Chapter 8, pg. 306: Stuxnet and the Changing Face of Cyberwarfare
In the past, cyber crime only dominated the domain of fiction writers. However, cyber warfare as emerged as a daunting and unique problem for every internet security expert, not only in detecting and preventing intrusions but also in tracking cyber criminals and prosecuting them. The most prominent problems include for example, American and Israel hackers used cyber warfare to interfere with the operations of Iran’s nuclear plan, by causing malfunction in one device controlling the nuclear plant. The problem will become worse for countries with advanced technologies such as the U.S., which rely on an electronic banking system and electricity grids. Another serious cyber crime problem followed the successful attacks on the FAA airline system, including one in 2006 that particularly shut down air traffic data systems in Alaska. Another victim of such crime was Pentagon, which lost $300 billion Joint Strike Fighter project and large amount of data related to design and electronic systems to intruders (Laudon & Laudon 306). In Iraq, rebels intercepted Predator drone feeds using software downloaded from the internet.
Assess the management, organization, and technology factors that have created this problem.
Management: The benefit of cyber warfare to cyber criminals is that they can compete with traditional superpowers for a percentage of other types of warfare. Since modern technology infrastructure will require internet to function in the future, cyber criminals will not experience shortage of targets for their crimes. Many users of targeted systems are less concerned about security, and lack the capabilities to sensitive systems.
Organization: Currently, the U.S does not have a conclusive policy about how it can respond to serious cyber attack. Despite the attempt by the Congress to introduce a legislation to tighten cyber security standards, the standards will likely fail to defend against attacks due to insufficiency. The U.S. does not have a well-organized cyber security organization, lacking a clear leader among intelligence agencies.
Technological: while the U.S. is currently the leader in cyber warfare technologies, it is unlikely to maintain this dominance because of the relatively low cost of technology required to accomplish these attacks. Secret surveillance software has the capability to collect information from unprotected systems as well as access e-mail and files thus spreading it to other systems. It is almost impossible to track the identities of specific attackers, which makes it easier for intruders to deny responsibility.
What makes Stuxnet different from other cyber warfare attacks? How serious a threat is this technology?
Stuxnet worm is a unique type of cyber warfare attack because this computer virus that has the capability to dustup and damage industrial equipment. The cyber attack targeted the Bushehr nuclear power plant in Iran. According to O'Brien, Kerspersky Labs and Symantec have both speculated that the Stuxnet was specifically targeted to hit Iran, and construction of such a virus required state or national support to develop (86). It is also reported that the virus have infected more that 30,000 IP addresses in Iran (O'Brien 87). The Stuxnet attack proved to the world that anyone with sufficient knowledge in cyber crime could cause physical destruction to any infrastructure in the world, even without the availability of internet connection. The virus marked the starting point for a new era of real cyber warfare. Even though it is not the first time that hackers have attacked industrial infrastructure, Stuxnet is the first discovered worm that spies on and reprograms industrial systems, and the first to include programmable logic controller (PLC) rootkit. The worm has the ability to reprogram the PLCs and hide its changes.
What solutions for have been proposed for this problem? Do you think they will be effective? Why or why not?
The proposed solutions along with the assessment of their effectiveness include the decision by the Congress to consider legislation that would require all infrastructure firms to meet newer, tighter cyber security standards. However, the continued development of cyber warfare technologies and advancements will make the standards proposed by this legislation insufficient to defend against emerging attacks. Another proposal was an order by Secretary of Defense Gates to create Cybercom, the first headquarter formed to coordinate efforts to enhance government cyber security (Laudon & Laudon, 2013). Its function is to coordinate the protection and operation of Pentagon and military computer networks. It will also coordinate efforts to restrict access to government computers as well as stock exchange programs, manage air traffic system, and clear global banking transactions. Its major purpose will be prevent catastrophic cyber attacks against the U.S. people familiar with the program suggest that it might lack the capability to organize governmental agencies without direct access to the president, which it currently lacks.
