Cyber Security Risk Analysis: Proposal Essay

Security Operation Center

A security operations center ( SOC) includes the people, processes, and technologies responsible for monitoring, analyzing, and maintaining an organization’s information security.

The infrastructure of the Security Operation Center

The security operation Centre has the following infrastructure

A) Software

  • Intrusion detection software and intrusion prevention
  • Firewalls
  • Vulnerability Scanners
  • SIEM

B) Hardware

  • Firewalls
  • Behavioral monitors
  • Asset Discovery

The proposal complies with the ISOIEC 27001:2013 which specifies the requirements for establishing, implementing, maintaining, and continually improving an information security management system within the context of an organization. It also includes requirements for assessments and treating information security risks.

Tasks of the security operation center

  • 24×7 monitoring of IT security alerts, incidents, and issues
  • Supported by our 24×7 TukTuk Ev security operation center
  • Anti-spoofing configuration and protection
  • Cyber threats intelligence management
  • Cyber security incident response team

Responsibility of the Security Operation Centre

The security operation center has the following responsibilities:

  • Alert investigation– a tier 1 analyst is based on this stage and monitors security information and event management( SIEM) alerts and also manages and configures security monitoring tools. Threats are arranged according to priority and perform an inspection to confirm security incidents happening.
  • Incidence response– this is the duty of a tier 2 analyst who receives incidents and conducts deep analysis and relates with threat intelligence to identify the security breach and the nature of the attack and how the system or data is affected. The analyst decides on remediation and recovery
  • Threat Hunting – tier 3 analyst is responsible for day-to-day vulnerability assessments and penetration tests, review alerts, industrial news threat intelligence, and security data. Hunts for threats on the network and also joins tier 2 analysts into containing it.

Organization of security operation center

  • Organization of the Soc Monitor

TTEV security operation center integrates with your information systems, monitoring the systems 24x7x365 in real time for cyber alerts, incidents, and issues. The SOC services provide analysis and report for all the cyber activities detected.

  • Analyze

TTEV’s Security Operation Center automates the analysis of all the event logs. With an all-time updated cyber threats database analysis discards possible threats before execution.

  • Response

From the deep analytics of the event logs cyber threats are identified early and our team of certified ex-parts is quick to respond to an attack in time

  • Organization

TTEV’s Security operation center as a service organization of services it provides is categorized into three: monitoring, analysis, and response.

  • Monitoring

TTEV SOC integrates with your information system and scans all the events that take place in the assets and the network. The scanning is done in real-time and 24x7x365. The monitor keeps a record of all user activities. Our team

  • Analyze

From all the events recorded by the monitor, user activities on the network, and the assets events, our team performs an automated analysis of all the events. The analysis help identifies possible threats and malicious activities. With an all-time updated cyber threats database analysis discards possible threats before execution.

  • Response

Our team has certified cybersecurity experts with great expertise and experience. In the event of an attack, they are efficient in response to counter and mitigate the attacks. The team can perform a thorough risk analysis, identify cyber gaps and provide suitable remedies. The team will develop and implement policies to address vulnerabilities. Our experts will develop and provide a recovery plan and a business continuity plan in case a cyber-security attack is successful.

Responsibilities

Security team

  • Security analyst –responds to incidents first. They are responsible for developing and deploying policies to manage system users’ functions. The security analyst’s responses are either threat detection, investigation, or addressing the threats.
  • Security architects – they develop the security architecture. They select and maintain analysis tools to monitor security. They create tools and procedures to prevent and counter cyber threats. They develop protocols to be followed in case of an attack.
  • Security Operation Center Manager – manages the operations of the security team. The manager oversees the activities including training staff, hiring, and assessing their performance. The manager is obligated to ensure that the security procedure put up is incompliant with the laws and rules governing computer use and security.

The security operation center has the following responsibilities:

  • Alert investigation– a tier 1 analyst is based on this stage and monitors security information and event management (SIEM) alerts and also manages and configures security monitoring tools. Threats are arranged according to priority and perform an inspection to confirm security incidents happening.
  • Incidence response– this is the duty of a tier 2 analyst who receives incidents and conducts deep analysis and relates with threat intelligence to identify the security breaches and the nature of the attack and how the system or data is affected. The analyst decides on remediation and recovery
  • Threat Hunting – tier 3 analyst is responsible for the day-to-day vulnerability assessments and penetration tests, review alerts, industrial news threat intelligence, and security data. Hunts for threats on the network and also join tier 2 analysts in containing them.

Tasks and benefits

TTEV’s Security operation center provides real-time 24×7 monitoring and scanning of the assets and the network.

TTEV provides anti-spoofing protocols that protect privileged information from unauthorized persons. Filters will be applied in the access points to your firms to ensure that unauthorized persons do not identify as trusted sources. Firewalls used by the TTEV security operation center have filters to eliminate false sources.

A ready-response team to counter and mitigate attacks. The security team is dedicated to observing cyber events and countering them. The cyber team is divided into its teams and has a protocol to be executed in case of a cyber event. With the protocol threats can be identified and eliminated before it is propagated, an ongoing attack can be countered and mitigated and in case an attack is successful the team has raided out procedures to recover the information system to its working condition.

Cyber security experts for consolation and cyber-security advice. Cyber security experts can help your firm when you wish to consult an issue concerning security. The team offers advice on issues.

The cyber security team develops customized rules and policies for your firm. This will ensure optimal security by governing people’s activities that make the system vulnerable to cyber-attacks.

The infrastructure of the security operation center Software

Firewall – the TTEV Security operation center uses firewalls to ensure that known threats are discarded before they enter the network from the internet. The threats database is customized and regularly updated with new threats to secure the system.

Intrusion detection and intrusion prevention software – the software is placed behind firewalls. Intrusion detectors identify anomalies in the events of a network. They communicate with the security team in case of abnormal activities. Intrusion prevention software discards and eliminated abnormal activities being done on the network.

Security information and event management – TTEV uses powerful SIEM that collect and analysis all systems events and logs from assets, information system, and the network.

Vulnerability scanners – TTEV has put in place vulnerability scanners. This ensures that all vulnerabilities in the system are identified. This helps in preventing the exploitation of the vulnerability or putting up measures to counter the attack when the vulnerability is exploited.

Hardware

  • Behavioral monitors – TTEV has behavioral monitors that observe the activities of given people. This gives the security team information on the activities and therefore makes incites on how to handle future similar activities.
  • Firewalls – TTEV security operation center will place firewalls at the access points. This will prevent threats from the internet including malware.
  • Asset discovery – this identifies all the assets in a firm. With all assets identified risk analysis and identify the vulnerability.

References

  1. Khalili, M. (2015). Monitoring and improving managed security services inside a security operation center (Doctoral dissertation, Concordia University).
  2. Katowitz, M. (2018). Third-Party Managed Security Service Provider [Guest Blog]| IS Partners. Ott, J. L. (2001). Managed Security Services. Inf. Secure. J. A Glob. Perspect., 10(4), 1-3.
  3. Jansen, C. (2017). Stabilizing the industrial system: Managed security services’ contribution to cyber-peace. IFAC-PapersOnLine, 50(1), 5155-5160.

Cyber Security Data Analysis Essay

Artificial intelligence for security

Before examining the change in cybersecurity thanks to artificial intelligence systems, it is good to know some data. We are used to connecting artificial intelligence to computer programs such as voice assistants present in computers and mobile devices such as Cortana or Siri, as well as industry 4.0 linked to technologies that support humans in carrying out operations. complex. In reality, the evolution of the sector turns to the protection of computers and data. Malware and viruses can in fact be blocked by artificial bits of intelligence declined in various forms. Defense is one of the main objectives of the experts’ new proposals, but clearly, there is a risk that hackers could use the same systems for their attacks. Don’t be afraid because hackers and their attempts act as a stimulus and example for an increase in the efficiency of new IT security products.

Internet criminals have access to the dark web, which is a series of websites on which malware and viruses can be purchased. In particular, these are AlphaBay and Hansa. These two portals have recently been closed due to bankruptcy, but there are other pages ready to offer the same service, and above all this news does not stop hackers intent on damaging other people’s networks or illegally taking possession of sensitive data. To cope with the danger it is necessary to constantly update your antivirus system, but this does not guarantee 100% against the risks of attack and intrusion into your computer system. In any case, a security patch is installed on your device.

However, among the dangerous programs, there is also ransomware, which seems to be widespread. Much feared for the future are Denial of Service attacks. This justifies the frenetic work of antivirus manufacturers, which in the last year have faced 36% of cases of phishing campaigns, attacks on IT infrastructures 33%, 15% of offensive actions related to the Internet of Things, 14% of ransomware and 1 % attacks came through botnets. These are the main threats, but while the reports on the cyber situation are published, cybercriminals are ready to break into the computers of others with new techniques. This is why the last frontier of cybersecurity consists of artificial intelligence.

Cybersecurity

In the field of cyber security, machine learning, deep learning, and artificial intelligence are certainly not new terms, on the contrary, they have become commonplace. For many years, the engines of heuristic analysis and recognition of the patterns of action of the systems have been working with these technologies to increase protection and provide an innovative defense capable of adapting to the many threats that animate the world of the web and the IT world in general. In this context, there is an example of an effective system active in protection. This is a next-generation help called Watson for Security and made by IBM. The tool allows human analysts to have a platform to work on while keeping various threats away.

In reality, the product does not take care of monitoring systems and the network but can be activated by the user for specific predefined events. The program carries out an in-depth analysis of all available data providing the user with a complete report on the activities and on what happened within the analyzed system. In this case, you have all the information, but it is up to the person to draw conclusions and decide what actions to take. It’s not the only cybersecurity article to leverage artificial intelligence, but it’s different than other programs like Darktrace, which still use AI. In this case, the traffic from which the normal flows are learned is analyzed. Artificial intelligence comes into play to find anomalies within all the data collected and examined. It proves to be an excellent ally when software downloaded from the internet is automatically installed and these come into operation by performing suspicious operations. Very useful in the field of data protection of companies, subject to industrial espionage attacks.

