This document discusses cyber threats to public safety communications systems. It begins by describing how communications broke down for first responders during the 9/11 attacks due to overloaded cell networks and damaged radio systems. Since then, improvements have focused on redundancy and interoperability through increased connectivity, but this also introduces more vulnerabilities. The document outlines several cyberattacks against 911 call centers and public safety networks in recent years. It identifies the most attractive targets as the public's access to 911 and single points of failure in interconnected systems. The main security challenges are complacency about risks and limited budgets to address vulnerabilities.
Social Engineering-The Underpinning of Unauthorized AccessKory Edwards
This document discusses social engineering and how it enables unauthorized access. Social engineering relies on exploiting human tendencies rather than technical vulnerabilities. The document explores how Edward Snowden used social engineering to gain access to NSA systems by persuading coworkers to provide their credentials. It examines why information security programs fail to prevent social engineering, despite training, due to human factors like lack of motivation. Common social engineering attack types are discussed, including insider threats, external threats, and the tactics used like appealing to human tendencies like authority, scarcity, and liking. The document argues a new approach is needed that incorporates social intelligence concepts to make employees less susceptible to social engineering.
Cyber Threat to Public Safety CommunicationsKory Edwards
This document discusses cyber threats to public safety communications systems. It summarizes that since 9/11, increased connectivity and interoperability between systems has created more potential access points for cyber attacks. Specific vulnerabilities discussed include next generation 911 systems relying on IP networks, reliance on cellular networks using LTE and VOIP, and a shortage of cybersecurity professionals. Potential solutions proposed include using fusion center networks to communicate crisis information over separate internet-based systems rather than agency networks.
Contemporary Cyber Security Social Engineering Solutions, Measures, Policies,...CSCJournals
This document summarizes a research paper that conducted a critical review of contemporary social engineering solutions, measures, policies, tools, and applications. Through a systematic review of recent studies, the analysis identified that providing training for employees to understand social engineering risks and how to avoid attacks is important for protection. Key measures identified include awareness programs, training non-technical staff, implementing new security networks and protocols, and using software to address social engineering threats. The review examined 30 studies on measures, policies and tools adopted by organizations and found that education, training, and awareness programs are effective at enhancing employee behavior and defenses against social engineering.
The Evolving Landscape on Information SecuritySimoun Ung
This document provides an overview of the evolving landscape of information security. It discusses the motivation behind cyber attacks, including personal reasons, unlawful profiteering, and corporate or national interests. It then examines common security threats such as social engineering, phishing, distributed denial of service attacks, network attacks, and malwares. The document notes that security standards and best practices need constant refinement as threats continue to evolve in sophistication.
USER AWARENESS MEASUREMENT THROUGH SOCIAL ENGINEERING ijmvsc
TUBITAK National Research Institute of Electronics and Cryptology (UEKAE) Department of Information Systems Security makes social engineering attacks to Turkish public agencies within the frame of “Information Security Tests” [19]. This paper will make an analysis of the social engineering tests that have been carried out in several Turkish public agencies. The tests include phone calling to sample employees by the social engineer and trying to seize employees’ sensitive information by exploiting their good faith. The aim of this research is to figure that the employees in Turkish public agencies have a lack of information security awareness and they compromise the information security principles which should be necessarily applied for any public agencies. Social engineering, both with its low cost and ability to take advantage of low technology, has taken its place in the information security literature as a very effective form of attack [8].
Mark Lanterman - The Risk Report October 2015Mark Lanterman
The document discusses steps organizations can take to protect their digital assets and minimize risks of cyberattacks and data breaches. It recommends conducting regular digital security assessments, educating employees on security best practices, limiting unnecessary access to sensitive data, implementing policies around bring-your-own-devices, and auditing third party vendors. It also stresses the importance of regular data backups and developing an organizational culture of security.
