Cyber Warfare and Cyber Terrorism

Dr. Aly, O.
Computer Science

Introduction

The purpose of this discussion is to discuss and analyze the cyber warfare and cyber terrorism. The discussion addresses the damages that could be to the government, companies, and ourselves in United Stated if we get attacked by a foreign government using cyber warfare or cyber terrorism. The discussion also discusses whether the United States is prepared for such a scenario.

Cyber Warfare and Cyber Terrorism

The term cyberterrorism was coined in 1996 by combining the terms cyberspace and terrorism. The term, since then, has become widely accepted after being embraced by the United States Armed Forces. In 1998, a report was generated by the Center for Strategic and International Studies entitled Cybercrime, Cyberterrorism, Cyberwarfare, Averting an Electronic Waterloo. In this report, the probabilities of these activities affecting a nation were discussed, followed by a discussion of the potential outcomes of such attacks and methods to limit the likelihood of such events (Janczewski, 2007).

The term cyberterrorism is defined in (Janczewski, 2007) as “means premeditated, politically motivated attacks by subnational groups or clandestine agents, or individuals against information and computer systems, computer programs, and data that result in violence against non-combatant targets.”

Cyber attacks are usually observed after physical attacks. The increased wave of cyberattacks was observed after the downing of an American plane near the cost of China, cyber attacks from both countries began against facilities of the other side is a good example. Another example includes the cyber attacks throughout the Israeli/Palestinian conflict, and the Balkans War and the collapse of Yugoslavia. Moreover, cyber attacks are aimed at targets representing high publicity value. Favorite targets by attackers are top IT and transportation industry companies such as Microsoft, Boeing, and Ford. The increases in cyber attacks have clear political/terrorist foundations. The available statistics indicate that any of the previously mentioned conflicts result in a steady increase in cyber attacks. For instance, attacks by Chinese hackers and the Israeli/Palestinian conflict show a pattern of phased escalation (Janczewski, 2007).

Building protections against cyber attacks requires understanding the reasons for such attacks, to reduce and eliminate the attacks. The most probable reasons for cyber attacks include a fear factor, spectacular factor, and vulnerability factor. The fear factor is the most common denominator of the majority of terrorist attacks because the attacker desires to create fear in individuals, groups or societies. The spectacular factor reflects the attacks that aim at either creating huge direct losses and/or resulting in a lot of negative publicity. Example include the Amazon.com site which was closed for some time due to a Denial of Service (DoS) attack in 1999. As a result, Amazon incurred losses due to suspended trading, but the publicity the attack created was widespread. The vulnerability factor includes the cyber activities which do not always end up with huge financial losses. Some of the most effective ways to demonstrate the vulnerability of organization are to cause a denial of service to the commercial server or something as simple as the defacement of web pages of organizations, very often referred to as computer graffiti (Janczewski, 2007).

Cyber attacks consist of virus and worms attacks which can be delivered through email attachments, web browser scripts, and vulnerability exploits engines. They can also include Denial of Service (DoS) attacks designed to prevent the use of public systems by legitimate users by overloading the normal mechanisms inherent in establishing and maintaining computer-to-computer connections. Cyber attacks can also include web defacements of informational sites which service governmental and commercial interests to spread disinformation, propaganda, and/or disrupt information flows. Unauthorized intrusions into systems are another form of Cyberattacks which leads to the theft of confidential and/or proprietary information, modification and/or corruption of data, and the inappropriate usage of a system for launching attacks on other systems (Janczewski, 2007).

Cyber Terrorist Attacks are used to cause disruptions. They come into forms; one against data and another control system. Theft and corruption of data lead to services being sabotaged, and this is the most common form of Internet and computer attack. The control system attacks are used to disable or manipulate physical infrastructure such railroads, electrical networks, water supplies and so forth. Example include the incident in Australia in March 2000 which happened by an employee who could not secure full-time employment used the Internet to release one million liters of raw sewage into the river and coastal waters in Queensland.

