Download Future of Cyber Security and the Issue of Cyber warfare: A

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the work of artificial intelligence, which forms the content of this project

Document related concepts

Wireless security wikipedia, lookup

Computer security wikipedia, lookup

Security-focused operating system wikipedia, lookup

Citizen Lab wikipedia, lookup

Hacker wikipedia, lookup

Cybercrime countermeasures wikipedia, lookup

Mobile security wikipedia, lookup

Computer and network surveillance wikipedia, lookup

Cyber-security regulation wikipedia, lookup

Information security wikipedia, lookup

Airport security wikipedia, lookup

Cyberwarfare wikipedia, lookup

International cybercrime wikipedia, lookup

Cyberattack wikipedia, lookup

Malware wikipedia, lookup

Cybercrime wikipedia, lookup

Stuxnet wikipedia, lookup

Cyberterrorism wikipedia, lookup

Transcript
Future of Cyber Security and the Issue of Cyber warfare: A Background Paper
by Nanki Lamba
edited by Lorenzo Capitani
1. Abstract
This background paper will look into what cyber security and warfare is, its usage
and problems in recent years, and how it is a stressing issue with a range of
varying opinions following it. This will then help decide the future of cyber
security and warfare.
2. Description and Definition of the Issue
Cybersecurity is the body of technologies, processes and practices designed to
protect networks, computers, programs and data from attack, damage or
unauthorized access.In their most disruptive form, cyber threats take aim at secret,
political, military, or infrastructural assets of a nation, or its people. Cyber
security is therefore a critical part of any governments’ security strategy.
Cyber warfare involves nation-states using information technology to penetrate
another nation’s networks to cause damage or disruption.
In 2010, the U.S. Federal Government allocated $13 billion annually to cyber
security for the next five years, and recently there has been a problem involving
the USA and Russia, due to cyber warfare, using systems that have been updated
from the cold war, leading to responses from NATO and other European
countries, therefore allowing the problem to continue.
3. Glossary of the Issue
NATO - The North Atlantic Treaty Organization, also called the North Atlantic
Alliance, is an intergovernmental military alliance based on the North Atlantic
Treaty, which was signed on 4 April 1949.Against the background of increasing
dependence on technology and on the Internet, the Alliance is advancing its
efforts to confront the wide range of cyber threats targeting NATO’s networks on
a daily basis. This objective has been recognized as a priority in NATO’s
Strategic Concept, and has been reiterated in the two most recent Summit
Declarations, as well as at NATO ministerial meetings.
Cyber security Regulation – This comprises directives from the Executive Branch
and legislation from Congress that safeguards information technology and
computer systems in the United States. Its purpose is to force companies and
organizations to protect their systems and information from cyber-attacks.
Tallinn Manual - This is an academic, non-binding study on how international
law, in particular the ‘jus ad bellum’ and international humanitarian law, applies
to cyber conflicts and cyber warfare. It was written at the invitation of the Tallinnbased NATO Cooperative Cyber Defense Centre of Excellence by an
international group of approximately twenty experts between 2009 and 2012.
NCSD - National Cyber Security Division, which is a division of the Office of
Cyber Security & Communications, within the United StatesDepartment of
Homeland Security's Directorate for National Protection and Programs. To protect
the cyber infrastructure, NCSD has identified two overarching objectives: to build
and maintain an effective national cyberspace response system and to implement
a cyber-risk management program for protection of critical infrastructure.
ISO - International Organization for Standardization, which is a set of security
standards that enables organizations to practice safe security techniques to stop
cybersecurity attacks. These guides provide general outlines as well as specific
techniques for implementing cybersecurity. For certain standards, cybersecurity
certification by an accredited body can be obtained.
NCCIC - National Cybersecurity and Communications Integration Center,
whichmarked the culmination of National Cybersecurity Awareness month in the
US. The NCCIC is aimed at improving US national efforts to respond to threats
and incidents affecting critical information technology and communications
infrastructure.
4. History of the Issue
Cyber Security began when, in December 1969, the ARPA (Advanced Research
Projects Agency) went online and connected four major U.S. universities.
Designed for research, education, and government organizations, it provided a
communications network linking the country in the event that a military attack
would destroy conventional communications systems. Now, these programs
continue, but with the aid of more advanced technology.
June 1982. The first cyber attack was reported. After learning that the Soviet
Union planned to steal software from a Canadian Company to control its Trans
Siberian Pipeline, the CIA altered the software to cause the pipeline to explode.
1986. A physics researcher at University of California Berkeley tracks down a
hacker who had broken into computers at the Lawrence Berkeley National
Laboratory, a US Department of Energy facility. He traced the hacker to
Germany.
1988. An Internet worm temporarily shuts down about 10% of the world’s
internet servers. Robert Morris, a student at Cornell University, released the
worm. Morris is the first person trialed and convicted under the computer fraud
and abuse act.
1997. The US Department of Defense commissioned an experiment code named
“Eligible Receiver”. The main purpose of the exercise was to see if a group using
readily available computers and software could infiltrate the Pentagon’s computer
system. This showed them how vulnerable the system was.
1998. Solar Sunrise is an operational name given to a series of incursions into US
Department of Defense computer networks. It was discovered that three
California teenagers were behind the breaches. This event was a wake up call to
the government and prompted Bill Clinton to develop a cyber security plan.
2001. The worm named ‘CodeRed’ affects the computer networks running a
Microsoft operating system. Some websites including the White House site were
disabled.
5. Current Status
a. Recent History
i.
Discovery of Stuxnet
In June 2010, Security experts discovered Stuxnet, the world's first
military-grade cyber weapon that can destroy pipelines and cause
explosions at power plants and factories, as well as manipulate
machinery. It was the first worm that corrupted industrial
equipment and was also the first worm to include a PCL
(programmable logic controller), software designed to hide its
existence and progress. In August, a security software company,
Symantec, stated that 60% of the computers infected with Stuxnet
were in Iran. In November, Iranian president Mahmoud
Ahmadinejad acknowledged that the Stuxnet worm destroyed
about 1,000 of the country's 6,0000 centrifuges at its nuclear
facility in Natanz.
ii.
Malware Virus
In December 2011, Malware, named Mahdi after the Messiah
in Islam, infiltrated about 800 computers of government
officials, embassy employees, and other businesspeople in Iran,
Israel, Afghanistan, the United Arab Emirates, and South
Africa. The malware was embedded in email attachments and
users who opened the documents were susceptible to having
their emails and instant messages read by hackers.
iii.
Bank Infiltration in the US
In September 2012, Nine banks in the U.S., including the Bank
of America, Wells Fargo, and JP Morgan Chase, were hit by a
distributed-denial-of-service attack that denied customers access to
the banks' websites for several days. The Islamic ‘hacktivist’ group
Izz ad-Din Al-Qassam Cyber Fighters (also called the Al-Qassam
Brigades) takes responsibility for the attack. The group is linked to
the military wing of Hamas.
iv.
Russia and Ukraine Conflict
Recent reports indicated that Russian forces used hacking to
intercept a U.S. surveillance drone flying over the Crimea region
of Ukraine in March. Allegedly, hackers were able to sever the
connection between the drone and its operator using complex
radio-electronic technology
Additional coverage indicated a wide range of cyberactivities
under way during the standoff, from primitive vandalism of
Russian websites by Ukrainian hackers to more sophisticated
operations, such as the possible Russian use of “Snake” malware to
stealthily siphon information from various networks.
v.
Chinese Attack
In May 2014, The U.S. the Justice Department unsealed an
indictment of five members of Unit 61398 of the Chinese People’s
Liberation Army, charging them with hacking into the computer
networks of Westinghouse Electric, U.S. Steel Corp., and other
companies. Shanghai-based Unit 61398 is the cyber division of
China's national army. The move is considered largely symbolic
since there is little chance the men will surrender
Cyber-attacks on businesses and significant personnel have caused
massive fear within people around the globe because their private
data and information could, at any time be violated and published
to the public, or a government hack that would release classified
files to the people causing distrust of the government and raising
the tensions between the factions.
6. Conclusion
Throughout the decades, the amounts of minor and major cyber-attacks on either
small or massive scale have increased greatly since the beginning of the 21st
century. And there must be measures placed and put under effect as soon as
possible as through time. These attacks would only increase and cause even more
damage, whether economically, socially, or politically. Hopefully passing an
effective UN law may decrease those intimidating cyber-attacks, decreasing cyber
warfare.
7. Works Cited
https://www.paloaltonetworks.com/resources/learning-center/what-is-cybersecurity.html
http://www.computerweekly.com/news/1280091214/US-opens-cyber-securitycommand-centre
http://www.nytimes.com/2014/10/31/world/europe/new-russian-boldness-revivesa-cold-war-tradition-testing-the-other-side-.html
http://www.rand.org/blog/2014/04/cyberwarfare-goes-wireless.html
http://papers.duckdns.org/files/2011_IECON_stuxnet.pdf
http://perry4law.co.in/cyber_security/