EXPLORING HISTORICAL AND EMERGING PHISHING TECHNIQUES AND MITIGATING THE ASSO...IJNSA Journal
This document summarizes common and emerging phishing techniques and methods to mitigate associated security risks. It begins with a brief history of phishing, including early phishing scams targeting AOL users in the 1990s. It then describes classic phishing attack vectors such as social engineering techniques that exploit human curiosity, fear, and empathy. One such classic technique is distributing malware via email attachments or links that appear to be gifts or prizes but instead install Trojan horse programs on victims' computers. The document aims to educate about phishing risks and prevention.
This document discusses social engineering and its threat to information security. Social engineering involves manipulating people into revealing confidential information or performing actions that compromise security. It describes common social engineering techniques like direct approaches, dumpster diving, technical deception, and exploiting trust in authority figures. The document emphasizes that social engineering is often more effective than technological attacks because it takes advantage of human weaknesses like willingness to help and be liked. It warns organizations must educate users and have policies to defend against social engineering attempts.
Social Engineering-The Underpinning of Unauthorized AccessKory Edwards
This document discusses social engineering and how it enables unauthorized access. Social engineering relies on exploiting human tendencies rather than technical vulnerabilities. The document explores how Edward Snowden used social engineering to gain access to NSA systems by persuading coworkers to provide their credentials. It examines why information security programs fail to prevent social engineering, despite training, due to human factors like lack of motivation. Common social engineering attack types are discussed, including insider threats, external threats, and the tactics used like appealing to human tendencies like authority, scarcity, and liking. The document argues a new approach is needed that incorporates social intelligence concepts to make employees less susceptible to social engineering.
Cyber Threat to Public Safety CommunicationsKory Edwards
This document discusses cyber threats to public safety communications systems. It summarizes that since 9/11, increased connectivity and interoperability between systems has created more potential access points for cyber attacks. Specific vulnerabilities discussed include next generation 911 systems relying on IP networks, reliance on cellular networks using LTE and VOIP, and a shortage of cybersecurity professionals. Potential solutions proposed include using fusion center networks to communicate crisis information over separate internet-based systems rather than agency networks.
Contemporary Cyber Security Social Engineering Solutions, Measures, Policies,...CSCJournals
This document summarizes a research paper that conducted a critical review of contemporary social engineering solutions, measures, policies, tools, and applications. Through a systematic review of recent studies, the analysis identified that providing training for employees to understand social engineering risks and how to avoid attacks is important for protection. Key measures identified include awareness programs, training non-technical staff, implementing new security networks and protocols, and using software to address social engineering threats. The review examined 30 studies on measures, policies and tools adopted by organizations and found that education, training, and awareness programs are effective at enhancing employee behavior and defenses against social engineering.
The Evolving Landscape on Information SecuritySimoun Ung
This document provides an overview of the evolving landscape of information security. It discusses the motivation behind cyber attacks, including personal reasons, unlawful profiteering, and corporate or national interests. It then examines common security threats such as social engineering, phishing, distributed denial of service attacks, network attacks, and malwares. The document notes that security standards and best practices need constant refinement as threats continue to evolve in sophistication.
USER AWARENESS MEASUREMENT THROUGH SOCIAL ENGINEERING ijmvsc
TUBITAK National Research Institute of Electronics and Cryptology (UEKAE) Department of Information Systems Security makes social engineering attacks to Turkish public agencies within the frame of “Information Security Tests” [19]. This paper will make an analysis of the social engineering tests that have been carried out in several Turkish public agencies. The tests include phone calling to sample employees by the social engineer and trying to seize employees’ sensitive information by exploiting their good faith. The aim of this research is to figure that the employees in Turkish public agencies have a lack of information security awareness and they compromise the information security principles which should be necessarily applied for any public agencies. Social engineering, both with its low cost and ability to take advantage of low technology, has taken its place in the information security literature as a very effective form of attack [8].
