Professional Documents
Culture Documents
MIS Project
MIS Project
PROJECT REPORT
SUBMITTED BY:
SHABNI K.A
ROLL NO: 42
IIIrd TRIMESTER
SUBMITTED TO:
MBA DEPARTMENT
2018-2020
1
TABLE OF CONTENTS
CHAPTER I
2
INTRODUCTION
Terrorist activities are aimed at the Internet itself, its infrastructure and content
(hardware and software), as well as anyone who uses the Internet in their daily
lives. As a weapon, attacks are committed against physical targets (typically,
critical infrastructures) using Internet resources, to produce real physical impact
Within the scope of this analysis we adopted the view of best practices presented
by NATO:
“A best practice is a method or technique that has consistently shown results superi
or to those achieved with other means. It usually becomes a benchmark or standard
way of doing things that multiple organizations can use. Effective practices
exist at organizational, sector, national and international levels for many things,
3
including interoperability, safety, and security. There are pockets of
excellence that could be leveraged to minimize the duplication of effort and
maximize security postures.” (NATO SfPS, 2014)
Since Cyber Terrorism is a specific domain within the more vast range of
possibilities used by terrorists for centuries, it is important to mention that this
document will not refer to general counterterrorism best practices, except if they
address the topic at hand.
A last note must be made on the existing limitation to directly refer to classified
information, which includes most of the official documents of national and
international security and intelligence agencies, discussing counterterrorism
operational procedures and best practices (including in the cyber domain).
4
According to Mark M. Pollitt, “Cyber terrorism is the premeditated politically
motivated attack against information, computer systems, computer programs and
data which result in violence against non-combatant targets by sub-national groups
or clandestine agents.
Pure cyber terrorism refers to terrorism activity primarily in the virtual space.
There are multiple ways of meeting and communicating anonymously with like-
minded people over internet. To launch a cyber terrorism attack does not require
any physical resources like muscular power, dangerous weapon or large amount of
money. The only required things are knowledge, computer, internet and some
hacking software which can be used multiple times.
In the near future there are possibility of rise of entirely new terrorist groups that
may work in cyber world with safety of anonymity and with fast speed of
organization of members and activity.
5
Objectives of the study
6
CHAPTER II
RESEARCH METHODOLOGY
Collection of Data
Secondary data: - Secondary data are collected from referring books and surfing
the internet.
Research method
7
CHAPTER III
Between 55-60% exposures lie in its real estate coverage. This portfolio
incorporates many major London buildings as well as industrial parks, stadia,
arenas and major shopping centers throughout the UK. The Real Estate & Property
category contained the highest number of potential cyber terrorism scenarios.
The scenarios in this category involve the direct exploitation of evacuation and
safety mechanisms and HVAC systems to create physically damaging effects
impacting a building’s structural integrity, its contents and any individuals inside it.
These scenarios are typically time sensitive in their nature, and would need to be
organized with sufficient intelligence to be fully destructive. The proposed cyber
terrorism scenarios for Real Estate are generally also applicable to all other
categories of exposure and could be carried out against facilities insured under
other categories.
2. Aviation
Airports and commercial airliners have been targets for terrorism and extremists
since the mid-twentieth century. The many of the UK’s largest airports, as well as
NATS air traffic control facilities. The scheme’s coverage does not extend to
carrier jets or planes, or their contents. The scenarios in this category demonstrate
how traditional aviation terrorist attacks can be achieved through digital means.
8
3. Retail
A number of large retailers are covered by the Pool Re scheme. The scenarios in
the Real Estate & Property category may be similarly applied to these facilities and
threaten members of the public. The cyber terrorism scenarios specific to this
category lead to significant business interruption due to the loss or compromise of
stock.
