Cyber security

What is Cyber space?

A global domain within the information environment consisting of the interdependent network of information technology infrastructures, including the Internet, telecommunications networks, computer systems, and embedded processors and controllers. Cyberspace is the connected Internet Ecosystem.

Rapid Development in Information Technology leads to The New “Net” which monitors & controls critical Infrastructure. Its integrity & availability is critical for the economy, public safety, & national security.

What is cyber security?

Definition: Cyber security or information technology security are the techniques of protecting computers, networks, programs and data from unauthorized access or attacks that are aimed for exploitation.

Example: theft of or damage to their hardwaresoftware, or electronic data, as well as from the disruption or misdirection of the services they provide.
Cyber Security is protecting our cyber space (critical infrastructure) from attack, damage, misuse and economic espionage.

Elements of cyber encompass all of the following:

  • Network security
  • Application security
  • Endpoint security
  • Data security
  • Identity management
  • Database and infrastructure security
  • Cloud security
  • Mobile security
  • Disaster recovery/business continuity planning
  • End-user education

Description: Major areas covered in cyber security are:

1) Application Security- It encompasses measures or counter-measures that are taken during the development life-cycle to protect applications from threats that can come through flaws in the application design, development, deployment, upgrade or maintenance. 

2) Information Security-  It protects information from unauthorized access to avoid identity theft and to protect privacy. Major techniques used to cover this are: 

a) Identification, authentication & authorization of user, 

b) Cryptography.


3) Disaster recovery- It is a process that includes performing risk assessment, establishing priorities, developing recovery strategies in case of a disaster.

4) Network Security- It includes activities to protect the usability, reliability, integrity and safety of the network. Effective network security targets a variety of threats and stops them from entering or spreading on the network. Its components include: 

a) Anti-virus and anti-spyware, 

b) Firewall, to block unauthorized access to your network, 

c) Intrusion prevention systems (IPS), to identify fast-spreading threats, such as zero-day or zero-hour attacks, and 

d) Virtual Private Networks (VPNs), to provide secure remote access.




Communication networks are a part of our critical information infrastructure which was defined in the IT Act, 2000 as “the computer resource, the incapacitation or destruction of which, shall have debilitating impact on national security, economy, public health or safety.” Communications networks are crucial to the connectivity of other critical infrastructure, viz. civil aviation, shipping, railways, power, nuclear, oil and gas, finance, banking, communication, information technology, law enforcement, intelligence agencies, space, defence, and government networks. Therefore, threats can be both through the networks as well as to the networks.

Securing the networks is complicated by a number of factors. In the first instance, much of the hardware and software that make up the communications ecosystem is sourced externally; as a case in point, Chinese manufacturers such as Huawei and ZTE have supplied about 20 percent of telecommunications equipment while Indian manufacturers have about 3 percent of the market. As recent incidents have shown, foreign governments are not above taking advantage of the market penetration and dominance of their companies to infiltrate and compromise telecommunications networks. This is a potent combination of expertise and resources.

The task of securing the networks is also complicated by the fact that much of the infrastructure is in the hands of private companies who see measures such as security auditing and other regulations and frameworks as adding to their costs. The government in the National Telecom Policy of 2012 has set a target for domestic production of telecom equipment to meet the Indian telecom sector’s demand to the extent of 60 to 80 percent by 2020

The Ministry of Communications and Information Technology has also repeatedly urged telecom companies to take note of vulnerabilities in their equipment and told them they would be held responsible and subject to penalties if the vulnerabilities are not addressed. A number of other measures, such as making local certification mandatory, have been announced, but there is a need for a more integrated and strategic approach to securing the networks since they are so crucial to the economic, social and political wellbeing of the country.


Cyber Security Challenges:

Cyberspace has inherent vulnerabilities that cannot be removed 

• Innumerable entry points to internet.

• Assigning attribution: Internet technology makes it relatively easy to misdirect attribution to other parties 

• Computer Network Defense techniques, tactics and practices largely protect individual systems and networks rather than critical operations (missions) 

• Attack technology outpacing defence technology 

• Nation-states, non-state actors, and individuals are at a peer level, all capable of waging attacks.


