DATA SECURITY OF A COMPUTER NETWORK IN THE WAKE OF NEW TECHNOLOGY
CHAPTER I
INTRODUCTION
1.
Info Inform rmat atio ion n and and secu securi rity ty have have been been inte interl rlin inke ked d sinc sincee time time imme immemo mori rial al.. Th Thee fact fact that that
one actor seeks information about the intention and action of the intended enemy, called the intelligence on enemy, while the other seeks to secure those and prevent them from being known to the opponent, opponent, has been part of military military operation operation since ancient ancient times. The operation operation covers information as well as information technology (IT). IT used in ancient times was not radio, telegraph or satellite but the smoke signal, the tower, horse etc. In the 21st century the IT includes includes sophistica sophisticated ted electronic electronic technologies, technologies, with computers being the main control control and storage components, networked through wire and wireless links like telephone cable, radio, satellite etc. Today security of computer network and information stored in or processed and transmitted of it not only falls under military domain but also affects many aspects of the society including telecommunications, energy, banking, and transportation systems.
2.
Thee data Th data secur securit ity y of com comput puter er net netwo work rk cov cover erss the the secu securi rity ty pro prote tect ctio ion n of the the digi digita tall data data
and the supporting hardware and software forming computer network and communication links as a whole called the digital IT or information and communication technology (ICT). The threat on the computer network could be in the form of physical attack by traditional means or of electronic attack through IT software application. The electronic attack is also called the cyberattack or battle into the realm of cyberspace; the virtual information space created by the dense interconnection of computer and communication systems. This paper mainly focuses on cybersecuri security ty from from electr electronic onic threat threats. s. The resear research ch also also covers covers as a part part of cybercyber-sec securi urity ty the electr electronic onic survei surveilla llance nce on the use of digita digitall networ network k by variou variouss societ societal al groups groups for their operation and sustenance.
1
3.
Toda To day y the the bord border erle less ss wor world ld wir wired ed tog toget ethe herr by the the Int Inter ernet net is bas based ed on on comp comput uter er net networ work k
connections and powerful communications nodes. These are literally redefining the geography of commerce and communication. co mmunication. Experts view that computer vulnerabilities may translate into damage to the national economy unless proper measures are not taken. This brings to the fore a set of questions: are the cyber-threats really great, why are not appropriate measures in place, why is there a general lack of understanding on cyber-securities, is there anything that can be done to counter the threat etc? The paper makes an endeavour to answer the the questions.
4.
Most Mo st of of the the mat mater eria iall in the the pape paperr has has been been gle glean aned ed fro from m books books parti particu cula larl rly y the the book book by by
Robert Latham (ed.), (ed.), Bombs and
Bandwidths Bandwidths
(New York: The New Press, 2003), and a few
articles and websites. There are many books on the technical issues of digital IT and their security. But the technical aspects have been kept very simple though the topic looks very technical in nature. The instances of the US activities on the cyber-issues have been mentioned as the US is considered to be the central force in shaping global IT security. Also mentioned are a few famous computer worms that created uproar in the computer society.
5.
The study first dwells on the the growing use of ICT in all aspec pects of society ety and and
accompanying security concerns. There are numerous definitions and terms on cyber security issue. These are briefly mentioned along with threat analysis and social network’s networking. After identifying various security challenges, the paper shows detailed way-forwards in terms of technical technical,, proced procedura ural, l, legal and strate strategic gic measures measures..
As said before before this this paper paper is not a
technical paper and hence detailed discussion on the technical solutions have been avoided to view it from strategic perspective. CHAPTER II
ICT PREVALENCE AND SECURITY CONCERN
GENERAL
6.
Comp Comput uter er usag usages es thro throug ugh h stan standa dalo lone ne and and netwo network rked ed syst system emss are wide widesp spre read ad in all all
echelons of society, be it military or civil. Computer networking using Local Area Network
2
(LAN (LAN)) tech techno nolo logy gy,,
and and
Wide Wide Area Area Netw Networ ork k
(WAN (WAN)) tech techno nolo logy gy usin using g
dedi dedica cate ted d
commun communica icatio tion n links links (calle (called d Intran Intranet) et) or the Intern Internet et backbon backbonee is design designed ed to fulfi fulfill ll the following functions:
(a) Share common data. (b) Ensure database integrity. (c) Provide a secure means of o f gathering information and disseminating orders. (d) Enable a gateway to the information superhighway -- Internet (e) Provide a backbone for core infrastructure and network centric warfare.
