Chapter 2 Cyberspace and Cyber-Security Introduction This chapter focuses on the concept of Cyberspace and Cyber-Security (or Cyberspace-Security). The terms “Cyberspace” and “Cyber” are used interchangeably. Cyberspace is a technology-driven imaginary space. Cyberspace is an environment which is experienced by billions of people every day in every country. Cyberspace is a virtual space created by interconnected networks worldwide via Internet. Cyberspace is virtual because it is unbounded by distance, place and other physical limitations. Though cyber-space is a virtual space but it can’t exist without physical (tangible) elements. Physical elements like peripheral devices, mobiles, digital cameras, microphones, telephones, smart phones, Bluetooth devices, infrared devices, modem, network card, memory cards, USB (Universal Serial Bus), Wi-Fi devices etc. are required for the proper functioning of cyber- space. Cyberspace is evolving rapidly day-by-day because of advancements in technologies. Advancement in technologies has turned the way of life. Advancements in Telecommunications infrastructure and Internet are expanding the dimensions of cyberspace day-by-day. Cyberspace is a virtual space and Internet has extended the reach and scale of cyber-space. Cyberspace has now become a necessity rather than a luxury. Technology innovations are extending the span of Cyberspace day-by-day. Number of networks and devices in Cyberspace are increasing rapidly. Cyberspace is a space where everyone can communicate with one another irrespective of time and distance. While Cyberspace provides many Scanned with CamScanner% Cpherspace and Cyye, See, ; rity benefits, it does carry significant risks. Cyberspace has its negative re ercussi, , also, ithas given rise to new types of crimes known as Cyber Crimes. Cyboy, Securi tefers to the policies and procedures which are made to ensure the Security computers, networks, data, information and other computer related TesoUrces in Cyberspace from the unauthorized access, malicious programs (such aS Vir Seg worms and Trojan horses etc.) and other attacks transported through Interne, Basic Concepts Dictionary meanings of Cyber “involving, using, or relating to computers, especially the Internet” “relating to or characteristic of the culture of computers, information technology, and virtual reality” “a prefix used in a growing number of terms to describe new things that are being made possible by the spread of computers” International Organization for Standardization (ISO) defines cyber as “the complex environment resulting from the interaction of people, software and services on the Internet by means of technology devices and networks connected to it, which does not exist in any physical form” Dictionary meanings of Cyberspace “Cyberspace is a virtual world of information through the Internet” “Cyberspace is the notional environme and interaction occurs” “Cyberspace isa virtual world which con: networks that use the Internet and Telec exchange and transmission” nt within which electronic communication sists of worldwide network of computer Ommunication infrastructure for data “Cyberspace is an online world of computer networks” “Cyberspace is an environment in which communication occurs over Internet” “Cyberspace is the environment of the Internet” “Cyberspace is thought of as bein; to information, interactive communi reality” “Cyberspace is the electronic medium of co: communication takes place” “Cyberspace is the virtual space created by interconnected computers an! computer networks on the Internet. Cyberspace is a conceptual electronic spac? unbounded by distance or other physical limitations, William Gibson coined the ig a boundless environment providing access ication, and in science fiction, a form of virtual mputer networks, in which online Scanned with CamScannerCyberspace and Cyber-Security 39 term Cyberspace in his novel Neuromancer (1982) to describe an advanced virtual reality network” “Cyberspace is a new form of space generated virtually in the Internet” “Cyberspace is comprised of hundreds or thousands or more of connected computers, servers, routers, switches, and fiber optic cables, It permits critical infrastructures to work effectively and serves as the “nervous system” of the global economy and societal health and wellness” Origin of Cyberspace Cyber (netic) + space: coined by William Gibson, United States - Canadian writer, in his novel Newromancer (1984) Writer William Gibson coined the term “Cyberspace” ina short story “Burning Chrome” in 1982 which was ultimately launched into popular usage by his 1984 science fiction novel Neuromancer: Cyberspace. According to William Gibson Cyberspace refers to the non-geographical, virtual, even metaphoric space in which all computer objects exist. The term can include the entire content on the Internet. Cyberspace itself comes from “cybernetics”, which in turn is derived from the Ancient Greek “Kybernétés”, which means ‘steersman, governor, pilot, or rudder’. Cyberspace is the blend of “cybernetics” and “space” coined by science-fiction writer William Gibson in his 1982 short story collection Burning Chrome and popularized in his 1984 novel Neuromancer. © Cybernetics is the science dealing with thé comparative study of human control systems, as the brain and nervous system, and complex electronic systems. Cybernetics is the theoretical study of communication and control processes in biological, mechanical, and electronic systems. Definitions of Cyberspace * 1n2009, US Cyberspace Policy Review stated that “Cyberspace is a globally- interconnected digital information and communications infrastructure that underpins almost every facet of modern society” * In 2009, UK Cyber Security Strategy stated that “Cyberspace encompasses all forms of networked, digital activities; this includes the content of and actions conducted through digital networks” * In 2010, Canadian Cyber Security Strategy stated that “Cyberspace is the electronic world created by interconnected networks of information technology and the information on those networks”. Scanned with CamScanner40 Cyberspace and Cyber-Security “Cyberspace refers to a network of communication systems that allow for information and data to be transmitted and received. The internet is a major component of cyberspace as it allows for the reception and transmission of information and data, through communication technologies that enable the management and control of a nation’s web based infrastructure (Goodman et al., 2007)”. Sometimes the terms Internet and Cyberspace are used interchangeably. Cyberspace is an interactive domain made up of digital networks that is used to store, modify and communicate information. It includes the Internet, but also the other information systems that support our businesses, infrastructure and services (UK Cyber Security Strategy, 2011)”. Cyberspace is a virtual space which facilitates the interaction and communication between people worldwide via Internet. Cyberspace is a boundary-less world which facilitates the creation, storage, processing and transmission of information worldwide through ICT (Information and Communication technologies). Cyberspace is an imaginary space which is driven by technology. Cyberspace is a boundary-less world that involves the interaction and communication between people, software and services through ICT. Cyber- space is too vast and for this reason it is very difficult to track, estimate and report the entirety of any malicious activity with