Session 3.2 Zahri Hj Yunos

939 views

Published on

Published in: Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
939
On SlideShare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
67
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

Session 3.2 Zahri Hj Yunos

  1. 1. CYBER TERRORISM : THE RISING THREAT IN CYBER DIMENSION? Zahri Yunos Chief Operating Officer CyberSecurity Malaysia Commonwealth Cybersecurity Forum 2014 London 5 – 6 March 2014
  2. 2. CRITICAL NATIONAL INFORMATION INFRASTRUCTURE (CNII)
  3. 3. Critical National Information Infrastructure (CNII) In Malaysia DEFENCE & SECURITY TRANSPORTATION BANKING & FINANCE HEALTH SERVICES EMERGENCY SERVICES VISION ‘Malaysia's Critical National Information Infrastructure shall be secure, resilient and self-reliant. Infused with a culture of security, it will promote stability, social well being and wealth creation’ CRITICAL NATIONAL INFORMATION INFRASTRUCTURE Assets (real & virtual), systems and functions that are vital to the nation that their incapacity or destruction would have a devastating impact on • National defense & security • National economic strength • National image • Government capability to function • Public health & safety ENERGY INFORMATION & COMMUNICATIONS GOVERNMENT FOOD & AGRICULTURE WATER 3
  4. 4. Inter- Dependent 4
  5. 5. Interdependency of CNII Referece: Lewis, T. G. (2006). Critical Infrastructure Protection in Homeland Security. Published by John Wiley & Sons, Inc., Hoboken, New Jersey
  6. 6. ELECTRICITY UTILITIES Threats to CNII : Interdependency SECTORS / SERVICES
  7. 7. SCADA = Supervisory Control & Data Acquisition Threats to CNII : SCADA Systems 1 2 3 4 Reference: Using ANSI/ISA-99 Standards to Improve Control System Security by Tofino Security The interconnection of SCADA systems to corporate networks & their reliance on common operating platforms and remote excess - exposing SCADA systems to vulnerabilities 7
  8. 8. Threats to CNII : The Use of ICT and Cyberspace by Terrorist Use of Internet By Terrorist Psychological Warfare Publicity and Propaganda Data Mining Fundraising Recruitment and Mobilization Social Networking Sharing Information Planning and Coordination Reference: [1] Mantel, B.: (2009). Terrorism and the Internet. Should Web Sites That Promote Terrorism Be Shut Down?. From CQ Researchers, pp. 129-153 [2] Zhang, Y., Zeng, S., Huang, C.N., Fan, L., Yu, X., Dang, Y., Larson, C., Denning, D., Roberts, N., and Chen, H.: (2010). Developing a Dark Web Collection and Infrastructure for Computational and Social Sciences. IEEE International Conference on Intelligence and Security Informatics, pp. 59-64 [3] Li, X., Mao, W., Zeng, D., and Wang, F.: (2010). Automatic Construction of Domain Theory for Attack Planning. IEEE International Conference on Intelligence and Security Informatics, pp 65-70 [4] Fu, T., Abbasi, A., and Chen, H. A Focused Crawler for Dark Web Forums. Journal of the American Society for Information Science and Technology [5] Yunos, Z., Ahmad, R., Mat Ali, S., and Shamsuddin, S. Illicit Activities and Terrorism in Cyberspace: An Exploratory Study in the Southeast Asian Region. in:M. Chau et al. (Eds.): Pacific Asia Workshop on Intelligence and Security Informatics (PAISI 2012), 29 May 2012, LNCS 7299 Springer, Heidelberg, pp. 27-35, 2012 8
  9. 9. Use of cyber space by terrorist Psychological Warfare Publicity and Propaganda Attacks against CNII Fundraising Recruitment and Mobilization Social Networking Sharing Information Planning and Coordination The perpetrator may utilize the cyberspace for conducting cyber attacks on critical national information infrastructure facilities 9
  10. 10.  Many nations all over the world constantly increase their dependency on cyberspace by maximising the use of ICT  Interdependencies that exist within critical infrastructures have raised concerns - successful cyber attacks on one computer system can have serious cascading effects on other, resulting in potentially catastrophic damage and disruption  Through ICT, perpetrators can disrupt critical services, hence affecting the nation’s operation and its ability to function. Why would a perpetrator decide to use ICT instead of using the usual methods of assassination, hostage- taking, guerrilla warfare and bombing? 10
  11. 11. 11 CYBER TERRORISM
  12. 12. Cyber Attack to CNII - Estonia 12 Cyber Attack on Estonia • Occurred in May 2007 • Estonia was under cyber attacks for 3 weeks • Attack targeted government, banking, media and police websites • Paralyzed internet communication. • Attacks from 128 sources outside Estonia • US and European countries aided Estonia in overcoming the cyber attacks You don't see buildings reduced to piles of rubble or dead bodies strewn across the street …... There's nothing to take photos of …… There's only economic damage, websites that cannot be accessed and transactions that cannot take place ….. By destabilizing the economy, the people of the country is subject to riots, rallies and protests, and crippling its stability which could result in violence and creating unrest in the country YB Datuk Seri Dr Ahmad Zahid Hamidi, DSA 2012 Is it cyber terrorism? 12 Is it cyber crime? Is it cyber war?