PRESENT TREND
7.
IT Inte Integr grat atio ion n and and Effec Effect. t. IT is becom becomin ing g incr increa easi sing ngly ly perv pervas asiv ivee and conne connect cted ed.. It is
spreading throughout homes, offices and elsewhere. It is being integrated into everything from appliances to business processes and control systems featuring automation. The tangled web of IT networ network k parti particul cularl arly y commun communicat ication ion system system has become become a potent potential ial launchi launching ng pad for attacks, espionage and viruses by actors around the world. It creates more targets to attack and more attackers.
8.
Mobi Mo bile le Com Comput putin ing g Devic Devices es.. The The prol prolif ifer erat atio ion n of mob mobil ilee comp comput utin ing g devic devices es has has adde added d
new problems. It has extended the computer network perimeter from the workplace to homes, airports, automobiles, and hotel rooms. Information once confined to office networks can now be accessed through home PCs, laptops, and handheld devices, which may be less protected. Beside Besidess the wirele wireless ss networ networks ks suppor supportin ting g the mobile mobile devices devices are instal installed led often often without without adequate security measures
9.
Incr Increa eassing ing Capa Capaci city ty..
IT is get getting ing smal smalller, er, faster ster,, chea cheape per, r, and and more ore powe powerf rful ul..
Processor Processor speeds are doubling approximately approximately every eighteen eighteen months months and the storage storage capacity capacity about every twelve months. The network has the highest growth doubling approximately every nine months. As a result spies can steal megabytes of information in just a few seconds, and viruses and worms can spread at record breaking speeds. During the peak of its infection
3
frenzy, the Code Red worm first appeared in July 2001 infected more than 2,000 computers per minute.
10. 10.
Crit Critic ical al Infr Infras astr truc uctu ture. re. Natio Nations ns are are incre increas asin ingl gly y becom becomin ing g depend dependen entt upon comp comput uter er
netw networ orks ks for for many many esse essent ntia iall serv servic ices es incl includ udin ing g wate water, r, elec electr tric icit ity, y, gas, gas, voice voice and and data data communications, rail and aviation. In effect, IT has become the brains and nervous system of the infrastructure. Nuclear weapons facilities facilities are monitored and administered administered using IT, as are power grids and telecommunications networks. The international financial markets are virtually the data networks through which transactions are executed. Many such systems are controlled through networks based on the Internet protocols (IP), which are rather more open to attack. The critical infrastructure is largely owned and operated by the private sector, and most of government communications including military, for example 95% for the US, are transmitted via privately owned network. So the private sector has become a key player in the security dynamics.
11. 11.
Netw Networ ork k Centr Centric ic Oper Operat atio ions ns.. For For many many yea years rs,, trans transnat natio ional nal cor corpor porat atio ions ns have have been been
organising organising their operation operation on multi-fir multi-firm m networks networks linking linking their production production and marketing marketing resources worldwide. IT has been central to these networks in that it allows firms to share upto-the-minute information as well as knowledge about markets and production. The same strategy inspired the militaries to organize themselves into networks across and within various units. In such networks all military resources and units are linked, communicating and sharing access access to data data which which includ includes es inform informati ation on relate related d to survei surveilla llance nce,, fire-co fire-contr ntrol ol soluti solution, on, mess messag ages es and othe others rs.. Elec Electr troni onicc intr intrus usio ion n can can caus causee thes thesee netw networ orkk-ce cent ntri ricc oper operat atio ions ns malfunction potentially incurring heavy losses or risking thousands of lives.
12
Internet.
a.
Inte Intern rnet et emer emerged ged rapi rapidl dly y as as a main mainst stre ream am comm communi unicat catio ion n medi medium um in the the 1990s 1990s..
Internet porn, hacking attacks, and numerous debilitating computer viruses have also become widespread. But the fact that Internet is international and respects no borders has made tracking Internet criminals—and prosecuting them—difficult. That means that
4
the the issu issuee of extr extrat ater erri rito tori rial alit ity y and inhom inhomoge ogene neit ity y of the the diff differ erent ent nati nation ons' s' laws laws complicates the problem.
b. b.
