DOCSLIB.ORG

“Reducing Systemic Cybersecurity Risk”

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
“Reducing Systemic Cybersecurity Risk” IFP/WKP/FGS(2011)3 MULTI-DISCIPLINARY ISSUES INTERNATIONAL FUTURES PROGRAMME OECD/IFP Project on “Future Global Shocks” “Reducing Systemic Cybersecurity Risk” Peter Sommer, Information Systems and Innovation Group, London School of Economics Ian Brown, Oxford Internet Institute, Oxford University This report was written by Peter Sommer and Ian Brown as a contribution to the OECD project ―Future Global Shocks‖. The opinions expressed and arguments employed herein are those of the authors, and do not necessarily reflect the official views of the OECD or of the governments of its member countries. Contact persons: Pierre-Alain Schieb: +33 (0)1 45 24 82 70, [email protected] Anita Gibson: +33 (0)1 45 24 96 27, [email protected] 14th January 2011 TABLE OF CONTENTS EXECUTIVE SUMMARY ............................................................................................... 5 SYSTEMIC CYBER SECURITY RISK .......................................................................... 9 DESCRIPTION AND HISTORICAL CONTEXT ......................................................... 15 Early days of business and government computing ..................................................... 15 1970s and 1980s: changing patterns of risk ................................................................. 15 Routes to democratisation ............................................................................................ 16 The emergence of the Internet ...................................................................................... 17 Changing business practices ........................................................................................ 20 E-Government .............................................................................................................. 20 Smart Grids and SCADA ............................................................................................. 21 Cloud Computing ......................................................................................................... 22 Complexity / Source Lines of Code / Program Bugs ................................................... 22 Critical Infrastructures: Cyber Elements ...................................................................... 23 Specific Systemic Threats ............................................................................................ 24 Blended attacks ............................................................................................................ 29 Large-scale criminal attacks ......................................................................................... 29 Recreational Hacking ................................................................................................... 31 Hactivism ..................................................................................................................... 31 Large-scale State and Industrial espionage .................................................................. 32 REMEDIES ..................................................................................................................... 34 Remedies: Security Doctrines ...................................................................................... 34 Remedies: System Design ........................................................................................... 35 Remedies: Detective and Preventative ........................................................................ 36 Remedies: Mitigation and Recovery .......................................................................... 39 RISK CHARACTERISATION, INTERLINKAGES AND KNOCK-ON EFFECTS ... 42 RISK ANALYSIS AND THE BROADER CONTEXT ................................................. 48 Impact, scope and duration .......................................................................................... 48 Threshold, tipping, trigger and control points .............................................................. 48 Duration Issues ............................................................................................................. 50 LEVEL OF PREPAREDNESS ....................................................................................... 61 Military Responses ....................................................................................................... 61 Civil Contingencies ...................................................................................................... 63 Private sector ................................................................................................................ 65 Policing and Counter-Fraud Responses ....................................................................... 68 Research Responses ..................................................................................................... 69 Legal and Regulatory Approaches ............................................................................... 70 CONCLUSIONS AND RECOMMENDATIONS .......................................................... 81 National Strategies ....................................................................................................... 83 Public Private Partnerships .......................................................................................... 84 International Strategies ................................................................................................. 85 Possible New Technical Measures ............................................................................... 86 Research ....................................................................................................................... 