tech·nol·o·gy [tek näl′ ə je¯ ] (plural tech·nol·o·gies) noun

(Early seventeenth century. From Greek tekhnologia, literally “systematic treatment,” literally “science of craft,” from tekhne “art, craft.”)

Our global society can no longer function without the aid of automated information and high technology—computers and networks. With computers and global networks such as the Internet come opportunities to make life better for all of us. However, it also makes each of us more vulnerable and increases the risk to the high technology we depend on, as well as increasing risks to cyber security, our personal freedoms, and our privacy.

Throughout human history, technology has played a role in the development of our species, and it has played a major role in our lives. Even the making of fire was probably seen as a technological wonder in the early history of the human race—and also used as a weapon of war such as by setting fire to the enemy’s fortifications, houses, and crops. It was also used to help forge tools as weapons of war.

A short look back at that history is appropriate, for as someone once said: “If you don’t know where you’ve been, you don’t know where you are going”—and one might add, “you don’t even know where you are.” And if you do not know where you are, your survivability in a cyber security environment is not good.

Technology has many uses, and over the centuries it has driven how we humans work, live, and interact. In a speech televised on the program BookTV, as far back as April 4, 2002, Michael Eisner, Chairman and CEO, The Walt Disney Company, discussed the impact of technology on the world and used the following timeline of the beginnings of communication-related “devices”—which is as relevant today as it was then:

Look how far we’ve come in the last 40-plus years. All these forms of technology and communication systems have had a major impact on our lives throughout history. They not only entertain us, but also provide us with information. Some of the information processed, stored, and transmitted will be sensitive information that a company or government agency may want to keep private and not release to the general public. Consider this as a cyber security officer: If that private, sensitive information communicated to the public is about your company, how that information is obtained may indicate a vulnerability in an information protection process. If so, you have a serious problem. The freer a society is, the freer the news media will be, and consequently, the more challenging your job to protect sensitive business information. However, with that said, remember that as a cyber security professional, your job is also to protect the privacy of individuals in your company.

During this period, the sharing of information became easier owing to the improvement of communications systems, new communications systems, and increased consolidation of people into large cities. This also made it easier to educate the people in the needed skills for working in the more modern factories and offices of the period and for developing, improving, and implementing technologies.

The transition period from the Industrial Age to the Information Age in world history varies with each nation-state. In the United States, the well-known authors the Tofflers estimated the transition to take place about 1955, when the number of white-collar workers began to outnumber the blue-collar workers. Some nation-states are still in various phases of transition from the agricultural period to the industrial period to the information period.

No matter when a nation experiences this technology-driven transition, however, it will see, as the United States and other modern nation-states have seen, the most rapid changes in all aspects of human existence since humans first walked on this Earth—including how wars are prosecuted.

The twentieth century saw the rapid expansion and use of technology more so than all past centuries combined. It was also the beginning of the concentrated development of technology specifically to develop new and improved networks on a massive scale. This ushered in the era of modern warfare, an era that was sponsored primarily by governments and globally committed businesses that had the will and the means for such development, and these entities were able to use these new technologies to their agendas on a global scale.

Thus, the twentieth century was the true beginning of technology-based warfare. Owing to the technological improvement of older inventions (e.g., submarine, machine gun) and new inventions such as nuclear weapons, never before could so many be killed by so few. There were also the tanks, hand grenades, poison gases, and land mines that gave way to the chemical/biological/nuclear weapons, carpet bombings, smart bombs, and the beginning of true cyber security.

This period included many significant technology-driven inventions too numerous to mention here in their entirety. In the medical field alone, we have seen the rapid invention of literally thousands of new drugs, procedures, and devices, many of which saved possibly millions of lives over the years. Some other significant technologically driven inventions during this century include:

The twentieth century saw the development and improvement of our modern era’s amazing electronic inventions leading to the computer and its peripherals:

It is in the context of this phenomenal growth of high technology and human knowledge that the Internet arises as one of the mechanisms to facilitate sharing of information and as a medium that encourages global communications. The Internet has already become one of the twenty-first century’s cyber security battlefields.

The global collection of networks that evolved in the late twentieth century to become the Internet represents what could be described as a “global nervous system,” transmitting from anywhere to anywhere facts, opinions, and opportunity. However, when most people think of the Internet, it seems to be something either vaguely sinister or of such complexity that it is difficult to understand. Popular culture, as manifested by Hollywood and network television programs, does little to dispel this impression of danger and out-of-control complexity.

The Internet arose out of projects sponsored by the Advanced Research Project Agency (ARPA) in the United States in the 1960s. It is perhaps one of the most exciting legacy developments of that era. Originally an effort to facilitate sharing of expensive computer resources and to enhance military communications, it has, since about 1988, rapidly evolved from its scientific and military roots into one of the premier commercial communications media. The Internet, which is described as a global meta-network, or network of networks,⁸ provides the foundation on which the global information superhighway has been built.

