Information Technology Reference
In-Depth Information
13.6.1
Level I: Interpersonal Damage
IA architects and their customers' success are largely based on their respective abili-
ties to deliver what they promise in the manner promised. Much of this includes
secrecy about current work, secrecy based on trust and reputation. Disclosure of
questionable or falsified personal information has the potential to interrupt or delay
operations, and absolutely has the potential for long-term effects with regard to
reputation of the individual and his or her organization.
13.6.2
Level II: Intercorporate Damage
IA architects may be involved with projects valued in the millions and even billions of
dollars. The stakes are too high to take for granted that everyone else is playing by the
rules. Corporate espionage or sabotage leading to theft of key intellectual property
may lower barriers to competitive entry (e.g., source code); lower cost of entry implies
lower costs and lower pricing when bidding against a competitor. Actual asset loss is a
distant second concern to loss of intellectual property and contract award loss.
Sabotage may affect the integrity of product development, testing, or the cer-
tification and accreditation process. Any of these may delay a deliverable or raise
questions about the quality of the deliverable. Compromise to a test lab may bring
into question C&A work and may result in do-it-again demands, assuming the
second-chance opportunity is even presented.
13.6.3
Level III: International Damage
IA architects may also be involved in domestic and foreign governments, and in
businesses whose work or products have national or international importance. This
leaves employees open to extortion, bribery, and other temptations to compromise
the trust accorded them. Trust violations may result in disclosure, resource theft, or
any other particular in the results taxonomy. The ultimate end could be economic
destabilization (compromised government or commercial financial systems), back-
door access to subversives, or intergovernment transport of secrets, including data
providing insight on how to destabilize each other's infrastructures.
13.6.4
Adversary Consequences
Newton's first law of motion is that for every action there is an equal and oppo-
site reaction. Adversary actions have consequences. In a nation-state situation, one
cyber-attack may beget a response in kind. From a corporate perspective, launching
counterattacks is more problematic. First and foremost, counterattacks are highly
likely to be illegal. Second and almost as foremost, it is very difficult to discern who