Inte Intern rnet et has has been been comm commer erci cial aliz ized ed rapi rapidl dly y in fund fundam amen enta tall ways ways,, from from softw softwar aree
applications and online commerce to the very provision of the backbone that makes the Internet possible. The central feature of Internet is a distributed form of communication without central control. The network is resilient because of its built-in redundancy; the more nodes are added to the network, the more resilient the network as a whole becomes. Internet builds strength through dispersion and multiplication of individual nodes. As a result, result, censoring censoring Internet Internet communications communications has become almost almost impossible impossible.. For Internet communication, data sharing is the main objective, not the security. It is inherently open and provides a good means of cyber-attack.
13.
Technol Technology ogy Mix-up Mix-up:: betwee between n Mil and Non-mi Non-mil. l. Tradit Tradition ionall ally y the milit military ary needs needs have
prompted massive investments in the development of modern ICTs and their potential military uses. uses. In fact fact many many modern modern technol technologi ogies— es—fro from m the invent invention ion of solidsolid-sta state te electr electroni onics cs to supercomputing, networking, and branches of applied mathematics such as cryptology—have emerge emerged d largel largely y from from resear research ch funded funded for milit military ary motive motives. s. Since Since 1990s 1990s many many import important ant technologies in the area of networking, simulation, virtual reality, cryptology and artificial intelligence have moved from military into the commercial sector; and technology has also flowed freely from the commercial sector into military. Military technology is now believed to lag behind in some IT fields such as simulation and war-game. So it is not surprising that intruders armed with latest technology can outsmart the military in cyber warfare.
FUTURE TREND
14. 14.
In futu future re the the world world will will almo almost st cert certai ainl nly y experi experien ence ce quant quantum um leap leapss in IT and in othe other r
areas areas of scie scienc ncee and and tech technol nolog ogy. y. IT will will be the the majo majorr build buildin ing g bloc block k for for inte intern rnat atio ional nal commerce and for empowering non-state actors. Most experts agree that the IT revolution in this this info inform rmat atio ion n age age (fro (from m 1971 1971 to onwa onward rd)) repr repres esen ents ts the the most most sign signif ific ican antt glob global al
5
transformation since the industrial revolution beginning in the mid-eighteenth century. The netw networ orked ked globa globall econo economy my will will be driv driven en by rapi rapid d and larg largel ely y unre unrest stri rict cted ed flow flowss of info inform rmat atio ion, n, idea ideas, s, cult cultur ural al valu values es,, capi capita tal, l, goo goods ds and and serv servic ices es,, and and peopl people: e: that that is, is, global globaliza izatio tion. n. In the develo developin ping g nation nations, s, ICT will will be integr integrate ated d more more result resulting ing in more more connectivity with the world.
CHAPTER III
VARIOUS ASPECTS OF CYBER SECURITY
CYBER THREATS-TYPES AND DEFINITION
15. 15.
Cyber Cyber-t -thr hreat eat has has many form forms. s. It inclu includes des unau unauth thor oriz ized ed acces accesss to or use use of info inform rmat atio ion n
resources. It also includes computer-network attacks that deny, disrupt, degrade, or destroy inform informati ation on and networ network k resour resources ces.. There There is a spectr spectrum um of cybercyber-thr threat eatss runnin running g from from individuals who simply vandalize web pages to those who conduct denial-of-service (DoS) attacks. On the low end are young hackers - also called script kiddies. In the middle are criminals who conduct fraud and industrial espionage online. At the high end, it's potentially nation-states or terrorist groups who conduct attacks to destroy or stop things from working. These attacks could be conducted co nducted in isolation or in conjunction with a physical attack.
16.