However, it was not until the early 1990s that Internet communication technologies became easily accessible to the average person. Prior to that time, Internet access required mastery of many arcane and difficult-to-remember programming language codes. However, declining microcomputer prices combined with enhanced microcomputer performance and the advent of easy-to-use browser⁹ software as key enabling technologies created the foundation for mass Internet activity. When these variables aligned with the developing global telecommunications infrastructure, they allowed a rare convergence of capability.

The most commonly accessed application on the Internet is the World Wide Web (WWW). Originally developed in Switzerland, the Web was envisioned by its inventor as a way to help share information. The ability to find information concerning virtually any topic via search engines, such as Google, Bing, Alta Vista, HotBot, Lycos, InfoSeek, and others, from among the rapidly growing array of Web servers is an amazing example of how the Internet increases the information available to nearly everyone. One gains some sense of how fast and pervasive the Internet has become as more TV, radio, and print advertisements direct prospective customers to visit their business or government agency Web site. Such sites are typically named www.companyname.com, where the business is named “companyname,” or www.governmentagency.gov for government agencies.

From the past century until now, the Internet has rapidly grown from an experimental research project and tool of the U.S. government and universities to the tool of everyone in the world with a computer. It is the premier global communications medium. With the subsequent development of search engines and, of course, the Web, the sharing of information has never been easier. Sites such as Google.com state that, in 2013 they searched through 30 trillion Web pages!

It has now become a simple matter for average people—even those who had trouble programming their VCRs—to obtain access to the global Internet and with the access search the huge volume of information it contains. Millions of people around the world are logging in, creating a vast environment often referred to as cyberspace and the GII, which has been described as the virtual, online, computer-enabled environment, as distinct from the physical reality of “real life.”

By the end of the twentieth century, worldwide revenues via Internet commerce had reached perhaps hundreds of billions of dollars, an unparalleled growth rate for a technology that has been really effective only since the early 1990s! The “electronic commerce” of the early twenty-first century already includes everything from online information concerning products, purchases, and services to the development of entirely new business activities (e.g., Internet-enabled banking and gambling).

An important fact for everyone to understand, and which is of supreme importance to those interested in cyber security, is that the Web is truly global in scope. Physical borders as well as geographical distance are almost meaningless in cyberspace; the distant target is as easily attacked as the local one.

The annihilation of time and space makes the Internet an almost perfect environment for cyber crime and warfare. When finding a desired adversary’s¹³ server located on the other side of the planet is as easy and convenient as calling directory assistance to find a local telephone number, information warriors have the potential to act in ways that one can only begin to imagine. Undeterred by distance, borders, time, or season, the potential bonanza awaiting the information warrior is a chilling prospect for those who are responsible for safeguarding and defending the assets of a business or government agency.

Because of religious beliefs in many faiths, Internet access to material considered pornographic is generally not acceptable. One of society’s struggles will be how to provide access to the world’s information without causing some moral decay of society. This will be a struggle for many countries and it is believed that the information warriors will have a major impact on the society of such developing countries.

The Internet is the latest in a series of technological advances that are being used not only by honest people to further their communication, but also by miscreants, juvenile delinquents, and others for illegal purposes. As with any technological invention, it can be used for good or for illegal purposes. It is really no different from other inventions such as the handgun. The handgun can be used to defend and protect lives or to destroy them. It all depends on the human being who is using the technology.

So, what is the point? The point is that there are ISPs all over the world with few regulations and absolutely no protection and defensive standards. Some ISPs may do an admirable job of protecting our information passing through their systems, while others may do nothing. Furthermore, as we learn more and more about “Netspionage” (computer-enabled business and government spying), we learn more and more about how our privacy and our information are open to others to read, capture, change, and otherwise misuse.

In addition, with such programs as SORM in Russia, Internet monitoring in China and elsewhere, global Echelon, and the U.S. FBI’s Carnivore (still Carnivore no matter how often they change the name to make it more politically correct), we might as well take our most personal information, tattoo it on our bodies, and run naked in the streets for all to see. Well, that may be a slight exaggeration; the point is that we have no concept of how well ISPs are protecting information belonging to governments, businesses, individuals, or associations. Through your ISP, how susceptible are you to the threats of cyber security? Do you know if your ISP is protecting or monitoring you? If it is monitoring you, for whom?

High technology is vulnerable to nature and the universe in general. What a great time to launch a cyber security attack on an adversary, including maybe competitors. Is it sunspots or an adversary causing these outages? By the time the adversary finds out it is you and not three days of sunspots, the war could be over.

The clear implication from the issues discussed above is that some hacker tools can have a beneficial effect on the security of computer systems if they are used by the system staff before they are used by personnel either within the organization or outside it to identify shortcomings or flaws in the operating system or applications software, the configuration of the system, or the procedures used to secure it. Viruses, while providing no direct benefit, do provide a detectable indication that there has been a breach in the security of the system, either by an exploitation of a flaw in the security procedures or by a shortcoming in the system software (it allowed a virus through any barriers that had been created to prevent access to the system).

Worms currently have no beneficial effect on system security management. However, the concept that was used to disseminate the Robert T. Morris worm may have an application in the mapping of large networks if applied to autonomous agents. The Trojan horse and the logic bomb, which, by their very nature, are covertly inserted into the system without the owner’s knowledge, have no beneficial effect and have only malicious applications.

