Top Banner

Click here to load reader

Cyber Security

Aug 30, 2014

ReportDownload

Documents

an overview of contemporary threats and political decisions how to tackle with

CYBER SECURITY the challenge of the nearest future

the challenge of the nearest futureNikola Schmidt

CYBER SECURITY

1. IntroductionCyber security is a discipline which is hardly understandable for broad public even thou it covers daily problems we face when using our personal computers. On the one hand we know that some worms are destroyed by our antivirus shields perfectly every day and we are informed about this incident by small window on our monitor. We do not worry about possible consequences of infection, if so we put the computer to IT hospital and predict that those geeks will cure it. On the other hand there are highly dangerous worms which are capable to shut down electrical networks or control devices on gas pressure stations and those are capable to do immediate injuries or consecutive damages or run chain of incidents such as shutting down critical infrastructure of modern society.

2. The origin of cyber security discipline2.1. Background of the networks and its security In 2002 Hungarian physicist wrote a book about networks. Not about a computers network only, but the first book about networking discipline itself. This work begun the journey to uncover how everything in the world is connected (social relations, computer networks, biological systems etc.) and how these networks behave, what rules are applied to networks and what characteristics it has on a physical basis (Barabsi, 2002). The most important outcome is that everything what looks decentralized or chaotic tends to be organized, also the computer networks. The most important outcome from the research is that chaotic nodes in the network tend to create centers and then subsequently influence the other. Sometimes it is colloquially called small business waves. Hence when scientists assigned to create a first communication network as a US governmental task, the Arpanet created in 1969, to fulfill the primordial achievements could not be successful challenge because those principles matters. The task was to

Article written for course EU after the Cold War taught by George Hays II, 3rd semester IRES, Metropolitan University Prague

1 | 16

CYBER SECURITY the challenge of the nearest future

create a decentralized communication network durable for possible nuclear attack on a major part of it. The network had to survive attack on the major part and be still capable to communicate between two arbitrary nodes. The problem is that networks tend to create centers and those are more vulnerable than the rest. The task could not be achieved in the sense of perfectly decentralized network, but early after this experiment the Internet was created with present sensitive attributes, mainly with the consecutive character of center based. Cyber security is very young discipline which does not enjoy the same popularity as some of the other security related disciplines. At the very beginning the most important problem of cyber security is its own inviolability for broad public. Apple has been winning on the market last years because of their philosophy how to design the devices. They focus on simplicity and easy-to-use approach. This approach is highly complicated for broad acceptance of cyber related security issues because it does not push people to think about security settings in their own computer (or any other settings), consumers are satisfied when having everything prepared and set in default. Steve Jobs said that good application is the one which works well without any needed settings (Kahney, 2009). Because of the fact that this approach seems to be successful, the world will not be more secure, but more vulnerable. 2.2. The origin of a problem on the side of the public Cyber threats are hard to understand for any person who has never faced a virus destroying their data and following reconstruction of a hard drive. In the first years of personal computers the viruses were moving from computer to computer on diskettes, the first media used for data transfer. As the data were transferred very slowly because everybody should copy it personally, also the antiviruses were distributed very slowly. We could say that this world was highly separated as the persons using computers and sharing data on diskettes were separated. Hence the networks and their centers reflected more the social relations instead of nowadays nods relations on the Internet network. The idea of spreading out to the world a virus which could be a threat to the world peace was something unimaginable just one and half decade ago. But it is not today.

Article written for course EU after the Cold War taught by George Hays II, 3rd semester IRES, Metropolitan University Prague

2 | 16

CYBER SECURITY the challenge of the nearest future

Almost all the computers are connected to the Internet and most of them use some centralized services such as Facebook or Gmail. Those centers represent most vulnerable parts of the Internet network. More and more people want more standardized systems, minimum of settings and easy-to-use operating systems what is highly understandable. They would like to create some valuable outputs using their computers. Have well configured computer full of tweaks and nice icons is not a value which they seek for. Hence the computer must be simple as possible and provide maximum of simply accessible services. But this world which is approaching will be more vulnerable than before and all those go-easy people will be a part of the world which will arise. As the computers are more connected and more other devices are synchronized and connected with whole local networks and new kids are more educated in hacking those networks the more vulnerable world is. At this point governments matters. 2.3. The origin of the problem on the side of governments Governments are not only responsible for broad public health but will be in the near future also responsible for security of personal computers which can disturb whole country for hours or days just because of connected to the infected Facebook. Governments are also responsible for wide variety of public services such as water or electricity supply. Those services are consumed today by implication, but the computers running the chain of machines which provides such services are vulnerable as well. Disturbing those machines could have strategic or symbolic background. Contemporary attacks against states are rare but they are targeting computers within state which could harm state interests (Nazario, 2010). Taking down the air defense by cyber related weapons during the air attack of Syria by Israel in 2007 was strategic approach per se (Fulghum, Wall, & Butler, 2007). In this case the target and the attacker or source of the attack was clear. Israel attacked Syria to support its own air strike and prevent the collateral damage. This type of cyber-attack could be classified as military one with no confuses. A virus called Stuxnet which was found more than one year after launch was probably scheduled to take down centrifuges in Iran because more than half of affected computers where in Iran (Geers, 2011). The most problematic issue on Stuxnet is firstly unknown origin, secondly

Article written for course EU after the Cold War taught by George Hays II, 3rd semester IRES, Metropolitan University Prague

3 | 16

CYBER SECURITY the challenge of the nearest future

that it affected thousands of computers around the world because this worm was designed to maliciously manipulate common commercial software and thirdly, one whole year nobody knew that it exists and operating on the Internet (Falkenrath, 2011). The question which arises at this point is whether the commercial companies will cooperate or will be forced to cooperate with governments when they are not the origin of the threat but only a pathway between adversaries. It is not only this question which raises a dilemma to be resolved in the future. Stuxnet is just an evidence that malicious half megabyte could harm highly sensitive systems such as nuclear one with unknown origin. This fact must interest governments. 2.4. The origin of cyber-security discipline Department of Defense in US named cyber dimension as a military domain like land, sea, air and space in the Quadrennial Defense Review Report (DoD, 2010). Cyber space had been more understood as a tool than the whole domain before. Politics and the public had to be convinced that the threat is serious and the attacker could be a clever individuality rather than a strong state (Geers, 2011). This fact has been proved several times. For instance we can remember the attack of Mafia Boy (Barabsi, 2002; Geers, 2011), a fifteen years old kid who smashed the network of the most important commercial giants like eBay or Yahoo for hours or days and cause injuries counted in millions of dollars. He did it from the home computer. Mentioned cyber-attack of Syria by Israel or Stuxnet are well chosen examples to demonstrate that the attacks by state to harm another state exist and could be evaluated on military level. Mafia Boy taught us that there is no age limit of hackers who could harm world security. We should fairly say that such discipline on the political level has been finding its place during the last years. The first straight forward cyber threat analysis center was established in Tallinn, Estonia in 2008. It is named NATO Cooperative Cyber Defence Centre of Excellence (CCD COE). It does not belong under NATO command nor funded by NATO, but provides wide analytic products to NATO nations on independent basis and funded by the nations directly. CCD COE was established to enhance the capability, cooperation and information sharing among NATO, NATO nations and partners in cyber defence by virtue of education, research and development, lessons learned and consultation. (CCDCOE, 2011) On the level of I