certainty. Cyber-space is a border-less world that involves online communications, interactions and transactions which occur via telecommunications infrastructure. Cyberspace is a virtual space where people can interact, communicate, exchange information and ideas, play games, buy and sell products, promote products, conduct conferencing, perform transactions, transfer funds, perform stock trading, search the information, transfer content (images, text, videos etc.), perform commercial transactions, search for content and exchange services worldwide through ICT. : Cyber space is an electronic world which has no boundaries. It is maintained by the worldwide distribution of information and communication technology devices and networks. Cyber space is the realm of online electronic communication and interaction. Cyberspace is an indefinite place where anyone can interact and communicate through Internet and telecommunications infrastructure while working on different computers. All the content which is available via Internet and telecommunications infrastructure is said to be in cyber-space. Scanned with CamScanner 4Qyberspace and Cyber-Security a4 © Cyberspace is a virtual space or imaginary place where all the virtual data (data that is accessible via Internet and telecommunication infrastructure) exist. * Cyber space is an electronic medium of computer networks, in which online communication takes place. Cyber space does not exist in physical form. * Cyberspace is a virtual environment which is expanding day-by-day and it is becoming very difficult to manage all the virtual data available via Internet. * Cyberspace is the virtual environment in which communication over computer networks occurs without regard to geographical barriers. * Cyber-space is a virtual space in which data is stored, modified and exchanged via Internet and associated physical peripherals. * Cyber-space is the space of virtual reality within which electronic communication occurs via the Internet and telecommunication infrastructure. * Cyber-space is a virtual space which is created and facilitated by ICT (Information and Communication Technology). © Cyberspace is a virtual space where billions of people are linked together to exchange ideas, information and services. * Cyberspace comprises thousands of computers, networks, servers, bridges, routers, gateways, switches and cables. It serves as the nervous system for all the sectors of Critical Infrastructure of nation. ; * Cyberspace is an unrealized and simulated world that is experienced daily by billions of people. Like physical space, Cyberspace contains objects like files, messages, text, graphics, multimedia, voice messages etc. Cyberspace supports various online transactions and interactions. Cyberspace has now become a necessity rather than a luxury. * Cyberspace is maintained and facilitated by the ICTs. Cyberspace facilitates the communication and interaction between people, software and services. * Cyberspace isa virtual space where multiple digital networks are connected and used for storing, modifying, transmitting, retrieving and communicating information. * Cyberspace is-an environment which is dependent on Internet and telecommunication infrastructure for online interactive communication. * Cyberspace is a global domain within the information environment consisting of the interdependent network of information technology infrastructures, including the Internet, telecommunications networks, computer systems, WWW and embedded processors and controllers. © Cyberspace is a virtual space which is accessed through Internet. Scanned with CamScanner42 | Cyberspace and Cyber-Securiy | Table : Definitions of Cyberspace Source Definitions of Cyberspace | Google > Cyberspace is the electronic medium of computer networks, in which online communications takes place. # Cyberspace is a metaphor for the nonphysical terrain created by computer systems. * Cyberspace is the impression of space and community formed by computers, computer networks and their users. * Cyberspace is the place where a telephone conversation appears to occur. * Cyberspace is the place between the phones. Oxford English Dictionary (1997) Walter Sharp, Cyberspace and the Use of Force (1999) Gregory Rattray, Strategic Warfare in Cyberspace (2001) E National Military Strategy for Cyberspace Operations (2006) National Security Presidential Directive 54 (2008) © Cyberspace is the notional environment within which electronic communications occur * Cyberspace is the environment created by the confluence of cooperative networks of computers, information systems and telecommunications infrastructures commonly referred to as the Internet and the World Wide Web. * Cyberspace is a physical domain resulting from the creation of information systems and networks that enable electronic interactions to take place. * Cyberspace is a man-made environment for the creation, transmittal, and use of information in a variety of formats. * Cyberspace consists of electronically powered hardware, networks, operating systems and transmission standards. * Cyberspace is a domain characterized by the use of electronics and the electromagnetic spectrum to store, modify and exchange information via networked systems and physical infrastructures. * Cyberspace is the interdependent network of information technology infrastructures, and includes the Internet, telecommunications networks, computer systems, and embedded processors and controllers in critical industries. Scanned with CamScannerCyberspace and Cyber-Security 43 Deputy Secretary of Defense | * Cyberspace is a global domain within the Gordon England (2008) information environment consisting of the interdependent network of information technology infrastructures, including the Internet, telecommunications networks, computer systems, and embedded processors and controllers. ‘Adapted from Source: https:/ / www.researchgate:net/publication/235041748_Cyberspace_What_Senior. Military Leaders Need_to_Know With the benefits carried by the technological advancements, the cyberspace today has become a common pool used by citizens, businesses, critical information infrastructure, military and governments in a fashion that makes it hard to induce clear boundaries among these different groups. The cyberspace is anticipated to become even more complex in the upcoming years, with the increase in networks and devices connected to it. Internet is the foundation for the proper online functioning in cyberspace. Cyberspace is continuously expanding with the innovation in technologies. Cyberspace has no dimensions suchas height, weight, depth and length. Cyberspace is an open environment used by billions of people every day. Cyberspace has revolutionized many aspects of our daily lives. Nowadays Cyberspace is used for millions of applications. Many people depend on Cyberspace for several activities like on-line banking, on-line media, on-line information search, on-line communities, “on-line communications, on-line education, on-line shopping, on-line learning and on-line meetings, on-line entertainment, e-business etc. Huge amount of data travels over the Cyberspace. Alll the data in Cyberspace is travelling over networks. Security of data over the network is a critical issue. There are various threats to data: Backdoors, denial-of-service attack, direct-access attack, eavesdropping, exploits, indirect-attacks and social engineering and human-error. Nowadays Cyberspace _is the common pool (or first source and destination) of information. All the