1 / 19

In every institution, information is blood.

In every institution, information is blood. Bradley H. Patterson, Jr. (1921-). The Ring of Power: The White House Staff and Its Expanding Role in Government, 7, 3, 1988.

varian
Download Presentation

In every institution, information is blood.

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. In every institution, information is blood. Bradley H. Patterson, Jr. (1921-). The Ring of Power: The White House Staff and Its Expanding Role in Government, 7, 3, 1988 Under today’s technological conditions, the “all conquering stratagems” of Sun Tzu more than two millennia ago – “vanquishing the enemy without fighting” and subduing the enemy by “soft strike” or “soft destruction” – could finally be truly realized. Quote from the Chinese Army Newspaper, Jiefangjun Bao, from a summary of speeches delivered in May 1996.

  2. "A Glimpse of Cyberwarfare" U.S. News & World Report (03/13/00) Vol. 128, No. 10, P. 32; (Strobel, Warren P.): Various governments around the world are using the Internet to suppress dissent, harass their enemies, obtain trade secrets, and even prepare for war. Although computer security experts admit that some of the worst-case scenarios have yet to happen, such as rogue governments using computers to wreak havoc on financial systems, they warn that more than 12 countries, including China, Iraq, Iran, and Russia already possess fairly sophisticated information-warfare know-how. For example, China is currently debating whether to devote a fourth branch of its military solely to information warfare, and the Pentagon will consolidate its offensive cyberwarfare programs at the U.S. Space Command in Colorado later this year. Experts say cyberwars pose great ethical and legal dilemmas, as there is no clear separation point between military sites and those devoted to civilian infrastructure, as in physical wars. Military analysts admit that the U.S. may be the biggest loser if cyberwarfare becomes an accepted form of battle, as it is the country most tightly strung together by computer networks. Because of the widespread damage that cyberwarfare could lead to, some countries such as Russia have proposed treaties on the matter, similar to arms control agreements. However, experts say verifying such an agreement would be nearly impossible given the nature of computer networks. Electronic spying could also become as problematic as cyberwarfare, as many government agencies are rich with detailed, classified information that is extremely valuable to an enemy. Security professionals say not only can information be taken from a computer, but an unfriendly entity could also place bogus information into a computer, causing military leaders to make decisions about troop locations or battlefield conditions based on fictional data. Most military analysts contend that the computer has made the world an even more dangerous place. * From http://www.umsl.edu/~sauter/ecommerce/news.html

  3. CYBERSECURITY&NETWORK VULNERABILITY Dale H. Shao, Ph.D. Marshall University

  4. Network Events Occurring Since 1993 Key Societal Changes Network Players Cybersecurity Breaches Types of Attackers Network Intrusion Techniques Cybersecurity Counter Measures Summary Overview

  5. Network Events Occurring Since 1993 • Internet • Intranets • Extranets • Push Technology • E-commerce • Supply Chain Management & ERP

  6. Knowledge-based income Personal computers Availability of online hacking tools with instructions (10 Best Hacking Web Sites) Networked society Mobility Productivity System vulnerability ERP Network standardization Increasing sophisticated terrorists Cyber-terrorism- the use of network-based technologies to cause harm to data and/or information from its original form Key Societal Changes

  7. Hackers Lone Criminals Malicious Insiders Industrial Espionage Press Organized Crime Police Terrorists National Intelligence Organizations (NSA and CERT – see Morris Worm) Infowarriors Network Players

  8. Cybersecurity Breaches • Every single day in America, the U.S. government intercepts and stores nearly 2 billion emails, phone calls and other forms of electronic communication. Then, acres and acres of supercomputers with eavesdropping and code breaking capabilities automatically look for meaningful information amongst the hurricane of data that enters Fort Meade, Maryland. The NSA can listen for and detect key words in phone conversations. NSA computers will trigger alarms and in seconds a platoon of experts will be dissecting the recorded conversation. • ECHELON is a code word for an automated global interception system operated by the intelligence agencies of the US, UK, Canada, Australia, and New Zealand, and lead by the NSA. Some sources claim ECHELON sifts through 90 percent of the Internet’s traffic.

