Skip to main content
Fachgebiete
Automobil + Motoren Bauwesen + Immobilien Business IT + Informatik Elektrotechnik + Elektronik Energie + Nachhaltigkeit Finance + Banking Management + Führung Marketing + Vertrieb Maschinenbau + Werkstoffe Versicherung + Risiko
DE
EN
Bücher
Zeitschriften
Themenseiten
Organisationspsychologie Projektmanagement Marketing Smart Manufacturing
Weitere Formate
Podcasts Webinare Technik Webinare Wirtschaft Kongresse Veranstaltungskalender Awards
Jetzt Einzelzugang starten
Zugang für Unternehmen
Referenzkunden
SLX-Digitalkonferenz: Zukunftswerkstatt 2024

Mehr Umsatz mit Top-Kontakten

Am 7. Mai erfahren Sie, wie Vertriebsteams Leadgenerierung, Leadnurturing und Leadstrategien effizient steuern können.
Erweiterte Suche
Anmelden
nach oben

2015 | Buch

Phenomena in the Cyber World Kapitel lesen Erstes Kapitel lesen

Cyber Security: Analytics, Technology and Automation

herausgegeben von: Martti Lehto, Pekka Neittaanmäki

Verlag: Springer International Publishing

Buchreihe : Intelligent Systems, Control and Automation: Science and Engineering

Enthalten in: Springer Professional "Wirtschaft+Technik" , Springer Professional "Technik" , Springer Professional "Wirtschaft"

Einloggen, um Zugang zu erhalten
insite
SUCHEN

Über dieses Buch

The book, in addition to the cyber threats and technology, processes cyber security from many sides as a social phenomenon and how the implementation of the cyber security strategy is carried out.

The book gives a profound idea of the most spoken phenomenon of this time. The book is suitable for a wide-ranging audience from graduate to professionals/practitioners and researchers. Relevant disciplines for the book are Telecommunications / Network security, Applied mathematics / Data analysis, Mobile systems / Security, Engineering / Security of critical infrastructure and Military science / Security.

Inhaltsverzeichnis

Frontmatter

Cyber World Today

Frontmatter
Phenomena in the Cyber World
Abstract
This chapter describes and evaluates the cyber world, including its phenomena, from a strategic perspective. As no universally accepted definitions for the cyber world exist, associated literature and publications address it in many different ways. A five-layer model is constructed for cyber threats, which include cybervandalism, cybercrime, cyber intelligence, cyberterrorism and cyberwarfare. This chapter depicts the standards-based risk model, cyber operations and cyberweaponry, as well as the critical structures of society as the targets. Moreover, cyber security definitions are provided. Cyber world phenomena are addressed in more detail in other chapters of this book.
Martti Lehto
Cyber World as a Social System
Abstract
The increasing applying of information and communication technology is transforming the society into an unknown ground of the continuously evolving cyber world. This challenges the actors of the society and has increased complexity. The purpose of this chapter is to form a hypothesis about how to identify patterns i.e., emergent phenomena about the cyber world for developing security in the society. The cyber world is considered as a complex adaptive system. A system modelling approach to complex adaptive systems is briefly outlined and a social system model of a society is introduced as a content analysis method to complex adaptive systems. The model is populated with a small set of empirical data to have a preliminary view on the content analysis of the cyber world. The results of the content analysis are patterns, i.e., emergent phenomena of the cyber world. They can be utilized for focusing the more detailed analysis of the cyber world on the most significant issues from the security planning and implementation point of view.
Tuija Kuusisto, Rauno Kuusisto
Citizens in Cyber World—Despatches from the Virtual “Clinic”
Abstract
People aren’t “good” or “bad”. People are people, and they respond to incentives. They can nearly always be manipulated—for good or ill—if only you find the right levers. Influence is all about learning what the right levers are and how to apply them (Mackay and Tataham 2011, p. 64). Cyber as a concept has usually, implicitly at least, been understood in technological terms, as a synonym for computer- and internet-based networks. This chapter, however, approaches cyber from psychological perspective and argues that, in addition with it’s technological dimension, cyber should also be considered as kind of a virtual Agora, mental battle space or global mind space where ideas can be mediated, challenged and psychological influencing rehearsed in many ways and on many platforms, ones of which are Internet and Social Medias (SOME). The chapter leans theoretically on Freudian–Lacanian psychoanalytical identity theories, both of which deal with “eternal” struggle between individual and social human past, present and future. The authors have used participant observation as their method when analyzing various discussion threads they have participated in Facebook. The main argument of the chapter is three-folded as follows: (1) Much of today´s clashes between human societies are waged in medias (including SOME) far from kinetic battlefields; (2) The speed of SOME discussions (Facebook especially) approaches the speed of face-to-face discussions, which easily may lead into intolerant comments by a participant discussant of the wider world view towards discussants of the more narrow world views; (3) Mental battles in Facebook against intolerant Freudian–Lacanian ego-fortresses may only be won by the most credible arguments and even then, not by one emancipatory capable ego alone, but with many of a kind.
Torsti Sirén, Aki-Mauri Huhtinen
Powers and Fundamental Rights in Cyber Security
Abstract
Protection of privacy and confidential communications are crucial fundamental rights in cyber security. The protection of privacy and confidential communications are twofold in the meaning that active security steps in communications may require interference with confidential communications. The detection and profiling of potential threats may raise suspects on innocent participants of communications. The NCSC-FI inside the Communications Authority has the initial task and powers to monitor the cyber security. The bill for the Code of Information Society introduces new obligations for information security and preparation for emergency situations. If new powers will be granted to authorities they must narrowly tailored and limited to the necessary measures. The interference with confidential communications in information retrieval requires legal remedies against misuse of powers and constitutional accountability of security authorities.
Riitta Ollila