Few comm common on terms terms are used used to diffe differen rentia tiate te cyber cyber-at -attac tacks. ks. A networ network k breach breach execut executed ed
by by a misc mischi hiev evous ous teen teen is cons consid ider ered ed ‘hac ‘hacki king ng’, ’, whil whilee an iden identi tica call act perp perpet etra rate ted d by a pol polit itic ical ally ly moti motiva vate ted d grou group p lack lackin ing g viol violen entt inte intent nt may may be cons constr true ued d as ‘hac ‘hackt ktiv ivis ism’ m’ Comparable events may be designated as ‘cyber-terrorism’ or ‘cyber-war’ depending upon the relative involvement of terrorist groups or a nation-state. Occurrences of cyber-aggression are typically described according to the characteristics of the agents who enact them, rather than according to the objectives associated with specific incidents. The term cyber-terrorism became more prominent post 9/11. Cracking is a more recent addition and derives from the more formal designation ‘criminal hacker’ and refers to criminal activity undertaken using IT. Cyber war is also called network warfare (Netwar).
6
CYBER WAR VIS-A-VIS INFORMATION INFORMATI ON WARFARE (IW)
17. 17.
Info Inform rmat atio ion n warfar warfaree (IW) (IW) is meant meant to descr describ ibee the effo effort rtss to sever sever or unde underm rmin inee the
advers adversary ary’s ’s commun communicat ication ion in a theatr theatree as part part of nation nation’s ’s milita military ry strate strategy. gy. It basica basically lly comprises defensive methods of denying enemy access to own information systems as well as offensive methods of getting into enemy systems to disrupt their smooth flow of information. Today the methods for entering the enemy's decision making cycle and gaining insights into his strategy are powered by IT. It may also refer to efforts to damage or render non-functional an opponent's civilian or governmental information infrastructure.
18. 18.
IW is is a broade broaderr term term but but cybe cyberr-wa warr under under the the purv purvie iew w of IW dea deals ls with with the the IT bas based ed
information network. In essence, any activity undertaken by an agency or organization that repres represent entss formal formally ly the intere interests sts of a nation national al gov govern ernmen mentt and damages damages IT compone components nts,, obstructs IT operability, or uses IT as a means to conduct a tactical offensive may rightly be considered an act of cyber war. So cyber-war may be executed by any agency while IW is considered to be conducted under the domain of military strategy or operation. These two terms, however, are interchangeably used to denote the same on broader aspects.
TOOLS AND TECHNOLOGY OF NETWORK ATTACK
19. 19.
In comput computer er netwo network rk setti setting ngs, s, many many tools tools and and techno technolo logie giess are emplo employe yed d for networ network k
breac breach. h. Intrud Intruders ers are constan constantly tly pursui pursuing ng new innovat innovation ionss for the attack attack before before proper proper protection measures are discovered. One such tool is DoS attack. It employs the decentralized character of the Internet to organize an overwhelming and disabling flood of information to attack selected servers. The flood of information requests eventually overwhelms the capacity of the server to respond, shutting it down.
20.
Another Another form form of networ network k attac attack k is the use of viru viruses ses,, Troja Trojan n horses horses,, and and worms. worms. These These
tools tools are programs programs or pieces pieces of code code that that are loaded loaded onto onto comput computers ers without without the users' users' knowledge. They can replicate themselves to the point of using all of a computers available
7
memory memory and resour resources ces.. They They can also also trans transmit mit themse themselve lvess across across the networ network k affect affecting ing multiple multiple nodes and users and slowing down the network. network. These malware and spyware spyware can get access to computer system electronically through network links or directly through human links.
21. 21.
Viru Viruss and and worm worm can be extre extreme mely ly disab disabli ling ng,, corr corrup upti ting ng sens sensit itiv ivee data data and caus causin ing g
random damage to data files as well as compromising private or sensitive information. The ILOVEYOU virus (appeared in May 2000) spread globally within days, causing about $ 1 billion in damage to computers, lost business, and corrupted data. Trojan horse, also a worm can transmit back sensitive information through backdoors it creates.
22. 22.
