The global threat to information technology security. (Software Intelligence: Security).In the twentieth century, the computer industry developed excellent tools to secure IT but our experience in the every early part of the new century is that these tools, or the application of these tools, are failing. Denial of service attacks An assault on a network that floods it with so many additional requests that regular traffic is either slowed or completely interrupted. Unlike a virus or worm, which can cause severe damage to databases, a denial of service attack interrupts network service for some period. , computer viruses and worms, commercial espionage espionage (ĕs`pēənäzh'), the act of obtaining information clandestinely. The term applies particularly to the act of collecting military, industrial, and political data about one nation for the benefit of another. and IT fraud perpetrated by organized crime are all causing major damage to governments, commerce and industry, academia and domestic users. The terrorist incident on 11th September reminded governments throughout the world that terrorist attacks have the capacity to do major damage at all levels of the economy and the realisation that future attacks could include biological, chemical or even nuclear elements has been accepted and, indeed, publicised Adj. 1. publicised - made known; especially made widely known publicized by government leaders. Information attacks by terrorist organizations (or even state sponsored attacks) are equally a likely event of the future. At the same time, the way of life in the western world has now reached such complexity and density of population that it is only computerization com·put·er·ize tr.v. com·put·er·ized, com·put·er·iz·ing, com·put·er·iz·es 1. To furnish with a computer or computer system. 2. To enter, process, or store (information) in a computer or system of computers. that enables the continuance The adjournment or postponement of an action pending in a court to a later date of the same or another session of the court, granted by a court in response to a motion made by a party to a lawsuit. of developed civilization. Every aspect of our life is now connected by a seamless digital super-highway; this superhighway superhighway - information superhighway is global in dimension and results in an enforced global sharing of risk as well as the sharing of benefits that computerisation has brought to mankind. Computer security in the twentieth century was characterized by two factors. First, it was reactive in response and, second, it provided point security solutions against individual defects or problems. This latter characteristic is tremendously wasteful in integration time, in training costs, in system performance and is failing to protect against the sophisticated tools now available to the cyber (1) From "cybernetics," it is a prefix attached to everyday words to add a computer, electronic or online connotation. The term is similar to "virtual," but the latter is used more frequently. See virtual. attacker. Security for the twenty first century will need to become proactive if it is to protect against such sophisticated attacks and requires integration and co-ordination. across the enterprise to protect the global WANs now in existence. To provide such protection at an affordable price requires that the risks to each organization are understood from the business perspective and a strategy developed to contain those risks. An understanding of the total threat is thus a prerequisite. The Risk The risk to computer systems is a combination of the threat to an organization and the vulnerability of the system to attack. If only one is present there is no risk. To understand the risk necessarily needs a clear perception of the threats and the vulnerabilities. The Threats The tabloid press postulate postulate: see axiom. the threat as represented by a lone youth sitting in a darkened dark·en v. dark·ened, dark·en·ing, dark·ens v.tr. 1. a. To make dark or darker. b. To give a darker hue to. 2. To fill with sadness; make gloomy. 3. bedroom utilising tools downloaded from one of the some 2000 serious hacking See hack and hacker. sites on the Internet. Whilst this does represent a small portion of the threat, it neither represents anything but a small fraction of the true picture nor does it represent the major threat to business on the Internet. The true picture moves across a spectrum of diverse activities ranging from state sponsored information warfare Also called "cyberterrorism," it refers to creating havoc by disrupting the computers that manage stock exchanges, power grids, air traffic control and telecommunications. While the term often deals with attacks against a nation, it may also refer to attacks on organizations and the and espionage, commercial espionage, organized crime, information broking Bro´king a. 1. Of or pertaining to a broker or brokers, or to brokerage. Redeem from broking pawn the blemished crown. - Shak. , investigative journalists, single subject pressure groups.' pornography, virus and worm writing, data privacy violation, sexual harassment sexual harassment, in law, verbal or physical behavior of a sexual nature, aimed at a particular person or group of people, especially in the workplace or in academic or other institutional settings, that is actionable, as in tort or under equal-opportunity statutes. and misuse of corporate bandwidth for private purposes. At the individual level threats arise from amateur hackers, virus writers and computer anarchists of various hues. At the one end of the spectrum at the state level, governments have a right and duty to protect their citizens by intelligence activity. Regretfully re·gret·ful adj. Full of regret; sorrowful or sorry. re·gret  ful·ly adv.re·gret , there has been more than one instance of national intelligence agencies passing information to indigenous companies to gain competitive advantage both in R and D and in the competitive tendering process. On a global scale there has been state sponsored research into Information Warfare techniques and strategies. The catastrophic events of 11 September have unfortunately raised the global perception of terrorist activity. European political leaders are stressing that our guard must be increased not only for aircraft hi-jacking but also for other damaging activity. The capability to attack computer systems has not increased since the attack but the willingness of highly motivated people to cause serious economic damage has been demonstrated to be at a higher level than was generally accepted to be the case before the tragic events unfolded in the USA. It is only by a thorough understanding of the nature of the various risks to each company or organization and by the provision of adequate levels of protection, commensurate with the value of the activity, that we can deny the terrorist the capability to attack us with computer weapons. If nothing else, it would be prudent for companies and organizations to refresh (1) To continuously charge a device that cannot hold its content. CRTs must be refreshed, because the phosphors hold their glow for only a few milliseconds. Dynamic RAM chips require refreshing to maintain their charged bit patterns. See vertical scan frequency and redraw. their assessment of the risks they may face in this area. Commercial intelligence is a legitimate business process but commercial espionage crosses that boundary between the legal and the illegal. Information broking, as it is euphemistically eu·phe·mism n. The act or an example of substituting a mild, indirect, or vague term for one considered harsh, blunt, or offensive: "Euphemisms such as 'slumber room' . . . called, saw it's roots in the era of oil embargoes Oil embargo may refer to:
