CYBER SECURITY

QUESTION

1 a). Point out and explain at least five forms of cyber-attack criminals and
terrorists normally use to cripple organizations, nations, and companies.

Five forms of cyber-attacks commonly used by criminals and terrorists to

target organizations, nations, and companies:

Phishing Attacks:

Phishing is a form of cyber attack where attackers impersonate legitimate entities, such
as banks, government agencies, or trusted organizations, to trick individuals into
divulging sensitive information like passwords, credit card details, or personal data.
Attackers typically use deceptive emails, messages, or websites to lure victims into
providing their confidential information, which can then be used for identity theft,
financial fraud, or unauthorized access to systems.

Ransomware Attacks:

Ransomware is a type of malicious software that encrypts a victim's files or locks their
computer system, making them inaccessible until a ransom is paid. Attackers deploy
ransomware through infected email attachments, malicious links, or vulnerabilities in
software. Once the victim's system is compromised, the attacker demands a ransom in
exchange for providing the decryption key or restoring access. Ransomware attacks can
cause significant disruption, financial losses, and data breaches.

Distributed Denial of Service (DDoS) Attacks:

DDoS attacks involve overwhelming a target's network or website with a flood of traffic,
rendering it unable to function properly. Attackers achieve this by deploying a network
of compromised computers, known as a botnet, to generate a massive volume of
requests or data packets. DDoS attacks can disrupt online services, cause website
downtime, and impact the availability of critical systems, leading to financial losses and
reputational damage.

Advanced Persistent Threats (APTs):

APTs are long-term, sophisticated cyber attacks orchestrated by skilled hackers or state-
sponsored groups to gain unauthorized access to sensitive information. APTs involve
multiple stages, including reconnaissance, initial compromise, establishing persistence,
lateral movement, and exfiltration of data. Attackers employ various techniques, such
as social engineering, zero-day exploits, and custom malware, to infiltrate networks,
gather intelligence, and maintain long-term access for espionage, intellectual property
theft, or sabotage.

Insider Threats:

Insider threats involve individuals within an organization who misuse their authorized
access to systems, data, or networks for malicious purposes. This can include
employees, contractors, or partners who intentionally or unintentionally compromise
security. Insider threats can involve theft of sensitive information, sabotage, fraud, or
unauthorized access. Attackers may exploit their insider position to bypass security
controls, escalate privileges, or exfiltrate data without raising suspicion.

b). During its lifetime, a typical virus goes through the following four phases.
Explain them below. i. Dormant phase ii. Propagation phase iii. Triggering
phase iv. Execution phase

A typical computer virus goes through the following four phases during its
lifetime:

i. Dormant Phase:

In the dormant phase, the virus remains inactive and does not exhibit any malicious
behavior. It may be present on a computer system or within a file, but it lies dormant
and does not cause any harm. During this phase, the virus may be lying dormant in an
infected file or waiting for specific conditions or triggers to become active.

ii. Propagation Phase:

In the propagation phase, the virus starts to spread and infect other files, systems, or
networks. It seeks opportunities to replicate and spread its malicious code to other
susceptible targets. This can occur through various means, such as email attachments,
infected websites, removable storage devices, network connections, or software
vulnerabilities. The virus may use different techniques to propagate, including self-
replication, exploiting security weaknesses, or social engineering to deceive users into
executing infected files.

iii. Triggering Phase:

The triggering phase is when the virus is activated or triggered to execute its malicious
payload. The trigger can be a specific date and time, a particular event, user action, or
a predetermined condition within the infected system. Once triggered, the virus moves
from its dormant state to an active state, preparing to execute its intended malicious
activities.

iv. Execution Phase:

In the execution phase, the virus performs its intended malicious actions. This can vary
depending on the specific characteristics and objectives of the virus. It may involve
activities such as deleting or modifying files, stealing sensitive information, disrupting
system functionality, launching other malware components, or establishing
unauthorized access to the infected system. The execution phase is where the virus
directly impacts the targeted system or network, causing damage, compromising
security, or achieving its malicious goals.

2a). With examples discuss the relevancy of the theories of Cyber security
and National security at large.
The theories of cybersecurity and national security are highly relevant in today's
interconnected world, where cyber threats pose significant risks to the security and
stability of nations. Let's discuss some examples to highlight their relevance:

Critical Infrastructure Protection:

Critical infrastructure, such as power grids, transportation systems, and financial

networks, are essential for a nation's functioning and well-being. The theory of
cybersecurity emphasizes the protection of these systems from cyber threats, as their
compromise can have severe consequences on national security. Effective cybersecurity
measures, including risk assessments, vulnerability management, and incident
response, are crucial to safeguard critical infrastructure from cyber attacks that could
disrupt essential services, cause economic damage, or compromise public safety.