  13. 13. Cyber Attack to CNII – Stuxnet Stuxnet was targeted at Siemens industrial software and equipment running Microsoft Windows (June 2010). Symantec reported that nearly 60% of the approximately 100,000 infect hosts were located in Iran, which has lead to speculation that Stuxnet’s target was at Iran’s nuclear power plant or uranium enrichment plant 13
  14. 14. 14 Cyber Attack to CNII – Shamoon
  15. 15. OP Malaysia – Cyber Attacks by Anonymous Hackers (15-19 June 2011) 15
  16. 16. Definition: Cyber Terrorism Reference: D. E. Denning, “Cyberterrorism,” Testimony given to the House Armed Services Committee Special Oversight Panel on Terrorism, 2000 “Cyber terrorism is the convergence of terrorism and cyberspace 1. It is generally understood to mean unlawful attacks and threats of attack against computers, networks and the information stored therein 2 when done to intimidate a government or its people 3 in furtherance of political or social objectives 4. Further, to qualify as cyber terrorism, an attack should result in violence against persons or property 5, or at least cause enough harm to generate fear 6. Attacks that lead to death or bodily injury, explosions, plane crashes, water contamination, or severe economics loss 7 would be examples. Serious attacks against critical infrastructures could be acts of cyber terrorism 8, depending on their impact. Attacks that disrupt nonessential services or that are mainly a costly nuisance would not. 9” 16
  17. 17. Definition : Cyber Terrorism .. many more • There are many definitions on cyber terrorism provided by researchers, policy makers and individuals • Interestingly, most governments in the world do not agree on one single definition of cyber terrorism. There is no common definition of cyber terrorism • The ambiguity in the definition brings indistinctness in action; as the old maxim goes “one man’s terrorist is another man’s freedom fighter” [1]. • According to Schmid, "there is no agreement among experts and there is not likely to be an agreement as long they cannot even agree on a common definition on terrorism (and cyber terrorism).“ [2] Reference: [1] L. E. Prichard, J. J., and MacDonald, “Cyber Terrorism: A Study of the Extent of Coverage in Computer Security Textbooks,” Journal of Information Technology Education, vol. 3, 2004. [2] A. P. Schmid, “Root Causes of Terrorism: Methodological and Theoretical Notes, Empirical Findings and Four Inventories of Assumed Causal Factors,” 2005. 17
  18. 18. Cyber Terrorism Framework: Veerasamy Reference : N. Veerasamy, “A Conceptual High-level Framework of Cyberterrorism,” International Journal of Information Warfare, vol. 8, no. 1, pp. 1-14, 2009. 18 Provide context in which cyber terrorism is functioning Methods of carrying cyber terrorism Motivation
  19. 19. Cyber Terrorism Framework: Heickero Actor-target-effect Chain Reference: R. Heickero, “Terrorism Online and the Change of Modus Operandi,” Swedish Defence Research Agency, Stockholm, Sweden, pp. 1-13, 2007. 19
  20. 20. Cyber Terrorism Framework: Gordon and Ford Reference: S. Gordon and R. Ford, “Cyberterrorism?,” Symantec White Paper, 2002. Components Description Perpetrator Group/Individual In cyber context, virtual interactions can lead to anonymity. Place Worldwide The event does not have to occur in a particular location. The Internet has introduced globalization of the environment. Action Threats/Violence/ Recruitment/ Education/Strategies Terrorist scenarios typically are violent or involve threats of violence. Violence in virtual environment includes psychological effects, possible behavior modification and physical trauma. Tool Kidnapping/ Harassment/ Propaganda/Education Terrorist use the computer as tool. Facilitating identity theft, computer viruses, hacking are examples fall under this category. Target Government Officials/Corporations Potential targets are corporations and government computer systems. Affiliation Actual/Claimed Affiliation refers to recruitment in carrying out given instructions. Affiliation can result in strengthening of the individual organizations as they can immediately acquire access to the information resources of their allies. Motivation Social/Political Change Political, social and economic are the motivations present in the real-world terrorism. 20
  21. 21. Cyber Terrorism Framework: Brickey 21 Reference: J. Brickey, “Defining Cyberterrorism: Capturing a Broad Range of Activities in Cyberspace,” CTC Centinel, United States Military Academy, West Point, Vol 5, Issue 8, pp. 4-6, Aug 2012.
  22. 22. Cyber Terrorism Framework: Yunos & Ahmad  Mass disruption or seriously interfere critical services operation  Cause fear, death or bodily injury  Severe economic loss  Network warfare  Psychological operation  Critical National Information Infrastructure computer system  Critical Infrastructure  Civilian population Cyber Terrorism Target Impact Method of Action Domain Tools of Attack Motivation Political  Ideological  Social  Economic  Cyberspace (includes the Internet, telecommunications networks, computer systems, and embedded processors and controllers) • Borderless  Unlawful means  Illegal acts Factor ‘AND’ 22 Reference: R. Ahmad, Z. Yunos, S. Sahib, and M. Yusoff, “Perception on Cyber Terrorism: A Focus Group Discussion Approach,” Journal of Information Security, vol. 03, no. 03, pp. 231-237, 2012