Artificial intelligence, in the field of IT security, is not only concerned with identifying threats and investigating activities within the network but also works through prevention, avoiding unauthorized intrusions by protecting sensitive data contained in devices. The AI ​​acts by memorizing the behavior of users on the web, the way they type passwords and the information exchanged so as to have a picture of the situation and implement the necessary measures to ensure security. The software is capable of verifying whether whoever is visiting a website is a person or a robot and then examines the way in which the mouse buttons are clicked, the speed of movement, the duration of the clicks, and how much it allows to monitor the visitors of the web pages. In this way, information programs aimed at fraudulent use are avoided. Furthermore, thanks to this working method, visitors and users of sites and databases can be recognized not so much by the passwords entered but by their behavior. In fact, their movements are studied to create profiles and identify the person who is operating.

The definitions

Before proceeding with the analysis of the functionalities that artificial intelligence makes available to IT security, it is good to remember the most important definitions, so as to understand the different elements and their role. Intelligent software applied to cybersecurity makes it possible to understand the threat landscape, perceive and analyze the dangers, and decide the actions to be taken to protect and eradicate viruses and malware of various kinds. What are the buzzwords to know? Here they are:

  • artificial intelligence: the combined terms are applied to any technique capable of imitating human intelligence, that is, with rules of logic and implication and with internal decision-making processes. The expression was coined by John McCarthy in 1956 even though there was already an operational definition of the genre, written by Alan Turing in 1950 in an article that explained how a machine capable of passing the Turing Test to make man communicate with other people and other computers. A terminal unable to distinguish between human and computer passes the test. AI also works with machine learning and deep learning;
  • machine learning: it is a subset of artificial intelligence that includes complex statistical techniques aimed at improving performance with the use of experience to carry out one’s duties. The ML can be supervised or not, but in the first case a precise cataloging of the functions is necessary, while in the second case a behavior model must be set up so that the software can have a reference;
  • Deep learning: it is a subset of machine learning that includes algorithms useful for the software to train in carrying out the activities for which it was designed. For example, recognizing images, voices or identifying certain information by examining a large amount of data;
  • Internet of things: is a network of physical objects including a technology created to allow them to communicate, perceive, and interact with internal systems and with the external environment. The author of the terms is Kevin Ashton, who in 1999 used them to describe the physical world connected to the internet.

The intelligence of machines ‘artificial intelligence is used in many contexts, but in the context of the internet it is used in particular by giants, Google is the lead, interested in controlling the network and the processes that take place within it as much as possible. Obviously, this allows an improvement in the performance of the machines and an increase in the offer to users, but the security aspect should not be neglected because the growth of the web inevitably leads to illicit attempts to take possession of information. Data collection is essential to be able to control the virtual and real world and therefore to offer people products and services that are more tailored to the needs of potential customers, but this activity lends itself to various uses and for this reason, the web is increasingly attractive to malicious people.

The application of artificial intelligence is certainly about the collection and processing of images, words, and behaviors. For this reason, deep learning is needed, which allows us to arrive at predictive scenarios. With regard to IT security, the focus is on behavioral analysis, relating a specific state with information on possible threats. Taking into consideration the technologies related to artificial intelligence and its subsets, we can say that we have the advanced tools necessary to deal with Big Data coming from the various objects connected to the network. It should be emphasized that most of the data are normal, while the dangers lurk in a small amount of information, but for this reason, every single pass of data must be analyzed to detect cyber threats. If you used a metaphor you could say that tracking down a potential cyber hazard is like finding a needle in a haystack, however, with AI you are guaranteed to explore all data systematically. Further assurance comes from the use of DeepInstict algorithms and neural networks because they instinctively protect valuable information. In fact, artificial intelligence is able to act using a human and animal peculiarity: instinct. It can do this thanks to appropriate programming with decision-making algorithms.

Analytical Essay on Number One Cause of Workplace Cyber Security

Abstract

This paper discusses criminal activities and their security aspects at the workplace. The principle of scarcity says that we value an asset higher when it has scarce availability, while we tend to think that what exists in abundance has little or no value. It is possible that this theory explains why we do not give importance to the information that we generate as users. Possibly, this is the reason why cybercrime has turned into one of the most profitable criminal activities of these times, and this situation will continue as long as we ignore how much data our email address or ID number can provide anyone who asks for them. Things get worse when cybercriminals target companies. The corporate information and why do hackers attack when you are working?

Introduction

The data of the clients is an important part of the economic activity. That is why protecting information should be one of the priorities of companies, but in most of them, it is not yet. The Internet has given us a window of business opportunities that sometimes makes it difficult to make out genuine threats. This means that, in terms of cyber security, companies are reactive and not active, which means that they only look for solutions when they have been struck by an attack instead of preventing it by carrying out cyber security policies.

Remember, how was your first day of work? Surely, it was not one of the easiest. You had to learn the names of your colleagues or not. The principle of scarcity says that we value ability higher when it has inadequate ease of use, while we tend to think that what exists in loads has little or no value. Many times it’s viable that this hypothesis elucidates that we do not give significance to the information that we breed as users. That is the reason why cybercrime has turned to continue as long as we ignore how much data our email address or ID number can provide anyone who asks for them. Things get worse when cybercriminals target companies.

Hackers: attacks at working place

The data of the clients are an important part of the economic activity. That is why protecting information should be one of the most profitable criminal activities of these times, and this situation will be one of the priorities of companies, but in most of them, it is not yet. The Internet has given us a window of business opportunities that sometimes makes it difficult to perceive real threats. This means that, in terms of cyber security, companies are reactive and not active, which means that they only look for solutions when they have been hit by an attack instead of preventing it by the implementation of cyber security policies.

But none of that information had to do with how to protect yourself from cyber attacks or how to perform your job more safely. And why is that a problem? Because every day we receive dozens of emails from customers, suppliers, and advertisers; we manage orders through third-party applications; and in short, we carry out tasks proper to the activity we perform without the necessary security training. The next click might end with the ransom of the equipment and the encryption of the data stored in it. Cybercriminals are aware of the lack of security training of most users.

What methods do they use?

This is how social engineering and phishing works take advantage of it, just as they do with the uncontrolled things that many workers have in their offices. Lack of awareness and hurry to make up the perfect context for an attack with a high probability of success. And part of that success is determined by the methodology that cybercriminals use, like for example, social engineering and phishing. Lack of awareness and rushing makes the perfect setting for an attack with a high probability of success.

Methods phishers use

An exercise of persuasion. This is how you could define what people do when performing social engineering. Through a set of psychological techniques But none of that information had to do with how to protect yourself from cyberattacks or how to perform your job more safely. And why is that a problem? Because every day we receive dozens of emails from customers, suppliers, and advertisers; we manage orders through corporate or third-party applications; and in short, we carry out tasks proper to the activity we perform without the necessary security training. The next click might end with the ransom of the equipment and the encryption of the data stored in it. Cybercriminals are aware of the lack of security training of most users.

Methods hackers use

This is how social engineering and phishing works take advantage of it, just as they do with the frenetic rhythm that many workers have in their offices. Lack of awareness and rushing make up the perfect context for an attack with a high probability of success. And part of that success is determined by the methodology that cybercriminals use, like for example, social engineering and phishing. Lack of awareness and rushing makes the perfect setting for an attack with a high probability of success and social skills, the social engineer aims to gain sensitive information. An example of social engineering could be receiving mail from someone who supposedly is your manager. In the mail, he asks you to send certain confidential information that you have or, depending on your responsibility, to make a bank transfer to an account number that provides you with the excuse that it is necessary to make that payment as soon as possible. It seems that the CEO Scam is quite obvious, but the reality is that it has achieved a high level of sophistication, so it is a fairly common attack among companies. Also, this example can be even more terrifying if possible. On the one hand, it is making you think that the mail comes from a manager (social engineering); on the other hand, it could not only ask you to make a What happens when the threats come from within the company? money transfer, but also download a malicious file that can compromise your company’s infrastructure (phishing).

In this case, cybercriminals create every day new ways to carry out attacks using social engineering and phishing. In this scenario, learning to recognize a cyber threat becomes a need for all the people who work with electronic devices connected to the Internet. A phishing attack may seem obvious, but the reality is that it is more common than most imagined.

“The truth is out there”. Do you remember? That’s what they said in the X-Files series, letting us know that we had to look for the dangers outside, but how wrong they were. When it comes to cyber security, the people who make an attack possible do not have to wear a hooded sweatshirt or be in front of their computer at dawn. They can wear a suit and tie or have an office schedule.

They may be the people you spend more time with than your family. It is possible that they are your workmates. According to a study that IBM published in 2016 60% of attacks came from within an organization. From that number, 44.5% of the attacks were perpetrated by evil, while 15.5% of those attacks originated by accident, which means by a worker who has allowed access to the company’s infrastructure without wanting to.

Conclusion

From the study, it is clear that things get worse when cybercriminals target companies and the bad news is that you do not just have to defend yourself from what is out there, the good news is that there is a small percentage of those attacks that occur by accident. Cyber security is not expensive compared to the cost of having a cyber attack and these situations can be avoided by complying with the basics of cyber security.

References

  1. https://opendatasecurity.io/
  2. https://twitter.com/ODSops
  3. opendatasecurity.com
  4. https://www.researchgate.net/publication/321528686_A_Recent_Study_over_Cyber_Security_and_its_Elements/download

Cyber Security Threat Analysis Essay

Abstract

Cyber security over the internet is the protection of internet-connected systems, including hardware, software, and data. Computer security or information technology security is the protection of computer systems from theft or damage to hardware, software, or electronic data, or unauthorized access. Cyber security is the practice of protecting systems, networks, and programs from digital attacks. Cyber securities are one of the most curial things in electronic commerce. Cyber stores or E-commerce transactions face greater e-transaction security risks due to insufficient internet safety from cybercriminals, Not only is hacking a huge risk for all online merchants, but accepting a fraudulent payment also comes at the cost of having to refund the charges. However, using the right tools will minimize the threat of fraud and in still trust within the user cyber protocol base. The most prevalent cyber security threats include phishing attacks, hacking, and IP spoofing, sniffing, denial of service, credit card fraud, data errors, or unprotected online services. The security solution is an essential part of any transaction that takes place over the Internet. Major security solutions are Digital Signature, Digital certificates, Digital envelopes, and SSL certificates. This paper presents a study of cyber security issues of e-commerce and provides possible solutions for them. This paperwork also makes the Internet or cyber safer for everyone.