information is readily and freely available through search engines in Cyberspace irrespective of the geographical location. Characteristics of Cyberspace * Cyberspace is a boundary-less space. © Cyberspace is a virtual space, * ICTs (Information and Communication Technologies) are the foundation of Cyberspace. Scanned with CamScannera Cyberspace and Cyberssecury *. The cost of entry for access to Cyberspace is very low. Only a communicatio, device and a network connection are required. Cyberspace is replacing the traditional methods of communication with the on-line communications, | * Cyberspace is virtual but it is made up of physical objects such as cables computers, routers, repeaters, servers, bridges, gateways etc. * Cyberspace is a new space for social interaction and entertainment, Cyberspace provides space for sharing of information and ideas. * Cyberspace is an impartial space; there are no discriminations on the basis | of religions etc. This space is open for everyone without prejudice. * Nobody owns the Cyberspace. Cyberspace act as a backbone for organizations as well as for countries, Activities and benefits of Cyberspace are open for everyone who can afford and use it. Nobody can control, regulate and track the actions (positive or Negative) which are performed in Cyberspace Users have the ability to conceal their identity and location which makes it extremely difficult to track the source of actions. The network structure of Cyberspace gives ita high-level of built-in resilience to attacks that focus on interfering with communication between nodes, For example, when an attacker takes down a node and packets are lost then the receiving computer can automatically request the missing packets from the sending computer and the complete message will still get through. This built in resilience makes it much harder for attackers to interrupt or modify the information in transit. * Cyberspace is affected by the events of physical world. For example: natural disasters, calamities ete. Cyberspace has given birth to a new type of crime known as Cyber crime. Cyberspace is continuously expanding with the advancements and innovations in technologies, Cyberspace is dimension-less. Cyberspace does not have the commonly recognized physical dimensions of height, depth and length. Cyberspace has two main components: Information and Connections. Applications of Cyberspace Different ways of communication like e- mail, conferencing, discussio" forums etc. * Social interaction like Facebook, Whats app, Chat-rooms, etc. Scanned with CamScannerGyberspace and Cyber-Security 45 © Cloud computing * Military applications © Government applications © Communication © Job searching © Health and medicine aplications © Finding books, lecture-notes and study-material © Travelling (on-line ticket booking) ® Online entertainment (games etc.) © Online shopping © Online stock market updates ¢ Research activities ¢ Online recruitment © Online product information ¢ Fast information retrieval Cyberspace and Internet Cyberspace and Internet are not same. «Internet is network of networks whereas Cyberspace is a boundary-less world of information through the Internet. «Internet isa global network whereas Cyberspace is a space that exists within the scope of Internet. Internet is a network of networks whereas Cyberspace is a virtual space that is created within the Internet. Internet is a network of networks whereas Cyberspace is a space that is created by Internet. Internet allows the transfer of data whereas data is travelled over networks within the Cyberspace. Note: Even isolated devices that are not connected to nodes (computers thatare connected to the Internet) can also be part of cyber environment if they can share information with computers connected to Internet through removable media such as USBs, CDs, DVDs etc. All electronic interactions, communications and data, especially those that mediated by the Internet are said to be in the Cyberspace. Some authors use the terms Internet and Cyberspace i Scanned with CamScanner are interchangeably.46 Advantages of Cyberspace Cyberspace and Cyhen.s,. Uriy Unlimited Information: huge amount of informations available in they, environment of cyberspace. Nowadays, Cyberspace has become a Pag where anyone can meet and exchange information at a very Marginal con, Information has found a new residence in the Cyberspace. Nowadays most of the companies are using Cyberspace to reach oj customers, to enhance their operational capabilities and to rea geographies. ‘ Ut to ng, ch out ty Entertainment: free download of games, movies and music Social networking: facebook, WhatsApp, twitter connect billions of People There are many advantages of cyberspace, such as easy access ang communication all around the world. Booking flights and trains online Online shopping Available for 24 hours per day Enhanced productivity Enlarged market reach Reduced operational costs Speed Improved performance Reduced subscription costs (rapid decline in costs) Online payment services High speed trading Better customer service User-friendly Cost-reduction: Cyberspace is based on the concept of virtualization and hence eliminates the need of a powerful configuration deployment by Providing services at a reasonable price and hence itis very helpful for small organizations that cannot afford the cost of infrastructure and storage space. Cyberspace has shifted the cost of managing hardware, software and computational infrastructure to third parties such as Google, Microsoft, Amazon. By shifting the costs of managing computational infrastructure t third parties (for example: cloud computing), Cyberspace has made it possible for individuals and small organizations to deploy world-class services; @ they need to pay is the marginal cost of actual resource usage. Scanned with CamScanner=. — Cyberspace and Cyber-Security 47 « Unlimited information is available in Cyberspace and the cost for accessing this information is very low. «Resource sharing: Cyberspace facilitates high degree of resource-sharing at amarginal cost. Individuals and small organizations can deploy world-class services on the pay-as-per-usage basis. * Large storage capacity: Cyberspace can be remotely utilized by small organizations that can-not afford the cost of expensive resources like hardware, software, storage space, operating systems and infrastructure. Disadvantages of Cyberspace * Asmentioned before, too much time spent in cyberspace can lead to problems in the real world such as feelings of isolation and health problems. * Illegal downloads, although a huge advantage for fans, it is a big disadvantage for movie makers and musicians.as it effects sales and promotes piracy. © Cyber fraud * Theft of personal information: personal intormation such as name, address, credit card number, account number etc. + Spamming: unwanted e-mails in bulk which obstructs the whole system Virus attacks: computers connected to Internet are prone to virus attacks © Cyber terrorism + Thedifficulty of attribution in Cyberspace makes it challenging for defenders to understand where anattack is coming from and makes defensive responses more difficult. © Security: Asall the data is being stored in Cyberspace, security issues should be addressed properly. All the organizations have concerns about security, privacy, residency, unauthorized access, interception, interruption, modification, fabrication and non-repudiation. Security system of Cyberspace should not be vulnerable to unauthorized data manipulation. ¢ The