The Stakes Of Cyber Insecurity: - It's A Dangerous (Cyber .
The Stakes of Cyber Insecurity:It’s a Dangerous (Cyber) WorldDr. Bill YoungDepartment of Computer ScienceUniversity of Texas at AustinLast updated: August 22, 2019 at 13:13Dr. Bill Young: 1Dangerous Cyberworld
What I’d Like to DiscussThe scope of the problemWhy cyber security is hardAre we at (Cyber) war?What responses are legaland feasibleDr. Bill Young: 2Dangerous Cyberworld
From the HeadlinesSilent War, Vanity Fair, July 2013On the hidden battlefields of history’sfirst known cyber-war, the casualties arepiling up. In the U.S., many banks havebeen hit, and the telecommunicationsindustry seriously damaged, likely inretaliation for several major attacks onIran.Washington and Tehran are ramping up their cyber-arsenals, builton a black-market digital arms bazaar, enmeshing such high-techgiants as Microsoft, Google, and Apple.Dr. Bill Young: 3Dangerous Cyberworld
From the HeadlinesIran’s supreme leader tells students to prepare for cyber war,rt.com, 2/13/14Ayatollah Ali Khamenei has delivered asabre-rattling speech to Iran’s’Revolutionary foster children’ (in otherwords, university students) to preparefor cyber war. The supreme leader hasurged his country’s students whom hecalled “cyber war agents” — to preparefor battle.Dr. Bill Young: 4Dangerous Cyberworld
From the HeadlinesPentagon accuses China of trying to hack US defencenetworks, The Guardian, 5/7/13China is using espionage to acquiretechnology to fuel its militarymodernisation, the Pentagon has said,for the first time accusing the Chineseof trying to break into US defensecomputer networks and prompting afirm denial from Beijing.Dr. Bill Young: 5Dangerous Cyberworld
From the HeadlinesCyber security in 2013: How vulnerable to attack is USnow?, Christian Science Monitor, 1/9/13The phalanx of cyberthreats aimed squarely at Americans’livelihood became startlingly clear in 2012 and appears poised toproliferate in 2013 and beyond.That prediction came true:2013 was the most historic year ever for cyber attacks. Theindustry saw several mega attacks that included sophisticatedDDoS attack methods. (IT Business Edge, 12/16/13)Health care hardest hit:The Identity Theft Resource Center reported that health-careorganizations suffered 267 breaches (in 2013), or 43 percent of allattacks. That’s significantly higher than the business sector.(Wonkblog, 2/5/14)Dr. Bill Young: 6Dangerous Cyberworld
From the HeadlinesU.S. Not Ready for Cyberwar Hostile Attackers CouldLaunch, The Daily Beast, 2/21/13The Chinese reportedly have been hackinginto U.S. infrastructure, and Leon Panettasays future attacks could plunge the U.S.into chaos. We’re not prepared. If thenightmare scenario becomes suddenly real. If hackers shut down much of theelectrical grid and the rest of the criticalinfrastructure goes with it .If we are plunged into chaos and suffer more physical destructionthan 50 monster hurricanes and economic damage that dwarfs theGreat Depression . Then we will wonder why we failed to guardagainst what outgoing Defense Secretary Leon Panetta has termeda “cyber-Pearl Harbor.”Dr. Bill Young: 7Dangerous Cyberworld
The U.S. at Risk?Experts believe that U.S. is perhaps particularly vulnerable tocyberattack compared to many other countries. Why do yousuppose that is?Dr. Bill Young: 8Dangerous Cyberworld
The U.S. at Risk?Experts believe that U.S. is perhaps particularly vulnerable tocyberattack compared to many other countries. Why do yousuppose that is?The U.S. is highlydependent on technology.Sophisticated attack toolsare easy to come by.A lot of critical informationis available on-line.Critical infrastructure maybe accessible remotely.Other nations exercise morecontrol over information andresources.Dr. Bill Young: 9Dangerous Cyberworld
How Bad Is It?Cyberwarfare greater threat to US than terrorism, saysecurity experts, Al Jazeera America, 1/7/14Cyberwarfare is the greatest threatfacing the United States — outstrippingeven terrorism — according to defense,military, and national security leaders ina Defense News poll.45 percent of the 352 industry leaders polled said cyberwarfare isthe gravest danger to the U.S., underlining the government’s shiftin priority—and resources—toward the burgeoning digital arena ofwarfare.Dr. Bill Young: 10Dangerous Cyberworld
