Information and information systems, by and large alluded to as the worldwide system of interconnected systems, has lately change a great deal of exercises. With the ebb and information flow development rate, expanding new web clients day by day, it is unmindful the first aim of the information systems had being moved from proving ground for defense exploration and correspondence channel for a small group of individuals (Dunne, 1994). The internet is presently an effective apparatus for exchange, national and monetary improvement. Subsequently, there is a requirement for an appropriate control of all type of exercises on the internet.
Information system is the thing that almost everyone on the planet relies on; today it is under steady assault by digital hoodlums. These culprits targets national bases like; healthcare framework, transportation ,crisis services , water and sewage, oil and gas framework, banking framework, mass communications, and military command and control (Wik, 2000). On the off chance that these digital hoodlums can succeed in their assaults by disturbing or ceasing the fundamental information systems then, we ought to expect a national crisis and financial losses. Information and cyber warfare involves; operations coordinated against information in any structure, transmitted over any media, including operations against data content, its supporting frameworks and programming, the physical hardware that stores the information or instructions, furthermore human practices and discernments” (Thom, 2001). Some of the instruments used in psychological warfare are; cell phones, email, and faxes.
The United State senate commerce and intelligence committees as of late, stated that the national and economic security is in danger, and there is a need for a bill that will make an organization between the public and the private organizations to secure the country’s information system against cyber assaults and impacts. The bill, Cybersecurity Act of 2010, is a state-supported information warfare program to be utilized to decrease security hazard. The bill is to make national cybersecurity adviser office to oversee open mindfulness, bolster new innovative work in the cybersecurity. The Act will provide a platform over which government-private organization will secure information assets.
Contract law has been used by the government as a tool of protecting information system by preventing unauthorized users from accessing them. Contract laws or agreements require individuals to abide by specific pre-determined rules and regulations in the usage of computers and information systems. If the pre-set rules and regulations by the contract agreement are infringed or breach, then the contract law has provisions on how the defaulters should be prosecuted and punished. There are no laws under the criminal laws that cyber or information warfare crimes are clearly defined; therefore it has been difficult in controlling and regulating illegal activities that are associated with software users (Dunne, 1994). In the current dispensation of contract law, all software users are required to sign an agreement through a service provider.
The advent of the information and communication technology (ICT) has bought a new challenge in terms of transmission of information over the internet or web-based platforms. The ICT has increased the security risks in information that is being transmitted over the internet. Most of the organizations currently are using encryptions to transmit or transfer information to prevent attacks, information that is in storage is not spared the jaws of cyberattacks, and therefore organizations also use encryption in the storage of data. In both the private and public sector, various encryption systems and techniques are used to ensure the safety of information during transmission.
As reported by the Federal Bureau of Investigations (FBI), these encryption programs provide a highly secure form of transmission over electronic media local and wide area networks, mobile phone conversations, facsimile and internet communication such as Skype, email, facebook, etc. Other forms of communication that are protected by the encryption programs are; radio frequency communication programs, electronically stored information, wireless communication systems, remote keyless entry systems, personal computers and advanced messaging systems (Smith, 2012).
Policies have been implemented by the state to ensure that strong encryptions are used in the protection of both private and public information and information systems. The encryption policies also ensure that the information is stored in a secure manner. According to the National Policy on the use of Advanced Encryption Standard (AES), the United States government has approved the use of 256 bit AES encryption key to protect national security systems and national security information. It has been widely claimed that it can take more than two decades for cybercriminals to find their way in the government information systems.
Senior officers in any organization have an obligation to ensure that cyber risks are mitigated. The senior officers should set up the necessary access controls for the organization’s information program to prevent unauthorized individual from accessing the systems. Some of the access control systems that can be used include firewalls and the use of multilayer authorization systems for the users to access. The senior officers should ensure that it offers warnings for illegal information hackers, in preventing unauthorized individual from using government or organizational systems. This type of warning or disclaimer on the target system or throughout the network makes it possible to be able to prosecute any intruder or unauthorized login or user of the server, networking or resources in any federal or state court (Radvanovsky, 2004). Senior officers of the organization are the ones responsible for setting up committees and appointing the chief information officers in the fight against cyber warfare. The senior officers are the ones who should lobby for the funds and support from the board of directors and also the government in fighting information warfare.
Chief information officers are appointed by the senior officers in an organization. These individuals are important in reducing security risks in state sponsored information warfare programs. The chief information officers are mandated with formulation of IT policies, establishment of IT support systems and coming up with information security structures that are leak proof. The CIO should ensure that the information framework is working properly, dependable, secure and convenient to use. The integrating of computing, communication and IT risk management system is a key factor in reducing information security risk. (DeVries, 1997). The CIO should provide risk management plan and support to guide the organization in managing the cybersecurity risks present in the organization. The CIO is tasked with the responsibility of monitoring and reporting any suspicious system and network activity; this will help the organization to implement corrective actions and be prepared for any events. The CIO is the chief security consultant for the organization in terms of cybersecurity issues; they should provide advisory services related to the relevant state sponsored information warfare programs. CIO should be tasked with preparing internal security awareness programs that will communicate cybersecurity issues through message alerts. Lastly, the CIO should be able to handle and investigate cybersecurity issues as they occur and enforce the necessary controls that are in conformity with the company standards.
The human resource department is responsible in providing the required personnel in fighting cyber attacks. The human resource will coordinate and integrate efforts in the information technology section that will be tasked is ensuring cybersecurity risks are mitigated. The fight against information warfare can never be successful without the recruitment of skilled and experienced personnel in areas of cyberattacks, therefore it is the mandate of the human resource manager to select and recruit individuals who are competent in their relevant fields. The human resource is responsible for providing the platforms such as education, training and development programs that will provide insight and knowledge on cyber issues in order to tackle them effectively. It is upon the human resource to assign employees to the relevant tasks that are relevant to fight cyber crimes because it is public tax money that is sponsoring the programs. The three main elements that the procurement office should be concerned with is time, quality and cost. The procurement should ensure that proper strategies are implemented for sourcing and creating effective contracts with security service providers or vendors (Morris & Pinto, 2007). The procurement manager should evaluate and re-evaluate the existing and potential contracts in service delivery. The procurement manager should enter into contracts that save the taxpayers’ money, are cost-effective and are efficient.
Information security practitioners are responsible for providing clear security guidelines to help the organization to face the challenges that come up with the evolving business needs (Reece & Stahl, 2015). Security practitioners will help the state sponsored information warfare programs to increase responsibility and accountability for data. The security practitioners are concerned with the chain supply of how information flows; they develop strong security cultures in the employees and ensure confidentiality management in information systems.