Introduction

In today’s internet world, everyone benefits from advanced cyber defense programs. At an individual level, cyber-security attacks can result in everything from identity theft, to extortion attempts, to the loss of confidential data like family photos, etc. Securing these and other organizations is essential to keeping our society functioning. Cyber security refers to a set of techniques or protocols used to protect the integrity of cyber networks, programs, records, or data from attackers, make damage, or unauthorized access from hackers. Cyber security is providing the tools, and procedures of protecting systems, networks, and programs from cyber-attacks. It makes protection of various internet assets from unauthorized access. Cyber securities provide reveals new vulnerabilities, educate internet users on the importance of cyber security, and provide open-source tools and education. The increasing use of the Internet improving the deployment of technology to protect the cyber. The Extension of the basic technologies to defense multicast communications is possible and can be expected to be implemented as multicast becomes more widespread all over the world. Cyber-attacks are usually tasks of modifying, accessing, corrupting, interrupting, or destroying sensitive information. Implementing effective cyber security is a challenge today because there are more devices than users, so attackers are also becoming more innovative and advanced in Technology. Every user of the internet is essential to give training on the computer security tools embedded to protect from cyber-attacks. Cyber security is the process of protecting cyber assets from unauthorized retrieves, application, modification, or destruction.

There are six dimensions of cyber security that must be Implemented during internet using Applications

    1. Integrity: It provides prevention against unauthorized attackers to data modification.
    2. No repudiation: It prevention against any one group party or individual from denying an agreement after the fact deal.
    3. Authenticity: identify the authentication of data resource
    4. Confidentiality: protection against unauthorized data interpretation or disclosure
    5. Privacy: provision of data access control and discover
    6. Availability: prevention against data delays or removal

Methodology

Today Internet user uses E-Commerce and E-Media for transaction purpose. It is a methodology of modern business, which addresses the need for business development, increasing quality, reducing cost, and increasing the speed of delivery. Today world makes global communication and refers to the paperless exchange of business information using the following the key areas 

Electronic Data Interchange

    • Electronic Mail
    • Electronic Cash
    • Electronic Fund Transfer (EFT)
    • Some other Network-based technologies
    • Credit Card system

Main Types of cyber security threats

Any security needs a set of protocols that safely guide cyber applications and transactions. Security requirements protect companies, business agencies, and organizations from threats like credit card fraud, or risk and customer cyber rules trust, due to the inability to guarantee safe credit card system processing.

1) Phishing attacks.

Phishing attacks target users such as login information like user name, password, account no, credentials, and credit card numbers. Using social engineering, an attacker will pose as an entity to deceive a victim into opening an email, text message, or instant message.

2) Social engineering

Phishing is one of the types of social engineering attacks often used to steal user information, including login credentials and credit card numbers. The recipient or user is then tracked into clicking a malicious link, which can lead to the installation of malware, the freezing of the system as part of a malware attack, or the hacking of sensitive information.

3) Cyber threat

Threats are anyone with the capability, technology, opportunity, and intent to do any unwanted harm. Potential threats can be foreign or domestic, internal or external, state-sponsored or element. There are no various types of cyber threats. Some are accidental, some are purposeful, and some of them are due to human errors. The most security threats under social engineering are phishing attacks, money thefts, data misuse, hacking, credit card frauds, and unsafe services.

4) Malicious code threats-

These code threats typically involve viruses, malware, worms, and Trojan horses. Viruses are external threats and can corrupt the files on the website if they find their way into the internal network. Viruses can be very dangerous as they destroy computer systems completely and can damage the normal working of the computer and its application. A virus always needs a host or users as they cannot spread by themselves. Worms are different and more serious than viruses. It places itself directly through the internet. It can infect millions of computers in a matter of just a few hours or seconds.

5) IP Spoofing-: 

IP spoofing refers to IP address connection hijacking through a fake Internet Protocol (IP) address. IP spoofing is the action of masking or hiding a computer’s IP address so that it looks like it is authentic. During this masking or hiding process, the fake IP address or duplicate IP address sends a malicious code message with an IP address that appears to be authentic and trusted or valid. In IP spoofing, IP headers are masked or duplicated through a form of Transmission Control Protocol in which spoofing discover and then manipulate or modify or access vital information contained in the IP header such as IP address and source and destination content information in details. Spoofing is when a malicious code party or hackers impersonates another device or user on a network in order to launch attacks against network hosts, steal data, hack information, spread malware, or bypass access controls.

6) Sniffing Attack -: 

A sniffing attacker in the context of the internet or cyber network security, corresponds to theft or interception or analysing detail of data by capturing the network traffic using a sniffer. This is an application aimed at only reading or capturing network data information or the status of traffic. When data is transmitted across networks and data packets are not encrypted or not secure over the transmission channel.

This is a process of monitoring and capturing or viewing all data packets passing through a given network channel. Sniffers are used by network system administrators to monitor or analyze and troubleshoot network traffic. Attackers use sniffers to capture or read data packets containing sensitive information such as passwords, user names, account information, etc. Sniffers can be any app, protocol, hardware, or software installed in the system. The network or server will not be able to find or detect the return address of the attacker when sending the authentication, causing the server to wait or be unavailable before closing the connection of the network. When the server closes the connection, the attacker sends more authentication messages or information with invalid return addresses. Hence, the process of authentication and server wait will begin again and again, keeping the network or server busy or the server not found. Denials of services attacks are designed to make a machine or network resource unavailable to its users.

7) Distributed Denial of Service-: 

Denial attacks are the most common forms of cyber-attack, with the number of globally distributed denials of service attacks increasing to Cyber networking. Denial of service refers to a cyber-attack resulting in victims being unable to access systems or receive the information and network resources because of that disrupting internet services.

Measures to ensure Security issues solutions

Encryption under cyber Cryptography is the process of encrypting data into an unreadable format, known as cipher text. It uses to protect data, payment information or account information, or emails, only those who possess a secure key can decrypt the messages into plain text. Encryption is the practice of encoding data to ensure the data can be securely relayed over the internet. It acts as one of the most effective methods in mitigating e-commerce security risks to protect data integrity and confidentiality.

Digital signature with digital certificate is the most important role in security. Computer User needs a digital certificate to digitally sign a document with encryption. If the user creates and uses a self-signed digital certificate the recipients of user documents will not be able to verify the authenticity of the user’s digital signature at all. They will have to manually trust the user’s self-signed verified and validated certificate.

Digital certificate-:

A digital certificate, also known as a public key or asymmetric certificate, is used to cryptographically link ownership of a public key with the entity that owns it.

For digital certificates, the host sends a request which includes the user’s distinguished name, user certificated number, user public key, and user signature. A domain name is a unique identifier for a user or every host for which applying for a certificate. The CA (certificate authority) checks the user’s valid signature using the user’s public key and performs some level of verification of the user’s identity. After verification, the CA sends the user a signed digital certificate that contains the user-distinguished name, user server name, user public key, and the signature of the certificate authority or verification. The user stores this signed certificate in the user key database as record storage.

SSL certificate

Shell security certificates use data files to secure a cryptographic key protect to a company’s file. Shell SSL certificate is installed on a network server, it uses specific protocols and algorithms to facilitate a secure connection from the server to browsers’ certificates authenticate the identity of the user business, and secure or protect the data in transit after the checkout points. This keeps user organizations and user customers protected from having financial or important information compromised by hackers or attackers.

Internet service provider (ISP) provides internet over server using shell SSL which provides a secure channel over an unsecured network in a client-server architecture, connecting client applications with server protection. The protocol specification differentiated between two version types, referred to as SSH1 and SSH2. Shell is generally used to access various operating systems and networks.

Conclusion

This paper studies the issues and solutions of professional and security attackers and defense in cyber or internet systems. Current technology allows for security to be less than recovering data from a victim of an attack. There is a need of controlling, monitor, audit and take action to attain the highest level of security. The paper provides all possible solutions and needs to know security threats using multiple keys will help in increasing security. This paper also comes to know security threats, their countermeasures as well as awareness between users and websites. The risk of identity thefts or attackers, marketplace, and privacy issues will always exist. Cyber Security comes into the picture in many daily activities, although sometimes it can be difficult to distinguish between a security attack and an ordinary human or technological breakdown.

References

    1. https://www.bigcommerce.com/ecommerce-answers/why-online-security-so-important/
    2. https://www.tutorialspoint.com/e_commerce/e_commerce_security.htm
    3. https://www.techgenyz.com/2017/04/05/e-commerce-major-threats-e-commerce
    4. https://www.cl.cam.ac.uk/~jac22/books/mm/book/node352.html
    5. https://www.academia.edu/37862618/Protocols_and_standards_for_E-commerce
    6. https://www.tutorialspoint.com/e_commerce/e_commerce_quick_guide.htm
    7. https://www.cisco.com/c/en/us/products/security/what-is-cybersecurity.html
    8. https://www.paloaltonetworks.com/cyberpedia/what-is-cyber-security

Essay on Cyber Security in Indian Army

Introduction

The ‘Stuxnet’ incident woke up the Indian cyber security setup from the abysmal slumber and self-induced sense of security & the discourse on critical information infrastructure (CII) protection in India was turned on its head. It was discovered that a large no. of hosts compromised by the Stuxnet attack were from India. The investigations that followed revealed the profound vulnerability of India’s industrial control systems and the experts could visualize the damage potential of these vulnerabilities if left unaddressed only after ‘Stuxnet’. What followed was the creation of a plethora of agencies responsible for various aspects of the cyber domain including the security of critical infrastructure, emergency response, cyber security, vulnerability assessment etc.

