Embed Size (px)
DESCRIPTION
This is a required report for Central Washington University IT 486 class. This report is on cyber-warfare and cyber-terrorism
Citation preview
Cyber-warfare and cyber-terrorism
The Next Threat to National Security
Prepared by Rahim Adam & Jeffrey Thorson
IT 486, Central Washington University
April 19, 2023
Professional Value
Cyber-warfare and cyber-terrorism are important to an IT organization both directly and
indirectly. When it comes to our national security it is important to not forget that our private
companies play vital roles to our economy together with the support of our government sector.
Private companies can be attacked with a piece of malware or by a distributed denial of service
attack (DDoS) which is directly attacking the company. These attacks possess significant threats
to our nation’s interests. Both government organizations, private contractors, and the entire
private companies can also be affected through indirect means by attacking other means such as
power grids, air traffic controls systems, gas pipe lines, sabotage our communications of troops
as well as confusing their operational routines and our financial markets systems such as the
stock market.
The root causes of cyber-warfare and cyber-terrorism points out to the evolution of the
internet from early 1990’s. As more private companies, government institutions and our military
tend to rely more on using computer systems and their network infrastructures, hackers and
professional attackers find it to be an opportunity to carry out threats in cyber space. Another
root cause for cyber-warfare and cyber-terrorism is how easily those remote attacks can be
carried out with only minimum resource which can create a psychological fear. A terrorist can sit
in front of his computer and launch an attack into different parts of the world by using various
paths into different countries while covering his tracks to be untraceable, and cause massive
financial damages and even fatalities. Minimal resources and very low budget plans make it very
easy in making this form of terror. On the other hand, traditional terrorism requires much more
resources such as: large finances, weapons, man power and security access. Cyber-terrorism fits
with the terrorism common purpose which is to create fear, confusion and panicking into lives of
their enemies. Unlike traditional terrorism, cyber-terrorism makes the terrorists look fearful on
the time of the attacks since it can take time to trace the attackers while the damages continue to
take place.
Cyber security is comparable to other threats the United States faces due to its effects on
people, companies and our nation’s security. If our network security is not well secured it might
affect our economy, our nation interests and might put the nation at risk.
As our nation and the world adapt rapidly to the technological advances, it is important to
be concerned by moving quickly to strengthen our security in all aspects whether it is private or
government institutions. Our report has found out that there will be more threats as long as our
private and governmental sectors do not step up to catch up with the advance and robust
measures to stop those threats.
Table of ContentsExecutive Summary..................................................................................................... - 1 -
Introduction............................................................................................................... - 2 -
Report Findings:.......................................................................................................... - 3 -
Figure 1 – Cyber-warfare Expenses for Countries.................................................................- 5 -
Figure 2 – Attack Trend with Drill Downs of Motivations......................................................- 7 -
Figure 3 – Top 10 Attack Techniques................................................................................- 8 -
Figure 4 – Distrubution of Targets.................................................................................... - 9 -
Figure 5 – Percentage of Time Spent on IT Security..............................................................- 9 -
Summary................................................................................................................. - 10 -
Conclusion.............................................................................................................. - 10 -
Recommendations..................................................................................................... - 10 -
References............................................................................................................... - 12 -
1
Executive Summary
The Internet has become a vital resource in the past two decades, from a small network
limited primarily to the scientific community to a global network that counts more than two
billion users. With the advancements in technology, an increasing number of applications were
created for the Internet such as email and social networks.
The cyber world has seen an increase in cyber-warfare and cyber-terrorism. Some
countries such as the United States have weak security against these threats. With people storing
sensitive information on networks, this has led to cyber espionage against governments and
businesses.
This report explores where the world is today in cyber security and if businesses in the
United States should be held responsible for strengthening their infrastructure from cyber-
attacks. Specifically, it delves into what has happened and what will happen in the future and
what the world is doing to prepare.
Given the increasing reliance on information systems in general and access to the Internet
in particular, critical infrastructure is growing progressively more vulnerable to cyber-attacks.
Cyber weapons appear to be capable of catastrophic destruction in that they could inflict
“extreme misfortune” on a business in the form of imposing very large, long-term costs. Many
businesses are already incurring losses today because of cyber-attacks, but some are working to
minimize their vulnerability from future threats.
A cyber-attack against critical infrastructures in the United States will shock the public
and cause some sort of chaos. Compared to a standard attack, it is much more difficult to locate
2
where the attack came from. This can give attacker’s confidence to strike a company and steal
valuable information while staying hidden.
Cyber-terrorism has gained popularity in the world because of how simple it can be to
attack a business. As before, the attackers can stay hidden by using remote attacks. They also
only require minimal resources to manage an attack while also creating a big fear factor.
With cyber-warfare and cyber-terrorism becoming more prominent and an easy way to
attack an entity, it is becoming more important to protect the infrastructure from any possible
threat from anywhere in the world.
