Interdisciplinary IT SecurityPresentation Transcript
A vision for inter-disciplinary research in Information SecurityEXTRACT Andrew Martin Oxford University Computing Laboratory With Ash Rahmani ISPP seminar series 17th January 2011
Example 4 Interdisciplinary perspectives on IT Security With particular reference to perspectives on International Relations & Human Rights AshiyanRahmani-Shirazi
DDOS on Human Rights NGOs 'Distributed Denial of Service (DDoS) is an increasingly common Internet phenomenon capable of silencing Internet speech, usually for a brief interval but occasionally for longer. In this paper, we explore the specific phenomenon of DDoS attacks on independent media and human rights organizations, seeking to understand the nature and frequency of these attacks, their efficacy, and the responses available to sites under attack. Our report offers advice to independent media and human rights sites likely to be targeted by DDoS but comes to the uncomfortable conclusion that there is no easy solution to these attacks for many of these sites, particularly for attacks that exhaust network bandwidth.' Berkman Center for Internet & Society report, "Distributed Denial of Service Attacks Against Independent Media and Human Rights Sites" by Ethan Zuckerman et al., December 20th 2010.
IT Security & IR - sample attack SQL injection attack carried out on the UN website homepage in August 2007
Social Media & Political Change Twitter and Iran (WashingtonPost) The US State Department asked Twitter to delay scheduled maintenance in June to avoid disrupting communications among tech-savvy Iranian citizens Cyberactivism also harmful - a lot of calls for Twitter users to participate in cyber-attacks on pro-government Web sites in Iran.
China, Power & the Net. China and Google (www.arstechnica.com) Facebook and Twitter are blocked for their ability to organize groups with anti-government intentions Leading Chinese video sites Youku.com and Tudou.com actively monitor submissions and delete those that they consider inappropriate or in violation of Chinese law. Chinese government attack on pro-Tibetan NGO's Attack on NGO critical of Chinese policy in Darfur Five DDOS attacks on Chinese human rights activist websites in January 2010
Threat Analysis Insider attacks - including recent Wikileaks attacks on US Government. Organisational Facebook policy/Twitter policy? 'Enemy' Governmental attacks e.g. Human rights NGO's intrusion by Human Rights abuser states. 'Home' Governmental attacks e.g. US government monitoring. Internal threats Competing organisations. Hackers/Profiteering/Wackos.
Some existing IT security multidisciplinary research & NGOs Electronic Frontier Foundation - www.eff.org Tactical Technology Collective - www.tacticaltech.org Frontline - www.frontlinedefenders.org Harvard Berkman Centre - cyber.law.harvard.edu
MSC Thesis - 'A study of and best practices for IT security for the Baha'i International Community - United Nations Office' AbstractFor many small organizations operating in a sensitive political, religious, or social context, information security is a critical concern. This dissertation reports upon a study of the current IT security framework of the offices of a non-governmental organization (NGO): the Baha'i International Community United Nations Office (BICUNO), based in New York and Geneva. The study makes use of questionnaires and interviews to determine the current practices and requirements of staff (IT and general), in terms of security related activities. An analysis of current practices, looking at strengths and weaknesses, is performed in the context of the current literature, including the ISO 27002 standard, on security practices. A number of recommendations are presented, in the form of "best security practices", for adoption in this and similar settings.