Potential Impact and Defenses and Fortifications

The cyber attacks and cyber terrorism have negative impact and consequence on the nation. These consequences may include loss of life, significant damage to property, serious adverse U.S. foreign policy consequences, or serious economic impact on the United States (DoD, 2015). The preparation of a program of activities aimed at setting up effective defenses against potential threats plays a key role in mitigating the impact of such attacks. These fortifications include physical defenses, system defenses, personnel defenses, and organizational defenses. The physical defenses are required to control physical access to facilities. The system defenses are also required to limit the capabilities of unauthorized changes to data in storage or transit. The personnel defenses are required to limit the changes of inappropriate staff behavior. The organizational defenses are required to create and implement an information security plan. Table 1 summarizes these defenses (Janczewski, 2007).

Table 1. Summary of Required Defenses.

In summary, the cyber attacks and cyber terrorism have a negative impact on the nation. The government and organizations must prepare the appropriate defenses to mitigate and alleviate such negative impact. These defenses include physical, system, personnel and organizational.

References

DoD. (2015). The DOD Cyber Strategy. Retrieved from https://www.defense.gov/Portals/1/features/2015/0415_cyber-strategy/Final_2015_DoD_CYBER_STRATEGY_for_web.pdf.

Janczewski, L. (2007). Cyber warfare and cyber terrorism: IGI Global.

Steganography

Dr. Aly, O.
Computer Science

Introduction

The purpose of this discussion is to discuss and analyze steganography. The discussion also addresses the methods to detect information and possible threats that utilize this method of steganography.

Steganography

It is a method that uses the cryptographic technique to embed secret messages within another message. The algorithm of steganographic method work by making alterations to the least significant bits of the many bits which make up image files. The changes are minor which does not impact the viewed image. This method allows communicating parties to hide messages in plain sight. For instance, they might embed a secret message within an illustration on an innocent web page (Abernathy & McMillan, 2016; Stewart, Chapple, & Gibson, 2015).

The steganographic method is often used to embed secret messages within images or WAV files because these files are often so large that the secret message would be easily missed by even the most observant inspector. This method is used for illegal or questionable activities such as espionage and child pornography. It can also be used for legitimate reasons such adding watermarks to documents to protect intellectual property. The hidden information is known only to the creator of the file. If another user later creates an unauthorized copy of the content, the watermark can be used to detect the copy and trace the offending copy back to the source. The steganographic method is a simple technology to use with free tools openly available on the Internet, such as iSteg tool which requires you specify a text file containing your secret message and an image file that you wish to use to hide the message (Stewart et al., 2015).

Methods for Steganography Detection

Although the message is hidden within an image or WAV files, it can be detected with a comparison between the original file which was used and the file that is suspected with the hidden message. The hashing algorithm such as MD5, a hash can be created for both files. If the hashes are the same, the file doe does not have a hidden message. However, if the hashes are different, it indicates that the second file has been modified. The Forensic Analysis technique can retrieve the message. With respect to the egress monitoring, the organization can periodically capture hashes of internal files which rarely change. For instance, graphics files such as JPEG and GIF files stay the same and do not get changes. If security experts suspect a malicious insider is embedding additional data within these files and emailing them outside the organization, they can compare the original hashes with the hashes of the files the malicious insider sent out. If the hashes are different, it indicates the files are different and may contain hidden messages (Stewart et al., 2015).

References

Abernathy, R., & McMillan, T. (2016). CISSP Cert Guide: Pearson IT Certification.

Stewart, J., Chapple, M., & Gibson, D. (2015). ISC Official Study Guide. CISSP Security Professional Official Study Guide (7th ed.): Wiley.

Biometric Access Control

Dr. Aly, O.
Computer Science

Introduction

The purpose of this discussion is to discuss and analyze the biometric access control to secure a highly sensitive area of the organization operating environment. The discussion begins with a brief overview of the Access Control, followed by Biometric Technology, and the Implementation of Biometric System.