Introduction
The purpose of this report is to provide a realistic assessment of the capabilities, means,
and motivations of certain individuals or nations to conduct an attack either against the United
States or against regional adversaries. There is no such thing as perfect IT security. For instance,
hackers are always able to keep one step ahead of the latest software security patch. Some secure
portions of nations Department of Defense computer systems are pertaining to procurement and
logistics that are connected to the public switch network. Depending on how these cyber-attacks
are carried out is how they get defined.
Cyber-warfare is an “Internet-based conflict involving politically motivated attacks on
information and information systems” (Rouse). Cyber-warfare attacks can disable official
websites and networks, disrupt or disable essential services, steal or alter classified data, and
cripple financial systems - among many other possibilities.
Cyber-terrorism “is the premeditated use of disruptive activities, or the threat thereof,
against computers and/or networks, with the intention to cause harm or further social,
ideological, religious, political or similar objectives or to intimidate any person in furtherance of
3
such objectives”(Coleman). The U.S. Government states how cyber-terrorism will soon equal or
surpass the danger of terrorism in the near future.
In 2011, former department of homeland security secretary Michael Chertoff and former
defense secretary William Perry warned that “The constant assault of cyber assaults has inflicted
severe damage to our national and economic security, as well as to the property of individual
citizens. The threat is only going to get worse. Inaction is not an acceptable action.” (Hearing
Before The Committee on Homeland Security and Governmental Affairs Senate, February 16
2012)
The scope or limits of our study found that both cyber-warfare and cyber-terrorism are
very hard to predict their occurrence. Finding out when the attack took place and where it came
from is always known after the damage is done.
Report Findings:
In our report findings, we found cyber-warfare and cyber-terrorism to be increasing due
to numerous reasons but mainly because they are easy to be carried out at very low cost budget;
close to nothing. Cyber-warfare and cyber-terrorism are both crimes which can be launched from
any location in the world using various tactics to penetrate the security implemented by the
victims. These threats are real, they prove no one to be safe and they are able to defeat any
country in the world including super power nations like the United States.
Many people believe the United States is going to have a cyber-attack similar to the
devastation of 9/11. Secretary Napolitano stated “After 9/11, we just could not do enough to
protect ourselves from another 9/11. And we have the opportunity here to do something
preemptively, preventively, methodically, and at much less cost to our society overall.” (Hearing
4
Before The Committee on Homeland Security and Governmental Affairs Senate, February 16
2012). The bill was going to help make it their responsibility to take action and be proactive
about securing our infrastructure.
Secretary Napolitano “Obviously, it will cost some to enforce this, to carry it out, but it
will be a fraction of what it would cost our society if there was a successful cyber attack.”
(Hearing Before The Committee on Homeland Security and Governmental Affairs Senate,
February 16 2012).
The cost of constructing worms or viruses are pretty much close to nothing. It takes a
computer, internet access, and few tutorials from online on how to create those viruses if the
attacker does not have knowledge to create codes and send them to the victims. It is a win-win
situation for criminals to carry their attack undetected because they always want to continue with
their viscous attacks. Depending on the severity of the attacks, people who carry out these
actions share two common interests; which is to create confusion and physiological fear in
victims mind as well as stealing classified data.
It is evident that cyber-warfare and cyber-terrorism always comes as a surprise even
though people and nations know about its existence. The attacks can originate from any part of
the world without anyone’s knowledge, however through footprints they get discovered;
sometimes after the damage is done. Severe increase of these threats proves that even super
power nations like USA are all struggling. Whether it is a major financial market, military,
private industries and other nation’s interest, threats continue to thrive more vigorously.
As the technology evolves, criminals who commit these viscous crimes get more
advanced in coding to keep engaging more in cyber-warfare and cyber-terrorism. On the victim
5
side situations get more serious in stepping up with methods to overcome these threats by
implementing more strict governmental rules and regulations as well as gearing up in cyber
security measures.
Figure 1 – Cyber-warfare Expenses for Countries
(Pierluig, 2012)
Figure 1 displays five countries and describes what each of them are focusing on and also how
much each countries expenses are for the coming years. As you see, the US has a “cyber budget
of $1.54 billion from 2013 to 2017” (Pierluig, 2012). While this graph provides and idea of a
countries status regarding cyber-warfare, it fails to show the private businesses aspect and how
much they will invest in their security. Since 90% of the United States infrastructure is controlled
6
by the private sector, the United States should put more focus into strengthening those businesses
as well to reinforce our core infrastructure.
Figure 2 – Attack Trend with Drill Downs of Motivations
(Passeri, 2014)
7
Figure 2 above displays discovered attacks for each month of 2013 and what types of attacks
were taken place. It displays attacks have decreased as the year continued. Unforuneatly that is
not the case says Erin Palmer from BusinessAdministration Information. “The report refers to
2013 as “the year of the mega breach” because of the high number of security breaches, a 62%
increase from 2012. Just eight of the many breaches in 2013 revealed more than 10 million
identities each” (Palmer, 2014). Attacks are becoming more sophisticated and harder to detect
which allow hackers to steal more information without being caught.