The U.S. Government Takes this Seriously“The Pentagon has concludedthat computer sabatoge comingfrom another country canconstitute an act of war, afinding that for the first timeopens the door for the U.S. torespond using traditional militaryforce.” (Wall Street Journal)“The Pentagon will expand its cyber security force from 900personnel to a massive 4,900 troops and civilians over the next fewyears following numerous concerns over the dangerously vulnerablestate of their defenses, according to US officials.” (rt.com)Dr. Bill Young: 11Dangerous Cyberworld
And Are We Already There?Cyber warfare involves “actions by anation-state to penetrate another nation’scomputers or networks for the purpose ofcausing damage or disruption.” –Clarke andKnape.Clarke’s definition of Cyber warfare raises asmany questions as it addresses:Can’t a non-state entity engage in warfare?Which computers or networks matter?Which actions should qualify as acts of war?Is “warfare” even a useful term in this context?Why not just make our computers and networks impervious tosuch attacks?Dr. Bill Young: 12Dangerous Cyberworld
Why Are We At Risk?Arguably, the only way that anothernation-state can “penetrate [our]computers or networks for the purposeof causing damage or disruption” is1if they have insider access; or2there are exploitable vulnerabilitiesthat allow them to gain remoteaccess.So, why not just “harden” our computers and networks to removethe vulnerabilities?Dr. Bill Young: 13Dangerous Cyberworld
Is Cyber Security Particularly Hard?Why would cybersecurity by any harder than other technologicalproblems?Dr. Bill Young: 14Dangerous Cyberworld
Is Cyber Security Particularly Hard?Why would cybersecurity by any harder than other technologicalproblems?Partial answer: Most technologicalproblems are concerned with ensuringthat something good happens.Security is all about ensuring that badthings never happen.To ensure that, you have to knowwhat all the bad things are!Dr. Bill Young: 15Dangerous Cyberworld
Cyber Defense is AsymmetricIn cybersecurity, you have to defeat an actively malicious adversary.The defender has to find andeliminate all exploitablevulnerabilities; the attacker onlyneeds to find one!Dr. Bill Young: 16Dangerous Cyberworld
Cyber Security is ToughPerfect security is unachievable in any usefulsystem. We trade-off security with otherimportant goals: functionality, usability,efficiency, time-to-market, and simplicity.“The opposite of security is not insecurity; it’susability.” –John C. Inglis, former DeputyDirector of NSA (Jan. 2017)Dr. Bill Young: 17Dangerous Cyberworld
Is It Getting Better?“The three golden rules to ensure computersecurity are: do not own a computer; do notpower it on; and do not use it.” –Robert H.Morris (mid 1980’s), former chief scientist ofthe National Computer Security Center“Unfortunately the only way to really protect[your computer] right now is to turn it off,disconnect it from the Internet, encase it incement and bury it 100 feet below theground.” –Prof. Fred Chang (2009), formerdirector of research at NSADr. Bill Young: 18Dangerous Cyberworld
Some Sobering FactsThere is no completely reliableway to tell whether a given pieceof software contains maliciousfunctionality.Once PCs are infected they tendto stay infected. The medianlength of infection is 300 days.“The number of detected information security incidents hasrisen 66% year over year since 2009. In the 2014 survey, thetotal number of security incidents detected by respondentsgrew to 42.8 million around the world, up 48% from 2013—anaverage of 117,339 per day.” (CGMA Magazine, 10/8/2014)Dr. Bill Young: 19Dangerous Cyberworld
The Cost of Data BreachesThe Privacy Right’sClearinghouse’s Chronology ofData Breaches (January, 2012)estimates that more than halfa billion sensitive records havebeen breached since 2005.This is actually a very“conservative estimate.”The Ponemon Institute estimates that the approximate currentcost per record compromised is around 318.“A billion here, a billion there, and pretty soon you’re talking realmoney” (attributed to Sen. Everett Dirksen)Dr. Bill Young: 20Dangerous Cyberworld
But is it War?How real is the threat?Is the warfare metaphor ahelp or a hinderance?Are cyberattacks bestviewed as crimes, “armedattacks,” both, or somethingelse entirely?Is this issue about semanticsor substance?Does it really matter?Dr. Bill Young: 21Dangerous Cyberworld