Chapter 8, pg. 324: How Secure is Your Smartphone?
It has been said that a smartphone is a microcomputer in your hand. Discuss the security implications of this statement.
Many people are not aware that their mobile phones are just as vulnerable to cyber attacks as their desktops or laptops. Smart phones have evolved over time to become the most vulnerable target to malware producers and hackers. Many people ignore the idea of purchasing antivirus for their Smart phones because they believe that mobile operating system vendors are protecting them from malware apps and that the carriers can protect cell phone networks from malware (O'Brien 215). Because of their small size and portability, it is easy for the devices to get lost and fall in the hands of wrong people (Oz 17). This demands that owners consider how to ensure that their gadgets are safe in public places. Due to the increase in data theft through cell phones, Windows, iOS, and Blackberry phones have a password feature that secure data in cell phones (Laudon & Laudon, 2013). It is the responsibility of cell phone owners to use this feature and secure their passwords to make sure they are not easy to guess or broken, but relatively complex.
Phishing is also another threat to Smartphone owners. It is believed that cell phone users are three times more likely to fall victims of fraud luring them to fake web sites that collect their personal data. Smart phones also require antivirus software to help protect or recover stolen data such as bank details or remove the data when not required.
What management, organizational, and technology issues must be addressed by smartphone security?
Management: The use of smart phones offers new means of working, increasing productivity, efficiency, and responsiveness of employees. Employees use their cell phones to access corporate e-mails and business networks while out of the office (O'Brien & Marakas 83). However, organizations have not designed effective safeguards to protect valuable data from destruction, lost, or falling into wrong hands owing to the portability of cell phones.
Organizational: Some devices such as smart phones were not designed with business use in mind, which makes it difficult to figure out how to secure them. Organizations should define and communicate corporate smartphone policy, even if difficult to enforce on personal devices. For example, an organization might recommend users to set stronger passwords to access their devices. There is need to treat all smart phones as uncontrollable end-points because identities of smartphone users can be hacked or inappropriately shared. Organizations should compartmentalize sensitive information to safeguard them from the risk of accidental exposure of sensitive information.
Technology: it is easy to steal, hack, or inappropriately share smartphone user’s identity. Additionally, smart phones provide fertile ground for cyber criminals to attack cell phone devices. It has been reported that there is a rise in incidence of infection across smartphone platforms. This requires users to install antivirus applications on their mobile devices. IT departments should also watermark for mobile devices that allows IT to remotely disable and erase all sensitive data in case of mobile device lost.
What problems do smartphone security weaknesses cause for businesses?
Smartphone security weaknesses cause information and financial loss due to theft and risk of malicious software. According to a report by Laudon & Laudon (2013) sales of smart phones have grown exponentially and business continue to reap the benefits from smart phones, however their use also creates security risks and opportunities for cyber criminals. Smart phones have the capability to store many types of information, including personal identity information, GPS coordinates, SMS and MMS messages, company documents, and connectivity information to company servers just to mention a few.
While many businesses have realized the need for encryption, firewalls, and antivirus software for company laptops and PCs, leaving loopholes to their data partly open on these mobile phones (Laudon & Laudon, 2013). Additionally, majority of smart phone users are careless about using their smart phones, storing company passwords directly on the phones. Using smart phones in public places make them susceptible to hacking, especially when they are used to access data through a Wi-Fi network. All these may lead to access and loss of confidential data.
What steps can individuals and businesses take to make their smart phones more secure? There are many steps that individuals and businesses can take to make their smart phones secure. Businesses can create a company policy on smartphone use. Organizations that want to allow their staff to use smart phones the sake business continuity, monitoring and tracking data and emergency response businesses should have all employees use devices from a single manufacturer. Firms can create policies for smart phones, such as warning against clicking on any link sent by the company and not using them for personal purposes.
Organizations should also consider securing the devices. A report compiled by Carnegie Mellon CyLab and McAfee found that 40 percent of companies had lost at least one cell phone, and half of those contained sensitive business data (O'Brien & Marakas 134). Organizations may require their staff to use stronger passwords unique only to their devices, and encouraging them to change those passwords regularly. Additionally, individuals use antivirus software and avoid using Wi-Fi hotspots and turn off Bluetooth detection so that other people are not able to access phones of employees.
Organizations can also establish policies that notify the firm if an employee adds or remove any application. Many apps found in the marketplace contain malware, so it is essential for employees not to add apps without approval.
Chapter 13, pg. 517: What Does It Take to Go Mobile?
What management, organizational, and technology issues need to be addressed when building mobile applications?
Management: Developing mobile applications has some special challenges. Organizations planning to build mobile applications should start by figuring the role mobile apps will play in the future of their company. It is important to create an application that does not only solve one problem. It is also important to ensure that such applications provide seamless interaction when consumers use mobile devices. Organizations should also understand how, why and where customers use mobile devices and how these experiences change business interactions and behavior. This requires organizations to develop applications that meet the needs of both employees and customers.
Organizational: Adopting mobile strategy requires more than selecting mobile device, operating system, and applications. Developing a new application also involves changing business processes, and the way a firm interacts with its customers. Mobile technologies can streamline business processes, and enhance portability among other capabilities. As such, mobile applications should be aligned with customer-facing business processes and leads to genuine improvements.
Technology: The technology used in the development of these mobile applications should create efficient processes that deliver the desired benefits. Businesses should consider special features in mobile devices while delivering experience that is appropriate for the screen. There are multiple mobile platforms to work with, including Android, iPhone, Window Phone and BlackBerry, and each platform may require a different version of an application to run each. Another issue to consider is how customers use the device, for example, some may require an app to search for information about products features or store locations. In such cases, customers may require apps that provide seamless information.
How does user requirement definition for mobile applications differ from that in traditional systems analysis?
Developing mobile apps has some special challenges different from that in traditional systems analysis. People use smart phones for different purposes, which makes it important for developers to understand user requirement and behaviors. Requirement analysis is the process of determining user expectations for ne or modified devices (O'Brien & Marakas 74).Mobile devices have special features such as location-based services that give businesses the potential to interact with customers in constructive ways. This requires firms to take advantage of this as they deliver appropriate experience to a small screen. The relative small screen of smart phones requires developers to produce applications that match the capabilities of such screens. Mobile phones have a different platform, which demands that a firm develop a different version of an application for each of these. Mobile technology can streamline processes, enhance portability, and enhance them with new capabilities. This requires developers to create more- efficient processes that deliver benefits to consumers. For example, USAA, the giant financial services company serving members of the U.S. military and their families has realized the need of aligning mobile technology with its customer-facing business processes leading to genuine improvements (Laudon & Laudon, 2013).
Describe the business processes changed by USAA’s mobile applications before and after the application were deployed.
USAA is aware of the need to align customer needs and business processes and make genuine improvements. The company is using mobile technology to improve its business processes and provide more efficient ways for customers to interact with the company. Before introducing mobile technology, USAA launched a web site that enabled it to interact with its customers. The introduction of mobile technology ten years later saw the company make 90 percent of its interactions taking place through these two self-service channels (Laudon & Laudon, 2013). The firm predicts that mobile technology will form its primary communication channel by 2013. The firm has 100 dedicated mobile developers writing apps for different mobile platforms (Laudon & Laudon, 2013).
Introduction of a smart phone report and claims app enables customers to submit a claim directly from the site of an accident. Before the introduction of the mobile applications, business processes had to be conducted individually or through the web which caused delays and additional costs. Introduction of the mobile applications enhanced efficiency and security of the transactions, as customers were able to make transactions at the comfort of their homes or locations without the need of physical presence at the firm. The new system for reporting damaged or lost phones eliminates labor and expenses of paper checks and the time required to mail the check and wait for three days to clear.
Chapter 14, pg. 548 Westinghouse Electric Takes on the Risks of a “Big Bang” Project.
