Cyber-security is the process of protecting information by preventing, detecting, and responding to attacks.
The field is of growing importance due to the:
- growth in the number of computer systems, and the increasing reliance upon them of individuals, businesses, industries and governments: this means that an increasing number of systems is at risk.
- increasing reliance on computer systems and the Internet, wireless networks such as Bluetooth and Wi-Fi, and the growth of "smart" devices, including smartphones, televisions and tiny devices as part of the Internet of Things.
Systems at risk
- Financial systems. Websites and apps that accept or store credit card numbers, brokerage accounts, and bank account information are all prominent hacking targets.
- Utilities and industrial equipment. Computers control functions at many utilities, including coordination of telecommunications, the power grid, nuclear power plants, and valve opening and closing in water and gas networks.
- The aviation industry is very reliant on a series of complex systems which could be attacked. A simple power outage at one airport can cause repercussions worldwide, as much of the system relies on radio transmissions which could be disrupted, and controlling aircraft over oceans is especially dangerous.
- Consumer devices. Desktop computers and laptops are commonly targeted to gather passwords or financial account information, or to construct a botnet to attack another target.
- Large corporations are common targets. In many cases this is aimed at financial gain through identity theft and involves data breaches such as the loss of millions of clients’ credit card details.
- Automobile vehicles are increasingly computerised, with engine timing, cruise control, anti-lock brakes, seat belt tensioners, door locks, airbags and advanced driver-assistance systems on many models.
- Government and military computer systems are commonly attacked by activists and foreign powers. Passports and government ID cards, which control access to facilities which use RFID, can be vulnerable to cloning.
- The Internet of things (IoT) is the network of physical objects such as devices, vehicles, and buildings that are embedded with electronics, software, sensors, and network connectivity that enables them to collect and exchange data: and concerns have been raised about the appropriate security of the IoT.
- Medical systems and medical devices have either been successfully attacked or had potentially deadly vulnerabilities demonstrated, including both in-hospital diagnostic equipment and implanted devices including pacemakers and insulin pumps.
Impact of security breaches
Serious financial damage has been caused by security breaches. One can conclude that the amount a firm spends to protect information should generally be only a small fraction of the expected loss (i.e. the expected value of the loss resulting from a cyber/information security breach).
In security, a countermeasure is an action, device, procedure, or technique that reduces a threat, vulnerability, or an attack by eliminating or preventing it, by minimising the harm it can cause, or by discovering and reporting it so that corrective action can be taken. These controls serve the purpose to maintain the system’s quality attributes: confidentiality, integrity, availability, accountability and assurance services. Potential countermeasures include:
- Social engineering and some computer access attacks can only be prevented by non-computer means, which can be difficult to enforce. Awareness training is often involved to help mitigate this risk.
- Security by design means that the software has been designed from the ground up to be secure. Some of the techniques here include the principle of least privilege, automated testing, defence-in-depth, code reviews, vulnerability disclosure, and audit trails.
- Security measures are based on various policies and system components, which include the following: user account access controls, 2-factor authentication, cryptography, firewalls, Intrusion Prevention Systems (IPS) and Intrusion Detection Systems (IDS), audit trails and logs.
- Vulnerability management is the cycle of identifying, and remediating or mitigating vulnerabilities, especially in software and firmware.
- Hardware protection mechanisms, such as dongles, trusted platform modules, drive locks, disabling USB ports, and mobile-enabled access.
The NIST video on the Cybersecurity framework