WASHINGTON — The Government Accountability Office reported April 12 that federal agencies remain vulnerable to cyber attacks and security breaches because they’ve failed to take the required steps to secure Internet connections and computer systems. Experts say cyber attack could come from anywhere—an individual American or someone overseas, a terrorist group, or a country. But the number of ways a cyber attack could infiltrate American systems is growing—and the ever-expanding web of social networking sites could prove problematic for national cyber security.
Social networking technologies are creating potential new challenges for government transparency and security As more agency employees use Twitter, Facebook and similar external sites, officials at all levels of government are reviewing their policies.
Elayne Starkey, chief security officer of Delaware and FOIA coordinator for the state’s Department of Technology and Information, said her organization is cracking down on the problem from the inside.
“Websites like Facebook are blocked from our computers,” Starkey said. “It’s too great a risk and who or what actually gets that information is still quite unknown.”
Starkey said there is a long list of precautions that need to be taken at all levels of government and the private sector to prevent a cyber attack. She said she is working with other groups and agencies in Delaware to raise awareness and educate others on the “very real” dangers that a cyber attack could cause.
“We do a lot of trainings to drill and simulate with other state and federal employees on their IT resources,” said Starkey. “Using the right technical tools is important to have the top level of security we need.”
Among the many things that can help in thwart future cyber terror, Starkey said, would be new legislation. She said that the right legislation would take time though. “There is a gap that needs to be filled—but the proper legislation with the proper partners would need a multi-year window.”
“As more people move into the Web 2.0 phase, they become more comfortable with the websites like Facebook and Twitter,” Starkey said. “There is a false sense of security people have once they enter their password. They feel comfortable that they do things they might not have done elsewhere.”
Targeted ads are drawing more clicks by naïve social media users, increasing the potential for scammers and hackers. “People are much more likely to click some ad that is tailored to them, and then who knows what is behind that ad.”
Starkey said viruses from social networking sites could work in a similar way that an e-mail virus works, sometimes immediately attacking user’s system at other times lurking for months before any damage is noticeable.
“That’s why at our offices, those sites are pretty much blocked,” she said.
Patrick Wells, a participant in the U.S. Cyber Challenge, a competition to find individuals who could be future cyber security practitioners and researchers, said he thinks it is unlikely that social networks will become a target of cyber terror is unlikely.
Wells said the information technology teams at the major social networking sites are more prepared than the government simply because they are individual sites, and as such only to worry about hardening their own target.
“Government websites are more interconnected, yet with different security systems and levels which allow for overlooked loopholes,” said Wells. “Sites like Facebook, although they have a huge amount of traffic, are more secure.”
Wells said Facebook, for one example, was a victim of cyber attacks through its applications, add-ons that could contain games, quizzes or other attractions. Applications are made by outside groups, and in the past anyone could create one. Wells said that was the most common way a hacker could hack through the website. “Now, Facebook has a stronger identification process for those creating applications to prevent that.”
For legal and tracking purposes, there is no sound way to currently archive communication done in social networking site, Starkey said. “The problem is that agencies don’t know how to archive the many forms of communications made on those popular websites.”
As citizens become increasingly accustomed to accessing more types of communication archives, Starkey says that social network archives will be a logical expectation.
Wells said that he doesn’t foresee social networking sites being a target of cyber terrorists, but more of a jumping off point. “Social networking sites are mainly used for information… as a tool to find an employee of a company, to get as much information about the person, and then hack into their system.”
Wells said the more security measures the better, but that social network users should be careful of every bit of information they list, not just inappropriate pictures.