Identify and discuss the risks in Westinghouse Electric’s Cornerstone project.
Westinghouse Electric’s Cornerstone project involved starting a clean-core SAP environment system with a completely new reconstruction. Despite taking many precautions to manage the risks associated with implementation of the new project, Westinghouse Electrics still faced some risks. Instead of gradual introduction of the new project, the company decided to roll out the project at once. After developing the elements of the new SAP system, Westinghouse could have used gradual, phase approach, adding new systems over a defined period, but the firm adopted a “big-bang approach.” The company’s management supported this approach because the company was growing too fast for the approach.
The new project also posed significant risk to the company’s supply chain because it had to endure significant change due to addition of new elements to the chain. This would require recruiting power users as well as training supply chain staff members to help them understand the new projects and its implications on their normal routine. This immediate change has the risk of resulting into resistance to change from workers because they have not been prepared for the change.
Why was change management so important for this project and this company?
According to O'Brien & Marakas, it has been found that in most cases, the main reason for project failure is resistance to change and bad management of the human element in the project (194). Change management is important because it increases project success. The new project at the company would add many new elements to the supply chain and this would require change management team to spend more time with Westinghouse supply chain staff members to help them understand the new project and its implications on their daily routine.
The success of a project does not only depend on good strategy or technical management. Skills and motivation of the teams are also important. The project had to recruit power users from the supply chain organization and discuss specific project details with business unit leaders. These meetings also helped gain support from the supply chain executives who could understand the link between the information systems project and their business goals, and then articulate this connection to other users (Laudon & Laudon, 2013). Change management is also important to this project, without which companies cannot exist. Their ability to change and adapt quickly brings many market advantages.
What management, organization, and technology issues had to be addressed by the Westinghouse project team?
Management: In order to ensure smooth re-implementation of the project, Westinghouse project team must ensure that it manages the change effectively. The team had to ensure that every aspect of the project was motivated by a particular business goal. The team had to ensure that the staff receives adequate training to handle the changes at the company. The team also had to ensure that they recruit the people to implement the new project.
Organizational: The team had to ensure that the project was motivated by a particular goal. For example, the intention of the SAP CRM implementation was intended to address the company’s goal of aligning three distinct regions to harmonize their operations in every customer location (Laudon & Laudon, 2013). The team had to decide how to roll out the new system. The options available were to make it either gradual or instantaneous.
Technological: the team had to identify business areas that were more likely to undergo significant changes such the supply chain. The project team also had to decide on the mode of introducing the new system. The management found that the company was growing too fast, which required a fast approach. The team also had to consider if they wanted a modified system or a completely new re-configuration.
Should other companies use a “big-bang” implementation strategy? Why or why not? Explain your answer.
Organizations should not use a “big-bang” approach, but the answer is not always a yes. Organizations have many obstacles in implementing change strategy including training, budget, change management, and technical problems. Presence of many hurdles may make big bang present many risks to an organization regardless of the benefits and need.
Only small companies can use big bang implementation strategy. Organizations operating in several locations, with many divisions and business units may require more time to implement a new business model or change business processes. The big bang may not work well if there are many business processes that require re-engineering in order to achieve full implementation. A good model requires forming a dedicate project management team before the implementation team through a series of implementation phases.
In some cases, sheer time frames works against big bang. The complexity of the business environment may make a single big bang to take two years to complete. Any project that takes that long is bound to face many issues, including business climate changes, personnel changes, and management direction. It is better to keep shorter cycles, remain flexible and keep moving.
Kenneth C. Laudon, & Jane P. Laudon. Management Information Systems 13th Edition. Pearson Education Limited 2013. 2013
O'Brien, James, A. Introduction To Information Systems: Essentials For The E-Business Enterprise. McGraw-Hill, Boston, MA. 2003
O'Brien, James. A. & Marakas, George. Introduction to Information Systems 15th Edition. McGraw-Hill. 2010
Oz, Effie. Management Information Systems. Stamford: Cengage Learning, 2009.