ZERO DAY EXPLOITS AND NATIONAL READINESS FOR CYBER-WARFARE

Abstract

A zero day vulnerability is an unknown exploit that divulges security flaws in software before such a flaw is publicly reported or announced. But how should a nation react to a zero day?  This question is a concern for most national governments, and one that requires a systematic approach for its resolution.  The securities of critical infrastructure of nations and states have been severally violated by cybercriminals.  Nation-state espionage and the possible disruption and circumvention of the security of critical networks has been on the increase.  Most of these violations are possible through detectable operational bypasses, which are rather ignored by security administrators.  One common instance of a detectable operational bypass is the non-application of periodic security updates and upgrades from software and hardware vendors.  Every software is not necessarily in its final state, and the application of periodic updates allow for the patching of vulnerable systems, making them to be secure enough to withstand an exploit.  To have control over the security of critical national assets, a nation must be “cyber-ready” through the proper management of vulnerabilities and the deployment of the rightful technology in the cyberspace for hunting, detecting and preventing cyber-attacks and espionage.  To this effect, this paper discusses the implications of zero day exploits and highlights the dangers posed by this cankerworm for an unprepared nation.  The paper also adopts the defence-in-depth strategy for national readiness and a foolproof system that enforces the security of critical national infrastructure at all levels.

http://dx.doi.org/10.4314/njt.v36i4.26