87 Education ...................................................................................................................... 88 APPENDIX 1 .................................................................................................................. 89 APPENDIX 2 ................................................................................................................ 100 REFERENCES .............................................................................................................. 109 Tables Table 1. Types of Malware ...................................................................................... 24 Table 2. Extract from provisions of leading cybercrime laws ................................. 73 Figures Figure 1. Increasing dependence on the Internet ...................................................... 18 Figure 2. Increasing important of the Internet .......................................................... 19 Figure 3. Steps Towards E-Government ................................................................... 21 3 Figure 4. Critical Infrastructure Inter-Dependencies ................................................ 23 Figure 5. Shape of Disaster Recovery....................................................................... 39 Figure 6. Internet Users per 100 Inhabitants 1998-2008 .......................................... 52 Figure 7. Contribution of ICT capital growth to labour productivity growth in market services (1995-2004) .................................................................................................... 54 Figure 8. Enterprises using the Internet to interact with public authorities, by purpose, during 2007, EU27 (%) ................................................................................................ 55 Figure 9. UK Critical National Infrastructure ........................................................... 64 4 EXECUTIVE SUMMARY This report is part of a broader OECD study into ―Future Global Shocks‖, examples of which could include a further failure of the global financial system, large-scale pandemics, escape of toxic substances resulting in wide-spread long-term pollution, and long-term weather or volcanic conditions inhibiting transport links across key intercontinental routes. The authors have concluded that very few single cyber-related events have the capacity to cause a global shock. Governments nevertheless need to make detailed preparations to withstand and recover from a wide range of unwanted cyber events, both accidental and deliberate. There are significant and growing risks of localised misery and loss as a result of compromise of computer and telecommunications services. In addition, reliable Internet and other computer facilities are essential in recovering from most other large-scale disasters. Catastrophic single cyber-related events could include: successful attack on one of the underlying technical protocols upon which the Internet depends, such as the Border Gateway Protocol which determines routing between Internet Service Providers and a very large-scale solar flare which physically destroys key communications components such as satellites, cellular base stations and switches. For the remainder of likely breaches of cybsersecurity such as malware, distributed denial of service, espionage, and the actions of criminals, recreational hackers and hacktivists, most events will be both relatively localised and short-term in impact. Successful prolonged cyberattacks need to combine: attack vectors which are not already known to the information security community and thus not reflected in available preventative and detective technologies, so-called zero-day exploits; careful research of the intended targets; methods of concealment both of the attack method and the perpetrators; the ability to produce new attack vectors over a period as current ones are
Load more

Recommended publications
  • Analyzing Cyber Trends in Online Financial Frauds Using Digital Forensics Techniques Simran Koul, Yash Raj, Simriti Koul
    International Journal of Innovative Technology and Exploring Engineering (IJITEE) ISSN: 2278-3075, Volume-9 Issue-9, July 2020 Analyzing Cyber Trends in Online Financial Frauds using digital Forensics Techniques Simran Koul, Yash Raj, Simriti Koul Online frauds refer to the usage of Internet services or other Abstract: Online financial frauds are one of the leading issues open-source software requiring Internet access to frame users in the fields of digital forensics and cyber-security today. Various or to otherwise take advantage of them. Finance-related flaws online firms have been employing several methodologies for the are becoming quite commonplace today. The most common prevention of finance-related malpractices. This domain of criminal activity is becoming increasingly common in the present types of online financial frauds include: cyberspace. In this paper, we will try to implement an online Phishing: Here, the fraudsters acquire users’ sensitive data financial fraud investigation using the digital forensics tool: such as passwords and credit card credentials through email Autopsy. A few existing cyber-security techniques for the messages, fraud websites, and phone calls. investigation of such crimes, namely the Formal Concept Analysis Card Skimming: This crime involves the illegal extraction and Confirmatory Factor Analysis; have been analyzed and of the user’s sensitive financial details on the magnetic stripe reviewed. These techniques are primarily based on mathematical cyber-security concepts. Henceforth, it has been tried to find out from ATMs, debit, and credit cards. This is usually done by whether the investigation of similar crimes can be done the installation of malware on the card reader used by the satisfactorily using the readily-accessible digital forensics tool: victim.