Cyber Security Threats, Legality and Strategy

Frontmatter
Coder, Hacker, Soldier, Spy
Abstract
A cyber attack is best understood not as an end in itself, but as a means to a wide variety of ends, some of which have serious legal, political, military, or economic ramifications. Cyber attacks may be employed for any purpose: espionage, crime, activism, terrorism, or war. They are used for competitive advantage in any and every form of human conflict. This chapter seeks to help cyber defenders classify attacks appropriately so that they can most efficiently allocate finite resources to combat this rising threat.
Kenneth Geers
Cyber Warfare
Abstract
This chapter explores the concept of cyber warfare from two different angles. First, from the perspective of public international law on armed conflict (henceforth—international law). This is important to understand, since it addresses the role of cyber warfare in the context of using (armed) force in international conflicts. Second, the chapter explores cyber warfare as a developing military capability, which is finding its place among other (often more mature) capabilities, such as electronic warfare or missile defense. Instead of covering the breadth of each topic, the chapter identifies the key points that help understand the nature of cyber warfare.
Rain Ottis
Deception in the Cyber-World
Abstract
Like any other communication medium, cyber-space has been used for deception since its inception. Originally a medium that gave immediate global range to deceptive messages, it also provided a medium to contradict any deceptive message sent. Of course, messages are not necessarily true or false but convey an opinion about reality that the recipient accepts or does not. The main concern of managers of this information has been that the messages have not been corrupted by those with malevolent intent. Hence, at its simplest level the integrity of the message (in the information security sense) is the primary objective. With more complex messages the use of propaganda techniques that attempt to influence opinions are of concern. A medium such as the public Internet with its low cost of entry and ubiquitous access is ideal for this and, because of its multi-media and interactive format, gives a much better success rate that ‘conventional’ media. Cyber-space over the last few years has rapidly entered a new phase with almost universal use of mobile online devices that many individuals and organisations are becoming increasingly dependent on. In this environment two other developments have significant implications for the practice of deception which changes the degree to which it changes the relationship of machines, deception and humans. These new factors are: the development of neuroscience and its associated technologies, and networked robotics. These are examined in this chapter and the consequences for deception at the level of individuals and large groups are examined.
William Hutchinson
Legal Framework of Cyber Security
Abstract
The subject of cyber security has come to blend the social, economic, political and military implications of uses of ICTs by different actors for diverse purposes. Despite the absence of a single dedicated legal framework to address the cyber domain, cyberspace and actions in it are addressed by numerous legal disciplines and normative instruments that, unfortunately, do not always provide immediate and convincing remedies to current cyber security issues. This chapter will outline the scope and core areas of cyber security from a legal perspective; introduce selected legal instruments and authorities addressing cyber security in its multiple facets; and some recent conclusions about the applicability and sufficiency of cyber security law to deal with emerging cyber security concerns. It will conclude with a discussion of some of the reasons behind the diminishing legal certainty in this field and the potential implications of declining authority of law in the context of cyber security.
Eneken Tikk-Ringas
Finnish Cyber Security Strategy and Implementation
Abstract
Technical and automated solutions and information networks, which make planning, guidance and implementation possible fast and in a cost-efficient way, are widely used in Finnish information society. The flipside of this development is increased dependency on extensive and complicated technical systems and information networks. Failures in these systems or, for example, in their power supply may rapidly affect comprehensive security in society. Threats against security in society have become more multifaceted and, as a consequence, more complicated. Threats can no longer be divided clearly into military and non-military threats or internal and external threats; they are often interconnected with each other, difficult to predict and likely to occur at short notice. Internal security and external security are more and more intertwined and often it is not appropriate or even possible to separate them from each other. Cyber-related espionage, crimes and operations between states have been growing and the trend seems to be on the increase (Turvallinen Suomi: Tietoja Suomen kokonaisturvallisuudesta 2013).
Antti Sillanpää, Harri Roivainen, Martti Lehto