Dire Direct ct,, unauth unauthor oris ised ed acces accesss to any netwo network rk by intru intrude ders rs pose posess great great damage damage.. Hacker Hackerss
look look for vulner vulnerabi abili litie tiess to get access. access. Once Once access accessed, ed, the hacker hacker can delete delete,, corrup corruptt and download information, and plant malware and spyware for any objectives mentioned above. Insiders are generally considered to be an organization's biggest threat, accounting for perhaps 80% 80% of all all secu securi rity ty inci incide dent ntss in many many syst system ems. s. Insi Inside ders rs consi consist st of empl employ oyee ees, s, form former er employ employees ees,, tempor temporari aries, es, contrac contractor tors, s, and others others with with inside inside access access to an organi organizat zation ion's 's information systems. They are behind many of the most serious attacks, including theft of trade secrets, financial fraud, and sabotage of data. SOCIAL NETWORKS NETWORKS ON ELECTRONIC NETWORK
23. 23.
Socia Sociall netw networ orks ks are web-l web-lik ikee stru struct ctur ures es withou withoutt cent centra rall comm comman and. d. Using Using elect electro roni nicc
communication particularly Internet, social networks of every profession like business, civil networks, scientists, physician etc have multiplied in the last decade. For example, a kind of informal network exists among so-called anti-globalization activists. Linked through thousands of websites, e-mail lists, and Internet relay chats, citizen activists from around the world have been able to coordinate mass protests at major international events without a hierarchical mode of organization. The same tools of internet as a mass media may be utilised by the state or nonstate actors for propaganda warfare.
8
24. 24.
NonNon-st stat atee ter terror rorist ist act actors ors als also can can be labe labellled led as soci social al net networ work wit without hout havi having ng
hier hierar archi chical cal mode mode of orga organi nisa sati tion. on. With Without out glob global al mark market etss and and comm communi unica cati tion ons, s, the the widespread widespread mobility mobility and multicult multicultural ural society these networks of terror terror could not survive. survive. Though cyber-attack by them is not unlikely, but to bring down catastrophe through such attack is indeed difficult for them. But they can mobilise issues and actions of common concern in political domain through the technical network. These groups with little investment can use ICT facilities of the established society as links between distant elements as well as a broadcast media with extended reach.
ELECTRONIC ‘PEARL HARBOUR’ – A FICTION OR REALITY?
25.
Cyber-wa -war is chea heap, clueless and not risky though ugh it unde ndermines the poli olitical
sove sovere reig ignt nty y of any stat state. e. Cyber Cyber-w -war ar seek seekss to disa disabl blee or disr disrupt upt the the opp oppon onent ent's 's crit critic ical al information Systems, effectively rendering them deaf, blind, mute, or unreliable. At its most extreme the image is of an electronic ‘Pearl Harbour’, which was coined post 9/11 by the US proponents who linked it to the historic trauma of US warfare at Pearl Harbour. In this image the critical systems - from the electrical grid to stock markets and air-traffic control—are taken over by legions of unknown intruders without warning, thereby crippling the national economy and severely degrading the ability of the military to conduct war operations. The question is: is the fear a science fiction or reality? The doubt is strengthened due to the fact that no incident of such intensity occurred in reality to date.
26. 26.
Thee US nava Th navall war war coll colleg egee durin during g Augu August st 200 2002 2 cond conduc ucte ted d as exer exerci cise se cal calle led d ‘Dig ‘Digit ital al
Pearl harbour’ bringing together experts to assess the vulnerabilities and threats related to critical infrastructures. The outcome was in stark contrast to the anticipated fears. On the other hand ‘Red Team’ exercises, allegedly carried out by national security agency (NSA) of the US against U.S. military and civilian targets demonstrate that considerable damage could be caused through electronic intrusion.
27.
The US initiati ative in 2008 and and 200 2009 on cyber security measures reinforces the
hypothesis that the cyber threat on grand scale is real. The US already formed strategic cyber
9
command and is presently investing huge resources for cyber-war capability. The US has the capability of and presently conducting the global spying on foreign states and societies as part of cyber-warfar cyber-warfare. e. Currently Currently Russia, Russia, Britain, Britain, France, Israel and China other than the US have offens offensive ive cybercyber-war warfar faree capabi capabili lity. ty. Nation Nationss around around the world, world, includ including ing those those mentio mentioned ned above, are allegedly currently training their military and intelligence personnel to carry out cyber attacks against other nations to quickly quickly and efficiently efficiently cripple their daily operations. operations. In times of crises and conflicts, they would carry out the attack against the perceived enemy state crippling their infrastructure.
28. 28.