The Indian Army was one of the first org in India to take a leap into the cyber world by introducing computers in the late 1980s. The progress since then has been abysmal due to a lack of strategic vision in the cyber domain, poor and outdated HR mgt policies, come oriented structures even in technically proficient arms, minimal engagement with indigenous private players, and ambiguous policies on IT infrastructure, trg, management coupled with the absence of an efficient research &sp org and unwillingness to spend billions of dollars reqd for building cyber capabilities in the long term.

The cybersecurity policy of India, issued in 2013, outlines a mission to protect information and infrastructure in cyberspace, build capabilities to prevent and respond to cyber threats, reduce vulnerabilities, and minimize damage from cyber incidents through a combination of institutional structures, people, processes, technology, and cooperation. However, NCSP-2013 does not talk about the creation and application of cyber power, the role, organization, equipping, and training of the Indian armed forces to execute cyber-enabled operations and cyberwar, leaving a glaring gap in policy with regard to national security.

Present Cyber W Capb of Indian Army

The cap of the Indian Army discussed in this section is primarily that of Cyberdefense. Cyber deterrent caps are being built up at the tri-services level and are not discussed in the public domain. The pace in the last few decades however has been excruciatingly slow. At the Army level, the Army Cyber Gp (ACG) functions as the nodal agency responsible for ensuring the cyber security of fdfmns and formulation of policies and guidelines to be followed by the fdfmns. It also acts as the emergency response team for the Indian Army. The staffing of the ACG is not commensurate with the org requests keeping in mind the immense proliferation of IT assets across the force. Hence, the agency is able to handle only priority tasks and the fmmns are left to themselves to address nonpriority issues. Alternately, the time lag in response to non-priority tasks is so much that more often than not the response itself is ineffective. At the Fmn level, there are no trained pers staffed and equipped to handle cyber security. The Corps of Sigs which has but logically and suitably taken on the responsibility to be the nodal agency at the fmn level are neither staffed nor equipped (in terms of infrastructure) to handle Cyber Security efficiently. Consequentially, the tasks of provisioning of safe, secure, and reliable company is hindered. The patch here is correct, but what is reqd is adequate staffing of Sig units at the come and corps level and dedicated specialist offers, JCOs, and other ranks responsible for ensuring the cyber security of the fmn. These offers would need to upskill themselves every two to three years to remain relevant. Another challenge is the lack of a long-term plug in the procurement of IT infrastructure. There is a recent long-term plug again by specialist officers at the cold level. The procurement cycle is so long that the by the time and equipment is inducted, it is already on the path to obsolescence. Alternately, the GSQR of futuristic eqpmt sometimes is made out of choosing the best char available in the open domain resulting in unrealistic specifications. The procurement procedures need to be suitably modified to enable the procurement of IT assets and also there is a need to train and specialize officers in procurement so they become the nodal agencies for procurement processes. Indigenous manufacturing cap is another challenge. The Army today is totally dependent on vendors from foreign countries to provide the criticalcomn, networking, and cyber security hardware and software.

Jointness in Cyber Domain. Jt infrastructure, trg, doctrines, and policies are reqd for the application of synch efforts in the cyber domain. This jointness is at a nascent stage. Other than a couple of joint courses and interactions at seminars, there is hardly any interaction at the grassroots level. All three services have their own IT and cyber security infrastructure and org without any common linkage/head of the tri-services agencies. (Defence Info Assurance and Research Agency) DIARA with its present org has a limited role and capability for the defense of a tri-services network. This void may lead to a major capability deficit, especially in view of extensive networks being developed for armed forces.

Agencies at Tri-Services and National Level

There is a range of agencies and organizations to ensure def preparedness of the nation against any cyber threat and also act as a deterrent. Limited info is available in the open domain of their charter and mandate. The important agencies with their tasks are enlisted as follows:-

  • National Technical Research Organisation (NTRO). The NTRO came into existence in 2004 and is a specialized technical intelligence-gathering agency. While the agency does not affect the working of technical wings of various intelligence agencies, including those of the Indian Armed Forces, it acts as a super-feeder agency for providing technical intelligence to other agencies on internal and external security. The organization is tasked to conduct hi-tech surveillance jobs, including satellite monitoring, terrestrial monitoring, and internet monitoring, considered vital for the national security apparatus. The agency has tech capabilities in aviation and remote sensing, data gathering and processing, cyber security, cryptology systems, strategic hardware and software development, and strategic monitoring.
  • Indian Computer Emergency Response Team (CERT-In). CERT-In is mandated to enhance the security of India’s communications and information infrastructure through proactive actions and effective collaboration.
  • National Critical Infrastructure Protection Centre (NCIIPC). NCIIPC was created under Sec 70A of the Information Technology Act, 2000 through a gazette notification on 16th Jan 2014. Based in New Delhi, it is designated as the National Nodal Agency for the Protection of Critical Information Infrastructure. It is under the control of NTRO and is tasked to monitor, intercept and assess threats to crucial infrastructure and other vital installations from intelligence gathered using sensors and platforms which include satellites, underwater buoys, drones, VSAT-terminal locators and fiber-optic cable nodal tap points. This includes seven sectors including transport, Power and Energy, telecom, and financial & banking. These sectors have been identified based on various criteria. The armed forces network does not fit the critical infrastructure criteria as of now.
  • Defence Info Assurance & Research Agency (DIARA). DIARA is the nodal agency mandated to deal with all cybersecurity-related issues of Tri-Services and the Ministry of Defence is having close coordination with national agencies like the Computer Emergency Response Team – India (Cert-In) and the National Training Research Organisation (NTRO). DIARA also functions in coord with CERT Army, Navy, and Air Force
  • National Cyber-Security Coordinator (NCSC). The National Security Council Secretariat (NSCS) coordinates and oversees cybersecurity issues, including cyber diplomacy. The National Cyber Security Coordinator at the NCSC has been entrusted with the responsibility of coordinating and synergizing cybersecurity efforts.
  • National Intelligence Grid (NATGRID). Though not essentially a Cyber Agency, NATGRID is an int-sharing network that collates data from the standalone databases of the various agencies and ministries of the Indian government. It is a counter-terrorism measure that collects and collates a host of information from government databases including tax and bank account details, credit card transactions, visa and immigration records, and itineraries of rail and air travel. This combined data will be made available to various int agencies including the RAW & IB. Est in the aftermath of the Mumbai attacks in 2008, the agency had its first CEO appointed in 2016. However, the agency has not been fully functional and is still being raised. Privacy concerns, legal framework, and bureaucratic hurdles have been the prime reason.

Comments & Analysis

Strategic Deficiencies. The cyber domain requires a No of agencies to perform various tasks at all levels. Hence as we learned lessons from various incidents, these agencies have been recommended to be raised and subsequently raised. If the MSN and mandate of these agencies are studied, it seems that the nation has a well est system and coord enmeshed to respond to cyber threats. However, as far as armed forces are concerned, the mandate has been primarily of cyber def. It must be understood that in the cyber domain, there are no clear-cut demarcations between cyber defense and cyber offensive. As in conventional ops, def also has to be offensive in nature. Hence the Armed forces need a credible cyber offensive/deterrent cap. The second deficit in the present setup is that the tri-services are working in a compartmentalized manner with very little coord. Jt ex is being conducted and best practices are being shared but the jointness is still elusive. Some other aspects which need to be elucidated are:-

  • Absence of a Clear-Cut Policy Directive & Cyber Warfare Doctrine. There is no clear-cut policy or doctrine for the Armed forces as far as cyber W is concerned.
  • Inadequate Regulatory & Legal Framework. The IT act though being amended regularly does not cover the aspect of issues related to data privacy, data handling, ground rules for cyber espionage, or empower the cyber agencies to conduct even basic ops of svl. Though being a complex issue, the IT act needs to be suitably amended keeping in mind and in synch with the op requests of all agencies concerned.
  • Lack of Public-Private Partnerships. Public Pvt Partnerships are the need of the hour to enable the agencies to get the best & the latest and also to upskill their pers. The participation of the private sector is minimal due to minimal incentives and no long-term commitment from the govt agencies. The pvt sector has the required cap and skillset to sp the govt agencies and this aspect should be leveraged by building strong linkages and partnerships.
  • Shortage of Skilled Human Resources. The defense forces lack skilled HR, especially the Army. The auth concerned need to relook into HR policies and understand the fact that specialists are required in the cyber domain. There is no place for generalists or popular pers with the ‘GD’ tag in the Cyber Domain. Also, motivated, talented, and go-getters are reqd to work in this grey, continuously evolving fd of warfare. Selection, rect, trg, and service rules have to be altered to select, train and most importantly retain such Offers, JCOs, and all risks. Simultaneously, Cyber literacy is now a must for all ranks in all arms and services. This needs to be ensured.

ADGPI as an Instrument of IW

The army hosts the office of the ADG Public Information (ADGPI) which is responsible for media engagement and stations. It deals closely with the media interactions of the Chief of Army Staff (COAS)on a day-to-day basis, while also planning for information and psychological warfare, for the organization as a whole. The ADGPI is an adjunct office to the Director General Military Intelligence (DGMI) and comes under the Directorate of Military Intelligence. TheADGPI as per its mandate is the most equipped to carry out strategic communication operations.

However, it has a minimal interface with the Directorate of Public Relations(DPR), the agency handling stations at the national level. Each command, especially the Northern and Eastern Commands manning borders with hostile neighbors, has an Information Warfare (IW) branch headed by a Major General Staff (MGGS), along with appointments of Brigadier General Staff (BGS) (IW) and Colonel (IW)down the order. An effective strategic communication strategy would harness the work being done by the IW branches at the tactical level and leverage it at the national level. However, since the services have their administrators working in silos, this collaboration is rare.