Sources:   a) Nation States              b) Cyber Criminal Organisations

                 c) Terrorists, DTOs, etc.,   d) Hackers / Hacktivists

CYBER THREATS:

Cyber threats can be disaggregated, based on the perpetrators and their motives, into four baskets: cyber espionage, cyber warfare, cyberterrorism, and cyber crime. Cyber attackers use numerous vulnerabilities in cyberspace to commit these acts. They exploit the weaknesses in software and hardware design through the use of malware. DOSS attacks are used to overwhelm the targeted websites. Hacking is a common way of piercing the defences of protected computer systems and interfering with their functioning. Identity theft is also common. The scope and nature of threats and vulnerabilities is multiplying with every passing day. 


Some common threats are :

  •  Malware Malicious software to disrupt computers in which any file or program can be used to harm a computer user, such as worms, computer viruses, Trojan horses and spyware
  •  Viruses, worms, …
  •  Theft of Intellectual Property or Data
  • Digital Forgery- Forgery is creation of a document which one knows is not genuine and yet projects the same as if it is genuine. Digital forgery implies making use of digital technology to forge a document.
  • Hacking- Hacking in simple terms means an illegal intrusion into a computer system and/or network.
  • Hactivism – Cyber protests that are socially or politically motivated
  •  Mobile Devices and applications and their associated Cyber Attacks
  • Social Engineering – Entice Users to click on malicious links by an attack that relies on human interaction to trick users into breaking security procedures to gain sensitive information
  • Spear Phishing – Deceptive Communications (e-mails, texts, tweets)in which falsified emails are sent that resemble emails from reputable sources; however, the intention of these emails is to steal sensitive data, such as credit card or login information.
  • Domain Name System (DNS) Attacks
  • Router Security – Border Gateway Protocol (BGP) Hijacking
  • Denial of Service (DoS) – blocking access to websites
  • Ransomware is a type of malicious software. It is designed to extort money by blocking access to files or the computer system until the ransom is paid. Paying the ransom does not guarantee that the files will be recovered or the system restored.
  • Spoofing is the act of masquerading as a valid entity through falsification of data (such as an IP address or username), in order to gain access to information or resources that one is otherwise unauthorized to obtain.
  • Eavesdropping is the act of surreptitiously listening to a private computer "conversation" (communication), typically between hosts on a network.
  • Denial of service attacks (DoS) are designed to make a machine or network resource unavailable to its intended users.
  • Cyber Stalking- This term is used to refer to the use of the internet, email, or other electronic communications devices to stalk another person. Cyber stalking can be defined as the repeated acts of harassment or threatening behaviour of the cybercriminal towards the victim by using internet services.
  • Spyware- Spyware invades a computer and, as its name implies, monitors a user’s activities without consent. Spywares are usually forwarded through unsuspecting emails with bonafide email i.ds. Spyware continues to infect millions of computers globally.
  • Other
Bottom line – easier to be a Bad Guy and volume of threats is growing



Cyber Warfare:

There is no agreed definition of cyber warfare but it has been noticed that states may be attacking the information systems of other countries for espionage and for disrupting their critical infrastructure. The attacks on the websites of Estonia in 2007 and of Georgia in 2008 have been widely reported. It is FIFTH DOMAIN OF WARFARE as is the case for land, air, sea and space.

The domains of cyber warfare may broadly be classified as: 

Espionage- Intelligence gathering and data theft. Examples of this were Titan Rain and Moonlight Maze. These activities could be by criminals, terrorists or nations as part of normal information gathering or security monitoring.

Vandalism- Defacing web pages or use Distributed Denial of Service (DDOS) to take them down. Such actions were evident in Estonia or Georgia. 

Sabotage- This has the most serious implications and includes DDOS, destruction of data, insertion of malware and logic bombs. It also encompasses actions in war such as those taken for preparation of the battlefield.

Cyberterrorism:

‘Cyber terrorism is the convergence of terrorism and cyber space. It is generally understood to mean unlawful attacks and threats of attacks against computers, networks, and information stored therein when done to intimidate or coerce a government or its people in furtherance of political or social objectives.

Cyberspace has been used as a conduit for planning terrorist attacks, for recruitment of sympathisers, or as a new arena for attacks in pursuit of the terrorists’ political and social objectives. Terrorists have been known to have used cyberspace for communication, command and control, propaganda, recruitment, training, and funding purposes. From that perspective, the challenge of non-state actors to national security is extremely grave.