With With the the many many advan advance cess in IT, IT, criti critica call infra infrast stru ruct ctur ures es are are incre increas asin ingl gly y linke linked d to one
another and face increased vulnerability to cyber threats. Computer networks can provide pathways among systems to gain unauthorized access to data and operations from outside locations if they are not carefully monitored and protected. The interconnectivity increases the risk that problems affecting one system will also affect other connected systems. As a result, even even hacking hacking can bring bring down down heavy heavy losses losses disrup disrupti ting ng essent essential ial servic services, es, social social order order and security.
CHAPTER IV
SECURITY CHALLENGES AND MEASURES
GENERAL
29. 29.
Thee chall Th challen enge ge in cybe cybers rspa pace ce is to to preve prevent nt thre threee basic basic bad bad event events: s: dama damage ge to the the prope proper r
functioning of the computer system, corruption or destruction of contained information, and leakage of sensitive information. Generally over two-thirds of all hacker attacks come from insiders. While best practices and management can counter inside threat, the main effort should be needed against outside threat in the form of firewalls, virus detectors and intrusion detectors to counter state or non-state actors. CYBER SECURITY VIS-A-VIS NATIONAL STRATEGY.
10
30.
Information is an asset, generated and protected to individuals and organizations. The
integrity of proprietary and sensitive information constitutes its primary value and sustains the competitiveness of the private sector organization and influences the economic security of the states. states. Insulation Insulation of governmenta governmentall and military military intelligence intelligence and operational operational data from the adversarial institutions institutions is also very critical critical to security security efforts. IT has therefore therefore evolved into a core pillar of national security. Despite the persistence of geographical defined jurisdictions, IT unmistakably mitigates the primary and impermeability of national borders. As data flow is not limited by national boundary, IT is contributing to political, social or economic developments that undermine the sovereignty and significance of the nation-state.
31. 31.
IT inf infra rast stru ruct ctur ures es and and node nodess are are gen gener eral ally ly not not gov gover ernm nment ent-o -own wned ed but but pri priva vate te own owned ed..
They systems can’t be insulated from foreign IT infrastructure in either physical or operational terms. Sometimes the foreign and domestic components are interspersed. System of one nation may not follow follow the regula regulati tions, ons, practi practices ces and standar standard d applied applied in foreig foreign n syste system. m. So the international collaboration is needed to address the problem on a collective front. The cyber security issue therefore should be addressed under the realm of national strategy not as a subset of military strategy.
VULNERABILITY AND LIMITATIONS OF IT-BASED SYSTEM
32. 32.
Beca Becaus usee of lack lack of prop proper er secu securi rity ty regi regime me in plac place, e, many many inse insecu cure re or vuln vulner erab able le
networks are growing. The growing connectivity among secure and insecure networks creates new opportunities for unauthorized intrusions into sensitive or proprietary computer systems, such as the nation's telephone system or even military system. Overall the complexity of computer networks is growing faster than the protection measures being taken on global scale, and the ability to understand them. Institutions are dedicating growing resources to the defense of critical infrastructures against cyber attack but they are still insufficient.
33. 33.
Main Mainst stre ream am commer commerci cial al softw softwar aree is repla replaci cing ng rela relati tivel vely y secur securee prop propri riet etar ary y netw networ ork k
systems. Most of the commercial software and hardware items are of imported products or vendor supplied that provide opportunities for foreign implantation of exploitation or attack
11
tools. The government and defense networks similarly are increasing their reliance on these commercial computers.
34. 34.
Most Mo st outs outsid ider er atta attack ckss exploi exploitt known known vulner vulnerab abil ilit itie iess that coul could d have been been avoid avoided ed by
administrators and users. Humans are often the weak link. They make mistakes, pick weak passwords, and are vulnerable to social engineering. Personnel involved in should be made educated and aware of cyber security aspects.
LACK OF UNDERSTANDING
35. 35.
So the the questi question on is: is: why have haven't n't nat natio ions ns take taken n the neces necessa sary ry step stepss to addre address ss the the cyber cyber
threat? threat? The issue is technicall technically y complex and hard to understand understand and that makes it hard for policy makers to engage. Again investment of resources for protection of cyber-space without tangible effects is not well realized and thought. People have tendencies to treating this as a tactical, not a strategic problem. The common perception is that it is a military problem though the civil sector is most likely to suffer.