Warfare: Cyber and OtherwiseRecall Clarke’s definition of cyber warfare: “actions by anation-state to penetrate another nation’s computers or networksfor the purposes of causing damage or disruption.”Can activity in cyberspace have “kinetic” consequences such asproperty damage and loss of lives? Does it have to have suchconsequences to qualify as an act of war?Dr. Bill Young: 22Dangerous Cyberworld
The Pentagon ViewCyber Combat: Act of War, Wall Street Journal, 5/31/11“The Pentagon has concluded thatcomputer sabatoge coming fromanother country can constitute an actof war, a finding that for the first timeopens the door for the U.S. to respondusing traditional military force.Dr. Bill Young: 23Dangerous Cyberworld
Notable Cyber CampaignsFirst Persian Gulf War (1991):Iraq’s radar and missile controlnetwork taken offline.Estonia (2007): websites ofgovernment ministries, politicalparties, newspapers, banks, andcompanies disabled.Georgia (2008): DoS attack shutsdown much of Georgia’s ability tocommunicate with the externalworld.Dr. Bill Young: 24Dangerous Cyberworld
What Might a Cyber-attack Look Like: StuxnetStuxnet is a Windows computerworm discovered in July 2010that targets Siemens SCADA(Supervisory Control and DataAcquisition) systems.In interviews over the past three months in the United States andEurope, experts who have picked apart the computer wormdescribe it as far more complex and ingenious than anything theyhad imagined when it began circulating around the world,unexplained, in mid-2009. –New York Times, 1/16/11Dr. Bill Young: 25Dangerous Cyberworld
Stuxnet CharacteristicsStuxnet is the new face of 21st-century warfare: invisible,anonymous, and devastating. . Stuxnet was the firstliteral cyber-weapon. America’s own critical infrastructureis a sitting target for attacks like this. (Vanity Fair, April2011)Stuxnet was the first (known) malware that subverts specificindustrial systems.Believed to have involved years of effort by skilled hackers todevelop and deploy.Narrowly targeted, quite possibly at Iran’s nuclear centrifuges.Widely believed to have been developed by Israel and the U.S.Dr. Bill Young: 26Dangerous Cyberworld
Stuxnet WormKaspersky Lab Provides Its Insights on Stuxnet Worm,Kaspersky.com, 9/24/10“I think that this is the turning point, this isthe time when we got to a really new world,because in the past there were justcyber-criminals, now I am afraid it is the timeof cyber-terrorism, cyber-weapons andcyber-wars.”Dr. Bill Young: 27Dangerous Cyberworld
Children of StuxnetThe successors of Stuxnet may be even more sophisticated:DuQu: (Sept. 2011) looks for information that could be useful inattacking industrial control systems.Flame: (May 2012) designed for cyber-espionage,targeted government organizations and educationalinstitutions in Iran and elsewhere.Gauss: (Aug. 2012) complex cyber-espionage toolkit designed tosteal sensitive data.Unlike conventional munitions, could be repurposed and redirectedat the sender.Dr. Bill Young: 28Dangerous Cyberworld
Cyber Attacks on the U.S.The U.S. has already been “attacked” in the sense of cyberespionage.Moonlight Maze: coordinated attacks onU.S. computer systems (1999), traced toMoscow; compromised huge amount of data,possibly including classified naval codes andmissile guidance systems specs.Titan Rain: coordinated attacks on U.S.systems since 2003 probably Chinese andcompromising an estimated 10-20 terabytes ofdata.There are undoubtedly others that we don’t yet know about.Dr. Bill Young: 29Dangerous Cyberworld
From the HeadlinesHouse Intel Chair Mike Rogers Calls Chinese Cyber Attacks’Unprecedented’, ABC News, 2/24/13House Intelligence Committee ChairMike Rogers, R-Mich., said it was“beyond a shadow of a doubt” that theChinese government and military isbehind growing cyber attacks againstthe United States, saying “we arelosing” the war to prevent the attacks.“It is unprecedented,” Rogers added. “This has never happened inthe history of the world, where one nation steals the intellectualproperty to re-purpose it—to illegally compete against thecountry.”Dr. Bill Young: 30Dangerous Cyberworld
Does It Go Beyond Espionage?Some security experts warn that asuccessful possible widespread attackon U.S. computing infrastructurecould largely shut down theU.S. economy for up to 6 months.It is estimated that the destruction from a single wave of cyberattacks on U.S. critical infrastructures could exceed 700 billionUSD—the equivalent of 50 major hurricanes hitting U.S. soil atonce. (Source: US Cyber Consequences Unit, July 2007)Dr. Bill Young: 31Dangerous Cyberworld