    [Show full text]
  • Botnets, Cybercrime, and Cyberterrorism: Vulnerabilities and Policy Issues for Congress
    Order Code RL32114 Botnets, Cybercrime, and Cyberterrorism: Vulnerabilities and Policy Issues for Congress Updated January 29, 2008 Clay Wilson Specialist in Technology and National Security Foreign Affairs, Defense, and Trade Division Botnets, Cybercrime, and Cyberterrorism: Vulnerabilities and Policy Issues for Congress Summary Cybercrime is becoming more organized and established as a transnational business. High technology online skills are now available for rent to a variety of customers, possibly including nation states, or individuals and groups that could secretly represent terrorist groups. The increased use of automated attack tools by cybercriminals has overwhelmed some current methodologies used for tracking Internet cyberattacks, and vulnerabilities of the U.S. critical infrastructure, which are acknowledged openly in publications, could possibly attract cyberattacks to extort money, or damage the U.S. economy to affect national security. In April and May 2007, NATO and the United States sent computer security experts to Estonia to help that nation recover from cyberattacks directed against government computer systems, and to analyze the methods used and determine the source of the attacks.1 Some security experts suspect that political protestors may have rented the services of cybercriminals, possibly a large network of infected PCs, called a “botnet,” to help disrupt the computer systems of the Estonian government. DOD officials have also indicated that similar cyberattacks from individuals and countries targeting economic,
    [Show full text]
  • NSF Current Newsletter Highlights Research and Education Efforts Supported by the National Science Foundation
    March 2012 Each month, the NSF Current newsletter highlights research and education efforts supported by the National Science Foundation. If you would like to automatically receive notifications by e-mail or RSS when future editions of NSF Current are available, please use the links below: Subscribe to NSF Current by e-mail | What is RSS? | Print this page | Return to NSF Current Archive Robotic Surgery Systems Shipped to Medical Research Centers A set of seven identical advanced robotic-surgery systems produced with NSF support were shipped last month to major U.S. medical research laboratories, creating a network of systems using a common platform. The network is designed to make it easy for researchers to share software, replicate experiments and collaborate in other ways. Robotic surgery has the potential to enable new surgical procedures that are less invasive than existing techniques. The developers of the Raven II system made the decision to share it as the best way to move the field forward--though it meant giving competing laboratories tools that had taken them years to develop. "We decided to follow an open-source model, because if all of these labs have a common research platform for doing robotic surgery, the whole field will be able to advance more quickly," said Jacob Rosen, Students with components associate professor of computer engineering at the University of of the Raven II surgical California-Santa Cruz. Rosen and Blake Hannaford, director of the robotics systems. Credit: University of Washington Biorobotics Laboratory, led the team that Carolyn Lagattuta built the Raven system, initially with a U.S.
    [Show full text]
  • Attribution and Response to Cybercrime/Terrorism/Warfare Susan W
    Journal of Criminal Law and Criminology Volume 97 Article 2 Issue 2 Winter Winter 2007 At Light Speed: Attribution and Response to Cybercrime/Terrorism/Warfare Susan W. Brenner Follow this and additional works at: https://scholarlycommons.law.northwestern.edu/jclc Part of the Criminal Law Commons, Criminology Commons, and the Criminology and Criminal Justice Commons Recommended Citation Susan W. Brenner, At Light Speed: Attribution and Response to Cybercrime/Terrorism/Warfare, 97 J. Crim. L. & Criminology 379 (2006-2007) This Symposium is brought to you for free and open access by Northwestern University School of Law Scholarly Commons. It has been accepted for inclusion in Journal of Criminal Law and Criminology by an authorized editor of Northwestern University School of Law Scholarly Commons. 0091-4169/07/9702-0379 THE JOURNALOF CRIMINAL LAW & CRIMINOLOGY Vol. 97. No. 2 Copyright 0 2007 by NorthwesternUniversity. Schoolof Low Printedin U.S.A. "AT LIGHT SPEED": ATTRIBUTION AND RESPONSE TO CYBERCRIME/TERRORISM/WARFARE SUSAN W. BRENNER* This Article explains why and how computer technology complicates the related processes of identifying internal (crime and terrorism) and external (war) threats to social order of respondingto those threats. First, it divides the process-attribution-intotwo categories: what-attribution (what kind of attack is this?) and who-attribution (who is responsiblefor this attack?). Then, it analyzes, in detail, how and why our adversaries' use of computer technology blurs the distinctions between what is now cybercrime, cyberterrorism, and cyberwarfare. The Article goes on to analyze how and why computer technology and the blurring of these distinctions erode our ability to mount an effective response to threats of either type.