Figure 3 – Top 10 Attack Techniques
(Passeri, 2014)
8
Out of all the attacks that were detected, figure 3 breaks down what were the top 10 attacks in
2013. As shown DDoS was the most used technique with SQL injection behind it. DDoS attacks
are popular because hackers can control a botnet with thousands of computers and can attack
someone with high a high rate of success.
Figure 4 – Distrubution of Targets
(Passeri, 2014)
Figure 4 illustrates who are targets for cyber-attacks between January and April of 2014. With
the top three targets being industry, government and organizations, these are the most critical to a
country. There needs to be a greater investment in securing these networks to help diminish
attacks from occurring.
9
Figure 5 – Percentage of Time Spent on IT Security
(Begun, 2008)
This graph shows an estimate of how much time an average user spends on IT Security. The
majority of users surveyed spend no more than 3 hours on security per week. This gives an idea
of how businesses are still not doing enough to protect themselves from cyber-terrorism and that
it needs to be taken seriously.
Summary
Cyber-warfare and cyber-terrorism have become a real concern and are becoming more
of a threat with better technology. People need to be educated on how serious these threats are and how to
help decrease the chance of an attack taking place. As illustrated in figure 5, it is evident more people
need to spend more time learning the precautions that would in preventing these attacks.
Failing to educate the public on what steps they can take to help minimize cyber-attacks would be
very costly to the United States not only economically, but also on a personal level. With attacks being
more focused towards the industry and government as stated in figure 4, there is more of a concern that
people’s private information can be at risk.
10
Conclusion
The world is changing the way war is pictured. In the past we used weapons such
as guns and missiles to attack our enemy, but today, we use technology. Cyber-attacks are the
weapons of the future. Cyber-terrorists can attack any target from anywhere in the world to cause
chaos and harm.
Recommendations
The United States has almost single-handedly blocked arms control in cyberspace. Over
the past decade, the United States has declined to join in on cyber talks because they had not yet
explored what it wanted to do in the area of cyber war. “Now that over twenty nations’ militaries
and intelligence services have created offensive cyber war units and we have gained a better
understanding of what cyber war could look like, it may be time for the United States to review
its position on cyber arms control and ask whether there is anything beneficial that could be
achieved through an international agreement.” (Clarke & Knake, 2010, pp. 219-220).
With cyber-warfare on the rise, and the private sector controlling the majority of the
country’s infrastructure, the government must communicate with the private sector to raise
awareness of the threats and what steps need to be taken to secure the infrastructure.
To help strengthen defenses even more, the government will need to teach citizens how
to protect themselves from cyber-attacks and what needs to be done in case of a possible threat.
By creating guidelines for everyone to follow and a clear path to take, these are just a few
steps that can be taken to help secure our countries infrastructure from any future cyber-attacks
and protect the citizens from harm.
11
References
Begun, D. A. (2008, June 23). Are SMBs Easy Pickin's for Cyber Criminals? Retrieved from Hot Hardware: http://hothardware.com/News/Are-SMBs-are-Easy-Pickins-for-Cyber-Criminals/
Clarke, R. A., & Knake, R. K. (2010). Cyber War.
Coleman, K. (2014, June 3). Cyberterrorism. Retrieved from Directions Magazine: http://www.directionsmag.com/articles/cyber-terrorism/123840
Hearing Before The Committee on Homeland Security and Governmental Affairs Senate, U. S.
(February 16 2012). Securing America's Future: The CyberSecurity Act of 2012. (p. 2).
Washington D.C.: U.S. Government Printing Office.
Palmer, E. (2014, Aprl 25). BusinessAdministration Information. Retrieved from Report:
Targeted Cyber-Attacks Increased by 91% in 2013:
http://www.businessadministrationinformation.com/news/report-targeted-cyber-attacks-
increased-by-91-in-2013
Passeri, P. (2014, May 19). Hackmageddon. Retrieved from 2013 Cyber Attacks Statistics
(Summary): http://hackmageddon.com/category/security/cyber-attacks-statistics/
Pierluig, P. (2012, October 5). InfoSec Institure. Retrieved from The Rise of Cyber Weapons and
Relative Impact on Cyberspace: http://resources.infosecinstitute.com/the-rise-of-cyber-
weapons-and-relative-impact-on-cyberspace/
Rouse, Margaret. "Cyberwarfare." May 2010. SearchSecurity. 3 June 2014 <http://searchsecurity.techtarget.com/definition/cyberwarfare>
Coleman, Kelvin. "Cyberterrorism." 10 October 2003. Directions Magazine. 3 June 2014
<http://www.directionsmag.com/articles/cyber-terrorism/123840>