CyberAttacks: An Existential Threat?Cyberattacks an ’Existential Threat’ to U.S., FBI Says,Computerworld, 3/24/10A top FBI official warned today thatmany cyber-adversaries of the U.S. havethe ability to access virtually anycomputer system, posing a risk that’s sogreat it could “challenge our country’svery existence.”According to Steven Chabinsky, deputy assistant director of theFBI’s cyber division: “The cyber threat can be an existentialthreat—meaning it can challenge our country’s very existence, orsignificantly alter our nation’s potential.”Dr. Bill Young: 32Dangerous Cyberworld
Not Everyone AgreesHoward Schmidt, the new cybersecurity czarfor the Obama administration, has a shortanswer for the drumbeat of rhetoric claimingthe United States is caught up in a cyberwarthat it is losing. “There is no cyberwar. I thinkthat is a terrible metaphor and I think that is aterrible concept,” Schmidt said. “There are nowinners in that environment.” (Wired,3/4/10)Mr. Schmidt doesn’t think there’s no problem, just that we’recalling it by the wrong name.Dr. Bill Young: 33Dangerous Cyberworld
Is a Cyber Attack an Act of War?There are some serious questions that deserve national andinternational dialogue.How serious would a cyber attack have to be considered an“act of war”?What if it were an act by non-state actors?Would it require certainty about who initiated it?What degree of control would the offending nation have toexert over such actors?Must the response be electronic or could it be “kinetic”?Dr. Bill Young: 34Dangerous Cyberworld
Selecting TargetsStates are supposed to adhere to certain criteria in selectingtargets of attack:Distinction: requires distinguishingcombatants from non-combatants anddirecting actions against military objectivesNecessity: limits force to that “necessary toaccomplish a valid military objective”Humanity: prohibits weapons designed “tocause unnecessary suffering”Proportionality: protects civilians andproperty against excessive uses of forceDo these apply to cyberattacks? To responses to cyberattacks?Dr. Bill Young: 35Dangerous Cyberworld
TargetsThere are good reasons to believe that the choice of targets mightbe different in cyber vs. kinetic warfare.Non-state actors may not feel bound by the conventional lawsof war.The actors may be in an asymmetric power relationship.Non-state actors may be looking for “soft” high-value targets.Cyber attacks offer the ability to “skip the battlefield.”Systems that people rely upon, from banks to air defenseradars, are accessible from cyberspace and can be quicklytaken over or knocked out without first defeating a country’s traditional defenses. –Clarke and Knape, 31Dr. Bill Young: 36Dangerous Cyberworld
TargetsIn a cyberattack, targets could be: military, civil or private sector.If a major cyber conflict betweennation-states were to erupt, it is very likelythat the private sector would get caught inthe crossfire. Most experts agree thatcritical infrastructure systems—such as theelectrical grid, banking and finance, and oiland gas sectors—are vulnerable in manycountries. –McAfee (2009) VirtualCriminology ReportDr. Bill Young: 37Dangerous Cyberworld
How Vulnerable is Our Infrastructure?Nobody would be dumb enough to make such critical functionalityaccessible remotely. Would they?“I have yet to meet anyone whothinks SCADA systems should beconnected to the Internet. Butthe reality is that SCADAsystems need regular updatesfrom a central control, and it ischeaper to do this through anexisting Internet connection thanto manually move data or build aseparate network.” –Greg Day,Principal Security Analyst atMcAfeeDr. Bill Young: 38Dangerous Cyberworld
The Attribution ProblemOften it is extremely difficult todetermine the source of a cyberattack.If you’re not sure who attacked you,can you attack back?“States find themselves in a ‘response crisis’ during a cyber attack,forced to decide between effective but arguably illegal, activedefenses, and the less effective, but legal, passive defenses andcriminal laws.” –Carr, Inside Cyber Warfare, 47Dr. Bill Young: 39Dangerous Cyberworld
U.N. CharterThe U.N. Charter preserves the rightof states to engage in “individual orcollective self-defense” in response toan “armed attack.” (Article 51).However, that begs the question of when a cyber attack should beconsidered an “armed attack.”Dr. Bill Young: 40Dangerous Cyberworld
