Session 3.2 Zahri Hj Yunos

  • Published on
    09-May-2015

  • View
    259

  • Download
    2

Embed Size (px)

Transcript

  • 1.CYBER TERRORISM : THE RISING THREAT IN CYBER DIMENSION? Zahri Yunos Chief Operating Officer CyberSecurity Malaysia Commonwealth Cybersecurity Forum 2014 London 5 6 March 2014

2. CRITICAL NATIONAL INFORMATION INFRASTRUCTURE (CNII) 3. Critical National Information Infrastructure (CNII) In Malaysia DEFENCE & SECURITY TRANSPORTATION BANKING & FINANCE HEALTH SERVICES EMERGENCY SERVICES VISION Malaysia's Critical National Information Infrastructure shall be secure, resilient and self-reliant. Infused with a culture of security, it will promote stability, social well being and wealth creation CRITICAL NATIONAL INFORMATION INFRASTRUCTURE Assets (real & virtual), systems and functions that are vital to the nation that their incapacity or destruction would have a devastating impact on National defense & security National economic strength National image Government capability to function Public health & safety ENERGY INFORMATION & COMMUNICATIONS GOVERNMENT FOOD & AGRICULTURE WATER 3 4. Inter- Dependent 4 5. Interdependency of CNII Referece: Lewis, T. G. (2006). Critical Infrastructure Protection in Homeland Security. Published by John Wiley & Sons, Inc., Hoboken, New Jersey 6. ELECTRICITY UTILITIES Threats to CNII : Interdependency SECTORS / SERVICES 7. SCADA = Supervisory Control & Data Acquisition Threats to CNII : SCADA Systems 1 2 3 4 Reference: Using ANSI/ISA-99 Standards to Improve Control System Security by Tofino Security The interconnection of SCADA systems to corporate networks & their reliance on common operating platforms and remote excess - exposing SCADA systems to vulnerabilities 7 8. Threats to CNII : The Use of ICT and Cyberspace by Terrorist Use of Internet By Terrorist Psychological Warfare Publicity and Propaganda Data Mining Fundraising Recruitment and Mobilization Social Networking Sharing Information Planning and Coordination Reference: [1] Mantel, B.: (2009). Terrorism and the Internet. Should Web Sites That Promote Terrorism Be Shut Down?. From CQ Researchers, pp. 129-153 [2] Zhang, Y., Zeng, S., Huang, C.N., Fan, L., Yu, X., Dang, Y., Larson, C., Denning, D., Roberts, N., and Chen, H.: (2010). Developing a Dark Web Collection and Infrastructure for Computational and Social Sciences. IEEE International Conference on Intelligence and Security Informatics, pp. 59-64 [3] Li, X., Mao, W., Zeng, D., and Wang, F.: (2010). Automatic Construction of Domain Theory for Attack Planning. IEEE International Conference on Intelligence and Security Informatics, pp 65-70 [4] Fu, T., Abbasi, A., and Chen, H. A Focused Crawler for Dark Web Forums. Journal of the American Society for Information Science and Technology [5] Yunos, Z., Ahmad, R., Mat Ali, S., and Shamsuddin, S. Illicit Activities and Terrorism in Cyberspace: An Exploratory Study in the Southeast Asian Region. in:M. Chau et al. (Eds.): Pacific Asia Workshop on Intelligence and Security Informatics (PAISI 2012), 29 May 2012, LNCS 7299 Springer, Heidelberg, pp. 27-35, 2012 8 9. Use of cyber space by terrorist Psychological Warfare Publicity and Propaganda Attacks against CNII Fundraising Recruitment and Mobilization Social Networking Sharing Information Planning and Coordination The perpetrator may utilize the cyberspace for conducting cyber attacks on critical national information infrastructure facilities 9 10. Many nations all over the world constantly increase their dependency on cyberspace by maximising the use of ICT Interdependencies that exist within critical infrastructures have raised concerns - successful cyber attacks on one computer system can have serious cascading effects on other, resulting in potentially catastrophic damage and disruption Through ICT, perpetrators can disrupt critical services, hence affecting the nations operation and its ability to function. Why would a perpetrator decide to use ICT instead of using the usual methods of assassination, hostage- taking, guerrilla warfare and bombing? 10 11. 11 CYBER TERRORISM 12. Cyber Attack to CNII - Estonia 12 Cyber Attack on Estonia Occurred in May 2007 Estonia was under cyber attacks for 3 weeks Attack targeted government, banking, media and police websites Paralyzed internet communication. Attacks from 128 sources outside Estonia US and European countries aided Estonia in overcoming the cyber attacks You don't see buildings reduced to piles of rubble or dead bodies strewn across the street ... There's nothing to take photos of There's only economic damage, websites that cannot be accessed and transactions that cannot take place .. By destabilizing the economy, the people of the country is subject to riots, rallies and protests, and crippling its stability which could result in violence and creating unrest in the country YB Datuk Seri Dr Ahmad Zahid Hamidi, DSA 2012 Is it cyber terrorism? 