Discuss about the Cyber Terrorism for Protecting National Infrastructure.
Today with the ubiquity of internet in every sector of social and political life, cyber terrorism is becoming rampant not mentioning its complexity and severity. It is basically an illegal act of extracting or destroying data and information from an individual or an organization’s computer. This act is executed either by a gang of people or individuals who are considered as computer genius. Cyberattacks have become even more common since any kind of defence mechanisms against such attacks is far from fool proof and the attackers take very advantage of every loophole that exists in cyber law. Another encouraging factor for these criminals is that Internet governance is subjected to various social and economic constraints as well as it lacks the opportunities for assessing different regulatory tools (Shackelford, 2014).
In the modern days, people are eventually depending more and more on the Internet for the sake of surfing and browsing in order to collect information and make business out of it. This has resulted in the expansion of cyberspace and security in the cyber world. Any possibility of threat from use of the Internet can be referred as “criminal acts committed using electronic communications networks and information systems or against such networks and systems” (Lagazio et al., 2014, p.59). Cyber-attacks can be of three kinds. First, there could be non-permitted intrusions which in turn refer to a condition where the criminal tends to invade a different computer system using hacking techniques. Again, viruses could enter the systems through emails and all the information of another computer could be erased or messed up. Thirdly, services could be denied and this might destroy communication with other parts of the system and other computer’s functionality (Howitt & Pangi, 2003).
The Internet has provided scopes to criminals in the cyber world to be used in the virtual world for misanthropic activities. When different firms and individuals carry out their activities on the Internet, they are usually not aware that this space could become home to criminals who can initiate their attacks. While it is true that the cyber space should be protected from them, IT experts are still not able to completely understand how far cyber-crime is effective and what could be the probable outcomes. Since this aspect cannot be completely determined, cyber security methods are not competent enough (Globalpost, 2011). Different types of criminals can pursue cyberattacks. They use illegal networks which could be built for purpose of building an area for their crimes to be carried out. Cyber law system emphasizes on the specific area of such crimes (Kshetri, 2010). Cyber law is about studying the behavioural tendencies of cyber criminals by assessing their economic effects. However such issues cannot always be evaluated only on basis of economic dimensions. For instances some crimes can take place for seeking vengeance and satisfying psychological needs. This is most likely to not consider the cost or the chance of being pointed out. Economic aspects are useful especially when cybercrimes lead to money laundering related activities. This occurs when expected gains are compared with the costs to be incurred (Lagazio et al., 2014).
Applications & technology
Biometrics is the way of having technology that can distinguish between people’s physical features like thumbprints and retinas. Since, these features are unique for every individual therefore they can act as strong security features as wrong persons, i.e. if the computer cannot recognize the thumbprint or retina, cannot assess any information stored in the computer. Although biometric authentication is considered as an enhanced form of security measure this also has associated risks. For one, people whose physical features are used as security and who have access to confidential sources may not maintain their loyalty. Secondly, people may be unwilling to provide their biometrics as security feature for privacy concerns like relating them to some past crime or misdemeanour. Predicting the future is not free of risk. With the growing need of security methods, the concept of privacy is changing. One major example is travelling by air which requires passengers to agree to body scan and scrutiny of personal luggage, and this is not an option. To enter USA, one needs to provide two fingerprint scans. One major terrorist attack can change the personal concept of privacy as people are lowering their opposition to personal searches and storing personal information by the respective authorities. Although it cannot be said for sure that in future there will be universal acceptance of biometric authentication, the tolerance level is surely increasing (Crowley, 2006).
Quantum cryptography is a way of writing messages in a code so that it cannot be read by cyber criminals. Although it is assumed that strongest encryption keys are unbreakable it still cannot guarantee that with time and advancing technology such keys will remain secured forever. Such keys are used in high circles like government and national security centres and therefore demand fool proof method of security. At present 2048-bit keys are used for encryption and they are practically impossible to break since it will thousands of years to do so with one computer. However, in recent time a student in Notre Dame broke a 109-bit key in 549 by running 10,000 computers around the clock. However, this scenario is totally impractical although this incident established if time and resources are there then keys can be broken. It is also possible that someone may invent a mathematical shortcut way to achieve the task (SANS Institute, 2003).
Research Question and Vague areas
An appropriate research question related to cyberterrorism could be ‘Can cyber security measures be directed to curb or prevent cyber terrorism of different forms?” Although there is a constant proliferation of worms and viruses, the scenario is changing with bots and botnets becoming more rampant and full of hassles. One major way of financial gains is making and selling botnets to potential cyber criminals who lack time or energy to make botnets. Moreover, there is a second way of making money by using botnets to attack servers such as DNS or mail servers thus making the servers inaccessible or slow. This is turn gives the opportunity to botnet holders to ask for money from organizations in exchange of leaving their places. In the world of malware, before a new attack is perfected attention is shifted to creating a new one. According to Schultz, (2006, p.8), “Writing worms and viruses that cause massive infections is apparently no longer a central focus; writing better bots and creating larger botnets is”.
