The global reliance on computers, networks and systems continues to grow. As our dependency grows so do the threats that target our military s Command, Control, Communications, Computers, Intelligence, Surveillance, Reconnaissance (C4ISR) systems as well as the operational components and electronic controls for our critical infrastructure. Over the past decade we have experienced a substantial rise in the complexity and sophistication of cyber attacks as well as a frightening increase in the impact of some of the attacks. Every computer is a potential cyber weapon waiting to be loaded and used by extremists, criminals, terrorists and rogue nation states. As the world becomes more and more dependent on computers and information technology, the greater the risk of cyber attacks. Government and military leaders now face this fact and our critical systems and infrastructure remain at great risk! This risk has made the ability to defend these critical systems and direct cyber attacks core capabilities required for the modern military. In the age of cyber conflict, leaders need to understand the weapons and strategies used to wage this rapidly evolving type of warfare. This handbook will provide the background needed to understand the new world of cyber warfare, define the tools and techniques for offensive and defensive action, and provide insight into the strategies behind building a dynamic and relevant cyber warfare capability.
The challenge in combating terrorism is not that any of us could die tomorrow in an attack, but that we cannot seem to perform the basic functions of diagnosing and treating the problem so that it is manageable. Given this, and because public and private sector partnerships are critical to the success of this management, Homeland Security and Private Sector Business: Corporations’ Role in Critical Infrastructure Protection identifies the role the private sector plays in securing our homeland and offers strategies to aid in the fight against national and international threats.
Organized to take into consideration differing leadership and management styles, organizational cultural change barriers, and team dynamics, the information is structured to appeal to most adult learning styles, ensuring effective communication of critical messages. Using helpful case studies and exercises, the author presents invaluable instruction on how to establish, implement, and reinforce terrorism awareness and regulatory compliance with national critical infrastructure interests. Comprehensive in scope, the book reviews threat factors, risk mitigation, readiness plans, prevention approaches, human factors, and training methods. It concludes with insights into the limitations businesses must respect as they adjust to this new paradigm.
A recognized expert in terrorism deterrence and counterintelligence methods, Elsa Lee brings her 28 years of experience in counterterrorism, counterintelligence, and counterespionage investigations to inform the discussion. Organizations which integrate her recommendations into their internal corporate strategies will not only contribute to Homeland Security efforts, but will also ultimately improve business continuity, resiliency, and operational and financial security for the corporation.
Cyber war and cyber-attack is an engaging review of the basic knowledge all up to date readers should have about cyber war and cyber-attacks before diving into more complex texts, as well as extra information for those already familiar with the topic. This work takes a look at general issues involving cyber vulnerability and our growing dependency on computers systems and networks. It goes beyond simple concepts such as hackers, hacktivism and espionage without neglecting them. It exposes the relevance of cyberdefence to both companies and ordinary users, giving especial attention to e-commerce platforms. At a time that many countries are employing strategies and money to prevent or minimize attacks as well as defend themselves against cyber threats this work pinpoints the key factors around the intentions behind attacks without minimizing their scale and variety. The jargon-free language and the current examples included help to set the discussion in the present day, while stressing important historical connections and pointing to how our strong network is at risk of becoming our weakest link.
In September 2010, media reports emerged about a new form of cyber attack that appeared to target Iran, although the actual target, if any, is unknown. Through the use of thumb drives in computers that were not connected to the Internet, a malicious software program known as Stuxnet infected computer systems that were used to control the functioning of a nuclear power plant. Once inside the system, Stuxnet had the ability to degrade or destroy the software on which it operated. Although early reports focused on the impact on facilities in Iran, researchers discovered that the program had spread throughout multiple countries worldwide.
From the perspective of many national security and technology observers, the emergence of the Stuxnet worm is the type of risk that threatens to cause harm to many activities deemed critical to the basic functioning of modern society. The Stuxnet worm covertly attempts to identify and exploit equipment that controls a nation’s critical infrastructure. A successful attack by a software application such as the Stuxnet worm could result in manipulation of control system code to the point of inoperability or long-term damage. Should such an incident occur, recovery from the damage to the computer systems programmed to monitor and manage a facility and the physical equipment producing goods or services could be significantly delayed. Depending on the severity of the attack, the interconnected nature of the affected critical infrastructure facilities, and government preparation and response plans, entities and individuals relying on these facilities could be without life sustaining or comforting services for a long period of time. The resulting damage to the nation’s critical infrastructure could threaten many aspects of life, including the government’s ability to safeguard national security interests.
Iranian officials have claimed that Stuxnet caused only minor damage to its nuclear program, yet the potential impact of this type of malicious software could be far-reaching. The discovery of the Stuxnet worm has raised several issues for Congress, including the effect on national security, what the government’s response should be, whether an international treaty to curb the use of malicious software is necessary, and how such a treaty could be implemented. Congress may also consider the government’s role in protecting critical infrastructure and whether new authorities may be required for oversight.
The Internet, as well as other telecommunication networks and information systems, have become an integrated part of our daily lives, and our dependency upon their underlying infrastructure is ever-increasing. Unfortunately, as our dependency has grown, so have hostile attacks on the cyber infrastructure by network predators. The lack of security as a core element in the initial design of these information systems has made common desktop software, infrastructure services, and information networks increasingly vulnerable to continuous and innovative breakers of security. Worms, viruses, and spam are examples of attacks that cost the global economy billions of dollars in lost productivity. Sophisticated distributed denial of service (DDoS) attacks that use thousands of web robots (bots) on the Internet and telecommunications networks are on the rise. The ramifications of these attacks are clear: the potential for a devastating largescale network failure, service interruption, or the total unavailability of service. Yet many security programs are based solely on reactive measures, such as the patching of software or the detection of attacks that have already occurred, instead of proactive measures that prevent attacks in the first place. Most of the network security configurations are performed manually and require experts to monitor, tune security devices, and recover from attacks. On the other hand, attacks are getting more sophisticated and highly automated, which gives the attackers an advantage in this technology race. A key contribution of this book is that it provides an integrated view and a comprehensive framework of the various issues relating to cyber infrastructure protection. It covers not only strategy and policy issues, but it also covers social, legal, and technical aspects of cyber security as well. We strongly recommend this book for policymakers and researchers so that they may stay abreast of the latest research and develop a greater understanding of cyber security issues.