StratComn is executed by the three Services making use of org which are ad-hoc or not suitably staffed because institutionally they are not supposed to speak to the public or the media. The PRO and officers at the DPR need to be aware of the importance of modern psychological warfare, perception management & strategic communication. The activities in the physical domain have to be in sync with the digital station. There are very few uniformed pers to carry out the plug and exec of station policies and understand the General Staff requirements of outreach. Regional PROs at various stns who report to the PRO Defence, are not under the local formation commanders or staff and hence not in sync with the Army’soperational needs. Hence the army today is without a General Staff oriented PR/Information.

Voids in Current Structure & Way Ahead.

Shift in Mindset. For Stratcomn to actually find a place in the operation and planning process implemented by military and political planners, there needs to be a top-down cultural shift in mindset. It is imperative for the top brass to encourage and empower their subordinates to engage the public information space, create awareness, counter misperceptions and work towards aligning public opinion with policy objectives and improving the perception of transparency.

Org Restructuring. For example, in the UT of Jammu & Kashmir, a purely public relations exercise is unproductive. Terrorist Burhan Wani became a hero without firing a bullet and the Armed forces looked on helplessly. The Armed forces were not prepared, equipped, or empowered to handle this kind of warfare. There was no structure in place to counter the narrative. Hence, the need of the hour is to align all instruments of state power to effectively communicate the message of the Indian state and negate any misperceptions fuelled by the adversary that is aimed at delegitimizing military-civilian ground action.

Trg. Indian Army needs to train its select offers strategic communications specialists. Language training for field operations, and media capsule covering the handling of print, television, and social media need to be inculcated in junior-level courses (Young Officers training) and then revised subsequently during Staff College, Higher Command (HC), and other courses.

Turf War. However, there is no point investing in communication specialists if the MoD does not empower them since the DPR often works at loggerheads vis-à-vis military spokespersons. There is a clear disconnect between the DPR and the ADGPI, which is well-recorded. The turf war between the MoD and

Service Headquarters sends mixed messages to the media which defeats the larger policy thrust behind the exercise of strategic communication.

ImplementingKargil ReviewCommitteeRecommendations. Recommendations of the Kargil Review Committee on info mgt during ops which may be revisited and need to be implemented are:-

  • (a) Trg. With some exceptions, media personnel lacked training in military affairs and war reporting and the Armed Services lacked training and preparedness to facilitate the task of the media and counter disinformation.
  • (b) PR in CI/CT Ops. The army needs improved PR capabilities even when deployed on counter-insurgency duties. Public relations are presently managed by the MoD at the higher level and by military officers who have no media background at the formation level.
  • (c) Response Mechanisms. Negative propaganda needs to be nipped in the bud to ensure the prevention of the escalation of tensions. Quick responses and mechanisms are needed to initiate action.
  • (d) Integration of IW & PR machinery. Creation of media cells at the IDS and at the Intervening Jt ServiceHQs, having linkages Defence PROs from each of the Services and with IW br at fmn HQ level would be the right model for structuring the PR &stratcomn machinery. Each of these media cells would coordinate intelligence, disseminatecommuniqués, monitor social media and engage with local media to convey the right msgs to the right audience. The IW branches may also ensure that troops on the ground are psychologically oriented and remain routinely briefed on developments and changing mandates in the op area.

Conclusion

To defend the armed forces in cyberspace, the aspect of including the Armed Forces networks particularly the Network For Spectrum (NFS) and Defence ComnNetwork(DCN) under the NCIIPC should be explored. The security of these networks is of utmost importance to the security needs of the country and the Corps of Signals needs to reorg itself to ensure the same. For cyber offensive ops, there is a need to evolve a common understanding of the targeting philosophy between the military and non-military sectors. While the awareness, resources, organization, and limited infrastructure for cyber security existed on the ground and some activities are being undertaken, there is a glaring gap in the cyber power capabilities of our defense forces. Given the threats and the digitized battlefield, it is a strategic deficiency that could seriously impact our national security and therefore needs to be addressed urgently in ‘Mission’ mode. The ADGPI can transform into a powerful tool for IW using cyber means. However, it needs to be empowered and enmeshed with the Defence PROs and integrated with the IW Br at the IHQ of MOD. 

Analysis of Historical Cause of Cyber Security: Essay

Fundamentally till World War II, the country was in 3 areas of warfare, that are land, sea, and air. Today it is expanded to cyber-space and space. Some basic questions which we need to ponder are, who use Google, android, social media, etc? The fact that usage of the internet has become a need today for many people. Crimes that result in a breach of cybersecurity have become highly prevalent today. There is a need to become aware of using technology, be it net banking or social media, etc.

Being connected in a global domain due to the Internet can be both beneficial and dangerous. One needs to understand its implications and be aware of the same.

There are two types of setups in a computer system- 1) hardware and 2) software. While the major developer of computer hardware is China, the software industry is held by the United States. The major 3A’s – Amazon, Alphabet, and Apple constitute a vast share of the IT sector in the world, almost around 70%. This shows the control of data information of many people in the hands of a few who then use the data to their advantage.

Advantages of the Internet

  • Connectivity
  • Accessibility to everything
  • Improved communication

There are some disadvantages of the Internet also

  • Privacy Infringement
  • Misuse of Information
  • Cyber crimes

In short, everything is connected as a result of the Global Network.

Cyber security versus information security

Cyber-security: The ability to protect or defend the use of cyber-space from cyber-attacks is called cybersecurity.

Information security: The protection of information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction in order to provide confidentiality, integrity, and availability.

For the first time in 1984, the word ‘cyber-space’ was used in the Novel ‘Neuromancer’ by Willam Gibson which is a science fiction and defined as an interaction between the human mind and computers.

Cyber-space refers to a virtual computer world having an electronic medium that forms a global computer network and facilitates online communication. Cyber-space is an illusory environment in which online communication happens. As a social experience, individuals can interact, exchange ideas, share information, provide social support, conduct business, direct actions, create artistic media, play games, engage in political discussion, and so on, using this global network. It has its own existence and is not synonymous with the internet which is only a medium and that cyber-space has its own independent existence.

The Indian Online market is the 2nd largest market behind China, accounting for 462 million internet users and 200 million active Social Media users. Out of this 71% are male users and 29% are female users. The highest activities are recorded in the 6 pm to 10 pm time duration, with Mumbai and Delhi having the highest Internet traffic. India has the largest e-commerce sector in the world. Also, the Facebook App is currently being used by most Indians in the world. There are a lot more statistics that show some great degree of usage of the Internet by Indians.

The above stats and figures only highlight what severe implications Indian users can have in the case of a breach of cybersecurity. The information that is asked by various applications and websites may breach a person’s privacy and security contact no., email id, detection of location, permission to use media, etc.

Features of cyberspace

  1. Borderless territory.
  2. Interactive Virtual Environment.
  3. Unlimited accessibility.
  4. Ubiquitous in nature.
  5. Dissemination happens simultaneously.
  6. Duplication or copying is as original as the original work.

Data Regarding Indian Cyberspace

  1. 45.15% of the total population of India has access to the Internet.
  2. India has the world’s largest number of Facebook users.
  3. India has the second largest online consumer base after China.
  4. Mumbai and Delhi account for higher internet traffic than other cities.
  5. Internet usage in India is primarily male-dominated.

Anatomy of the Cyber World

  1. Surface web: (constitutes only 4% of cyber-space) Facebook, WhatsApp and other social media and online websites are a part of the surface web.
  2. Deep web: (constitutes only 90% of cyber-space) It is generally not directly accessible but accessed through Ids and passwords. Examples are medical records, legal documents, government files, organization-specific repositories, financial records, and other virtual information.
  3. Dark web: (constitutes only 6% of cyber-space) All the illegal acts are performed in this space like pornography, illicit trade, and illegal drug trade through the silk route.

Historical data breaches

  1. Ashley Madison Hack Case: Vast data comprising, contact no., addresses, names, etc. ended up on the darknet for sale.
  2. Silk Road: An online darknet market for the sale of illegal drugs. It could be used by people anonymously.
  3. COSMOS Bank: Here, VISA and Rupay details were uploaded on the dark web, resulting in 94 crore theft from the bank.
  4. Yahoo: 3 billion accounts were hacked making it the biggest data breach in history.
  5. eBay: Requested 145 million users to change their passwords after Yahoo.
  6. JP Morgan: 83 million household and business accounts breached.
  7. According to Kaspersky, there are 3,15,000 viruses created every day.
  8. According to Checkpoint, a market leader in security products, around 10 million devices, are using such malicious apps, with Hummingbird Virus.
  9. Infection largely depended on the Android version, KitKat (50%), Lollipop (7%), Jellybean (40%) Ice Cream Sandwich (2%), and Marshmallow (1%). 

Gap Analysis on Cyber Security: Essay

Executive Summary

Equifax is a consumer credit reporting agency that gathers and aggregates data on millions of people worldwide in order to report on their credit. The company suffered a massive security breach in mid-2017 via vulnerabilities in the company’s digital infrastructure, causing the theft of a huge amount of personal data from the company. The Equifax breach was a serious security breach that put millions of Americans at risk, reportedly around 145 million US customers were impacted by this breach in particular and this equates to almost half of the entire US population. Not only were so many people affected, but they were also affected in a way that meant that their identity could be utilized for malicious purposes, as the attackers were able to access full names, Social Security numbers, birth dates, addresses, and driver’s license numbers from the breach.

In this report, the Equifax breach will be covered in detail to examine the facts surrounding the attack, how the breach was caused, and what the company must do moving forward. Six recommendations in total will be provided, three short-term and three long-term strategies to move the cybersecurity of Equifax in a positive direction. The effects of the security breach will continue on for years, possibly decades, and the company’s reputation has been irreparably damaged by this incident, however, the company must continue to operate and must improve on its cybersecurity practices moving into the future as it is of utmost importance that another cyber incident like this does not occur.