Importance in real life
Stealing of private information is a growing concern in the social media arena. It is a place where people post their personal photographs like vacations, family ceremonies, etc. However, such stuff can be used by hackers, stalkers or potential employers. Moreover, people tend to post their vacation dates on these sites which becomes perfect opportunities for burglars to break into their houses. People who tend to party and smoke joints give out such information in social media which can harm their career also make their friends appear same by association and as such friends can sever contacts with them. Even a harmless picture like that of a baby can label the person as pedophile (Siciliano, 2011).
Advantages and disadvantages
Before finding the proper solution, motivational aspects can initiate cyber criminals towards cyberattacks. A certain area where cyber criminals are emphasizing upon regarding their criminal acts refers to advanced metering infrastructure (AMI) that refers to the process of recording use of data for utility companies which facilitate decision making for customers on use of energy based upon the initial price of its usage. AMI could not establish security measures. Attackers enter the AMI framework with the motive of cyber attackers to disrupt the infrastructural facilities of a nation. Besides this, evil cyber attackers can try to use AMI as a point of initiation for different attacks on the Internet by “virtue of the vast number of devices, their ability to initiate many-pronged attacks, and even their ability to hide malicious or criminal data through dispersion among many nodes” (Foreman & Gurugubelli, 2015, p.101). When a system is under assault, the effect is not just within a particular structure. Since the infrastructures are interconnected and interdependent, the impact can be felt upon all kinds of frameworks under attack. Also, the impact can be upon other related frameworks of other systems. One example can be found in the electric industry which, if disrupted can have its impact upon other industries which require electric power. When electricity is disrupted the whole country is affected (Amoroso, 2012, p.294).
It is said that “the task of aligning IT and business priorities is more art than science” (Businessweek,2014). According to a survey conducted by IBM in 2010 on 1,500 CEOs, information management in companies is lagging behind and is not matching up to the constantly changing IT environment (McAfee, 4). In response to this complex situation, cloud computing has emerged as a new technology of keeping all data in data centres, and then lease the digital assets to other users. In such a case, customers will not have to bother with the details and can pay only for the data required. Privacy concerns are related to mapping the virtual machines to the physical machines. In intrusion detection systems, data mining techniques can be available for malware detection in clouds (Sen, n.d.).
From what we understand the Internet has a key role in the security and economic growth of a country. Cyberattacks are carried out by experts who usually have the expertise and necessary possessions to enter any area such as financial, communication, health care, emergency and public infrastructure areas like water, oil and gas. Cyberattacks are complex and this is clear from the fact that such misdeeds can be executed by terrorists, political enemies and even teenagers. Cyber security measures should take into considerations the purpose and objectives of all kinds of hackers. The idea is to ideally integrate technology into political decisions in order to battle against such cyber criminals on various aspects. Cyber security maintenance should be done carefully without bringing about any leakage in the system. Cyber security is essential in all spheres of life, including households and industries. I also believe that generating personal awareness is the key to prevent cyber-crimes from all aspects. My colleagues have given a positive feedback on my paper. They have added issues like cyber crime that can lead people losing credit card money, bank account money. I agree with them that one secured way is to use to use to personal computers with licenced versions of antivirus.
Amoroso, E. (2012) Cyber Attack: Protecting National Infrastructure, Elsevier
Businessweek (2010). 5 ways to improve IT effectiveness, Businessweek, retrieved from: https://www.businessweek.com/managing/content/mar2010/ ca20100319_518706.htm
Globalpost (2011), China implicated in massive cyber attack targeting US, global post, retrieved from: https://www.globalpost.com/dispatch/news/regions/asia-pacific/china/110803/china- google-cyber-attack- us-spearphish- trawl-dope
Crowley, M.C. (2006). Cyber crime and biometric authentication – the problem of privacy versus protection of business assets. Australian Information Security Management Conference, Edith Cowan Univ.
Foreman, C. and Gurugubelli, D. (2015) Identifying the Cyber Attack Surface of the Advanced Metering Infrastructure. The Electricity Journal, 28(1), 94-103
Howitt, A.M. & Pangi, R.L. (2003). Countering Terrorism: Dimensions of Preparedness, MIT Press
Kshetri, N. (2010). The Global Cybercrime Industry, Springer
Lagazio, M., Sheriff, N. & Cushman, M. (2014). A multi-level approach to understanding the impact of cyber crime on the financial sector. Computers & Security, 45, 58-74
McAfee, A. (2011). What Every CEO Needs to Know About the Cloud. Harvard Business Review, 89(11)
SANS Institute (2003). Quantum Encryption – A means to perfect security? SANS Institute, retrieved from: https://www.sans.org/reading-room/whitepapers/vpns/quantum-encryption-means-perfect-security-986
Schultz, E. (2006). Where have the worms and viruses gone – New trends in malware. Computer fraud & security
Sen, J. (n.d.). Security and Privacy issues in cloud computing, TCS, retrieved from: https://pdfs.semanticscholar.org/4dc3/70d253020947a8e66b701e12dd0233161229.pdf
Shackelford, S.J. (2014). Managing Cyber Attacks in International Law, Business, and Relations, NY: Cambridge Univ. Press
Siciliano, R. (2011). Social media privacy and personal security issues, Huffington Post, retrieved from: https://www.huffingtonpost.com/robert-siciliano/social-media-privacy-and_b_245857.html