anonymity of Cyberspace ig not absolute even if the attackers are well resourced and competent. ; Environment of Cyberspace Cyberspace environment includes: © Computers * Hardware Scanned with CamScanner8 Cyberspace and Cyber Secu Software that runs on computing devices * Processors © Controllers * Routers ° Bridges * Servers * Switches | * Gateways ¢ Internet Telecommunication infrastructure Stored, transmitted, generated and modified information on these devices ~ * Physical infrastructure: installations and buildings that house the devices ICTs (Information and Communication Technologies) Types of Cyber Space attacks | Simple cyber attacks can be carried out by anyone with basic computer skills | and basic analytical capabilities. The attacke | does not need any special resources \ and can download hacking tools from a website, pick a target and launch anattack, | Simple cyber attacks are common and they teind to attack known vulnerabilities, For example: * Unauthorized Physical intrusion or penetration DoS (Denial of Service)/DDoS (Distributed Denial of Service) attacks Web defacements and semantic attacks DNS (Domain Name System) attacks Targeting routing vulnerabilities * Hacking ¢ E-mail bombs | * Identity theft attacks | * Identity fraud attacks * Counterfeiting © Cyberstalking | | ¢ Cyberharassment | * Cyberterrorism Cybersquatting ned with CamScannerCyberspace and Cyber-Security * Cybervandalism « Data diddling « Ecoterrorism ¢ Theft of information e Extortion ¢ Auction fraud «Credit card fraud © Theft of services * Stock manipulation * Money laundering ¢ Conspiracy + Phishing * Piracy « Direct-access attacks «Indirect attacks * Novel attacks * Dictionary attacks « Honeypot attacks * Injection attacks © Cross-site scripting * Aggregated risk ¢ Spam * Industrial espionage ° Malware Viruses Worms Trojan horse Back doors (or Trap doors) DoS (Denial of Service) attacks DDoS (Distributed Denial of Service) attacks * Hacking 000000 * Cracking ~~ Scanned with CamScanner 4950 Gpberspace and Cyber-Seeup ly Pornography Child pornography Online gaming Treasonous or racist material Interruption Interception Unauthorized modification Fabrication Eavesdropping Non-repudiation Web encroachment IP spoofing Man-in-the-middle-attacks © Wrapping attacks © Flooding attacks o Browser attacks © Impersonating attacks © SSL (Security Socket Layer) attacks Cookie poisoning Replay attack Session hijacking Shoulder surfing Cloud malware injection Password discovery attacks o Guessing attacks © Brute force attacks © Dictionary attacks © Video recording attacks © Stolen verifier attacks Reflection attack Customer fraud attack Scanned with CamScannerCyberspace and Cyber-Security 51 « Insider attack «Prefix hijacking © Guest-hopping attack « =IPV4 and IPV6 attacks * Network channel eavesdropping © Web-browser attacks * Zero day attack * Malicious operations (e.g. metadata spoofing attacks) Components (or Layers) of Cyberspace Different models have been proposed for the Layers of Cyberspace. In the follwing section we will discuss three models: Libicki’s modél of Cyberspace Layers, model proposed by U.S. Army Training and Doctrine Command and model proposed by David Clark from MIT. Libicki’s model of Cyberspace Layers Libicki’s stated that Cyberspace has three layers: Physical layer is at the bottom, next layer is Syntactic layer and next is Semantic layer. Semantic Layer (Information stored in Cyberspace) Syntactic Layer (Goftware instructions and rules, operating system, TCP/IP) Physical Layer (Hardware that creates Cyberspace that is computers, wires, routers) [Layers of Cyberspace] JSource: Adapted from Martin G. Libicki, Conquest in Cyberspace: National Security and Information Warfare (Cambridge: Cambridge University Press, 2007), 236-237] Physical Layer Physical layer consists of wires, routers and computers that create cyberspace and is the foundation of the model. Scanned with CamScannerE Cyberspace and Cyber-Securiy Syntactic Layer / The syntactic layer consists of the rules by which information is transmitteg and processed in Cyberspace. This layer includes the software of cyberspace: operating systems and applications. Semantic Layer The semantic layer is the information itself. Information which is being Processeq and transmitted represents this layer. All the three layers must work together for the proper functioning of Cyberspace, For example, if a user is trying to open a website, first of all user interacts with the physical layer through a mouse and keyboard. Then at the syntactic layer, the computer will interpret the input by applying the rules of operating system. The operating system interacts with the physical layer to send the request through the network card to a router. Syntactic rules of router seek the information and return that information to the computer. The computer displays the semantic information Tequested by the user through a syntactic web browser on a physical monitor. The above example shows how the layers of cyberspace interact with each other, Higher layers are dependent on the lower layers. If the lower layers fail, the higher layers will aso fail. Syntactic layer is dependent on the physical layer and semantic layer is dependent on the syntactic layer. Layers of Cyberspace Attacks Defense Cyberspace Physical Layer | An attacker can attack the | « Physical security of hardware of cyberspace such as installations cables, repeaters, fiber optic cables | « Air defenses or servers * Isolating systems through an L | “air gap” Syntactic Layer | An attacker can attack through | + Firewalls inserting errors in the code of | * Intrusion Detection Systems applications. This layer includes | Patching vulnerabilities TCP/IP, operating systems and applications. Attacks on this layer include Trojan horse, DoS attacks, | Utilizing software flaws | Semantic Layer An attacker is trying to change the | » Keeping backups of information itself, In this layer, the databases and comparing actual information lies and them combatants attack on this layer by | Utilizing multiple sources of manipulating, destroying, or even intelligence with cros Scanned with CamScannerCyberspace and Cyber-Security 53 adding information. In this layer, most information operations take place. checking, as well as data checking and verification processes An attacker can destroy or manipulate information at rest by attacking information storage; he can also attack information in motion by _ disrupting communication systems. [Source: Adapted from Martin C. Libicki, Conquest in Cyberspace: National Security and Information Warfare (Cambridge: Cambridge University Press, 2007), 236-237] Model proposed by U.S. Army Training and Doctrine Command The U.S. Army Training and Doctrine Command (TRADOC) states that Cyberspace can be viewed as three layers (Physical layer, Logical layer, and Social layer) made up of five components (Geographic components, Physical network components, Logical nétwork components, Persona components and Cyber Persona components). All the three layers must work together for Cyberspace to function. Layers of Cyberspace Components of Cyberspace Physical Layer (Bottom layer) Geographic Components Physical Network Components Logical Layer © Logical Network Components Social Layer Persona Components Cyber Persona Components Physical Layer Physical layer has two components: Geographic components and Physical network components. The geographic components include the physical location of elements of the network. Although Cyberspace is a virtual