Professional Documents
Culture Documents
Digital Empowerment
Digital Empowerment
Cyberspace
Realizing the Vision Compared with what exists today, this vision of a secure
cyberspace is compelling. However, for two distinct but related reasons, the nation is
a long way from meeting this goal. The first reason is that much about cybersecurity
technologies and practices is known but not put into practice. Even the deployment of
cybersecurity measures that are quite unsophisticated can make a difference against
casual attackers. Thus, the cybersecurity posture of the nation could be strengthened
substantially if individuals and organizations collectively adopted current best
practices and existing security technologies that are known to improve cybersecurity.
The second reason is that, even assuming that everything known today was
immediately put into practice, the resulting cybersecurity posture—though it would
be stronger and more resilient than it is now— would still be inadequate against
today’s threat, let alone tomorrows. Closing this gap—a gap of knowledge—will
require both traditional and unorthodox approaches to research. Traditional research
is problem-specific, and there are many cybersecurity problems for which good
solutions are not known. (A good solution to a cybersecurity problem is one that is
effective, is robust against a variety of attack types, is inexpensive and easy to deploy,
is easy to use, and does not significantly reduce or cripple other functionality in the
system of which it is made a part.) Research will be needed to address these problems.
But problem-by-problem solutions, or even problem-class by problem-class solutions,
are highly unlikely to be sufficient to close the gap by themselves. Unorthodox, clean-
slate approaches will also be needed to deal with what might be called a structural
problem in cybersecurity research now, and these approaches will entail the
development of new ideas and new points of view that revisit the basic foundations
and implicit assumptions of security research. Addressing both of these reasons for
the lack of security in cyberspace is important, but it is the second goal—closing the
knowledge gap—that is the primary goal of cybersecurity research and the primary
focus of this report. Research is needed both to develop new knowledge and to make
such knowledge more usable and transferable to the field. Furthermore, cybersecurity
will be a continuing issue: threats evolve (both on their own and as defenses against
them are discovered), and new vulnerabilities often emerge as innovation changes
underlying system architectures, implementation, or basic assumptions. And, because
there are growing incentives to compromise the security of deployed IT systems,
research will always be needed. Personal gain, organized crime, terrorism, and national
interests are superseding (and, in the eyes of many, have superseded) personal fame
and curiosity as incentives.
The Nature of Cybersecurity Vulnerabilities
• Confidentiality. A secure system will keep protected information away from those
who should not have access to it. Examples of failures that affect confidentiality include
the interception of a wireless signal and identity theft.
• Integrity. A secure system produces the same results or information whether or not
the system has been attacked. When integrity is violated, the system may continue to
operate, but under some circumstances of operation, it does not provide accurate
results or information that one would normally expect. The alteration of data in a
database or in a sensor data stream or an instruction stream to a mechanical effector,
for example, could have this effect.
• Availability. A secure system is available for normal use even in the face of an attack.
A failure of availability may mean that the e-mail does not go through, or the computer
simply freezes, or response time becomes intolerably long (possibly leading to
catastrophe if a physical process is being controlled by the system).
These types of damage may be inflicted without the victim even being aware of the
attack. For example, a system may be compromised by the obtaining of information
ostensibly protected by that system (e.g., encrypted information may be intercepted
and decrypted without the owner realizing it). Or an attack may be used to support a
selective denial of services (i.e., the allowing of access for most connections, but
denying or corrupting some particular critical connections). If improper alteration
occurs in small amounts in large, seldom-referenced databases, the fact of such
corruption may never be discovered. Note also the impact of any such damage on the
user’s psychology. A single database that is found to be corrupted, even when controls
are in place to prevent such corruption, may throw into question the integrity of all of
the databases in a system. A single data stream that is compromised by an
eavesdropper may lead system operators and those who depend on the system to be
concerned that all data streams are potentially compromised. In such cases, the
potential harm from any of these incidents goes far beyond the actual corrupted
database or compromised data stream, since enormous amounts of effort need to be
made to ensure that other databases or data streams have not been corrupted or
compromised. Those other databases may be perfectly good but may not be
considered reliable under such circumstances. Denial of service, corruption, and
compromise are not independent—for example, an attacker could render a system
unavailable by compromising it. An attacker could seek to inflict such damage in
several ways. • An attack can be remote—one that comes in “through the wires,” for
example, as a virus or a Trojan horse program introduced via e-mail or other
communication or as a denial-of-service attack over a network connection. As a
general rule, remote attacks are much less expensive, much less risky, and much easier
to conduct than are the second and third types listed below. • Some IT elements may
be physically destroyed (e.g., a critical data center or communications link could be
blown up) or compromised (e.g., IT hardware could be surreptitiously modified in the
distribution chain). Such attacks generally require close access (i.e., requiring physical
proximity). • A trusted insider may be compromised or may be untrustworthy in the
first place (such a person, for instance, may sell passwords that permit outsiders to
gain entry); such insiders may also be conduits for hostile software or hardware
modifications that can be inserted at any point in the supply chain, from initial
fabrication, to delivery to the end user. Compromising a trusted insider can be
accomplished remotely or locally. Not all compromises are the result of insider malice;
phishing attacks are one example of how a trusted insider can be tricked into providing
sensitive information. Of course, these three ways of causing damage are not mutually
exclusive, and in practice they can be combined to produce even more destructive
effects than any one way alone. Additionally, attackers can easily “pre-position”
vulnerabilities to facilitate the timing of later attacks. This pre-positioning could be in
the form of trap doors left behind from previous virus infections, unintentional design
vulnerabilities,1 or compromised code left by a compromised staff member or by a
break-in to the developer’s site.