12 Is it cyber crime? Is it cyber war? 13. Cyber Attack to CNII Stuxnet Stuxnet was targeted at Siemens industrial software and equipment running Microsoft Windows (June 2010). Symantec reported that nearly 60% of the approximately 100,000 infect hosts were located in Iran, which has lead to speculation that Stuxnets target was at Irans nuclear power plant or uranium enrichment plant 13 14. 14 Cyber Attack to CNII Shamoon 15. OP Malaysia Cyber Attacks by Anonymous Hackers (15-19 June 2011) 15 16. Definition: Cyber Terrorism Reference: D. E. Denning, Cyberterrorism, Testimony given to the House Armed Services Committee Special Oversight Panel on Terrorism, 2000 Cyber terrorism is the convergence of terrorism and cyberspace 1. It is generally understood to mean unlawful attacks and threats of attack against computers, networks and the information stored therein 2 when done to intimidate a government or its people 3 in furtherance of political or social objectives 4. Further, to qualify as cyber terrorism, an attack should result in violence against persons or property 5, or at least cause enough harm to generate fear 6. Attacks that lead to death or bodily injury, explosions, plane crashes, water contamination, or severe economics loss 7 would be examples. Serious attacks against critical infrastructures could be acts of cyber terrorism 8, depending on their impact. Attacks that disrupt nonessential services or that are mainly a costly nuisance would not. 9 16 17. Definition : Cyber Terrorism .. many more There are many definitions on cyber terrorism provided by researchers, policy makers and individuals Interestingly, most governments in the world do not agree on one single definition of cyber terrorism. There is no common definition of cyber terrorism The ambiguity in the definition brings indistinctness in action; as the old maxim goes one mans terrorist is another mans freedom fighter [1]. According to Schmid, "there is no agreement among experts and there is not likely to be an agreement as long they cannot even agree on a common definition on terrorism (and cyber terrorism). [2] Reference: [1] L. E. Prichard, J. J., and MacDonald, Cyber Terrorism: A Study of the Extent of Coverage in Computer Security Textbooks, Journal of Information Technology Education, vol. 3, 2004. [2] A. P. Schmid, Root Causes of Terrorism: Methodological and Theoretical Notes, Empirical Findings and Four Inventories of Assumed Causal Factors, 2005. 17 18. Cyber Terrorism Framework: Veerasamy Reference : N. Veerasamy, A Conceptual High-level Framework of Cyberterrorism, International Journal of Information Warfare, vol. 8, no. 1, pp. 1-14, 2009. 18 Provide context in which cyber terrorism is functioning Methods of carrying cyber terrorism Motivation 19. Cyber Terrorism Framework: Heickero Actor-target-effect Chain Reference: R. Heickero, Terrorism Online and the Change of Modus Operandi, Swedish Defence Research Agency, Stockholm, Sweden, pp. 1-13, 2007. 19 20. Cyber Terrorism Framework: Gordon and Ford Reference: S. Gordon and R. Ford, Cyberterrorism?, Symantec White Paper, 2002. Components Description Perpetrator Group/Individual In cyber context, virtual interactions can lead to anonymity. Place Worldwide The event does not have to occur in a particular location. The Internet has introduced globalization of the environment. Action Threats/Violence/ Recruitment/ Education/Strategies Terrorist scenarios typically are violent or involve threats of violence. Violence in virtual environment includes psychological effects, possible behavior modification and physical trauma. Tool Kidnapping/ Harassment/ Propaganda/Education Terrorist use the computer as tool. Facilitating identity theft, computer viruses, hacking are examples fall under this category. Target Government Officials/Corporations Potential targets are corporations and government computer systems. Affiliation Actual/Claimed Affiliation refers to recruitment in carrying out given instructions. Affiliation can result in strengthening of the individual organizations as they can immediately acquire access to the information resources of their allies. Motivation Social/Political Change Political, social and economic are the motivations present in the real-world terrorism. 20 21. Cyber Terrorism Framework: Brickey 21 Reference: J. Brickey, Defining Cyberterrorism: Capturing a Broad Range of Activities in Cyberspace, CTC Centinel, United States Military Academy, West Point, Vol 5, Issue 8, pp. 4-6, Aug 2012. 