space, there are physical objects tied to it. The physical network component includes all the hardware and infrastructure (wired, wireless, and optical) that supports the network and the physical connectors (wires, cables, bridges, routers, servers, gateways and computers). Logical Layer The logical layer contains the logical network component which is technical in nature and consists of the logical connections that exist between network nodes. Scanned with CamScanner54 Cyberspace and Cyber-Secy, rity Any computer which is connected to a network is termed as node. Every node an IP address. * Social Layer Social layer has two components: Persona components and Cyber person, components The Persona component is composed of actual people on the network wheres, Cyber persona is made up of cyberspace identities. The Cyber persona componeny includes a person’s identification or persona on the network (e-mail address computer IP address, cell phone number, and others). Thus, an individual can have multiple cyber personas (for example, multiple e-mail accounts) and a single cyber persona can have multiple people (such as an organizational e-mail account). Model proposed by David Clark from MIT David Clark from MIT has offered a model with four layers: Physical foundations is the bottom layer, next is logical building blocks, next i information and top layer is people. Security issues in Cyberspace Or Cyber Security While Cyberspace provides many benefits, it does carry significant risks. Cyber Security refers to the policies and procedures which are made to ensure the security of computers, networks, data, information and other computer related resources in Cyberspace from the unauthorized access, malicious programs (such as viruses, worms and Trojan horses etc.) and other attacks transported through Internet. Cyber security, also referred to as information technology security, focuses on protecting computers, networks, programs and data from unintended or unauthorized access, modification or destruction. Mostly all the sectors of Critical Infrastructure are dependent on computers and Internet for collecting, storing: processing and manipulating information. Advancements and innovations it technologies have given rise to cyber attacks. These advancements have benefitted the society a lot by revolutionizing the personal and professional lives of peop!* but indirectly and unknowingly these advancements have benefitted the criminals also. These criminals are known as Cyber criminals. Cyber criminals are ofte" sophisticated and educated white-collar professionals; they use the computers be Internet for committing cyber crimes, Security of data in Cyberspace (Cyber security is the most critical issue Which should be addressed properly. Scanned with CamScannereS Gyberspace and Cyber-Security 55 Allthesectors of critical infrastructure such as government sector, military sector, energy sector, corporations, financial institutions, hospitals and other businesses collect, process and store a great deal of confidential information on computers and transmit that data across networks to other computers. Data is more prone to attacks when itis in transit and with the growing volume of cyber attacks, ongoing attention is required to protect sensitive business and personal information in the Cyberspace. Dictionary meaning of Cyber Security “Measures taken to protect a computer or computer system (as on the Internet) against unauthorized access or attack” Definitions of Cyber Security ¢ The Committee on National Security Systems (CNSS-4009) defines Cyber Security as “the ability to protect or defend an enterprise’s use of cyberspace from an attack, conducted via cyberspace, for the purpose of: disrupting, disabling, destroying, or maliciously controlling a computing environment/ infrastructure; or, destroying the integrity of the data or stealing controlled information”. * The National Institute of Standards and Technology defines Cyber Security as “the process of protecting information by preventing, detecting, and responding to attacks”. «The International Organization for Standardization defines Cyber Security or Cyberspace Security as “the preservation of confidentiality, integrity and availability of information in the Cyberspace”. In turn, the Cyberspace is defined as “the complex environment resulting from the interaction of people, software and services on the Internet by means of technology devices and networks connected to it, which does not exist in any physical form”. + (US) National Initiative for Cyber Security Education (NICE) states that “Cyber Security is the activity or process, ability or capability, or state whereby information and communications systems and the information contained therein are protected from and/or defended against damage, unauthorized use or modification, or exploitation”. * (UN) International Telecommunications Union (ITU) states that “Cyber Security is the collection of tools, policies, security concepts, security safeguards, guidelines, risk management approaches, actions, training, best practices, assurance and technologies that can be used to protect the cyber environment and organization and user's assets”. Organization and user's assets include connected computing devices, personnel, infrastructure, Scanned with CamScanner——_ 56 Cyberspace and Cyber-Security applications, services, telecommunications systems, and the totality of transmitted and/or stored information in the cyber environment. Cyber Security strives to ensure the attainment and maintenance of the security properties of the organization and user's assets against relevant security risks in the cyber environment. The general Cyber Security objectives comprise the following: Availability, Integrity (which may include authenticity and non-repudiation) and Confidentiality. Source: http://www. itu.int/en/ITU-T/studygroups/com17/Pages/ cybersecurity.aspx ° * “Cyber Security entails the safeguarding of computer networks and the information they contain from penetration and from malicious damage or disruption”. (Lewis, 2006) © “The ability to protect or defend the use of cyberspace from cyber-attacks.” (CNSS, 2010) * “The body of technologies, processes, practices and response and mitigation measures designed to protect networks, computers, programs and data from attack, damage or unauthorized access so as to ensure confidentiality, integrity and availability”. (Public Safety Canada, 2014) « “The art of ensuring the existence and continuity of the information society of a nation, guaranteeing and protecting, in Cyberspace, its information, assets and critical infrastructure”. (Canongia & Mandarino, 2014) © “The state of being protected against the criminal or unauthorized use of electronic data, or the measures taken to achieve this”. (Oxford University Press, 2014) * “The activity or process, ability or capability, or state whereby information and communications systems and the information contained therein are protected from and/or defended against damage, unauthorized use or modification, or exploitation”. (DHS, 2014) On the basis of above stated facts Cyber Security can be defined as: * “Cyber Security” or “Cyberspace Security” involves the “preservation of confidentiality, integrity and availability of information in the Cyberspace.” ¢ Cyber Security is the ability to protect the activities of Cyberspace from Cyber attacks. Cyber attack is an attack via Cyberspace/ through Internet whose target is the destruction of data/ infrastructure of an organization, destruction of the integrity of data etc. Cyber security involves protecting information and systems from major cy" threats, such as cyber terrorism, cyber warfare, and cyber espionage. 