State-Sponsored Cyber Espionage:

Nation-states engage in cyber espionage to gain access to sensitive information,

intellectual property, or military secrets of other nations. The theories of cybersecurity
and national security recognize the significance of protecting national interests from
foreign cyber threats. Governments invest in cybersecurity capabilities, intelligence
gathering, and international cooperation to detect, deter, and respond to state-
sponsored cyber intrusions. Additionally, theories of national security also explore the
use of offensive cyber operations as a means of protecting national interests and
deterring adversaries in cyberspace.

Defense against Cyber Terrorism:

Cybersecurity theories and national security considerations intersect in the context of

cyber terrorism. Cyber terrorists exploit vulnerabilities in critical systems or launch
disruptive attacks to create fear, cause economic damage, or undermine public
confidence. Theories of cybersecurity help identify vulnerabilities, develop incident
response strategies, and enhance cooperation between security agencies to prevent
and respond to cyber terrorist threats. National security theories recognize the
importance of collaboration between intelligence agencies, law enforcement, and the
private sector to counter cyber terrorism effectively.

Information Warfare and Influence Operations:

In the digital age, information warfare and influence operations have become critical
aspects of national security. Theories of cybersecurity and national security highlight
the need for protecting information integrity, countering disinformation campaigns, and
ensuring the resilience of democratic processes. Cybersecurity measures, including
securing communication networks, protecting critical information systems, and
promoting media literacy, play a vital role in mitigating the impact of information
warfare and safeguarding national security interests.

International Cooperation and Norms:

The theories of cybersecurity and national security recognize the significance of

international cooperation and the establishment of norms and frameworks to address
cyber threats. Nations collaborate to develop international cybersecurity agreements,
share threat intelligence, and coordinate responses to cyber incidents. Theories of
national security explore the role of diplomacy, multilateral organizations, and
international law in shaping cyber norms and promoting stability in cyberspace.

b). Point out and discuss the major ways through which National security
complements Cyber security in their day-to-day operations.

National security and cybersecurity complement each other in several ways in their day-
to-day operations. Here are some major ways in which they intersect and support each
other:

Protection of Critical Infrastructure:

National security and cybersecurity collaborate closely to protect critical infrastructure

sectors, such as energy, transportation, telecommunications, and healthcare, from
cyber threats. Cybersecurity measures ensure the integrity, availability, and resilience of
critical systems, while national security efforts focus on identifying and mitigating risks
to national infrastructure and ensuring its continuous operation. The two domains work
together to develop strategies, conduct risk assessments, and implement safeguards to
protect vital infrastructure from cyber attacks that could have significant national
security implications.

Intelligence and Threat Sharing:

National security and cybersecurity operations rely on intelligence gathering and

information sharing to detect and respond to threats effectively. National security
agencies collect intelligence on potential threats to a nation's security, which includes
cyber threats from state-sponsored actors, terrorist organizations, or other malicious
entities. This intelligence is shared with cybersecurity organizations and law
enforcement agencies to enhance their situational awareness, strengthen defenses, and
facilitate investigations. The exchange of threat intelligence contributes to a more
comprehensive understanding of the cyber threat landscape and enables proactive
cybersecurity measures.

Incident Response and Crisis Management:

National security and cybersecurity collaborate in incident response and crisis

management during cyber incidents. Cybersecurity teams work closely with national
security agencies to investigate and respond to cyber attacks that pose a significant risk
to national security. This collaboration involves coordinating efforts, sharing
information, and mobilizing resources to mitigate the impact of the attack, attribute
responsibility, and prevent further damage. National security protocols and crisis
management frameworks provide guidance and support to cybersecurity teams in
handling large-scale cyber incidents and ensuring an effective response to protect
national security interests.

Policy and Strategy Development:

National security and cybersecurity intersect in the development of policies and

strategies to address emerging cyber threats. National security considerations influence
the formulation of cybersecurity policies and regulations, taking into account the
potential impact on national interests, critical infrastructure, and defense capabilities.
Similarly, cybersecurity policies and strategies contribute to national security
frameworks by addressing the specific challenges posed by cyber threats and providing
guidance on securing national systems and networks. This collaboration ensures that
cybersecurity measures align with broader national security objectives and priorities.

International Cooperation and Diplomacy:

National security and cybersecurity require international cooperation and diplomacy to

address transnational cyber threats effectively. National security agencies, cybersecurity
organizations, and diplomatic channels work together to establish norms, agreements,
and partnerships with other nations to promote cybersecurity and deter malicious
activities in cyberspace. Multilateral forums and international organizations provide
platforms for collaboration, information sharing, and consensus-building on
cybersecurity issues that have implications for national security. By engaging in
international cooperation, national security and cybersecurity operations can collectively
address global cyber threats and protect shared interests.

Conclusion

These ways of complementarity demonstrate the interdependence and collaboration

between national security and cybersecurity in their day-to-day operations. By working
together, these domains enhance the overall security posture of a nation, protect
critical assets, and mitigate the risks posed by evolving cyber threats.