22. Cyber Terrorism Framework: Yunos & Ahmad Mass disruption or seriously interfere critical services operation Cause fear, death or bodily injury Severe economic loss Network warfare Psychological operation Critical National Information Infrastructure computer system Critical Infrastructure Civilian population Cyber Terrorism Target Impact Method of Action Domain Tools of Attack Motivation Political Ideological Social Economic Cyberspace (includes the Internet, telecommunications networks, computer systems, and embedded processors and controllers) Borderless Unlawful means Illegal acts Factor AND 22 Reference: R. Ahmad, Z. Yunos, S. Sahib, and M. Yusoff, Perception on Cyber Terrorism: A Focus Group Discussion Approach, Journal of Information Security, vol. 03, no. 03, pp. 231-237, 2012 23. Reference: K. Stefan et. all, Taxonomy for Computer Incidents, In Cyber Warfare and Cyber Terrorism, Chapter XLVIII, pp 414, 2008 23 Extended CERT-taxanomy from Howard and Longstaff (1998) 24. Initiatives in Safeguarding Malaysia CNII Against Cyber Threats 25. CNII Protection Against Cyber Terrorism Topping the list of possible perpetrator abuse of the ICT and cyberspace is the potential for actual attacks on the network itself, or cyber terrorism Terrorist cyber-attack on critical information infrastructure is possible, where motivation and resources are fundamental Therefore, there is a need to have a strategy at the national level for the protection of the CNII against cyber terrorism The strategy for the CNII protection could be through industry cooperation and information sharing, awareness and education program, adequate laws related to infrastructure protection, R&D program and organizational structure 25 26. The National Cyber Security Policy - Background and Objectives Objectives: Address The Risks To The Critical National Information Infrastructure (CNII) To Ensure That Critical Infrastructure Are Protected To A Level That Is Commensurate With The Risks To Develop And Establish A Comprehensive Program And A Series Of Frameworks 2005 The National Cyber Security Policy formulated by MOSTI 2006 NCSP Adoption and Implementation The policy recognizes the critical and highly interdependent nature of the CNII and aims to develop and establish a comprehensive program and a series of frameworks that will ensure the effectiveness of cyber security controls over vital assets 26 27. The National Cyber Security Policy - Policy Thrust Copyright 2010 CyberSecurity Malaysia INTERNATIONAL COOPERATION Ministry of Communication & Multimedia Malaysia's Critical National Information Infrastructure shall be secure, resilient and self-reliant. Infused with a culture of security, it will promote stability, social well being and wealth creation CYBER SECURITY EMERGENCY READINESS National Security Council COMPLIANCE & ENFORCEMENT Ministry of Communication & Multimedia R & D TOWARDS SELF RELIANCE Ministry of Science, Technology & Innovation CULTURE OF SECURITY & CAPACITY BUILDING Ministry of Science, Technology & Innovation CYBER SECURITY TECHNOLOGY FRAMEWORK Ministry of Science, Technology & Innovation LEGISLATION & REGULATORY FRAMEWORK Attorney Generals Chambers EFFECTIVE GOVERNANCE National Security Council 1 2 3 4 5 6 7 8 27 28. The National Cyber Security Policy - Current Progress PT 1 EFFECTIVE GOVERNANCE A STUDY ON THE LAWS OF MALAYSIA TO ACCOMMODATE THE LEGAL CHALLENGES IN THE CYBER ENVIROMENT PT 2 LEGISLATION & REGULATORY FRAMEWORK PT 3 CYBER SECURITY TECHNOLOGY FRAMEWORK NATIONAL STRATEGY FOR CYBER SECURITY ACCULTURATION AND CAPACITY BUILDING PROGRAM PT 4 CULTURE OF SECURITY & CAPACITY BUILDING PT 7 CYBER SECURITY EMERGENCY READINESS 28 29. 29 PT1: EFFECTIVE GOVERNANCE Public-Private Partnership 29 Public-private partnership is essential in order to enhance the security of Malaysias cyber space Government led and supported by the industries, academia and NGOs 30. PT7: CYBER SECURITY EMERGENCY READINESS National Cyber Crisis Management Plan NATIONAL CYBER CRISIS MANAGEMENT PLAN A framework that outlines the strategy for cyber attacks mitigation and response among Malaysias Critical National Information Infrastructure (CNII) through public and private collaboration and coordination 30 31. PT8: INTERNATIONAL COOPERATION 31 ENGAGE Participate in relevant cyber security meetings and events to promote Malaysias positions and interests in the said meetings and events PRIORITIZE Evaluate Malaysias interests at international cyber security platforms and act on elements where Malaysia can get tangible benefits and voice third world interests LEADERSHIP Explore opportunities at international cyber security platforms where Malaysia can vie for positions to play a leadership role to project Malaysias image and promote Malaysias interests ASEAN Regional Forum 32. + Source: Secretariat, APCERT / JPCERT-CC PT8: INTERNATIONAL COOPERATION APCERT DRILL 2012 , 2013 & 2014 33. Cyber world offers great opportunity, but the emergence of cyber threats brought together a number of repercussions that should not be taken for granted Hence it is important to address these threats in a comprehensive manner. These include: To have an integrated policy framework To enhance the use of technology and process to mitigate the threats To inculcate a cyber security acculturation through continuous training and awareness programs Public-Private Partnership is essential to enhance the security and safety of cyber space Conclusion 33