Investigative journalists, often involved on a self-perceived moral crusade, view information gathering in any fashion as legitimate to their overall aims and we have seen this attitude spread to the single point issue groups for example in the religious and animal rights areas who have utilized information gathering techniques to further their causes. Whatever moral stance one takes on pornography, naked flesh eats bandwidth and, as a rule of thumb, doubles the bandwidth that needs to be provided other than for the legitimate requirements of a company if unrestricted access to the Internet is permitted (or allowed by default). Very similar to this problem is the misuse of corporate bandwidth to listen to radio programmes (and similar activities) on the Internet; this can have a devastating dev·as·tate tr.v. dev·as·tat·ed, dev·as·tat·ing, dev·as·tates 1. To lay waste; destroy. 2. To overwhelm; confound; stun: was devastated by the rude remark. effect on corporate bandwidth and operation if there is a news or sporting event of national or international importance. The greatest damage to ebusiness is currently from the virus and worm writing fraternity. The Code Red and NIMDA worms, although relatively benign in terms of payload (1) Refers to the "actual data" in a packet or file minus all headers attached for transport and minus all descriptive meta-data. In a network packet, headers are appended to the payload for transport and then discarded at their destination. , have done significant damage to global business in the last few months, The damage should never have happened as patches have existed and have been freely available for some considerable time to protect against such phenomenon. The frequency and increasing virulence Virulence The ability of a microorganism to cause disease. Virulence and pathogenicity are often used interchangeably, but virulence may also be used to indicate the degree of pathogenicity. of these attacks will eventual force the automatic update of protection on major systems. Whilst there are some dangers in accepting updates over the public communication systems, the dangers of insufficient protection are far greater than the risks of such downloading. As well as installing an efficient anti-virus tool, as with all other areas of IT security procedures need to exist and be enforced if systems are to be safeguarded. Whist the above constitute the major threats, there are numerous other activities that will have various degrees of threat to IT systems. The Vulnerabilities Where does one start? There has to be an overall realization that computer activity is inherently insecure and that the only safe computer is one that is switched off and wiped clean of data! Whilst there can never be a 100% guarantee of safety, appropriate trust can be achieved by a proper evaluation of the business process and the value that computing adds to that business process in a risk management exercise. From that a security strategy can be devised to guard against the vulnerabilities that are recognized as posing a particular threat in a particular environment. Computer programmes now contain many million lines of code The statements and instructions that a programmer writes when creating a program. One line of this "source code" may generate one machine instruction or several depending on the programming language. A line of code in assembly language is typically turned into one machine instruction. . A recent NASA NASA: see National Aeronautics and Space Administration. NASA in full National Aeronautics and Space Administration Independent U.S. study, showed that there are some fifty to one hundred and fifty bugs per thousand lines of well written code. Whilst Software Houses to various degrees are attempting to improve the quality of coding, the competing requirement between bringing new functionality to the market against ensuring an entirely safe product will inevitably lead to certain vulnerabilities remaining in programs. What may not be a vulnerability today may prove to be one tomorrow as new attack techniques are created. The spectrum of other vulnerabilities including problems with hard ware, personnel security, physical security, communication security - especially in a wireless environment and the Internet itself make any further listing in a paper of this length a nugatory Having little meaning. A nugatory statement or command is one that provides little value and might just as well be omitted. See deprecate. exercise. Cyber Defence Signature recognition of attack techniques has been the major way that the industry has recognized and protected against cyber attacks. Whilst this is effective for the techniques that have been identified and catalogued, the sophisticated area of cyber attack capability does not post new procedures onto hacking sites. We therefore need a way in which we can recognise novel attack methods not previously identified. Whilst there will always be a need to combine procedural signature recognition with other cyber defences, it is the use of the predictive capability of artificial intelligence that will provide the solution in the twenty first century. Many of the problems of computer security today are caused by the need to operate across different platforms, architectures, operating systems Operating systems can be categorized by technology, ownership, licensing, working state, usage, and by many other characteristics. In practice, many of these groupings may overlap. and applications. Billions of pounds have been spent on these systems and it is unlikely that such differing systems will or even could be replaced in a global enterprise. To understand the total risks to a system requires tha t there is a co-ordinated security view right across the enterprise and a method of instant auditing, reporting and reaction to attacks. Computer security will this need to look right across the enterprise and report back in a single, simple format. Computer Security has traditionally been viewed as a self contained function providing confidentiality, integrity and availability to systems. Integrity and availability are also essential elements of enterprise management, especially when 7 X 24 operation is essential. Computer security thus requires an integrated approach not only it's own requirements but into enterprise management as well. Computer Associates are exhibiting at Infosecurity Europe, from 29th April - 1st May 2003. www.infosec.co.uk |
|
||||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion