological malfunctions back in 1999 where 10 million gallons of wastewater were emptied into a river and another instance where nearly 240,000 gallons of gasoline where ruptured and three people were killed (Armerding, 2017). People need to be aware that this sort of situation could not only cost digital lives but real, human ones as well. The article states that in both preventing or recovering from a large-scale disaster (one that specifically resulted in $45 Million in property damage) one must improve a business’s cyber hygiene by improving the relationship between the IT and engineering departments (Armerding, 2017).
It could also be added that a business should preserve an excess amount of funds and assets in case such an event were to occur. Popular investors should also be notified of these possibilities and a recovery plan for each specific one. Though these events are the closest thing we have to a precedent for a DPH, they are nothing close to what a DPH actually is. A particular business could have its system shut down, assets drained, sold to a certain group, or have executive personnel locked out of their own system. A smart business presumably relies on technology and the method of contemporary remedies applied to contemporary problems. In the event that a DPH is to take place, the private business infrastructure could be affected, either directly by having their system hacked into or indirectly by the decline of government or economic infrastructure. PART TWO – SOLUTION AND RECOMMENDATIONSIt is also generally assumed that a business would keep an antivirus or some sort of shield to keep out a hacker.
However, the DPH might be too sophisticated and it is actually well regarded within the IT Security community that many antiviruses maintain a certain level of uselessness. Senior Vice-President Brian Dye, who worked at the company where early antiviruses were sold, stated that only 45% of malware attacks are caught by modern malware detectors (Gibbs, 2014). In any event, most especially a DPH, this could be a disadvantage rather than a benefit to a business or financial institution. The article in which Dye is quoted states that Antivirus software is dead and that hackers always use novel methods and new tricks up their sleeves. A new method, however, is suggestible. It is called “detect and respond,” where other security leaks and threats are monitored prior to an attack. A business could specifically respond to this by stopping access by internal and external users to areas where infiltration and data loss are common (Gibbs, 2014).This ties into another method that businesses could use in relation to noticing cyber-crime: a zero-tolerance approach.
This means not investing in cybersecurity systems and technologies that are not going to work (ISACA, 2013). It can also mean an attitude towards employees and external users that have absolutely no acceptance for those who are wrapped up with cyber-crime in any way, shape, or form. A zero-tolerance policy is not foolproof, as some sort of antivirus should be used to protect against cyber attack, but it is a waste of time to make large-scale investments in unlikely scenarios. Instead, it is wise to switch focus on and invest in the more up to date “detect and respond” paradigm. There are a few methods that can be taken to either recover from or avoid such a detriment to a business’s assets. A business can retain its assets by creating a separate and private asset forfeiture account, where shares, savings, and assets that would not be included in the normal balance sheet can be held. This could be an overseas account one that is personally held by an executive kept secret from all external users.
The other assets, personally identifiable information and shares could also be held on a separate hard drive. This hard drive would be connected to the and updated once a month. In the case that DPH was to happen, this external drive and the separate account would be nearly unreachable by a foreign threat or an international criminal. CONCLUSIONWithin Accounting and Economics, there is a going-concern assumption, one that the business will continue to operate, exist, and hopefully thrive. Therefore, the state of security for any business is paramount.
The ability for business to monitor who they hire could be either now or in the future used against them by a foreign government or computer hacker. Near the second decade of the second millennium, there has been a decrease in cyber-security literacy. In this new global age, everything to both America and private business is reliant upon technology. The less that is made known about protection, the more vulnerable America’s critical infrastructure becomes.
In America, there has cyber attacks and malfunctions that have already had devastating consequences on private business. If a DPH is to take place, then a business, in particular, must be prepared. It does this by following the steps outlined in Part One and securing their assets in separated areas that are beyond a hacker’s reach. It can also save money and effort by investing in technologies and technological methods that can keep them safe rather than placing too much hope in protective, outdated antiviruses.
For one business at a time to keep a cool head while preparing for each worst-case scenario might be indicative of their ability to outlive their competitors. It might also help the country in general move towards a smarter way of protecting themselves and their assets in case of a great technological turmoil.