Background Surrounding the Breach

The information that was stolen is the type of information that criminals can utilize to impersonate cell phone companies, banks, electricity companies, credit card companies, and many others to commit fraud. This information will remain accessible to malicious threat actors far into the future as there is no way of retrieving the data that was stolen, as this is simply not feasible. The attack itself was solely the fault of Equifax for not patching vulnerable systems, even after being made aware of the fact. The attack was not of a sophisticated nature and was the result of an Apache Struts vulnerability. Apache released a security patch for this vulnerability a short time after it was discovered, on March 6th, 2017. The vulnerability itself was labeled as a critical vulnerability as it allowed criminals to exploit web servers. Equifax was notified by Apache themselves as well as US-CERT and the Department of Homeland Security about the vulnerability, as well as provided instructions on how to implement the patch to resolve the vulnerability.

In the following two months, Equifax had still not made a critical change to patch their systems from this vulnerability. Finally, on July 29, Equifax did patch the system, however, it was far too late. On May 13, over 2 months after Equifax should’ve issued the vulnerability resolution patch, the malicious actors were able to utilize the vulnerability to access and steal data from Equifax’s databases which stored millions of customers’ data. Following the breach, Equifax’s incident response made the incident far worse for consumers as the company waited close to six weeks before reporting that the breach occurred and that huge amounts of personally identifiable information had been stolen. In addition to this, Equifax created a website to help aid customers affected by the breach, however, this website had very poor security as it was a separate domain from Equifax which allowed fraudulent imitators to create fake websites to deal even more damage to victims.

Short-Term Recommendations

Hold Contractors Accountable for Cybersecurity with Clear Requirements

The Equifax data breach and customers’ use of Equifax identity validation services have highlighted the need for the public and private sectors to remain vigilant in mitigating cybersecurity threats. A concise effort should be made to ensure that a clear set of requirements is developed for contractors that perform work, especially when it relates to the handling of personally identifiable information. A government-wide framework for cyber and data security requirements should exist to allow organizations such as Equifax to more easily align themselves. As a solidified government framework does not yet exist, Equifax should consider proactively conducting oversight of contractors’ cybersecurity practices/risk, examining contractors’ past performance information, and building cybersecurity requirements into evaluation factors. Equifax provided identity verification services to three federal agencies and these agencies took action in the aftermath of the data breach. Following the breach, The Internal Revenue Service (IRS), Social Security Administration (SSA), and the U.S. Postal Service (USPS) all made site visits to Equifax’s data center in Alpharetta, GA to review security controls. SSA assessed Equifax’s compliance with the NIST security baseline and shared this information with the IRS and USPS, concluding that the security controls were not sufficient.

Ensure Regular, Thorough Patching Becomes a Requirement

A patch management procedure must be implemented against all servers in the organization. Crowe states that “Leaving machines unpatched makes them vulnerable to cyber attacks, and the risk is anything but theoretical. In fact, 57% of data breaches can be directly attributed to poor patch management” (para 2). This indicates that patching is critical to preventing cybersecurity incidents and must be completed as soon as possible.

Empower Consumers through Transparency

Consumer reporting agencies should provide more transparency to consumers on what data is collected and how it is used. A large amount of the public’s concern after Equifax’s data breach announcement stemmed from the lack of knowledge regarding the extensive data CRAs hold on individuals. CRAs must invest in and deploy additional tools to empower consumers to better control their own data. For example, CRAs should offer consumers a free, simple summary explaining the data collected on the individual. The summary should include the number of times the CRA provided their data to a business within the last year. The summary should be available for consumers to view at any time, outside of the annual free credit report offer. This would allow consumers to track the information CRAs have on them and know how often their information was being shared. Credit report locks and freezes give consumers increased control of their data. CRAs are required to offer free credit freezes to all consumers.571 None of these transparency measures, including credit freezes, should require a consumer to sign up for additional services or make any other commitment.

Long-Term Recommendations

Perform a Security Gap Analysis

Lawler from LP3 suggests that “Any company, corporation, or organization that relies on IT should have their system security tested regularly and update their security features to prevent the negative effect of system downtime and illegal hacking” (para 5). It is recommended that a quarterly security review be completed that includes penetration testing, with a potentially more in-depth third-party security audit completed once per year. I would highly recommend that Equifax select an industry-standard security framework such as ISO 27002 as a starting point, which provides best practice recommendations on information security management including risk assessment, access control, change management, and physical security. Once a framework is selected that aligns with Equifax’s requirements, it is critical that a gap analysis is performed to determine which controls are out of alignment with the framework. A gap analysis may be conducted by a third-party information security vendor and will involve gathering data on the IT environment, application inventory, policies, processes, and patch compliance across inventory.

Once a gap analysis has been performed across Equifax’s entire information technology infrastructure, a concrete list of issues will have been identified and aggregated across the organization. With this list, a risk assessment must then be performed to determine which issues are the most important for the organization to remediate in the short term, based on the impact that each risk has on the organization if it were to occur. The senior leadership team must make the decision on which risks are the most detrimental to the company and rate every risk with a priority level. Once each risk has been categorized and given priority, a remediation plan then must be created with technical steps on how to resolve each problem presented to the organization.

Implement a Remediation Plan

An information security remediation plan follows from the first short-term recommendation to remediate all of the issues identified in the gap analysis throughout the organization. The approach aims to fix security-related issues in the organization and it is critical for any organization with large quantities of security vulnerabilities such as Equifax. Equifax may decide to have one large remediation plan listing all items which need to be actioned or split the remediation plan up into multiple stages or levels of priority. It is also very important that timeframes for each risk are defined and that owners are assigned to ensure accountability. Once the remediation plan has been completed, it must then be implemented to stop vulnerabilities from being exploited and reduce the level of cyber risk within Equifax.

The planned remediating actions should then be executed in line with the agreed-upon timeframes for each risk. If a problem occurs during the remediation, it should then be recorded against the risk. Any alternative action or change to the remediation should also be recorded against the risk so that this can be tracked if necessary in the future. The IT Security officer within Equifax needs to be made aware of any changes to remediation so that he/she can monitor and upon completion, a rescan should be scheduled and completed to verify that the remediating actions have had the desired effect to control the identified risk. Smith states that “Discovering faults and doing nothing about them is useless and will leave your organization susceptible to many threats” (para 9). Having a remediation plan is one of, if not the most important recommendations for the cybersecurity of Equifax, as it is the single compiled list of actions that resolve vulnerabilities and prevents risks.

Ensure Security Becomes Part of the Culture at Equifax

Threat Stack suggests that training employees on how to properly communicate is one of the most critical areas of training. “Security needs to become a regular part of the conversation at your organization. This means upper management must regularly communicate to all employees that security is essential to running the business” (para 2). Checklists should also be created for the company to remind employees of what to do when an incident takes place when a new hire starts (or leaves) and remind staff of the security policies. Managers may need to consider implementing quarterly security training seminars to help integrate security into the company culture.

References

  1. Lawler, S. (2018). 5 Benefits of Penetration Testing. Retrieved from https://lp3.com/tips/5-benefits-of-penetration-testing/
  2. Smith, D. (2017). Vulnerability Remediation: 5 Steps Toward Building an Effective Process. Retrieved from https://www.beyondtrust.com/blog/entry/vulnerability-remediation-5-steps-toward-building-effective-process
  3. Crowe, J. (2018). MSPs: Keys to Streamlining Your Patch Management Process in 2019. Retrieved from https://www.ninjarmm.com/blog/patch-management-process/
  4. Allin, B. (2018). How to Implement a Security Awareness Program at Your Organisation. Retrieved from https://www.threatstack.com/blog/how-to-implement-a-security-awareness-program-at-your-organization 

Essay on United States Cyber Security History

Cyber security companies or IT security consulting firms manage IT security services such as firewalls, intrusion prevention, security threat analysis, proactive security vulnerability and penetration testing, and incident preparation and response, which includes IT forensics.

According to recent research findings published by Ponemon Institute, within the year 2015, the costs associated with cybercrime had risen to 19 percent, higher than it was in 2014. Globally, a hack in 2014 cost companies $7.7 million on average. This has led to 20 percent of companies globally creating cybercrimes budget between $1 million and $4.9 million depending on the scale of the company and ensuring strict implementation.

This has also led to huge investments in cyber security firms, as the first half of 2015 saw investors pumping nearly $1.2 billion into start-ups in this industry. According to forecasts, the investments were likely to reach $77 billion by the end of 2015. The industry has also been pegged to reach $170 billion by the year 2020.

Research conducted by PricewaterhouseCoopers (PwC) stated that globally, 58 percent of companies have an overall security strategy; 49 percent conduct periodic threat assessments, and 48 percent monitor and analyze security intelligence actively. However, according to KPMG, 50 percent of Fortune 500 CEOs globally with more than $500 million in revenue are usually not prepared as they should be for a cyber-attack.

However worrisome the threat of an attack externally is, companies now also have to worry about internal attacks from employees. According to a survey by SANS 2015, 74 percent of Chief Information Security Officers, CISOs are more worried about internal than external cyber-attacks. According to a survey conducted by PwC, 34 percent of cyber-attacks in 2015 were from current employees and 28 percent from former employees.

The damage caused by cybercrime is estimated to hit $6 trillion by the year 2021. This has led to a forecast that there will be an estimated increase in spending by companies for cyber security between the periods of 2017 and 2021 to $1 trillion. According to Gartner, as of 2016, more than $80 billion was spent on products and services related to cyber security. This is however expected to exceed $1 trillion globally within a five-year period.

As a matter of fact, the cyber security industry is one that is fast-paced as there is a zero percent unemployment rate in this industry. The industry in fact has unfilled positions that are expected to reach 1.5 million by the year 2019. This shows that there is a severe shortage of talent especially as more cybercrimes are being committed almost every other day.

It has been estimated that by 2020, more than 4 billion people will be susceptible to attacks over the internet. The United States Government between the periods of 2006 and 2016 has spent over $100 billion on cybercrime. It also budgeted a whopping $14 billion in 2016 for cyber security.

A recent report on research conducted by Intel shows that the number of devices that will be connected might reach 200 billion in 2020; this is from the 15 billion connected devices in 2015. However, Microsoft and Cisco have countered the report claiming that only 50 billion devices will have been connected by 2020. Regardless of the estimated number, the report points to the same fact that more people will be online and will be vulnerable to cyber-attacks.