    [Show full text]
  • Natural & Unnatural Disasters
    Lesson 20: Disasters February 22, 2006 ENVIR 202: Lesson No. 20 Natural & Unnatural Disasters February 22, 2006 Gail Sandlin University of Washington Program on the Environment ENVIR 202: Lesson 20 1 Natural Disaster A natural disaster is the consequence or effect of a natural phenomenon becoming enmeshed with human activities. “Disasters occur when hazards meet vulnerability” So is it Mother Nature or Human Nature? ENVIR 202: Lesson 20 2 Natural Phenomena Tornadoes Drought Floods Hurricanes Tsunami Wild Fires Volcanoes Landslides Avalanche Earthquakes ENVIR 202: Lesson 20 3 ENVIR 202: Population & Health 1 Lesson 20: Disasters February 22, 2006 Naturals Hazards Why do Populations Live near Natural Hazards? High voluntary individual risk Low involuntary societal risk Element of probability Benefits outweigh risk Economical Social & cultural Few alternatives Concept of resilience; operationalized through policies or systems ENVIR 202: Lesson 20 4 Tornado Alley http://www.spc.noaa.gov/climo/torn/2005deadlytorn.html ENVIR 202: Lesson 20 5 Oklahoma City, May 1999 319 mph (near F6) 44 died, 795 injured 3,000 homes and 150 businesses destroyed ENVIR 202: Lesson 20 6 ENVIR 202: Population & Health 2 Lesson 20: Disasters February 22, 2006 World’s Deadliest Tornado April 26, 1989 1300 died 12,000 injured 80,000 homeless Two towns leveled Where? ENVIR 202: Lesson 20 7 Bangladesh ENVIR 202: Lesson 20 8 Hurricanes, Typhoons & Cyclones winds over 74 mph regional location 500,000 Bhola cyclone, 1970, Bangladesh 229,000 Typhoon Nina, 1975, China 138,000 Bangladesh cyclone, 1991 ENVIR 202: Lesson 20 9 ENVIR 202: Population & Health 3 Lesson 20: Disasters February 22, 2006 U.S.
    [Show full text]
  • 193 194 Chapter 17
    National Institute of Standards and Technology Technology Administration U.S. Department of Commerce An Introduction to Computer Security: The NIST Handbook Special Publication 800-12 User Contingency Assurance I & A Issues Planning Personnel Training Access Risk Crypto Controls Audit Planning Management Support Physical Program Threats Policy & Management Security Operations Table of Contents I. INTRODUCTION AND OVERVIEW Chapter 1 INTRODUCTION 1.1 Purpose .................................................... 3 1.2 Intended Audience .......................................... 3 1.3 Organization ............................................... 4 1.4 Important Terminology ..................................... 5 1.5 Legal Foundation for Federal Computer Security Programs . 7 Chapter 2 ELEMENTS OF COMPUTER SECURITY 2.1 Computer Security Supports the Mission of the Organization. 9 2.2 Computer Security is an Integral Element of Sound Management. .............................................. 10 2.3 Computer Security Should Be Cost-Effective. ............... 11 2.4 Computer Security Responsibilities and Accountability Should Be Made Explicit. .......................................... 12 2.5 Systems Owners Have Security Responsibilities Outside Their Own Organizations. ........................................ 12 2.6 Computer Security Requires a Comprehensive and Integrated Approach. ................................................. 13 2.7 Computer Security Should Be Periodically Reassessed. ...... 13 2.8 Computer Security is Constrained by Societal
    [Show full text]
  • MODELING the PROPAGATION of WORMS in NETWORKS: a SURVEY 943 in Section 2, Which Set the Stage for Later Sections
    942 IEEE COMMUNICATIONS SURVEYS & TUTORIALS, VOL. 16, NO. 2, SECOND QUARTER 2014 Modeling the Propagation of Worms in Networks: ASurvey Yini Wang, Sheng Wen, Yang Xiang, Senior Member, IEEE, and Wanlei Zhou, Senior Member, IEEE, Abstract—There are the two common means for propagating attacks account for 1/4 of the total threats in 2009 and nearly worms: scanning vulnerable computers in the network and 1/5 of the total threats in 2010. In order to prevent worms from spreading through topological neighbors. Modeling the propa- spreading into a large scale, researchers focus on modeling gation of worms can help us understand how worms spread and devise effective defense strategies. However, most previous their propagation and then, on the basis of it, investigate the researches either focus on their proposed work or pay attention optimized countermeasures. Similar to the research of some to exploring detection and defense system. Few of them gives a nature disasters, like earthquake and tsunami, the modeling comprehensive analysis in modeling the propagation of worms can help us understand and characterize the key properties of which is helpful for developing defense mechanism against their spreading. In this field, it is mandatory to guarantee the worms’ spreading. This paper presents a survey and comparison of worms’ propagation models according to two different spread- accuracy of the modeling before the derived countermeasures ing methods of worms. We first identify worms characteristics can be considered credible. In recent years, although a variety through their spreading behavior, and then classify various of models and algorithms have been proposed for modeling target discover techniques employed by them.