4. Construction
5. Transport
The scheme covers various transport depots (stations, docks, links, major
motorways and toll), though not the vessels themselves, including the undersea rail
connections Considering its international status and symbolic value, we would
expect major rail routes to be a likely target for future terrorist disruption; cyber
represents a feasible avenue by which to compromise this rail service. Other
scenarios in this category involve deliberate cargo and signal tampering to create
explosive collisions with major impacts on public health.
9
Interpretations:-
These scenarios were categorized by their area of impact in one of the ten exposure
categories provided by Pool Re and then qualitatively ranked on various interest
criteria, listed below, in order to establish their likelihood and plausibility as attack
vectors for potential cyber terrorism. They are listed with their breakdown for
Material Damage expressed as a percentage of Pool Re’s portfolio. The list does
not include Housing or Miscellaneous coverage as listed in Pool Re’s own data
schemes.
2. Aviation (1.5%)
3. Retail (2%)
4. Construction (1%)
5. Transport (15%)
7. Healthcare (1%)
8. Pharmaceutical (1%)
9. Chemical (1%)
While TIV (The total insured value) is most concentrated in the London area and
along commuter lines to the UK’s industrial centers, roughly 33% of Pool Re’s
Material Damage exposure is located in urban areas, compared with 66% in non-
city areas. It is reasonable to assume that London would be the area most at risk in
10
any future cyber terrorism plots, and that insured companies located in the City
would be most susceptible to malicious compromise and viewed as high value
targets. However, cyber risk is rarely limited or circumvented by geography. A
piece of malware that is designed to infect a particular industrial system may put
all systems using a certain exploitable technology at risk, and any physical damage
caused may be indiscriminate in terms of location. The most sophisticated and
costly acts of cyber terrorism are likely to impact multiple systems at the national
level.
11
CHAPTER IV
FINDINGS
SUGGESTIONS
12
Introduction of insurance against cyber terrorism may provide relief to the
victims.
Advanced studies and research about encryption and decryption of data may
help to get a protection from the cyber terrorists.
Cyber terrorism is growing threat to all over the sectors, so more care should be
given in this subject matter.
Terrorists already acquire explosives or physical weapons through similar black
market means. Focusing on such black markets, helps to relieve terrorists plot.
CONCLUSION
From the study which conducted on the topic cyber terrorism, we can understand
that, the cyber terrorism attacks on various sectors and its impact. The population
of digital devices, which form the first line of vulnerability to a cyber attack, is
growing rapidly. The complexity of the interaction of those devices with each other
and with existing physical systems, from manufacturing and other industrial
facilities to biological systems, the latter including human healthcare, likewise
increases the potential means or vectors of destructive attacks. The same
complexity also masks criticality of digital processes or devices, i.e., the extent to
which compromising a relatively rare process or device leads to an exponentially
larger effect on the whole system. In this context, issues such as the cost of
business interruption insurance payouts, currently found to be a relatively low
priority concern, and the ongoing progress in industry and commerce of cyber
education, data and process standards, and IT capability in monitoring and
responding to digital anomalies, are expected to become more visible and
significant over time.
13
repeated reassessment of cyber attack over time. A greater depth of understanding
and threat assessment will be gained through continued collaboration between Pool
Re and the Cambridge Centre for Risk Studies in the coming years.
Bibliography
www.jbs.cam.ac.uk/risk
Cyber Terrorism Insurance Futures Project Lead by Simon Ruffle, Tamara Evan
Evan, T.; Leverett, E.; Ruffle, S. J.; Coburn, A. W.; Bourdeau, J.; Gunaratna, R.;
Ralph, D.; 2017. Cyber Terrorism: Assessment of the Threat to Insurance;
Cambridge Risk Framework series; Centre for Risk Studies, University of
Cambridge. Evan, T.; Leverett, E.; Ruffle, S. J.; Coburn, A. W.; Bourdeau, J.;
Gunaratna, R.; Ralph, D.; 2017. Cyber Terrorism: Assessment of the Threat to
Insurance; Cambridge Risk Framework series; Centre for Risk Studies,
University of Cambridge.
14