Cyber Security Technology

Frontmatter
Clustering-Based Protocol Classification via Dimensionality Reduction
Abstract
We propose a unique framework that is based upon diffusion processes and other methodologies for finding meaningful geometric descriptions in high-dimensional datasets. We will show that the eigenfunctions of the generated underlying Markov matrices can be used to construct diffusion processes that generate efficient representations of complex geometric structures for high-dimensional data analysis. This is done by non-linear transformations that identify geometric patterns in these huge datasets that find the connections among them while projecting them onto low dimensional spaces. Our methods automatically classify and recognize network protocols. The main core of the proposed methodology is based upon training the system to extract heterogeneous features that automatically (unsupervised) classify network protocols. Then, the algorithms are capable to classify and recognize in real-time incoming network data. The algorithms are capable to cluster the data into manifolds that are embedded in low-dimensional space, analyzed and visualized. In addition, the methodology parameterized the data in the low-dimensional space.
Gil David
Timing and Side Channel Attacks
Abstract
How would you know the US pentagon is planning an attack on Iraq? One possible plan is to infiltrate the pentagon using spies, flipping traitors etc. But this sounds like lots of work and it is a dangerous work. That is the direct approach. Another possible plan is to ask the pizza delivery guys in the area. People planning an attack probably adds up to lots of people urgently trying to meet deadlines, staying late in the office and ordering pizza. So the pizza delivery guys know about a pending attack! The pizza delivery guys do not know the nature of the attack but they know “something is up” in the pentagon because for a few days people are staying late at the office and ordering pizza at irregular hours. The pizza approach is the side-channel attack. This attack on the pentagon is not a direct channel attack. No spies were used. No attack on the pentagon defences. It is a side channel attack. Attack on the side effects of planning something. The people who plan need to work extra time and they also need to eat.
Nezer Zaidenberg, Amit Resh
Knowledge Discovery from Network Logs
Abstract
Modern communications networks are complex systems, which facilitates malicious behavior. Dynamic web services are vulnerable to unknown intrusions, but traditional cyber security measures are based on fingerprinting. Anomaly detection differs from fingerprinting in that it finds events that differ from the baseline traffic. The anomaly detection methodology can be modelled with the knowledge discovery process. Knowledge discovery is a high-level term for the whole process of deriving actionable knowledge from databases. This article presents the theory behind this approach, and showcases research that has produced network log analysis tools and methods.
Tuomo Sipola
Trusted Computing and DRM
Abstract
Trusted Computing is a special branch of computer security. One branch of computer security involves protection of systems against external attacks. In that branch we include all methods that are used by system owners against external attackers, for example Firewalls, IDS, IPS etc. In all those cases the system owner installs software that uses its own means to determine if a remote user is malicious and terminates the attack. (Such means can be very simple such as detecting signatures of attacks or very complex such as machine learning and detecting anomalies in the usage pattern of the remote user). Another branch of attacks requires protection by the system owner against internal users. Such attacks include prevention of users to read each other’s data, use more than their allotted share of resources etc. To some extent anti-virus/anti-spam software is also included here. All password protection and used management software are included in this branch. The third branch, Trusted Computing, involves the verification of a remote host that the user machine will behave in a certain predictable way, i.e. protection against the current owner of the machine. The most common example for this kind of requirement is distribution of digital media. Digital media is distributed in some conditional access mode (rented, pay per view, sold for personal use, etc.). Obtaining digital media usually does not entitle the user to unlimited rights. The user usually may not redistribute or edit the digital media and may not even be allowed to consume it himself after a certain date. (Media rentals, pay per view) However, as the user is consuming media on his private machine. How can the media provider assure himself that a malicious user does not tamper with the machine so that contents are not replicated? The problem of security against the owner of the machine is the problem region of Trusted Computing. In trusted computing as opposed to other branches of security the “attacker” is not limited to some attack surface that was exposed to him but can also use a soldering iron to tap into busses, replace chips and other system parts etc. Trusted computing also includes other protection tools against the current owner (or possessor of the machine if not the legal owner). For example protection of sensitive data or disk encryption solutions for laptops and mobile phones that can potentially be stolen. Trusted computing can also be used on the cloud to ensure that the host does not inspect a cloud server and the software running on the server is not stolen. Latest trusted computing technology involves means to ensure commands are sane and are not malicious, for example in computers on cars and avionics. In this chapter we will review DRM and Trusted computing solutions from multiple sources.
Nezer Zaidenberg, Pekka Neittaanmäki, Michael Kiperberg, Amit Resh