Information Warfare (IW):

In near future, Information warfare will control the form and future of war. Because of the increasing relevance of information technology (IT) to people’s lives, individuals who take part in IW are not all soldiers and that anybody who understands computers may become a fighter.

IW is inexpensive as the targeted party can be delivered a paralysing blow through the net and it may be difficult for the latter to discern where the attack originated. Large amount of useless information can be created to block or stop the functioning of an adversary’s information system.

Thus, a People’s War in context of IW can be carried out by hundreds of millions of people, using open-type modern information systems. Even political mobilisation for war can be achieved via the internet, by sending patriotic e-mail messages and by setting up databases for education.

IW consists of five major elements and two general areas. The five elements are:

  1. Substantive destruction, the use of hard weapons to destroy enemy headquarters, command posts, and command and control (C2) information centres
  2. Electronic warfare, the use of electronic means of jamming or the use of anti-radiation [electromagnetic] weapons to attack enemy information and intelligence collection systems such as communications and radar
  3. Military deception, the use of operations such as tactical feints [simulated attacks] to shield or deceive enemy intelligence collection systems
  4. Operational secrecy, the use of all means to maintain secrecy and keep the enemy from collecting intelligence on our operations.
  5. Psychological warfare, the use of TV, radio, and leaflets to undermine the enemy’s military morale.

The two general areas are information protection (defence) and information attack (offence).

Information defence means preventing the destruction of one’s own information systems, ensuring that these systems can perform their normal functions. In future wars, key information and information systems will become “combat priorities”, the key targets of enemy attack. It also includes many other manifestations of IW like computer virus warfare, precision warfare and stealth warfare, all dependent in some manner on information and software programmes.


Tools to protect against cyber threats

Cyber Forensics- Cyber Forensics is a very important ingredient in the investigation of cyber crimes. Cyber forensics is the discovery, analysis, and reconstruction of evidence extracted from any element of computer systems, computer networks, computer media, and computer peripherals that allow investigators to solve a crime.

Encryption- One of the most powerful and important methods for security in computer systems is to encrypt sensitive records and messages in transit and in storage. Cryptography has a long and colourful history. four groups of people have used and contributed to the art of Cryptography, the military, the diplomatic corps, diarists, and lovers. The military has had the most sensitive role and has shaped the field..

Digital Signatures- A Digital Signature is a technique by which it is possible to secure electronic information in such a way that the originator of the information, as well as the integrity of the information, can be verified. This procedure of guaranteeing the origin and the integrity of the information is also called Authentication.

Implications for India

The concept of information superiority is somewhat analogous to similar concepts of air, sea or space superiority. This is because proper use of information is as lethal as other kinds of power.

The Indian concepts of IW are generally based on Western concepts and according to the 2004 Army Doctrine, IW encompasses the elements of command and control warfare, intelligence based warfare, electronic warfare, cyber warfare, psychological warfare and network centric warfare, military deception and secrecy as well as media support. Information operations can vary from physical destruction to psychological operations to computer network defence.

It is in this context that a Defence Information Warfare Agency (DIWA) under the Integrated Defence Staff Headquarters has been formed to coordinate efforts of the three services and certain other agencies to handle all aspects of information warfare.


Recent Attacks/ Virus in news

DTrack

  • DTrack, is used by hackers to attack financial and research centres in India.
  • It   was designed to be planted on the victim’s ATMs, where it could read and store the data of cards that were inserted into the machines
  • A version of it was used to attack the banking system in South Korea as well as for the infamous WannaCry ransom worm attacks across the globe.
  • Researchers have identified that the malware which infected the computer at Kudankulam nuclear power plant was DTrack.

Pegasus

  • Pegasus is a spyware developed by the Israeli cyberarms firm, NSO Group
  •  It can be installed on devices running certain versions of iOS, Apple’s mobile operating system, 
  • Pegasus is capable of reading text messages, tracking calls, collecting passwords, tracing the location of the phone, accessing the target device’s microphone(s) and video camera(s
  •  Apple released version of its iOS software to fix the vulnerabilities.
  •  News of the spyware got  significant media attention. 
  • It was called the “most sophisticated” smartphone attack ever.



Last modified: Sunday, 10 November 2019, 7:07 AM