International AgreementsMost directly relevant is theEuropean Convention onCybercrime, which recognizes theneed of states to criminalizecyber attacks and the duty ofstates to prevent non-state actorson their territory from launchingthem.requires states to establish domestic criminal offenses for mosttypes of cyber attacksrecognizes the importance of prosecuting attackersrequires extending jurisdiction to cover a state’s territory andactions of citizens regardless of their location.The Convention has been signed by 26 countries including the U.S.Dr. Bill Young: 41Dangerous Cyberworld
How Do You Enforce It?But how do you force nation states tocomply with international criminal laws?“Several major states, such as China and Russia, allow theirattackers to operate with impunity when their attacks targetrival states.” (Carr, 47)“International legal acts regulating relations arising in theprocess of combating cyber crimes and cyber terrorism mustnot contain norms violating such immutable principles ofinternational law as non-interference in the internal affairs ofother states, and the sovereignty of the latter.” (MoscowMilitary Thought)Dr. Bill Young: 42Dangerous Cyberworld
ConclusionsCyber attacks are a serious threat tothe U.S. and other states.Cyber warfare may not be a helpfulmetaphor.The nature of the Internet makescyber attacks powerful, difficult tocounter, and difficult to attribute.No technical solutions are on thehorizon.Treaties and legal frameworks have not kept pace with thethreat.Promising theories and approaches are developing to help theinternational community cope.Dr. Bill Young: 43Dangerous Cyberworld
Stuxnet is the new face of 21st-century warfare: invisible, anonymous, and devastating. . Stuxnet was the first literal cyber-weapon. America’s own critical infrastructure is a sitting target for attacks like this. (Vanity Fair, April 2011) Stuxnet was the first
May 02, 2018 · D. Program Evaluation ͟The organization has provided a description of the framework for how each program will be evaluated. The framework should include all the elements below: ͟The evaluation methods are cost-effective for the organization ͟Quantitative and qualitative data is being collected (at Basics tier, data collection must have begun)
Silat is a combative art of self-defense and survival rooted from Matay archipelago. It was traced at thé early of Langkasuka Kingdom (2nd century CE) till thé reign of Melaka (Malaysia) Sultanate era (13th century). Silat has now evolved to become part of social culture and tradition with thé appearance of a fine physical and spiritual .
On an exceptional basis, Member States may request UNESCO to provide thé candidates with access to thé platform so they can complète thé form by themselves. Thèse requests must be addressed to esd rize unesco. or by 15 A ril 2021 UNESCO will provide thé nomineewith accessto thé platform via their émail address.
̶The leading indicator of employee engagement is based on the quality of the relationship between employee and supervisor Empower your managers! ̶Help them understand the impact on the organization ̶Share important changes, plan options, tasks, and deadlines ̶Provide key messages and talking points ̶Prepare them to answer employee questions
Dr. Sunita Bharatwal** Dr. Pawan Garga*** Abstract Customer satisfaction is derived from thè functionalities and values, a product or Service can provide. The current study aims to segregate thè dimensions of ordine Service quality and gather insights on its impact on web shopping. The trends of purchases have
Standardization High-Stakes Standardization does not equal high-stakes High-stakes Test outcomes are used to make important, often life-altering decisions Standardized tests were predominately used as a source of information Although the expansion of high-stakes testing in the U.S. can be traced long before the implementation of NCLB, the use of high-stakes tests in the U.S. has increased
Chính Văn.- Còn đức Thế tôn thì tuệ giác cực kỳ trong sạch 8: hiện hành bất nhị 9, đạt đến vô tướng 10, đứng vào chỗ đứng của các đức Thế tôn 11, thể hiện tính bình đẳng của các Ngài, đến chỗ không còn chướng ngại 12, giáo pháp không thể khuynh đảo, tâm thức không bị cản trở, cái được
Food Insecurity Measures U.S. Census CPS Household survey questions collect data on food insecurity; these are unavailable at the county level. Feeding America generates county-level food insecurity estimates. Federal Food Assistance Participation Measures Participation in food assistance programs helps alleviate food insecurity, but