Despite the fact that cyber security companies can easily be found in the United States of America and in cyberspace, does not in any way make the industry to be over-saturated. The fact that there are people and organizations out there who would always need the professional services of cyber security companies from time to time to sort out cybersecurity-related issues et al makes the business evergreen.

Starting a cyber-security company requires professionalism and a good grasp of the ICT industry. Besides, you would need to get the required certifications and license and also meet the standard for such business before you can be allowed to start a cyber-security company in the United States of America and in any part of the world.

One good thing about the cyber security consulting industry is that there is a readily available market for their services simply because individuals and even organizations naturally would want to improve and effectively manage their cyber security. So, if you are well positioned and you know how to deliver results as a cyber-security consultant, you will always smile at the bank. 

History of Cyber Security: Critical Essay

“Quis custodiet ipsos custodes?” or being interpreted as “Who watches the watchmen?” This phrase is used generally to consider the personification of the theoretical question as to how power can be held to account. It is sometimes incorrectly attributed as a direct quotation from Plato’s Republic in both popular media and academic contexts. There is no exact parallel in the Republic, but it is used by modern authors to express Socrates’ concerns about the guardians, the solution to which is to properly train their souls. Socrates recommended a guardian class to protect that society, and the custodes (watchmen) from the Satires are often interpreted as being parallel to the Platonic guardians. Socrates’ answer to the problem is that the guardians will be manipulated to guard themselves against themselves a deception often called the ‘noble lie’ in English.

Throughout history, we’ve seen nation-states trying to destabilize each other through covert activity, whether it be spying, sabotage, or subversion. The existential growth of the internet in the 1990s created a new frontier in the area of espionage. It wasn’t long before we began to download portentous warnings about cyberwarfare. Is it possible that a country’s enemies could shut down their power grid, hack financial institutions, render telephone communications moot, and hijack missiles?

In the age of hacktivists and data storage (think iCloud, Dropbox, and Google Drive) the comfort of privacy seems to be one of the past. Hacktivist has made anxiety an uninvited guest in homes across this globe to those hooked up to the “life support” of internet/ethernet cords and the invisible angel called WIFI. In recent years we have seen the unfortunate hand of hacking as it pertains to celebrities, government officials, and everyday regular John’s and Jane’s. Leaked nudes, identity theft, wiki Leaks, and data breaches have rocked all of us. Now one may ask, what is hacking? “Hacking refers to activities that seek to compromise digital devices, such as computers, smartphones, tablets, and even entire networks. And while hacking might not always be for malicious purposes, nowadays most references to hacking, and hackers, characterize it/them as unlawful activity by cybercriminals—motivated by financial gain, protest, information gathering (spying), and even just for the “fun” of the challenge. (www.malawarebytes.com/hacker)

“Many think that “hacker” refers to some self-taught whiz kid or rogue programmer skilled at modifying computer hardware or software so it can be used in ways outside the original developers’ intent. But this is a narrow view that doesn’t begin to encompass the wide range of reasons why someone turns to hacking.” (www.malawarebytes.com/hacker)

“Hacking is typically technical in nature (like creating malvertising that deposits malware in a drive-by attack requiring no user interaction). But hackers can also use psychology to trick the user into clicking on a malicious attachment or providing personal data. These tactics are referred to as “social engineering.” (www.malawarebytes.com/hacker)

For much of the ’70s and ’80s, threats to computer security were clear and present. But these threats were in the form of malicious insiders reading documents they shouldn’t. The practice of computer security revolving around governance risk and compliance (GRC) therefore progressed separately from the history of computer security software. The Trusted Computer System Evaluation Criteria (TCSEC) is a United States Government Department of Defense (D.O.D.) standard that sets basic requirements for assessing the effectiveness of computer security controls built into a computer system. The TCSEC was used to evaluate, classify, and select computer systems being considered for the processing, storage, and retrieval of sensitive or classified information.

What do China, Russia, and the United States have in common? According to CSE.WUSTL.EDU states “Although many countries all over the world are committing cyber espionage, the United States, Russia, and China are considered the most advanced and most prolific cyber spies. Throughout the last decade, the United States has started to incorporate cyber warfare into its war doctrine. Preparation first began in 2002 with National Security Presidential Directive 16, which outlined strategies, doctrines, procedures, and protocols for cyber warfare. This was followed by the Information Operations Roadmap, published by the Department of Defense in 2003, which started to incorporate cyber warfare preparations, such as training military personnel in cyber defense, as part of normal military operations [Schaap]. In 2009, the United States military established the US Cyber Command in Fort Meade, Maryland. The United States is also starting to devote more funding to securing infrastructure that may be vulnerable to cyber-attacks, such as electricity, oil, water, and gas systems [Stone].

“Another major player in the cyber espionage game is China. In recent years China has increased the amount of time, resources, and manpower spent on cyber espionage. China’s People’s Liberation Army, or PLA, includes a special bureau under the intelligence department specifically for cyber intelligence and it enlists programmers right out of college [Stone]. According to recent intelligence reports, the PLA is not only capable of advanced surveillance and espionage but also possesses malware that can take down foreign electricity or water grids [Stone]. Though it is usually difficult to confirm the source of any given cyber-attack, according to an October 2011 report to Congress by the United States’ National Counterintelligence Executive, it has been confirmed that China is responsible for attacking the United States’ networks and stealing secure data in several cases. However, instead of causing outright physical damage, most of China’s efforts seem to be on stealing financial and economic secrets in order to build its own economy [McConnell, Chertoff, Lynn].

“The final major power in cyber espionage today is Russia. The Russian military is suspected to have cyber weapons more advanced than even China [Paganini 1]. Like China, Russia also has special military units dedicated to cyber espionage, where hackers are recruited straight out of university [Stone]. However, unlike China, Russia uses its cyber power to supplement more aggressive forms of warfare instead of simply stealing economic secrets.” 

Is the Internet Considered the Cause of Cyber Security Issues: Argumentative Essay

Urban infrastructure these days is not only about isolated nodes installed for the functioning of a community or society, but it is an interconnected realm of human interaction, deemed critical because of its impact on people’s lives and livelihoods. We have come a long way from when infrastructure was merely about roads, transportation, communication lines and other services that had made life simpler, however, at present time technology has transitioned radically by anchoring itself with these nodes that play a vital role in our existence. Physical devices have become smart and connected through embedded sensors, processors, and software, and the internet is what binds them together. The Internet of Things (IoT) has great potential for automation and analysis and promises a tremendous future but it possesses the potential of a security disaster too. Evidently, critical infrastructure sectors can be categorized very broadly and can enclose every aspect of daily life, but the cyberspace that enables the connectivity of this infrastructure is massive and with no visible boundary or demarcation. This makes it even harder to decide what needs to be protected and how.

It is known that there is no overarching authority over a state, and due to this international anarchy, Australia’s critical infrastructure security is its very own responsibility. If physical facilities, transportation, supply chain, IT, and networks are destroyed or rendered unavailable for an extended period of time, then it would impact not only Australia’s national well-being but also its ability to conduct national defense and ensure the security of its citizens. Even though Australia’s national ambitions for long-term city resilience are realized through cyber-securitization of its critical infrastructure enabled through IoT, the dependency on multiple critical assets and the exposure of each asset to uncountable vulnerabilities, decreases the overall cybersecurity of critical infrastructure in Australia.

This essay aims to describe how vulnerabilities in IoT systems of critical infrastructure have led to the denial of service attacks in the past and analyze the significance of IoT cybersecurity for Australia with respect to international anarchy.

Critical Infrastructure

Infrastructure comprises services and facilities that are used by people to make their life easier and can be stipulated as critical by understanding the consequences should the infrastructure be destroyed or disabled for just an instance or an extended period of time. The vulnerabilities of the nodes that make up this critical infrastructure system depend on several factors such as location, relationality, and dependency. More often than not, these nodes are interconnected and dependent, which is why if one node fails, it leads to a domino effect on other assets and facilities impacting a greater number of livelihoods than estimated. For instance, electricity is a very crucial part of urban infrastructure and deeply affects the majority of sectors of the system.

Some of the commonly known risks to critical infrastructure can arise from climate change, terrorist activities, trade wars, and other such implicit or explicit disruptions. To understand how and for whom infrastructure is critical, we need to understand a) Privatisation and b) Securitisation aspects of urban infrastructural assets.

Privatization:

Most critical infrastructure in Australia is privately owned or operated through complex systems of public-private partnerships (PPP) involving government agencies, government-owned corporations, and private firms. The private sector has the ability to pay for infrastructure and gain benefits from the return on investment, unlike the public sector which focuses on the public good. Privatization of infrastructure can be argued as a political or pragmatic policy and due to this shared ownership of assets, there is the problem of attribution. Shared ownership leads to aggravated risks because recovery of infrastructure after disruption becomes complicated; and the responsibility for rebuilding is tossed between the private sector and public sector. However, the overall weight is more towards the private sector which will be most impacted if there was a threat to critical infrastructure in Australian cities.

Securitization:

Securitization answers the question of how critical is infrastructure and is basically about understanding the significance of protecting the citizens of a country and the value of one life against another. If infrastructure is destroyed, it can be rebuilt or recovered but such is not the case with human lives, therefore using lethal force to protect it is not the right solution. Therefore, the security policies that are framed by the government have to be carefully mandated and executed such that disruption of infrastructure does not harm human life.

For example, in Australia, more than any other threat, climate change is what is disrupting human life at rapid levels leading to extreme weather events such as droughts, bushfires, sandstorms, and hail. These risks are likely to disrupt physical infrastructure in cities and affect the health of citizens too. Therefore, the security approach to resolving or handling this risk is not limited to states or supra-state levels but a human/environmental security approach has to be taken from the central government to protect and empower it.

In this sense criticality within urban infrastructure is both: a function of importance and vulnerability within current settlement patterns in the face of climate change; and a politico-economic discourse and role framed by policies, regulations, markets, and resource availability.