The infrastructure of the Internet is a possible target, and given the Internet’s public
prominence and ubiquity, it may appeal to terrorists or criminals as an attractive target.
The Internet can be attacked in two (not mutually exclusive) ways—physically or
“through the wires.” Physical attacks might destroy one or a few parts of the Internet
infrastructure. But the Internet is a densely connected network of networks that
automatically routes around portions that become unavailable,3 which means that a
large number of important nodes would have to be destroyed simultaneously to bring
it down for an extended period of time. Destruction of some key Internet nodes could
result in reduced network capacity and slow traffic across the Internet, but the ease
with which Internet communications can be rerouted would minimize the long-term
damage.4 An attack that comes through the wires rather than via physical attack can
have much higher leverage. The Internet crosses borders and its reach is extended
throughout the globe. But the global Internet was not designed to operate in a hostile
environment where information systems and networks can be attacked from inside.
Indeed, it is an unfortunate result of Internet history that the protocols used by the
Internet today are derived from the protocols that were developed in the early days of
the Advanced Research Projects Agency Network, where there were only a few well-
respected researchers using the infrastructure, and they were trusted to do no harm.
Consequently, security considerations were not built into the Internet, which means
that all cybersecurity measures taken today to protect the Internet are add-on
measures that do not remedy the underlying security deficiencies. One type of attack
is directed against Internet operations. Such attacks are often based on self-replicating
programs (worms and viruses) that are transmitted from system to system, consuming
prodigious amounts of router processing time and network channel bandwidth. In
recent years, some of these worms and viruses have been transmitted without explicitly
destructive payloads and yet have been able to disrupt key Internet backbone
subnetworks for several days.
The Evolution of the Threat In 1992, the World Wide Web had not yet been invented.
Cybersecurity efforts were focused primarily on enhancing the security of individual,
un-networked systems. Even then, security had been raised as an important issue (as
discussed in Section 10.1). But 15 years later, information technology has advanced
dramatically in almost all fields—except for cybersecurity. Consider that in the past 15
years:
• Distinctions between data and program have been eroded. “Active content” is now
quite common in programming paradigms; pictures, word processing files, and
spreadsheets can and often do contain programs embedded within them in order to
increase their functionality. (For example, a spreadsheet can contain macros that are
integral to the use of that spreadsheet.) The consequence is that the computing
environment is no longer under the complete control of the user of these files.
• As systems evolve, they tend to become more complex. The greater the complexity,
the more difficult it is to verify the operation of the system before it is put into use,
and the more difficult it may be to detect that the system’s defenses have been
penetrated. Dramatic increases in complexity make the jobs of both attacker and
defender more difficult, but the increase in difficulty affects the defender much more
than the attacker.
• User demands for backward compatibility often mean that older and less secure
components cannot be replaced with newer components that reduce or mitigate the
old vulnerabilities. Furthermore, the complexities of the ensuing extra software to
accommodate compatibility tend to introduce further flaws.
• Use of Web-based services (see Section 8.4.3) proliferates the opportunities for
adversaries to attack important service providers. Web services may depend on other
Web services, so the ability to predict, or even comprehend, the impact of attacks may
be very low.
1. AI-Powered Attacks:
3. Ransomware Evolution:
- Double Extortion: Extortion tactics have evolved to include threats of data exposure
along with encryption, increasing pressure on victims to pay ransoms.
5. Deepfake Technology:
6. 5G Network Vulnerabilities:
9. Cyber-Physical Attacks:
Certainly, there have been several significant cybersecurity incidents that have had
far-reaching impacts on businesses, governments, and individuals. Here are a few
notable ones up until my last update in early 2022:
These incidents underscore the significant impact cyber threats can have on
businesses, critical infrastructure, and individuals worldwide. They also highlight the
importance of robust cybersecurity measures, prompt incident response, and
ongoing efforts to address vulnerabilities in digital systems.
Importance of Privacy in Cyberspace
1. Trust in Digital Services: Users are more likely to trust online platforms and
services that respect their privacy, fostering a healthier digital ecosystem.
2. Building Relationships: Strong privacy measures encourage trust between
businesses and their customers, enhancing loyalty and long-term
relationships.
Ethical Considerations:
Overall, privacy in cyberspace is essential not only for safeguarding individual rights
and dignity but also for fostering trust, innovation, societal values, and the long-term
sustainability of digital systems and services.
Ethical hacking and penetra�on tes�ng are crucial components of cybersecurity aimed at
iden�fying and addressing vulnerabili�es in computer systems, networks, applica�ons, and
other digital infrastructures. Here's an overview:
Ethical Hacking:
Importance:
• Proac�ve Security: Helps organiza�ons proac�vely iden�fy and address security gaps
before they are exploited by malicious actors.
• Compliance and Regula�ons: Assists in complying with industry standards and
regula�ons by ensuring robust security measures are in place.
• Risk Mi�ga�on: Allows organiza�ons to understand their security risks and take steps
to mi�gate them, reducing the likelihood of successful cyberatacks.
Ethical hacking and penetra�on tes�ng play a pivotal role in enhancing cybersecurity by
allowing organiza�ons to proac�vely iden�fy and address vulnerabili�es, ul�mately
strengthening their overall security posture.
Protecting Assets:
Ethical Considerations:
Long-Term Strategy:
However, it's crucial to note that while blockchain presents promising solutions, it's
not a panacea for all cybersecurity issues. Challenges such as scalability, governance,
and regulatory concerns still need to be addressed. Additionally, the implementation
and integration of blockchain into existing systems require careful consideration to
ensure its effectiveness and compatibility.