  9. Cybersecurity Breaches – con’t • Computer Security Institute (CSI) - based on responses from 643 computer security practitioners in U.S. corporations, government agencies, financial institutions, medical institutions and universities. Ninety percent of survey respondents detected cyber attacks, including denial of service attacks, Web-site vandalism, financial fraud, sabotage of data or networks, and theft of proprietary information. Recent estimates of $20 to 140 billion in losses – 2005 thru 2012. • FBI - 95 percent of all attacks by hackers go unreported • Kevin Poulson (1992)– convicted for stealing and trafficking telephone access codes for the Soviet Union and wiretapping conversations of Pacific Bell officials who were investigating him. • Sunday Times in Britain (1999) - hackers attempting to blackmail several bank’s security , they claim they can disrupt bank operations and have lists of private clientele information they will publish

  10. Cybersecurity Breaches – con’t • A survey by Global Integrity, a computer security company showed that more than twenty-five of the world’s largest banks were hacked into in 1999 • British authorities (2000), with the assistance of the FBI, arrested two eighteen-year-old British citizens who had stolen over twenty-six thousand credit card accounts using the Internet • (2000)A leak of early design information cost a medium-sized producer of consumer electronic goods $35 million in anticipated sales when a competitor obtained the information and used it to introduce its own version of the product much sooner • Identity theft – the forging of someone’s identity for the purpose of fraud. 2003: 10 million victims. 2014 – 15 million.

  11. Network Intrusion Techniques • Van Eck Devices– a CRT and/or LCD monitor on a computer is actually a miniature transmitter broadcasting all of its information into the air. A Van Eck receiving device can “read” a screen up to around one half of a city block away. • High Energy Radio Frequency (HERF) Gun– shoots a high power radio signal at an electronic target and puts it out of commission. Designed to overload electronic circuitry. • ElectroMagnetic Pulse Transformer (EMP/T) Bomb– so strong any computer in its path will likely be rendered useless forever. Electronic circuitry will be melted beyond repair and all magnetically stored data will be completely erased. • Hacking – illegally intruding in to a computer network. A hacker is someone interested in operating systems, software, security, and the Internet generally.

  12. Network Intrusion Techniques – con’t • Data-Driven Attacks– an attack that relies upon hidden or encapsulated data, which may be designed to flow through a firewall undetected. • Social Engineering – tricking an unwary system personnel into revealing passwords or other information about their network. • Spoofing – any procedure that involves impersonating another user or host to gain unauthorized access to the target. • Hijacking– terminal hijacking, where an attacker seizes control of another user’s session. • Back Door– a hidden program, left behind by an intruder or a disgruntled employee that allows them future access to a victim host, a.k.a., trap door.

  13. Network Intrusion Techniques – con’t • Crack– software (or any technique) used to circumvent system security. • DoS – Denial of Service – results when a user maliciously renders an Internet information server inoperable, thereby denying computer service to legitimate users. • Flood, Floods, Flooder – tool or tools that overflow the connection queue of a TCP/IP enabled system, thereby causing denial of service. • Logic Bomb– any program or code—generally malicious—that causes a system to lock up or fail. • Cyberslacking – misuse of company resources. • Cookie – a small file that contains information about you and your Web activities, which a Web site places on your computer. • Anonymous Web browsing (AWB) – hides your identity from the Web sites you visit. • About 2,000 government agencies have databases with information on people. Whenever you are in contact with government agency, you leave behind information about yourself.

  14. Network Intrusion Techniques – con’t • Computer sabotage costs about $10 billion per year. In general, employee misconduct is more costly than assaults from outside. • Sniffer– program that surreptitiously captures datagrams across a network. Can be used to steal usernames and passwords. • Time Bomb– any program that waits for a specified amount of time or event to disable a machine or otherwise cause that machine to fail. • Traffic Analysis– the study of patterns in communication rather than the content of the communication. Can be very revealing, primarily in determining relationships between individuals and hosts. • Trojan (Trojan Horse) – an application or code that, unbeknownst to the user, performs surreptitious and unauthorized tasks. Those task can compromise system security.

  15. Identity Theft by Age of Victims

  16. Cybersecurity Counter Measures • Make cybersecurity a company wide philosophy • Purchase Internet insurance • Do not allow anyone access to your system who has not been invited or who has not been verified using several different technologies and photograph all individuals who ask for access to your system • Guards should know their job is secure, even if they prevent a high level official from the firm from entering an installation without the proper identification and authorization • Sensitive information should be destroyed before being thrown out

  17. Cybersecurity Counter Measures – Con’t • If an individual does not use their account within a specific period of time, they should be automatically logged off • Always change all default settings dealing with passwords and usernames when setting up a system • Do not use obvious passwords • Change passwords relatively often • Use 128-bit encrypted browsers • Make sure your email software is up-to-date • Encrypt all files sent through email

  18. Cybersecurity Counter Measures – Con’t • Make sure your web browser is up-to-date • Use the best security hardware and software that is available and read and follow the recommendations that are included with the software to prevent unauthorized access to your system • Thoroughly train and certify you security personnel

  19. Summary • It would not be surprising if a catastrophic terrorist event occurred in the near future • Businesses must protect themselves from the preceding as much as possible by using practical measures to defend against these unlawful intrusions

More Related