The Internet in the Internet of Things

As we very well know, the Internet is a global system that interconnects computer networks that use standard TCP/IP protocol. These days, it is used by billions of users across the globe connecting a broad spectrum of private, public, business, academic, and government sectors. The Internet has become a commodity and is no more expensive than before. Therefore this ubiquitous nature of the internet has made it possible to expand the scope of its application and transform the nature of businesses and critical infrastructure. What was only used to connect the computers with other networks, is now being used to connect things too; both living and nonliving.

While many think that smart products exist because of the evolution of the internet, the internet is actually just a mechanism for transmitting information. What makes smart, connected products fundamentally different is not the internet, but the changing nature of things. The newfound capabilities of things to generate data and connect to a network of other things have unleashed a new era of competition. The Internet of Things can be considered as a global network that allows communication between human-to-human, human-to-things, and things-to-things, which is anything in the world by providing a unique identity to each and every object.

Architecture of IoT

The IOT structure is basically divided into the above 4 layers and at the top of the Application Layer is the Business Layer which is used for the overall management of the IoT system including applications and services for analysis as well as building strategies.

The Perception layer is the lowest layer that consists of the actual physical objects and sensor devices. The sensors used can be RFID, NFC, 2D barcode, or infrared sensors and are basically used for the identification of devices. The Network layer or the Transmission layer is where the information from sensors is transmitted to processing systems. This layer uses the Internet, Bluetooth, Infrared, and ZigBee as transmission mediums.

The Middleware layer is where the link to the database exists. This is where information is processed and automatic decisions based on the results are taken for actions to be performed on different devices. The Application layer helps in the global management of the entire IoT application system through the information processed in the Middleware layer. IoT applications can be for health, smart city, home, farming, oil and gas refinery, and other industries.

Thus, physical devices in the IoT system are connected through wired and wireless networks often using the same Internet Protocol that connects the Internet. These systems produce massive volumes of data for business analysis and assist in understanding the complexity of systems and responding to them more efficiently.

Impact of IoT on Cyber Security of Critical Infrastructure

Let us discuss the security triad- CIA for IoT architecture:

  • Data Confidentiality: For IoT-based devices, the physical sensor nodes of the devices need to be protected such that data collected by these nodes is not transmitted to unauthorized readers. Data encryption, biometric verification, and two-step verification are a few of the common mechanisms that can be used for achieving confidentiality in IoT systems.
  • Data Integrity: It is also important that the data transmitted from sensors is not altered before it reaches the middleware layer and this could be affected by various factors beyond human control. To ensure the accuracy and integrity of data, mechanisms such as Checksum, Cyclic Redundancy Check(CRC) and hashing can be used.
  • Data Availability: Since IoT is mainly about making data available to users and application builders, it is very important to ensure that authorized personnel and parties have access to information resources not only in normal conditions but in disastrous conditions as well. A denial of Service (DoS) attack is one of the most common attacks on IoT systems by cybercriminals where data is made unavailable to authorized users.

In an IoT system of critical infrastructure, every aspect is crucial and due to its architecture, security must be implemented not only at the device level but also through the network, cloud, and back-end database systems. Also, once the data is transmitted to the database, it is still not secure and continuously needs to be monitored for unauthorized modifications. Situations like unauthorized physical access, insufficient processing power for security mechanisms, and code developed by the inexperienced developer without following cybersecurity best practices can lead to major vulnerabilities in the system.

As a result, there are several risks of poor implementation of cybersecurity in IoT systems such as theft of data from systems, danger to health and safety of human life, loss in efficiency of the compromised system, exposed privacy details and valuable information, loss in reputation of state and non-compliance with national policies and regulations. IoT systems create critical dependencies and can expose the owner of critical infrastructure to malicious attacks and exploitation.

The Mirai Botnet and Distributed Denial of Service Attack

The internet is a very powerful innovation but is inherently vulnerable to massive security issues that can be used to carry out Distributed Denial of Service (DDoS) attacks. IoT can be considered as an interwoven fabric connecting multiple devices and this massive connectivity has made DDoS attacks more and more popular among the cyber-criminal community.

The year 2016 is still remembered as the year of Mirai in the world of IoT devices when a powerful malware struck and infected a stupendous number of connected devices exploiting a very simple vulnerability or rather ignorance of developers, through default login credentials. On 22nd September 2016, Mirai malware was used to conduct one of the largest DDoS attacks on French internet and cloud service provider OVH peaking at 1.1 Tbps. Only 8 days later on 30th September 2016, it was used to conduct yet another attack on Brian Krebs’s website, KrebsOnSecurity blog with 620 Gbps of traffic which is way too high in magnitude to knock off most websites. The public release of Mirai’s source code by its creator led to more hackers offering the botnets for rent with as many as 400,000 simultaneously connected devices. Following this release, more attacks occurred and one of the most significant DDoS attacks was on 21st October 2016 where the Mirai malware took down the Dyn DNS service that knocked off hundreds of popular websites for several hours such as Netflix, Twitter, Reddit, and GitHub.

The Mirai botnet is developed to attack IoT devices such as webcams, routers, DVRs, and other connected devices. It conducts a brute force attack by guessing the administrative credentials using a small dictionary originally of 62 pairs of login-password details. It exploits the incautious nature of users who continue to use the default credentials after purchasing the device from vendors and do not take the effort of resetting the details. Once the credentials match, it takes on control of the server and infects other devices connected to the IoT system. The botnet can then be used by the attacker to conduct several types of DDoS attacks exploiting a wide range of web protocols. Currently, the Mirai botnet served for the mutation of several such malware that continue to proliferate damage using original methods with inconsiderable modifications.

The Mirai botnet comprises four components as shown in Figure 2. The bot is the main malware that infects devices such as webcams, DVRs, and routers. The main job of the bot is to propagate and transfer the infection to misconfigured devices and to attack a target server as a response to the attacker’s command. The person controlling the bot and sending commands is called the botmaster. The second component is the command and control (C&C) which behaves as an interface for the botmaster to manage the bots and mobilize new DDoS attacks. Usually, an anonymous Tor network is used for communication between the botmaster and C&C so as to make attribution difficult. The third component is the loader which is responsible for the distribution of executables that target different hardware and software platforms by directly communicating with the victim devices. The final component is the report server that maintains a centralized database with information about all victim devices in this botnet and communicates with the newly infected devices directly.

According to Kambourakis, the sheer volume of Linux devices directly exposed to the internet primarily for remote management purposes, along with the lack of frequent firmware updates, the ease to build IoT exploits, and the numerous already known, scalable vulnerabilities found in IoT devices, equip malicious actors with ample ammo to overpower security measures via the assembly of powerful botnets. It can be argued that much of the blame for DDoS attacks often goes to the users for not taking adequate security measures such as changing default credentials but in the case of IoT botnets, the blame also lies with the vendors who are distributing products with weak security and authorization access. The foundation of security in such devices depends on the measures taken by vendors to provide timely security updates and intervene manually and enforce changing passwords on a frequent basis. It is not only about the technical means of enforcing security anymore but the best practices and robust security standards need to be enforced by distributors as well.

Cybersecurity of Australia in Relation to International Anarchy

Within Australia, AusCERT (Australian Computer Emergency Response Team) provides cyber security services but since it is a non-government organization, it depends on the government for funding and contracts. In the past, the AusCERT community has helped to advance national security and international cooperation.

However, one of the major issues in Cyber-attacks on critical infrastructure is the attribution of attack. Since critical infrastructure is closely linked to human networks, its destruction could lead to physical damage, injury, or long-term environmental effects. “According to international law, the legal or regulatory investigation may be required, increasing the importance of attribution artifacts”. Sometimes attacks originate from a different country and due to international anarchy, makes it difficult to understand which country or law enforcement agency has the authority to investigate and under which legal framework to prosecute the cybercriminals.

Therefore in order to address the transnational issue of Cyber Warfare, peacekeeping organizations such as the UN will most likely need to perform investigations and enforce cyber laws on member states. However, it is difficult to anticipate if the Security Council of the UN will engage in enforcing cyber peacekeeping in the near future. “The US has established already after World War II the declassified 5-eyes cooperation with UK, Canada, Australia, and New Zealand and in response to 9/11 a wider cooperation the 9-eyes cooperation including Denmark, France, Netherlands, and Norway and finally the 14-eyes cooperation additionally including Belgium, Italy, Spain, Sweden, and Germany”.

Such multilateral cooperation for cyber-attack detection and attribution can help in designing an effective solution for international cyber law enforcement and protecting critical assets of member states. However, no such cooperation exists presently; therefore, the cyber security of Australia’s critical infrastructure enabled through IoT is vulnerable to attack, especially when there is no regulatory framework for the prosecution of international cyber criminals.

In conclusion, IoT and its underbelly cybersecurity have cut across critical infrastructure networks and have progressively raised the urban aspirations for smart cities in Australia. However, the fact that these devices are not exactly computer/desktop systems but regular objects from daily life, they lack computational capabilities. Apart from this, these devices are connected to the Internet which is a tsunami of vulnerabilities waiting to be exploited leading to naive security configuration and acting as a low-hanging fruit for hackers to attack on. Even though IoT has increased the efficiency of smart, connected devices and the pool of data acquired by these devices is a treasure for analysis and decision-making, it is important to understand that there is a limit to the number of security measures that can be enforced upon each device and the constant maintenance through security updates is an added overhead for owners of IoT enabled critical infrastructure. On one side the whitehat community and non-government organizations such as AusCERT can help find exploits and secure the vulnerabilities of these systems but the number of cyber criminals who already have access to botnets such as Mirai, range from adolescents or script kiddies seeking a thrill to highly sophisticated state and non-state actors orchestrating a well-defined cyber-attack or cyber espionage.

Unlike the physical boundaries of a nation, cyberspace is not clearly defined which is why, connecting a massive number of critical devices of infrastructure that impact human life and environment to cyberspace and particularly to the internet, decreases the cybersecurity of critical infrastructure in Australia.