4 Scanned with CamScanner_ Gyberspace and Cyber-Security 57 Cyber security denotes the technologies, policies and procedures intended to safeguard computers, networks, and data from unauthorized access. Note: ISO 27001 is the international Cyber Security Standard that delivers a model for creating, applying, functioning, monitoring, reviewing, preserving, and improving an Information Security Management System. i Guidelines for Cyber Security Cyberspace is vulnerable to various security threats like: malware, virus, worms, Trojan horse, DoS/DDoS attacks etc. Strengthening the security of Cyberspace is the most critical issue which should be tackled properly. Following are some guidelines of Cyber Security: Policies should be formulated, documented, audited and enforced for implementing Cyber security, Well-defined policies can reduce the security threats in cyberspace to a large extent. Security issues should be addressed properly in Cyberspace for all the categories of population using ICTs such as: o Home users o Small, medium, and large Enterprises o Government and non-government entities Awareness programs about threats and defenses should be conducted to ensure the Cyberspace security. Training programs should be conducted to ensure the Cyberspace security. Monitor and Maintain control over all the devices. All the sensitive documents should be encrypted before transmission. Updated antivirus software should be used. Research and development in Cyber Security must be promoted so that we can come up with robust solutions to mitigate cyber risks. Strengthening of Authentication techniques. Identify the dishonest and disgruntled employees who may help the outsiders in hacking. (Insider threat) Install anti-malware Scanning of computer systems should be done frequently. Scanning of pen drives and other removable media should be done whenever inserted in computer systems. Incoming and outgoing traffic should be filtered. Latest firewalls should be used. Scanned with CamScannerot 58 Cyberspace and Cyber-Security Objectives of Cyber security © To create, implement and maintain a secure Cyberspace. ¢ To safeguard information and information infrastructure in Cyberspace. * To build capabilities to prevent and respond to cyber threats. © Toreduce vulnerabilities and minimize damage from cyber incidents through acombination of institutional structures, people, processes, technology, and cooperation. © To build a secure and resilient cyberspace for citizens, businesses, and Government. | 20 Steps to implement Cyber Security n-wide approach for its management; it Cyber security requires an organizatio e Cyber security, organizations should isnot solely an IT issue. For implementing th establish an effective governance structure. Organizations should determine their risk tolerance. Risk management policies should be formulated. Following are the 20 steps that organizations should follow to implement Cyber security: 1. Develop an information security and risk management regime a. Governance framework | b. Board and senior management involvement 2. User education and awareness 3. Personnel screening and insider threat 4. Physical and environmental security 5, Home and mobile working 6. Secure system configuration management strategy 7. Assessing threats and vulnerabilities 8. Establish an anti-virus strategy 9, Establish an anti-malware strategy 10. Removable media controls 11. Information system protection a. Bring Your Own Device (BYOD) b. Backup and recovery 12. Inventory (or asset) management 13. Managing user privileges | a, User account management and access control Boos SY Scanned with CamScanner|. an Se cyberspace and Cyber-Security 59 14. Network security strategy a. Wireless network security b. Remote access i, Remote access endpoint security 15. Incident management 16. Information sharing and breach reporting a. Privacy breach notification b. Information sharing 17. Security monitoring strategy 18. Cyber insurance 19. Vendor risk management a. Cloud computing 20. Cyber policy Develop an information security and risk management regime Organizations should establish and maintain information security and risk management framework to identify and address the risks for information, computer networks, computer resources and services. Governance framework In this step, it is determined that who within the company will be involved in the Cyber security. This step determines who will have the authority and control over organization’s Cyber security and who will lead the Cyber security process. Generally a person with cross-sectional responsibilities is selected for leading the cyber-security process. For the proper implementation of Cyber security policy, someone should be made accountable for the relevant aspects of information and computer resource’s security. Board and senior management involvement Cyber security is a shared responsibility; it is not just an IT issue, All the levels ofmanagement should be involved in the process of Cyber security, especially top- level management. Directors should ensure that a proper Cyber security policy is formulated and implemented in the organization, User education and awareness Employees should be aware of the threats and vulnerabilities as well as about the Cyber security policy. Hence employees should be educated about threats as —— Scanned with CamScanner60 Cyberspace and Cyber-Security well as defenses, Training of employees is essential to educate them about the various procedures of Cyber security policy. Employees must be educated about the secure use of computer systems (to protect the information, employees must always lock the screen when they are away). Employees should be instructed to use strong passwords. Employees should not download illegal copies of software because they may contain malicious programs. Employees must be educated so that they are able to gain knowledge of the existence of various risks to information security and the type of measures that have been taken by the organization to overcome these risks. Personnel screening and insider threat Organizations should focus on both internal as well as external Se Internal penetration or insider threats are more dangerous than ex! enna tl Feats, An employee with authorized access has more potential to eevee formation system of an organization through destruction, disclosure, me i cat on of data, and/or denial of service. Internal penetrations are performed ry fn e is jonest and disgruntled employees. So proper monitoring is required for such employees who can bea risk for organization. For hiring the employees, proper screening processes should be formulated. These properly designed screening Processes will mitigate the risk of hiring a problematic employee (who may be a risk for the organization afterwards). Physical and environmental security Physical security of IT assets must be ensured, all the IT assets should be protected against theft. Physical safeguards such as locks, perimeter fences, UPS (to protect from power outage), insurance etc. are common and must be used for physical security of IT assets. A stolen laptop or a stolen smart phone may have the same destructive effect on the organization as that of acyber attack. Environment! (or natural) disasters like fire, flood, earthquakes damage the IT assets (compute resources, information etc.). Backups