Cyber Security and Automation

Frontmatter
Cyber Security and Protection of ICS Systems: An Australian Example
Abstract
Many aspects of our modern society now have either a direct or implicit dependence upon information technology. As such, a compromise of the availability or integrity in relation to these systems (which may encompass such diverse domains as banking, government, health care, and law enforcement) could have dramatic consequences from a societal perspective. These key systems are often referred to as critical infrastructure. Critical infrastructure can consist of corporate information systems or systems that control key industrial processes; these specific systems are referred to as ICS (Industry Control Systems) systems. ICS systems have devolved since the 1960s from standalone systems to networked architectures that communicate across large distances, utilise wireless network and can be controlled via the Internet. ICS systems form part of many countries’ key critical infrastructure, including Australia. They are used to remotely monitor and control the delivery of essential services and products, such as electricity, gas, water, waste treatment and transport systems. The need for security measures within these systems was not anticipated in the early development stages as they were designed to be closed systems and not open systems to be accessible via the Internet. We are also seeing these ICS and their supporting systems being integrated into organisational corporate systems.
Matthew J. Warren, Shona Leitch
Towards Dependable Automation
Abstract
Automation runs the modern society and it’s critical systems. It is a networked software product depending on the co-operation of old and new technologies. Information security for automation systems should be regarded in light of the most important quality required from automation—dependability. This chapter focuses on process of developing dependable solutions for the entire lifecycle of automation systems. The approach includes a guideline for securing automation and a dependability model that is a data flow model extended with security and automation requirements. Results of this analysis should be used in final requirement specification for implementation. Dependability model is the key tool in secure development lifecycle. It can be used in new product development, improving an old automation system and also during the active lifecycle of automation to manage inevitable changes occurring during the entire lifespan of automation system.
Jari Seppälä, Mikko Salmenperä
Specialized Honeypots for SCADA Systems
Abstract
In this chapter we examine the role of specialized honeypots for detecting and profiling cyber attacks on SCADA-based Industrial Control Systems, debate how to implement such honeypots and provide a complete example of such an appliance. The honeypot concept has been used in general-purpose intrusion detection systems for a long time, with well-recognized contributions in revealing and analysing cyber attacks. However, a number of specialized requirements associated with SCADA systems within Industrial Control Systems in general are not addressed by typical honeypots. In this paper we discuss how the different approaches to security of typical information systems and industrial control systems lead to the need of specialized SCADA honeypots for process control networks. Based on that discussion, we propose a reference architecture for a SCADA network honeypot, discuss possible implementation strategies—based on the lessons learned from the development of a proof-of-concept Modbus honeypot—and propose two alternative deployment strategies, one based on low cost hardware appliances physically and logically located in the automation or field networks and the other based on virtualized field network honeypots physically located in the datacentre and logically located in the field or automation network.
Paulo Simões, Tiago Cruz, Jorge Proença, Edmundo Monteiro
Metadaten
Titel
Cyber Security: Analytics, Technology and Automation
herausgegeben von
Martti Lehto
Pekka Neittaanmäki
Copyright-Jahr
2015
Electronic ISBN
978-3-319-18302-2
Print ISBN
978-3-319-18301-5
DOI
https://doi.org/10.1007/978-3-319-18302-2