Thursday, 17 May 2012
Cyber-terrorism: tomorrow’s threat?
Cyber-terrorism: tomorrow’s threat?
By Richard Moss | Dec 19, 2008 | 2195 reads
6 comments
Facebook
LinkedIn
Digg
The tragic events in Mumbai demonstrated the shocking reality of terrorism designed to kill, maim, and shake the foundations of civilization to its core. And the November attacks coincided with a spate of news articles and reports on the subject of cyber-terrorism. But as the events in Mumbai illustrate, there is a quiet a difference between real-world terrorism and the virtual kind but how long that remains the case has an awful lot to do with the information security industry!
Real-world terrorist attacks have changed tactics in recent years; changing from largely symbolic attacks demonstrating attack capability against civil or military targets but not necessarily intending major loss of life, to a more shocking spate of attacks designed to cause mass casualties on a much larger scale and generate intense global publicity. Death, disruption and fear are the objectives.
So in comparison no wonder cyber-terrorism remains largely the concern of government agencies and its public face confined to cinema screens and paper-back novels giving it a somewhat fictional air. But nothing is further from the truth, cyber-terrorism is a very real and growing threat and one the security industry needs to concern itself with. Successful cyber-terrorism attacks have already been made against multiple targets including transportation systems, SCADA, building alarm & control systems, and even national space systems. These ‘simple-unstructured attacks’ where terrorists have demonstrated capability to conduct basic attack vectors against individual systems prove it can be done but it is the very alarming possibility of future complex and coordinated cyber-attacks that strikes genuine fear.
As with all things security it’s worth examining the risk and the source of potential threats, and for this I’ve always liked the acronym C.O.M.I.C which helps “map” the origin of potential threats:
-
C is for commercial. Interested parties who have a commercial interest in things such as intellectual property like patents, formula, pricing, launch plans. Industrial espionage lives here
-
O is for opportunist. Someone who is unexpectedly presented with the opportunity to attack or steal from you due to compromised or lax security. Very often the attack origin is internal to an organization but it can also be external as well.
-
M is for monetary. Here the attack is financially motivated and the interested party only cares about making money. This is cyber-crime, today bigger than the illegal drugs trade
-
I is for ideological. Often the most difficult threat or attack for organizations and individuals to understand. Hate crimes and extremist activity live here such as anti-globalization extremists, animal rights activists, eco-extremist and of course cyber-terrorism. Often unpredictable, attacks are often sustained and difficult to mitigate as attackers are not in it for monetary or commercial gain
-
C is for Can-do. The original hobbyist hacker doing it because “they can”, still a threat but receding in some respects when compared to threats in other areas.
Cyber-crime and cyber-terrorism are of course distinct and different (yet both are criminal acts, at least in most countries) but there is a strong likelihood that terrorists will use cyber-crime as a fund-raising activity much as they do with real world attacks. Evidence from Madrid suggests proceeds from drug sales were used to fund the bombings whilst in elsewhere (Mumbai) web tools such as Google Earth have been used for "hostile surveillance and targeting purposes", and the internet has also been used by terrorists to radicalize people and incite violence on a regular basis. (see Shared Destinies: Security in a Globalised World).
So who should care? Well as real-world terrorists have shifted from soft to hard targets with the intent of causing death, disruption and fear it seems highly unlikely the cyber-terrorist will resort to SPAM or DDoS your web-site for a little while. Instead, they are likely to target highly complex commercial and industrial systems with the sole intent of causing death, destruction and media attention as the terrorist moves from simple-unstructured attacks to more sophisticated and coordinated attacks with the capability to cause mass-disruption against integrated, heterogeneous defenses and with a capability for significant target analysis, detailed command and control, and organization learning capability designed to improve attack techniques and success rates.
The problem is simply that the world’s essential services now rely upon complex inter-connections between numerous disparate parts to function and these parts are becoming increasingly vulnerable to attack because we are making our systems more complex and tightly coupled (read ‘Normal Accidents’ if you want a scare). What’s more, they are increasingly dependent upon standardized Internet Protocols and software platforms vulnerable to exploit (do you really want “patch Tuesday” on your nuclear control systems??) and incredibly prevalent - alarmingly the likely targets are systems already running national infrastructure, public utilities, air transportation and the airplanes themselves, nuclear facilities and chemical and petrochemical plants. The list is endless and increasingly frightening - and they are all increasingly vulnerable!
So you’re not likely to be targeted by Al-Qaeda spam but they will look to reverse critical flow in petrochemical plants causing explosion, over-ride emergency shut-down systems in volatile production processes while virus’s create havoc on the process itself, crash – quiet literally – high speed public transport systems, crash banking systems, disrupt essential services. In short - gain access to any system that if miss directed can cause death, injury and panic; and whist they’re at it disrupt first responder’s dependency on technology to locate and fight any disasters and even use the internet to spread fear, doubt and uncertainty in an attempt to spread panic and make things worse.