Access Control

The Access Control technique whether for the physical asset or logical assets such as sensitive data is to limit and control the access to the authorized users only to access network, system or device. The Access Control technique involves access type to the network, system or device. The Access Control is provided to those authorized users through physical and logical controls. The physical access is to limit access to the physical components such as network, system, or device. Locks are the most popular physical Access Control technique to prevent access to the data centers including the network devices such as routers, switches and wires, and systems. Other physical Access Control techniques include guards and biometrics, which should be considered as part of the security measures, based on the assets values, and the need to protect such assets. The logical Access Control, on the other hand, limits and control the access of the authorized users using software or hardware components. Examples of the logical Access Control include authentication and encryption. The implementation of the physical and logical Access Control requires a good comprehension of the requirements, the administration methods of the Access Control, and the assets which will be protected. Protecting a physical data center is different protecting the data stored in the data center (Abernathy & McMillan, 2016).

Biometric Technology

Biometric technology is physiological or behavioral characteristics. The physiological characteristics include any unique physical attribute of the user, including iris, retina, and fingerprints. The behavioral characteristics measure the actions of the user in a situation, including voice patterns, and data entry characteristics. Biometric technologies as security measures started to be embedded into the operating system such as Apple’s Touch ID technology. Understanding both physiological and behavioral characteristics must have a priority to ensure the adoption of these technologies for more secure access control.

The physiological characteristics of the Biometric technology employ a biometric scanning device to measure certain information about a physiological characteristic. The physiological biometric systems include fingerprint, finger scan, hand geometry, hand topography, palm or hand scans, facial scans, retina scans, iris scans, and vascular scans.

The behavioral characteristics of the Biometric technology employ a biometric scanning device to measure the action of the person. The biometric behavior system includes signature dynamics, keystroke dynamics, and voice pattern or print.

The security professional must have a good understanding of the following biometric related technology so that they would not struggle during the implementation of such a technology. These terms include enrollment time, feature extraction, accuracy, throughput rate, acceptability, false rejection rate (FRR), false acceptance rate (FAR), crossover error rate (CER). Table 1 summarizes each of these terms with a brief description.

Table 1. Biometric Technology Related Terms.

When using Biometric technology, security professionals often refer to a Zephyr Chart which illustrates the comparative strengths and weaknesses of the biometric system. However, other methods should also be considered to measure the effectiveness of each biometric system, and its level of user acceptance. Table 2 summarizes popular biometric methods. The first popular biometric methods ranked by the effectiveness of the most effective method first. The second popular methods ranked by user acceptance. As shown in the table, an iris scan is on the top list as an effective method, while voice pattern is at the top of user acceptance method.

Table 2. Summary of the Popular Biometric Methods.

Implementation of Biometric System

In accordance to (CSA, 2011), security control must be strategically positioned and conform to acceptable quality standards consistent with prevalent norms and best practices. Thus, entry points must be secured using Access Control system such as proximity cards/biometric access. When dealing with Cloud environment, the traditional authentication method for user username and password should not be sufficient. Organizations and Cloud users must employ strong authentication techniques such as smartcard/PKI, Biometrics, RSA token, and so forth (Sukhai, 2004). The implementation of Biometric technology provides a more secure layer to access either the physical location where systems, network, and devices are located or to the data which stored in these data centers. With respect to the user, the user can view it as a convenient method as these biometric methods are part of the bodies which can last as long as the user is authorized to access these facilities and these data. Since the iris scan seems to be the most effective biometric method, the researcher will employ such a method during the implementation of the Biometric technology. The iris scan method scans the colored portion of the eye, including all rifts, coronas, and furrows. It has a higher accuracy than any other biometric scan.

In summary, this discussion discussed and analyzed Biometric Access Control which can be implemented to secure a highly sensitive area of the organization. The discussion analyzed the Access Control techniques, Biometric Methods, and the Implementation of Biometric Method. The analysis indicates that iris scan is the most effective methods, while voice pattern is ranked at the top of the user acceptance.

References

Abernathy, R., & McMillan, T. (2016). CISSP Cert Guide: Pearson IT Certification.

CSA. (2011). Security guidance for critical areas of focus in cloud computing v2. 1. Cloud Security Alliance, v3.0, 1-76.

Sukhai, N. B. (2004). Access control & biometrics. Paper presented at the Proceedings of the 1st annual conference on Information security curriculum development.