    [Show full text]
  • Red Teaming the Red Team: Utilizing Cyber Espionage to Combat Terrorism
    Journal of Strategic Security Volume 6 Number 5 Volume 6, No. 3, Fall 2013 Supplement: Ninth Annual IAFIE Article 3 Conference: Expanding the Frontiers of Intelligence Education Red Teaming the Red Team: Utilizing Cyber Espionage to Combat Terrorism Gary Adkins The University of Texas at El Paso Follow this and additional works at: https://scholarcommons.usf.edu/jss pp. 1-9 Recommended Citation Adkins, Gary. "Red Teaming the Red Team: Utilizing Cyber Espionage to Combat Terrorism." Journal of Strategic Security 6, no. 3 Suppl. (2013): 1-9. This Papers is brought to you for free and open access by the Open Access Journals at Scholar Commons. It has been accepted for inclusion in Journal of Strategic Security by an authorized editor of Scholar Commons. For more information, please contact [email protected]. Red Teaming the Red Team: Utilizing Cyber Espionage to Combat Terrorism This papers is available in Journal of Strategic Security: https://scholarcommons.usf.edu/jss/vol6/iss5/ 3 Adkins: Red Teaming the Red Team: Utilizing Cyber Espionage to Combat Terrorism Red Teaming the Red Team: Utilizing Cyber Espionage to Combat Terrorism Gary Adkins Introduction The world has effectively exited the Industrial Age and is firmly planted in the Information Age. Global communication at the speed of light has become a great asset to both businesses and private citizens. However, there is a dark side to the age we live in as it allows terrorist groups to communicate, plan, fund, recruit, and spread their message to the world. Given the relative anonymity the Internet provides, many law enforcement and security agencies investigations are hindered in not only locating would be terrorists but also in disrupting their operations.
    [Show full text]
  • De L'encyclopédie Des Nuisances À La Pensée Anti-Industrielle
    De l’Encyclopédie des Nuisances à la pensée anti-industrielle : retour sur la construction idéologique d’une utopie contemporaine. Aurélien Tourreilles To cite this version: Aurélien Tourreilles. De l’Encyclopédie des Nuisances à la pensée anti-industrielle : retour sur la construction idéologique d’une utopie contemporaine.. Science politique. Université de Bordeaux, 2019. Français. NNT : 2019BORD0005. tel-02146739 HAL Id: tel-02146739 https://tel.archives-ouvertes.fr/tel-02146739 Submitted on 4 Jun 2019 HAL is a multi-disciplinary open access L’archive ouverte pluridisciplinaire HAL, est archive for the deposit and dissemination of sci- destinée au dépôt et à la diffusion de documents entific research documents, whether they are pub- scientifiques de niveau recherche, publiés ou non, lished or not. The documents may come from émanant des établissements d’enseignement et de teaching and research institutions in France or recherche français ou étrangers, des laboratoires abroad, or from public or private research centers. publics ou privés. THÈSE PRÉSENTÉE POUR OBTENIR LE GRADE DE DOCTEUR DE L’UNIVERSITÉ DE BORDEAUX ÉCOLE DOCTORALE DE DROIT (E.D. 41) SPÉCIALITÉ SCIENCE POLITIQUE Par Aurélien TOURREILLES De l’Encyclopédie des Nuisances à la pensée anti-industrielle : retour sur la construction idéologique d’une utopie contemporaine Sous la direction de : Patrick TROUDE-CHASTENET Soutenue le 11 Janvier 2019 Membres du jury : M. LAMBERT Frédéric, Professeur à Université Rennes 1, Président du jury et rapporteur Mme OLLITRAULT Sylvie, Directrice de Recherche au CNRS-Sciences Po Rennes, rapporteur M. JARRIGE François, Maître de conférences à Université de Bourgogne, examinateur Mme BLANC-NOEL Nathalie, Maître de conférences à Université de Bordeaux, examinateur M.