LACK OF SECURITY INFRASTRUCTURE
36. 36.
When hen any any sens sensiitive ive com comput puter net networ work syste ystem m is brea breach ched ed crea creati ting ng wide wide-s -spr prea ead d
disrup disruptio tion n and stoppa stoppage ge of operati operation/ on/ser servic vices, es, then then questio question n arises arises who should should be held held responsible: the attacker, the system designer or the system management. Each is to share responsibilities as each contributes to the breach. While the attacker can be deterred by laws and regulations, the problem comes when the attack originates from areas outside national jurisdiction or when the attacker is of under-age. The system designer works on commercial ground and is not much concerned for the safety aspects unless required investment is made on security. The system management has to take the major share of responsibilities for creating or opening vulnerabilities or not installing proper security infrastructure.
37. 37.
As per the the opini opinion on of reput reputed ed hacke hackers rs,, the gover governm nmen entt insta install llat atio ions ns are soft soft targ target ets. s.
Many private sectors are definitely ahead of government including military controlled sectors
12
in placing security infrastructure for network security. While the famous Red worm could not penetrate much into private sector and the behavior of the worm was quickly known by them, the government sector had come to know the existence of such warm after having been attacked and subject to disruption. There is a need to maintain private-public relationship for information share and devising common method to deal with the problem.
CHAPTER IV
WAY FORWARD
SECURITY INFRASTRUCTURE
38. 38.
Firs Firstt and and fore foremo most st initi initiat ative ive is to enforc enforcee secu securi rity ty infra infrast stru ruct ctur uree regi regime me nationnation-wi wide de..
The security infrastructure is a combination of technology, procedures and practices, laws and regulations, and personnel involved. It serves to protect against cyber threats and ensure the confidentiality, authenticity, integrity, and availability of data.
39.
Securit Security y Techn Technolo ologie gies. s. Securi Security ty techno technolog logies ies serve serve to protec protectt cybe cybersp rspace ace from from att attack ack
through prevention, detection and investigation, and recovery. Prevention technologies include authentication systems (e.g., passwords, biometrics, and smart cards), encryption systems (for scramb scramblin ling g data data and networ network k commun communica icatio tions) ns),, access access contro controls, ls, firewa firewalls lls,, vulner vulnerabi abilit lity y scanners, and security-management systems. Detection and investigation technologies include auditing and intrusion/misuse detection systems, antiviral tools, honey pots for trapping and studyi studying ng intrud intruders ers,, trace-b trace-back ack mechani mechanisms sms for determ determini ining ng the origin origin of an attack attack,, and computer and network forensic tools for handling and processing evidence. Technologies for recovery include backup systems. Further, some security technologies are also employed as attack technologies. Password crackers and software tools that scan networks for vulnerabilities are good examples. They all have their limits. Security is possible only through a combination of controls coupled with measures like good practices, effective law enforcement etc. Even then, then, secu securi rity ty is neve neverr fool foolpr proo oof. f. Th Ther eree is alwa always ys a bala balanc ncee of secu securi rity ty meas measur ures es and and vulnerability.
13
40. 40.
Proc Procedu edure ress and and Prac Practi tices ces.. Th Thee seco second nd step step rel relat ates es to to the the manag managem emen entt of sec secur urit ity y and and
IT. They They includ includee best best practi practices ces for develop developing ing,, instal installi ling, ng, and operat operating ing comput computers ers and networ networks ks so as to minimi minimize ze securi security ty vulner vulnerabi abilit lities ies and risks. risks. Best Best practi practices ces have been been developed in areas such as selecting and managing passwords, deploying firewalls, configuring and upgrading systems, and planning for and responding to security incidents. Organisations deal dealin ing g with with sens sensit itiv ivee info inform rmat atio ion n and and crit critic ical al netw networ ork k shou should ld inve invest st on rese resear arch ch and development for dealing with new technology and innovations countering new attack methods and technology.
41.