  23. 23. Reference: K. Stefan et. all, “Taxonomy for Computer Incidents”, In Cyber Warfare and Cyber Terrorism, Chapter XLVIII, pp 414, 2008 23 Extended CERT-taxanomy from Howard and Longstaff (1998)
  24. 24. Initiatives in Safeguarding Malaysia CNII Against Cyber Threats
  25. 25. CNII Protection Against Cyber Terrorism  Topping the list of possible perpetrator abuse of the ICT and cyberspace is the potential for actual attacks on the network itself, or “cyber terrorism”  Terrorist cyber-attack on critical information infrastructure is possible, where motivation and resources are fundamental  Therefore, there is a need to have a strategy at the national level for the protection of the CNII against cyber terrorism  The strategy for the CNII protection could be through industry cooperation and information sharing, awareness and education program, adequate laws related to infrastructure protection, R&D program and organizational structure 25
  26. 26. The National Cyber Security Policy - Background and Objectives Objectives: Address The Risks To The Critical National Information Infrastructure (CNII) To Ensure That Critical Infrastructure Are Protected To A Level That Is Commensurate With The Risks To Develop And Establish A Comprehensive Program And A Series Of Frameworks 2005 The National Cyber Security Policy formulated by MOSTI 2006 NCSP Adoption and Implementation The policy recognizes the critical and highly interdependent nature of the CNII and aims to develop and establish a comprehensive program and a series of frameworks that will ensure the effectiveness of cyber security controls over vital assets 26
  27. 27. The National Cyber Security Policy - Policy Thrust Copyright © 2010 CyberSecurity Malaysia INTERNATIONAL COOPERATION Ministry of Communication & Multimedia ‘Malaysia's Critical National Information Infrastructure shall be secure, resilient and self-reliant. Infused with a culture of security, it will promote stability, social well being and wealth creation CYBER SECURITY EMERGENCY READINESS National Security Council COMPLIANCE & ENFORCEMENT Ministry of Communication & Multimedia R & D TOWARDS SELF RELIANCE Ministry of Science, Technology & Innovation CULTURE OF SECURITY & CAPACITY BUILDING Ministry of Science, Technology & Innovation CYBER SECURITY TECHNOLOGY FRAMEWORK Ministry of Science, Technology & Innovation LEGISLATION & REGULATORY FRAMEWORK Attorney General’s Chambers EFFECTIVE GOVERNANCE National Security Council 1 2 3 4 5 6 7 8 27
  28. 28. The National Cyber Security Policy - Current Progress PT 1 EFFECTIVE GOVERNANCE A STUDY ON THE LAWS OF MALAYSIA TO ACCOMMODATE THE LEGAL CHALLENGES IN THE CYBER ENVIROMENT PT 2 LEGISLATION & REGULATORY FRAMEWORK PT 3 CYBER SECURITY TECHNOLOGY FRAMEWORK NATIONAL STRATEGY FOR CYBER SECURITY ACCULTURATION AND CAPACITY BUILDING PROGRAM PT 4 CULTURE OF SECURITY & CAPACITY BUILDING PT 7 CYBER SECURITY EMERGENCY READINESS 28
  29. 29. 29 PT1: EFFECTIVE GOVERNANCE Public-Private Partnership 29 Public-private partnership is essential in order to enhance the security of Malaysia’s cyber space – Government led and supported by the industries, academia and NGOs
  30. 30. PT7: CYBER SECURITY EMERGENCY READINESS National Cyber Crisis Management Plan NATIONAL CYBER CRISIS MANAGEMENT PLAN A framework that outlines the strategy for cyber attacks mitigation and response among Malaysia’s Critical National Information Infrastructure (CNII) through public and private collaboration and coordination 30
  31. 31. PT8: INTERNATIONAL COOPERATION 31 ENGAGE Participate in relevant cyber security meetings and events to promote Malaysia’s positions and interests in the said meetings and events PRIORITIZE Evaluate Malaysia’s interests at international cyber security platforms and act on elements where Malaysia can get tangible benefits and voice third world interests LEADERSHIP Explore opportunities at international cyber security platforms where Malaysia can vie for positions to play a leadership role to project Malaysia’s image and promote Malaysia’s interests ASEAN Regional Forum
  32. 32. + Source: Secretariat, APCERT / JPCERT-CC PT8: INTERNATIONAL COOPERATION APCERT DRILL 2012 , 2013 & 2014
  33. 33. • Cyber world offers great opportunity, but the emergence of cyber threats brought together a number of repercussions that should not be taken for granted • Hence it is important to address these threats in a comprehensive manner. These include:  To have an integrated policy framework  To enhance the use of technology and process to mitigate the threats  To inculcate a cyber security acculturation through continuous training and awareness programs • Public-Private Partnership is essential to enhance the security and safety of cyber space Conclusion 33

×