Tensions in Collaborative Cyber Security and how They Affect Incident Detection and Response

Tensions in Collaborative Cyber Security and how They Affect Incident Detection and Response

Glenn Fink (Pacific Northwest National Laboratory, USA), David McKinnon (Pacific Northwest National Laboratory, USA), Samuel Clements (Pacific Northwest National Laboratory, USA) and Deborah Frincke (Pacific Northwest National Laboratory, USA)
Copyright: © 2010 |Pages: 30
DOI: 10.4018/978-1-60566-414-9.ch003
OnDemand PDF Download:
No Current Special Offers


Security often requires collaboration, but when multiple stakeholders are involved, it is typical for their priorities to differ or even conflict with one another. In today’s increasingly networked world, cyber security collaborations may span organizations and countries. In this chapter, the authors address collaboration tensions, their effects on incident detection and response, and how these tensions may potentially be resolved. The authors present three case studies of collaborative cyber security within the U.S. government and discuss technical, social, and regulatory challenges to collaborative cyber security. They suggest possible solutions and present lessons learned from conflicts. Finally, the authors compare collaborative solutions from other domains and apply them to cyber security collaboration. Although they concentrate their analysis on collaborations whose purpose is to achieve cyber security, the authors believe this work applies readily to security tensions found in collaborations of a general nature as well.
Chapter Preview

The History And Problems Of Collaborative Cyber Security

On November 2, 1988, a 99-line program changed the world. That program, written by Cornell graduate student Robert Morris, stalled mail servers across the nascent Internet and motivated the first ever multi-organizational, international cooperative computer security effort. The implications of the worm led directly to the founding of the federally funded Computer Emergency Response Team Coordination Center (CERT/CC) at Carnegie-Mellon University.

Another pivotal cyber security wake-up call was the distributed denial of service (DDoS) attacks of February 2000. On Monday, February 7, the first of these high profile DDoS attacks was launched against Yahoo. Buy.com, eBay, CNN, and Amazon were also attacked that week. On Wednesday, February 9, the last day of the attacks, the amount of bandwidth consumed by these attacks (some servers received as much as 1 gigabit per second of incoming traffic), combined with curious internet users seeking online information about these attacks resulted in a 26.8 percent performance drop, as compared to the previous week’s performance (Garber, 2000). Today, websites are better prepared to handle DDoS attacks partly because of increased cyber security collaborations with their ISPs.

In the past several years, identify theft, phishing, pharming, spyware, and online extortion have become more prevalent, and the economic impacts of cyber crime are more significant than many conventional crimes (Kshetri, 2006). Cyber crimes differ from other crimes because they require technological skills, they have a high degree of globalization, and they are relatively new (Kshetri, 2006). The newness and global reach of these crimes has outpaced traditional law enforcement’s ability to detect, deter, and prosecute these crimes. Part of the reason law enforcement seems unable to cope with cyber crime is because there exists very little means for law enforcers to collaborate across jurisdictional or international boundaries.

Complete Chapter List

Search this Book: