* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Download Future of Cyber Security and the Issue of Cyber warfare: A
Survey
Document related concepts
Airport security wikipedia , lookup
Wireless security wikipedia , lookup
Information security wikipedia , lookup
Citizen Lab wikipedia , lookup
Security-focused operating system wikipedia , lookup
Computer and network surveillance wikipedia , lookup
Mobile security wikipedia , lookup
Cybercrime countermeasures wikipedia , lookup
International cybercrime wikipedia , lookup
Cyberterrorism wikipedia , lookup
Cyber-security regulation wikipedia , lookup
Computer security wikipedia , lookup
Transcript
Future of Cyber Security and the Issue of Cyber warfare: A Background Paper by Nanki Lamba edited by Lorenzo Capitani 1. Abstract This background paper will look into what cyber security and warfare is, its usage and problems in recent years, and how it is a stressing issue with a range of varying opinions following it. This will then help decide the future of cyber security and warfare. 2. Description and Definition of the Issue Cybersecurity is the body of technologies, processes and practices designed to protect networks, computers, programs and data from attack, damage or unauthorized access.In their most disruptive form, cyber threats take aim at secret, political, military, or infrastructural assets of a nation, or its people. Cyber security is therefore a critical part of any governments’ security strategy. Cyber warfare involves nation-states using information technology to penetrate another nation’s networks to cause damage or disruption. In 2010, the U.S. Federal Government allocated $13 billion annually to cyber security for the next five years, and recently there has been a problem involving the USA and Russia, due to cyber warfare, using systems that have been updated from the cold war, leading to responses from NATO and other European countries, therefore allowing the problem to continue. 3. Glossary of the Issue NATO - The North Atlantic Treaty Organization, also called the North Atlantic Alliance, is an intergovernmental military alliance based on the North Atlantic Treaty, which was signed on 4 April 1949.Against the background of increasing dependence on technology and on the Internet, the Alliance is advancing its efforts to confront the wide range of cyber threats targeting NATO’s networks on a daily basis. This objective has been recognized as a priority in NATO’s Strategic Concept, and has been reiterated in the two most recent Summit Declarations, as well as at NATO ministerial meetings. Cyber security Regulation – This comprises directives from the Executive Branch and legislation from Congress that safeguards information technology and computer systems in the United States. Its purpose is to force companies and organizations to protect their systems and information from cyber-attacks. Tallinn Manual - This is an academic, non-binding study on how international law, in particular the ‘jus ad bellum’ and international humanitarian law, applies to cyber conflicts and cyber warfare. It was written at the invitation of the Tallinnbased NATO Cooperative Cyber Defense Centre of Excellence by an international group of approximately twenty experts between 2009 and 2012. NCSD - National Cyber Security Division, which is a division of the Office of Cyber Security & Communications, within the United StatesDepartment of Homeland Security's Directorate for National Protection and Programs. To protect the cyber infrastructure, NCSD has identified two overarching objectives: to build and maintain an effective national cyberspace response system and to implement a cyber-risk management program for protection of critical infrastructure. ISO - International Organization for Standardization, which is a set of security standards that enables organizations to practice safe security techniques to stop cybersecurity attacks. These guides provide general outlines as well as specific techniques for implementing cybersecurity. For certain standards, cybersecurity certification by an accredited body can be obtained. NCCIC - National Cybersecurity and Communications Integration Center, whichmarked the culmination of National Cybersecurity Awareness month in the US. The NCCIC is aimed at improving US national efforts to respond to threats and incidents affecting critical information technology and communications infrastructure. 4. History of the Issue Cyber Security began when, in December 1969, the ARPA (Advanced Research Projects Agency) went online and connected four major U.S. universities. Designed for research, education, and government organizations, it provided a communications network linking the country in the event that a military attack would destroy conventional communications systems. Now, these programs continue, but with the aid of more advanced technology. June 1982. The first cyber attack was reported. After learning that the Soviet Union planned to steal software from a Canadian Company to control its Trans Siberian Pipeline, the CIA altered the software to cause the pipeline to explode. 1986. A physics researcher at University of California Berkeley tracks down a hacker who had broken into computers at the Lawrence Berkeley National Laboratory, a US Department of Energy facility. He traced the hacker to Germany. 1988. An Internet worm temporarily shuts down about 10% of the world’s internet servers. Robert Morris, a student at Cornell University, released the worm. Morris is the first person trialed and convicted under the computer fraud and abuse act. 1997. The US Department of Defense commissioned an experiment code named “Eligible Receiver”. The main purpose of the exercise was to see if a group using readily available computers and software could infiltrate the Pentagon’s computer system. This showed them how vulnerable the system was. 1998. Solar Sunrise is an operational name given to a series of incursions into US Department of Defense computer networks. It was discovered that three California teenagers were behind the breaches. This event was a wake up call to the government and prompted Bill Clinton to develop a cyber security plan. 2001. The worm named ‘CodeRed’ affects the computer networks running a Microsoft operating system. Some websites including the White House site were disabled. 5. Current Status a. Recent History i. Discovery of Stuxnet In June 2010, Security experts discovered Stuxnet, the world's first military-grade cyber weapon that can destroy pipelines and cause explosions at power plants and factories, as well as manipulate machinery. It was the first worm that corrupted industrial equipment and was also the first worm to include a PCL (programmable logic controller), software designed to hide its existence and progress. In August, a security software company, Symantec, stated that 60% of the computers infected with Stuxnet were in Iran. In November, Iranian president Mahmoud Ahmadinejad acknowledged that the Stuxnet worm destroyed about 1,000 of the country's 6,0000 centrifuges at its nuclear facility in Natanz. ii. Malware Virus In December 2011, Malware, named Mahdi after the Messiah in Islam, infiltrated about 800 computers of government officials, embassy employees, and other businesspeople in Iran, Israel, Afghanistan, the United Arab Emirates, and South Africa. The malware was embedded in email attachments and users who opened the documents were susceptible to having their emails and instant messages read by hackers. iii. Bank Infiltration in the US In September 2012, Nine banks in the U.S., including the Bank of America, Wells Fargo, and JP Morgan Chase, were hit by a distributed-denial-of-service attack that denied customers access to the banks' websites for several days. The Islamic ‘hacktivist’ group Izz ad-Din Al-Qassam Cyber Fighters (also called the Al-Qassam Brigades) takes responsibility for the attack. The group is linked to the military wing of Hamas. iv. Russia and Ukraine Conflict Recent reports indicated that Russian forces used hacking to intercept a U.S. surveillance drone flying over the Crimea region of Ukraine in March. Allegedly, hackers were able to sever the connection between the drone and its operator using complex radio-electronic technology Additional coverage indicated a wide range of cyberactivities under way during the standoff, from primitive vandalism of Russian websites by Ukrainian hackers to more sophisticated operations, such as the possible Russian use of “Snake” malware to stealthily siphon information from various networks. v. Chinese Attack In May 2014, The U.S. the Justice Department unsealed an indictment of five members of Unit 61398 of the Chinese People’s Liberation Army, charging them with hacking into the computer networks of Westinghouse Electric, U.S. Steel Corp., and other companies. Shanghai-based Unit 61398 is the cyber division of China's national army. The move is considered largely symbolic since there is little chance the men will surrender Cyber-attacks on businesses and significant personnel have caused massive fear within people around the globe because their private data and information could, at any time be violated and published to the public, or a government hack that would release classified files to the people causing distrust of the government and raising the tensions between the factions. 6. Conclusion Throughout the decades, the amounts of minor and major cyber-attacks on either small or massive scale have increased greatly since the beginning of the 21st century. And there must be measures placed and put under effect as soon as possible as through time. These attacks would only increase and cause even more damage, whether economically, socially, or politically. Hopefully passing an effective UN law may decrease those intimidating cyber-attacks, decreasing cyber warfare. 7. Works Cited https://www.paloaltonetworks.com/resources/learning-center/what-is-cybersecurity.html http://www.computerweekly.com/news/1280091214/US-opens-cyber-securitycommand-centre http://www.nytimes.com/2014/10/31/world/europe/new-russian-boldness-revivesa-cold-war-tradition-testing-the-other-side-.html http://www.rand.org/blog/2014/04/cyberwarfare-goes-wireless.html http://papers.duckdns.org/files/2011_IECON_stuxnet.pdf http://perry4law.co.in/cyber_security/