These cookies—the computer kind, not the ones you eat—are beneficial, except when they are used to profile customer habits and gather an individual’s private information, which is then sold. High-technology cookies are files that a Web site can load onto a user’s system. They are used to send back to the Web site a user’s activity on that Web site, as well as what Web sites the user has previously visited. They are also a potential tool of the information warrior.

Intel’s Pentium III included a unique processor serial number (PSN) in every one of its new Pentium III chips. Intel claimed that the PSN could identify an individual’s surfing through electronic commerce and other Internet-based applications. It was noted that by providing a unique PSN that can be read by Web sites and other application programs, it could make an excellent cyber security tool. Although this number is designed to be used to link user activities on the Internet for marketing and other purposes, one can easily imagine other uses, from a cyber security perspective, that can be made of this high-technology application. And as for Microsoft’s new operating system, XP, imagine the IW possibilities.

Steganography is another use of high technology that can be used in cyber security:¹⁷

Steganography (which translated from Greek means covered writing) has been in use since about 580 B.C. One technique was to carve secret messages into wooden objects and then cover the etched words with colored wax to make them undetectable to an uninitiated observer. Another method was to tattoo a message onto the shaved messenger’s head. Once the hair grew back, the messenger was sent on his mission. Upon arrival, the head was shaved, thus revealing the message—obviously not time-dependent. The microdot, which reduced a page of text to the size of a typewriter’s period so that it could be glued onto a postcard or letter and sent through the mail, is another example.¹⁸

Two types of files are typically used when embedding data into an image. The innocent image that holds the hidden information is a “container.” A “message” is the information to be hidden. A message may be plaintext, ciphertext, other images, or anything that can be embedded in the least significant bits of an image.¹⁹

Steganographic software has some unique advantages as a tool for Netspionage agents. First, if the agents use regular cryptographic software on their computer systems, the files may not be accessible to investigators but will be visible, and it will be obvious that the agents are hiding something. Steganographic software allows agents to “hide in plain sight” any valuable digital assets they may have obtained until they can transmit or transfer the files to a safe location or to their customer. As a second advantage, steganography can be used to conceal and transfer an encrypted document containing the acquired information to a digital dead drop. The agents could then provide the handler or customer with the password to unload the dead drop but not divulge the steganographic extraction phrase until payment is received or the agents are safely outside the target corporation. As a final note, even when a file is known or suspected to contain information protected with steganographic software, it has been almost impossible to extract the information unless the passphrase has been obtained.

As we progress into the twenty-first century, we continue to fall behind in our defenses and ability to react quickly and successfully to attacks from around the world. As the sophistication of attacks continues to increase so do the vulnerabilities of our vital information infrastructures.

Defending our information has been made more difficult by advances in technology and also in social networks of all kinds, through which users continue to innocently provide information that is very useful to competitors and other adversaries and that leaves individuals, groups, corporations, and governments more open to attacks.

Let’s Look at Some of the Major Technology Advances Thus Far in the Twenty-first Century:

It is said that there have been more discoveries in the past 50 years than in the entire history of mankind before that time. We have just to read the newspapers and the trade journals to look at every profession and see what technology is bringing to our world. There are new discoveries in medicine, online and worldwide information systems, the ability to hold teleconferences across the country and around the globe, and hundreds of other examples that we can all think of.

High technology is the mainstay of both our businesses and our government agencies. We can no longer function in business or government without them. Pagers, cellular phones, e-mail, credit cards, teleconferences, smart cards, tablets and notebook computers, networks, and private branch exchanges (PBXs) are all computer based and all are now common tools for individuals, businesses, and public and government agencies. Information warriors are also relying more and more on computers. As computers become more sophisticated, so do the information warriors. As international networks increase, so does the number of international information warriors.

Networking and embedded systems, those integrated into other devices (e.g., automobiles, microwave ovens, medical equipment), are increasing and drastically changing how we live, work, and play. According to a study financed by the U.S. ARPA and published in the book Computers at Risk:

Personal computers have changed our lives dramatically and there is no end in sight. High technology in general has improved the quality of life for societies and made life a little easier, and yet it makes an information-dependent way of life more at risk than ever before. The use of modems has become commonplace, with all newly purchased microcomputer systems²² coming with an internal modem already installed and ready for global access through the Internet or other networks. Wireless networks are being increasingly used and there are now millions of Wi-Fi “hot spots” to which people can connect their phone, laptop, or tablet wherever they are. Therefore, these devices and the networks that they are using potentially represent some of the most serious and complex crime scenes of the Information Age. This will surely increase as we begin the twenty-first century.

High-technology development continues to play a dual role in information-based nation-states. The high-technology devices have been turned into tools that have been used to determine the adequacy of cyber defenses and have been adopted and adapted by global hackers, terrorists, and other miscreants. They now have been using those tools for probing and attacking systems, especially through the Internet interfaces of corporations and nation-states, as well as the GII and NIIs of nation-states. These same hacker techniques have been readily adopted and enhanced by the information warriors of nation-states and others.