Laws Laws and and Regulat Regulation ions. s. One set of laws laws and and regul regulati ations ons should should govern govern cybercyber-cri crime me and
perpetrators including the investigation thereof. In case any security issue beyond national juris jurisdic dictio tion, n, it should should be dealt dealt with with intern internati ational onal coopera cooperatio tion. n. Anothe Anotherr class class of laws laws and regulations should mandate security for certain critical systems. Competent authorities should conduct security security audits audits and certifica certifications tions of systems systems that process sensitive sensitive informati information on or perfo perform rm critic critical al suppor supportt system systems. s. Privat Privatee sector sectorss who mainta maintain in critic critical al infras infrastru tructu cture re and services should come under some security certifications and internal security policies. Laws should govern how all the sectors that deal with information on general public database should maintain data records, and also furnish them to the competent government agencies on being asked for.
42. 42.
Deni Denial al of Oppo Opport rtun unit ity. y. Syst System em can can be prot protec ecte ted d if oppo opport rtun unit itie iess are deni denied ed to the the
intruders. intruders. If threats threats to critical critical infrastruct infrastructures ures are real, critical systems systems should should be decoupled decoupled from Internet. Even if the system can not be physically separated from the internet backbone, then data flow inside that part of the backbone must be subject to strong encryption regime, and at the system end firewall should be installed to reduce vulnerabilities and prevent any software link with the Internet.
43. 43.
Devel Develop opin ing g Educa Educati tion on and and Awar Awarene eness ss.. Th Thee peopl peoplee and orga organi niza zati tion onss as a par partt of the the
security infrastructure perform a variety of different functions. These include education and
14
traini training, ng, resear research, ch, publica publicatio tion, n, product product develop developmen mentt and market marketing ing,, networ network k securi security ty administr administration, ation, security support services, policy and standards standards making, law enforcement, enforcement, and resear research ch fundin funding. g. meet meetin ing. g. Th Thes esee
Both Both formal formal and inform informal al organi organizat zation ionss should should particip participate ate in regula regular r incl includ udee
gover gov ernm nment ent agenc agencie ies, s, corp corpor orat atio ions ns,,
educa educati tiona onall
inst instit itut utio ions ns,,
professional societies, non-profit organizations, research communities, standards committees, internation international al bodies, and consortia. consortia. Experts Experts and non-experts non-experts should should participate participate in a securitysecurityrelated seminar, workshop, or meeting to share knowledge and educate broader audience.
DISTRIBUTED OR DECENTRALISED CONTROL
44.
Though Though gover governme nment nt can can exerci exercise se direc directt control control over over stat state-c e-cont ontrol rolled led entit entities ies,, the priva private te
sectors are not responsible to the government for their security measures. Government can however regulate their activities through promulgating laws. Without interfering with their normal normal activi activitie tiess the governm government ent should should encour encourage age pub public lic/pr /priva ivate te partne partnersh rships ips in shari sharing ng information and experience. Participants in the security infrastructure including state-controlled entit entities ies should should consti constitut tutee a loosel loosely y struct structure ured d networ network. k. When When a major major securi security ty incide incident nt affecting multiple organizations occurs, participants in the security network should report and respond simultaneously to the attack, issuing alerts, releasing software tools and upgrades, reconfiguring systems, and hunting down the attacker at their individual level. Even various government organisations including military should not come under one central command. Each should pursue own security measures according to the guidelines and policy set by the government.
ADOPTING CYBER SECURITY STRATEGY
45.
There There is a need need to take take proa proacti ctive ve measu measures res to to detect detect,, interr interrupt upt and and reta retali liate ate agai against nst cybe cyber r
intr intrus usio ions ns or soci social al netw networ orks ks abus abusin ing g elec electr tron onic ic netw networ orks ks side side by side side with with the the instituti institutionaliza onalization tion of security security infrastru infrastructure ctures. s. The cyber-secur cyber-security ity strategy strategy should should focus on proactive strategic imperatives through education and awareness programme, adequate research fundin funding, g, enforc enforceme ement nt of securi security ty infras infrastru tructu cture, re, intern internati ational onal collab collabora oratio tion n on collec collectiv tivee security, advanced surveillance on public communication media etc. A cyber command at
15
strategic level should be set-up to coordinate all the measures. A system of pool of IT and computer professional/experts should always be maintained to employ them on cyber-security related operations.
CHAPTER V
CONCLUSION
16