should be performed regularly to safeguard the information against these environmental (or natural) disasters. Home and mobile working Employees should be able to access the Organization’s systems from homes” ie fe eau ea of pence Employees can connect their own devices n’s network and ca: oe in work from home and anywhere. There are var tisks associated with this wal i 1 'Y Of working su, itive inform from employee's own devices, loss hale ona a :, . o tc. fp organization should conduct a rig t of employee's laptops & ie Working should be allowed or Pi aeessment to decide whether homean* Scanned with CamScanneree Cyberspace and Cyber-Security 61 Secure system configuration management strategy Configuration Management is defined as a set of activities that are focused on establishing and maintaining the reliability of devices in the network. Configuration management involves establishing processes for timely updating the systems as required. For example: when new versions of software are released, when security patches become available; corresponding updates should be made in the organization's computer systems. Configuration errors introduce more vulnerabilities in the organization's computer systems. These vulnerabilities can be exploited by the attackers. For example: as delivered by manufacturers and resellers, the default configurations for operating systems and applications are normally geared to ease-of-deployment and ease-of-use, not for security. Default configurations include basic controls, open services and ports, default accounts or passwords, older (vulnerable) protocols, pre-installation of unneeded software; these all can be exploited in their default state. So, default configurations should be changed immediately after installation. Assessing threats and vulnerabi Cyber attacks target the vulnerabilities of the system, so vulnerability scanning and penetration testing must be a critical component of the Cyber security policy. The term penetration testing is sometimes confused with vulnerability scanning whereas both are different concepts. Penetration testing is one step ahead of the vulnerability scanning. Vulnerability scanning is the identification and reporting of the various vulnerabilities of the system whereas penetration testing is a systematic process of deliberately exploiting the vulnerabilities of the system to check whether unauthorized intrusion is possible or not. Penetration testing verifies that the system is not vulnerable to security threats by checking the all possible , Ways of unauthorized access. S Establish an anti-virus strategy Anti-virus software should be updated automatically. Approved anti-virus software must be installed on all the systems. Training should be given to employees that they should not switch off the antivirus software and all the removable devices (such as pen drives etc.) must be scanned for viruses. Organizations should install software patches and security updates for antivirus software on a regular basis. This will help protect the organization's computers against new threats as they are discovered. Many vendors and operating systems offer automatic updates. Establish an anti-malware strategy All the systems must be protected against malicious code that can steal, dantage or destroy the sensitive and valuable information, Anti-malware solutions must be up-to-date so that they can monitor all the malicious activities. Be hee Scanned with CamScanner¥ 62 Cyberspace and Cyber-Security Removable media controls Use of removable media should be avoided and all the data should be kept ina centralized location. Using removable media for storing and transferring data can pose many risks such as loss of information, information leakage, malicious programs etc. If use of removable media can-not be avoided then before every use removable media should be scanned for malicious programs. In situations, where removable media has to be used, the information should be encrypted. The type of encryption should be proportionate to the value of the information and the risks posed to it. Users must be aware of the risks associated with removable media and organization should formulate policy for proper use of removable aaa for example, all removable media should be formally issued and employees s hould be made accountable for its secure use. Accountability creates an obligation ona person, Information system protection Information systems should be protected against malicious programs. Regular backup of systems should be a practice throughout the organization. Control over all the devices should be maintained whether they are inside or outside the office, Bring Your Own Device (BYOD) BYOD poses many benefits but it does carry significant risks. BYOD means employees bring their own devices like laptops and they use their own devices to access the organization's resources. Risks associated with BYOD are: employees may lose their device (device may be stolen), employees can unintentionally install malicious programs on their laptops, dishonest and disgruntled employees can disclose organization's information. Backup and recovery Backups ensure that organization can recover immediately after facing a disaster Obtaining backups should be a regular practice and backups should be kept at secure remote location (offsite). Inventory (or asset) management Organizations should create and maintain an accurate inventory of all the physical devices (computer systems and peripherals, laptops etc.), softwat® applications and platforms, network maps, network devices (such as networ interface cards, cables, bridges, routers, gateways, servers etc.), network connectio’® to the company’s networks, prioritized list of resources on the basis of sensi and business value, logging capabilities, systems connected to the onganizatie Public and private network etc, Inventory system should be updated when Scanned with CamScannerSe Gyberspace and Cyber-Security 63 new systems are acquired and connected to the organization's network. Only approved, certified and authenticated equipments should be connected to the organization's network. Inventory of all the assets connected to organization's private and public network should be maintained. Managing user privileges Managing user privileges means to control what employees can and can-not do on the organization’s network. This minimizes the misuse of an organization's network and valuable information is protected from unauthorized access. User account management and access control Proper processes should be set up for creating and managing the employee's accounts. These accounts must be disabled whenever they are no longer needed. Also all the employees must use smart and strong passwords, for example, a combination of letters, numbers and special characters. Network security strategy Networks expose an organization to cyber threats. The main aim of network security is to protect the data at rest and during transmission across the network. Network itself should be protected from threats. Cyber criminals utilize the loopholes in an organization’s network to commit cyber-attacks. Firewalls should be used to protect the network of an organization. Wireless network security Wireless network typically bypass the firewalls and intrusion detection systems which are meant for wired networks. Through wireless networks cyber criminals can gain access to organization's internal network. So security of wireless network should be ensured. Organizations should do vulnerability scanning