So the information security industry should care: there is no quick fix for this and the threat will be upon us before we are prepared so there is no room for complacency or belief that the prevention of terrorism will be handled by some one else - and yet there is plenty of evidence of just that – complacency!
Similar
Add comment
Comments
With more 1000 Designer dresses,we supply Evening Dresses,Custom Dresses,formal gowns,cocktail dresses with wholesale price
prom dresses
Since the past year, malware has continued to evolve to penetrate security defenses. Malware will continue to evolve this year but the good news is that enterprise defenses are evolving as well.
----
Ed Hardy UGG Boots links of london
عقارات السعودية - عقارات الرياض - عقارات الخرج - عقارات مكة المكرمة - عقارات جدة - عقارات الطائف - عقارات المدينة المنورة - عقارات ينبع - عقارات الدمام - عقارات الخبر - عقارات الأحساء - عقارات القصيم - عقارات عسير - عقارات حائل - عقارات تبوك - عقارات الباحة - عقارات الحدود الشمالية - عقارات الجوف - عقارات جازان - عقارات نجران - عقارات مصر - عقارات القاهرة - عقارات الجيزة - عقارات حلوان - عقارات 6 اكتوبر - عقارات الاسكندرية - عقارات الساحل الشمالي - عقارات البحيرة - عقارات السويس - عقارات الاسماعلية - عقارات بورسعيد - عقارات البحر الاحمر - عقارات مطروح - عقارات جنوب سيناء - عقارات شمال سيناء - عقارات دمياط - عقارات الدقهلية - عقارات كفر الشيخ - عقارات الشرقية - عقارات الغربية - عقارات القليوبية - عقارات المنوفبة - عقارات الفيوم - عقارات قنا - عقارات المنيا - عقارات اسيوط - عقارات بني سويف - عقارات سوهاج - عقارات الوادي الجديد - عقارات الأقصر - عقارات اسوان - عقارات الامارات - عقارات ابوظبي - عقارات العين - عقارات دبي - عقارات جبل علي - عقارات الشارقة - عقارات رأس الخيمة - عقارات عجمان - عقارات أم القيوين - عقارات الفجيرة - الوطن العربي - عقارات الكويت - عقارات عمان - عقارات قطر - عقارات البحرين - عقارات الاردن - عقارات لبنان - عقارات المغرب - عقارات السودان - عقارات سوريا - وظائف - وظائف في السعودية - وظائف في الامارات - وظائف في مصر - وظائف في الكويت - وظائف في عمان - وظائف في قطر - وظائف في البحرين - وظائف في الاردن - وظائف في لبنان - وظائف في المغرب - وظائف في السودان - وظائف في سوريا - خدمات - العروض الجديدة - الرعاية و الإعلان - الدعم الفني - العقارات العام - شراء شقق - شراء شقة - شقق بالتقسيط - شقة بالتقسيط - شقق تمليك - شقة تمليك - شقق سكنية - شقة سكنية - شقق فندقية - شقة فندقية - شقق للايجار - شقة للايجار - شقق للبيع - شقة للبيع - شقق مفروشة - شقة مفروشة - غير مصنف - مطلوب شقق - مطلوب شقة
اهداف الدوري الأنجليزي
اهداف الدوري الأسباني
اهداف دوري ابطال اوروبا
مهارات ولقطات منوعة
اهداف الدوري السعودي
اهداف تصفيات كأس العالم
اهداف الدوري المصري
اهداف الدوري الالماني
أهداف كأس الخليج
هدف تيوب
Information on Blogger
knowledge_central_tab
Knowledge Central
Trusted Mobility Index
The mobile ecosystem of devices, services and networks is at a critical inflection point.While the mobile revolution is unleashing massive opportunities in both emerging and mature economies, it is also increasing in complexity and confusion. The reality is the lightning-fast adoption of powerful, smart devices is outpacing society’s ability to secure them. Today, trust in mobility hangs in the balance.
The state of the Internet, Q4, 2011
Geography appears to play a role in frequency of observed attacks on specific ports. For example, Port 23 (Telnet) is a favorite target for attacks observed to be originating from South Korea and Turkey, where it accounted for more than five times the number of attacks targeting the next most popular port (445 in both countries). Other instances of geography-based port targeting include observed attacks centered on Port 1433 (Microsoft SQL Server) in China and on Port 80 (WWW/HTTP) in Indonesia.
HID Global deploys a centralized, web-based IP access control solution at Fuxi Power Plant
Unable to meet the needs for real-time monitoring with its traditional patrol system, China's Fuxi Power Plant has deployed HID Global's VertX V2000.
StubHub: How to spot fraud before it happens
Whenever a list of log-on credentials is dumped onto the Web, retailers get hit with waves of automated attacks. Here's how ticket marketplace StubHub fights the threat.
is time to nike shoes throw
is time to nike shoes throw it down