    [Show full text]
  • Are Enhanced Warfighters Weapons, Means, Or Methods of Warfare?
    Are Enhanced Warfighters Weapons, Means, or Methods of Warfare? Rain Liivoja and Luke Chircop 94 INT’L L. STUD. 161 (2018) Volume 94 2018 Published by the Stockton Center for the Study of International Law ISSN 2375-2831 Enhanced Warfighters: Weapons, Means, or Methods? Vol. 94 Are Enhanced Warfighters Weapons, Means, or Methods of Warfare? Rain Liivoja and Luke Chircop CONTENTS I. Introduction ............................................................................................. 162 II. Biological Weapons ................................................................................ 164 A. Defining Biological Agents ........................................................ 166 B. Enhanced Warfighters as Biological Agents ............................ 166 C. Enhancements as Biological Agents ......................................... 170 D. Enhancements as Chemical Weapons ...................................... 172 III. Weapons ................................................................................................... 173 A. Defining Weapons....................................................................... 173 B. Enhanced Warfighters as Weapons .......................................... 176 IV. Means of Warfare ................................................................................... 178 A. Defining Means of Warfare ....................................................... 178 B. Enhanced Warfighters as Means of Warfare ........................... 179 V. Methods of Warfare ..............................................................................
    [Show full text]
  • A PRACTICAL METHOD of IDENTIFYING CYBERATTACKS February 2018 INDEX
    In Collaboration With A PRACTICAL METHOD OF IDENTIFYING CYBERATTACKS February 2018 INDEX TOPICS EXECUTIVE SUMMARY 4 OVERVIEW 5 THE RESPONSES TO A GROWING THREAT 7 DIFFERENT TYPES OF PERPETRATORS 10 THE SCOURGE OF CYBERCRIME 11 THE EVOLUTION OF CYBERWARFARE 12 CYBERACTIVISM: ACTIVE AS EVER 13 THE ATTRIBUTION PROBLEM 14 TRACKING THE ORIGINS OF CYBERATTACKS 17 CONCLUSION 20 APPENDIX: TIMELINE OF CYBERSECURITY 21 INCIDENTS 2 A Practical Method of Identifying Cyberattacks EXECUTIVE OVERVIEW SUMMARY The frequency and scope of cyberattacks Cyberattacks carried out by a range of entities are continue to grow, and yet despite the seriousness a growing threat to the security of governments of the problem, it remains extremely difficult to and their citizens. There are three main sources differentiate between the various sources of an of attacks; activists, criminals and governments, attack. This paper aims to shed light on the main and - based on the evidence - it is sometimes types of cyberattacks and provides examples hard to differentiate them. Indeed, they may of each. In particular, a high level framework sometimes work together when their interests for investigation is presented, aimed at helping are aligned. The increasing frequency and severity analysts in gaining a better understanding of the of the attacks makes it more important than ever origins of threats, the motive of the attacker, the to understand the source. Knowing who planned technical origin of the attack, the information an attack might make it easier to capture the contained in the coding of the malware and culprits or frame an appropriate response. the attacker’s modus operandi.
    [Show full text]
  • Common Threats to Cyber Security Part 1 of 2
    Common Threats to Cyber Security Part 1 of 2 Table of Contents Malware .......................................................................................................................................... 2 Viruses ............................................................................................................................................. 3 Worms ............................................................................................................................................. 4 Downloaders ................................................................................................................................... 6 Attack Scripts .................................................................................................................................. 8 Botnet ........................................................................................................................................... 10 IRCBotnet Example ....................................................................................................................... 12 Trojans (Backdoor) ........................................................................................................................ 14 Denial of Service ........................................................................................................................... 18 Rootkits ......................................................................................................................................... 20 Notices .........................................................................................................................................
    [Show full text]