for wireless network. Unauthorized wireless devices should be restricted by installing a wireless intrusion detection system. Remote access Anyone can remotely access an organization's network by using various technologies such as VPN. VPN (Virtual Private Network) is a network that is constructed by using public wires to connect to an organization's private network. For secure remote access, monitoring and logging of all the remote access sessions should be maintained. Scanned with CamScannerYY 64 Cyberspace and Cyber-Security Remote access endpoint security Company-owned equipments should be used for accessing organization's resources. Unauthorized devices such as smart phones, hard drives should not be plugged into the company-owned computers. Also, company-owned devices should not be used into other devices. Incident management Damage from a Cyber security incident can be minimized if proper plans and procedures are available to deal with it. All the resources and services can return to normal as soon as possible if cyber incidents are properly managed. Also ane and procedures of Cyber security policy should be revised to prevent such incidents in future. An organization must be prepared for handling events that are ae with internal and external penetrations. Cyber security incidents shou! ld be prevented before their occurrence. For preventing these incidents vulnerabilities should be removed from the system. Information sharing and breach reporting The main goal of Cyber security strategy is to ensure the confidentiality (Information is disclosed only to those who have right to know it), integrity (Information is protected against unauthorized modification) and availability (Information systems are available and usable whenever required) of the information. Intrusions, breaches and unauthorized access should be detected.and appropriate safeguards should be implemented. Sensitive documents should be encrypted while they are in transit or at rest. Privacy breach notification Organizations should keep and maintain the record of all the security breaches. Organizations should have internal policies consistent with applicable law of jurisdiction in which they operate. Information sharing Information sharing is a critical tool for mitigating the cyber threats. Organizations share information amongst themselves for the purposes of detecting or suppressing fraud that is likely to be committed and for investigation ofa breach Sharing of actionable information against threats empowers organizations y improve their defense of networks and mitigate threats, Sharing informatio" " possible threats and vulnerabilities is giving network defenders 4 bet understanding of emerging cyb er thi < against Prevent future threats, reats and helping them defend ag Scanned with CamScanner_ cyberspace and Cyber-Security 6s security monitoring strategy Proper monitoring system should be implemented as part of cyber security strategy: Monito1 f of computer systems, network traffic passing, through a firewall, user-activities, intrusions (external or internal) and other cyber security incidents is crucial for the successful implementation of cyber security. Preserving the event logs is also an important factor of monitoring strategy. To effectively manage the growing number of threats, proper monitoring of defenses is required. continuously monitoring the security procedures of an organization, effective and immediate response to cyberspace incidents can be ensured. Also event logs should be maintained and monitored regularly. Someone should be made responsible for reviewing the outputs of monitoring systems to facilitate the immediate and effective response for an unauthorized event or malicious activity. Cyber insurance Most traditional cyber insurance companies do not cover the full range of risks and potential losses posed by cyber threats. Determining the type and extent of cyber insurance coverage that best serves the interests of the organization and seeking a tailored package of cyber insurance that covers the full range of potential exposure to which a cyber-incident would subject the organization is a critical part of the cyber security strategy. Vendor risk management Now-a-days, mostly all the organizations depend on vendors and the cyber risks associated with these vendors are added into the organization's risk profile also, Reputation of vendor should be checked before finalizing the contracts. It includes: developing clear policies which vendors are expected to adhere to, making conditions explicit within contracts, and establishing a program to verify the performance of vendors. Organizations should evaluate the vendors on all parameters (such as: security, services, reputation etc.) before associating with them. Cloud computing Cloud computing is the latest technology that can be remotely utilized by small organizations that can-not afford the cost of expensive resources like hardware, software, storage space, operating systems and infrastructure. Cloud computing facilitates high degree of resource-sharing at a marginal cost. Individuals and small organizations can deploy world-class services on the pay-as-per-usage basis. Nowadays, cloud has become a place where anyone can meet and exchange information at a very marginal cost. Data has found a new residence on the cloud. Data is being kept permanently in clouds, but cloud users have forgotten the fact Scanned with CamScannerASTI =PPYERSOPNIoUIGZ y,juauTUOSTAUAGZ -baySedou0= sy HV ISIAV9OMAY AbpL DYgobixyy WdOAZS TORN APX=VSAPUT= [APOC SX AMAIZIT” GO4A~P}Ld=3157730 - {J7=S107914=20MOSR:sopN|DUTTUaUIOSTAUDya2edsIAg/>=bpROVE povd=84-3QVOPAIN AA9ZSA=PIZs}100q /Ut}'03'2]3009'syo0q//:sdny “¢ wyy'uoHoMponut {o7 Qundas“uoyeUNo;ut /wosqutodsjeroyny maven //:day “f 1Pd'772060" (Ausss9Atup|Suolos) nyoag uy 600TAINODI /HYPHeas04 /}98 /a9qUt~ /PfIeBuolas ucsep/ /:dny “¢ aovdsiaqa> /Kaque /B10-epadopAouappommaurmma//:dny Z aoedsiaq(o /woo:Areuonaapanok maa / /:din “L S9DUIIIJOY jdaose 0) Sunn axe Loup sysiz eyar pure pazntoud Joys pure ajqenpen st anatjag Kaun rym Jo siseq ay} vo yuoWeSeueUr YR ropnuuaoy st ato “Atgano9s Z9q A> Jo woRHepUMO} axp aze sa!>H}04 “Paro PUT ne ‘qyBney *payyaundop aq 03 peau saronjod JoqAD “fA ayH] SIE jnoy8nong asap pure uoReoyIPour ‘uondnarayus ‘voRdasreiuy pazlroIpAeUN [euaPHAIe 40 [oucquayur wrogy UOReUTIORAT ayy Ioaj02d OF payenULZOy aq PInoYs Ato jod 48qAD_ ssasoyp aq prnoys srapiaozd aararas pnoy> pazruSosaz pue payios og “spnop 01 suoneardde pue eiep ayqentea siaup Bursous axoyoq Suynduzes pay wat pareposse {St pu syouaq Jo SupuEysrapUN Tea) w OAc ‘sit siowaoenr9 spnoyp 01 BuAot 230529 Pax9P!SUO> 9q Ptioys Susnduse> pre} JO han panna “ssanbox sn oq pue ayewsnsBo] uaaasiog aveHUOFEP OF Age wa polis szopraosd aoraros prop jo swseYDoU Azsns2g ‘poss 2q pInOys Tee sabnnogey yf 89908 07 Pano 9 PINOY stasn PEcLOW|AE SUO St spnoyp 3uuznsas 20) quauazmnbas Arewslzg “spno|? ut Byep Butsn2as 103 pasn.2q pInoys ceueypous woneaquaypne ssn 3uOsIg WALUUOLAUD pNoj> Ut S2sNos—4 Jo Buood pure Junreys jo asmeaag oe suzsou0> Ayand2s a\p JO ISO 'Sonsst AyIN>9s Jo 9sNe29q prop 1 anow slain Surdeyep axe suoneztuedio Auepy “ss020e wep poztioIyNeUN yeiautna aq 10 plnoys spnop Jo swaIshs AqLAND—g “Iyas anssy eaAUD Iso dxf St SpHoy> UE ByEP Jo AyLAND9g ypndax “uou pue sy2ene ss920v-pa11p ‘Burddospsaava ’s100p2q, ‘speHe aotasas-jo-[eIuap “U 1In295 snowea 0} auoad $1 Y>myes UIDAUY 4920 paroys BUjoq Iv aneds uso 4194) you 8} eep [eRU| aayar aoeds au 1e4p mnag-sogy pun 990dss046 9 i Scanned with CamScanner