Mark Lanterman - The Risk Report October 2015Mark Lanterman
The document discusses steps organizations can take to protect their digital assets and minimize risks of cyberattacks and data breaches. It recommends conducting regular digital security assessments, educating employees on security best practices, limiting unnecessary access to sensitive data, implementing policies around bring-your-own-devices, and auditing third party vendors. It also stresses the importance of regular data backups and developing an organizational culture of security.
EXPLORING HISTORICAL AND EMERGING PHISHING TECHNIQUES AND MITIGATING THE ASSO...IJNSA Journal
This document summarizes common and emerging phishing techniques and methods to mitigate associated security risks. It begins with a brief history of phishing, including early phishing scams targeting AOL users in the 1990s. It then describes classic phishing attack vectors such as social engineering techniques that exploit human curiosity, fear, and empathy. One such classic technique is distributing malware via email attachments or links that appear to be gifts or prizes but instead install Trojan horse programs on victims' computers. The document aims to educate about phishing risks and prevention.
This document discusses social engineering and its threat to information security. Social engineering involves manipulating people into revealing confidential information or performing actions that compromise security. It describes common social engineering techniques like direct approaches, dumpster diving, technical deception, and exploiting trust in authority figures. The document emphasizes that social engineering is often more effective than technological attacks because it takes advantage of human weaknesses like willingness to help and be liked. It warns organizations must educate users and have policies to defend against social engineering attempts.
Case Study On Social Engineering Techniques for Persuasion Full Text graphhoc
This document discusses case studies on using social engineering techniques to spread spyware on Linux systems. In three case studies, the authors were able to use social engineering to successfully install a spyware program on Linux systems 100% of the time by exploiting users' interests and trust. The document advocates for user education as the best prevention against social engineering attacks, as software defenses cannot prevent attacks targeting human psychology.
The document discusses social engineering techniques used by cybercriminals. It describes a report from FireEye that analyzed the most common words used in spear phishing emails to compromise networks. Express shipping terms were included in about 25% of attacks to create urgency. Cybercriminals also use finance, tax, and travel terms. Spear phishing is effective as criminals personalize emails using social media information. This allows them to access corporate networks and steal intellectual property and customer data. The report provides insights into email attacks that evade traditional security solutions.
SYSTEM END-USER ACTIONS AS A THREAT TO INFORMATION SYSTEM SECURITYIJNSA Journal
As universities migrate online due to the advent of Covid-19, there is a need for enhanced security in information systems in the institution of higher learning. Many opted to invest in technological approaches to mitigate cybersecurity threats; however, the most common types of cybersecurity breaches happen due to the human factor, well known as end-user error or actions. Thus, this study aimed to identify and explore possible end-user errors in academia and the resulting vulnerabilities and threats that could affect the integrity of the university's information system. The study further presented state-of-the-art humanoriented security threats countermeasures to compliment universities' cybersecurity plans. Countermeasures include well-tailored ICT policies, incident response procedures, and education to protect themselves from security events (disruption, distortion, and exploitation). Adopted is a mixedmethod research approach with a qualitative research design to guide the study. An open-ended questionnaire and semi-structured interviews were used as data collection tools. Findings showed that system end-user errors remain the biggest security threat to information systems security in institutions of higher learning. Indeed errors make information systems vulnerable to certain cybersecurity attacks and, when exploited, put legitimate users, institutional network, and its computers at risk of contracting viruses, worms, Trojan, and expose it to spam, phishing, e-mail fraud, and other modern security attacks such as DDoS, session hijacking, replay attack and many more. Understanding that technology has failed to fully protect systems, specific recommendations are provided for the institution of higher education to consider improving employee actions and minimizing security incidents in their eLearning platforms, post Covid-19.
Social Engineering Role in Compromising Information/Network SecurityOladotun Ojebode
This document discusses the role of social engineering in compromising network security. It defines social engineering as manipulating people to gain sensitive information rather than exploiting technical vulnerabilities. While organizations implement security controls, social engineering remains effective because it targets human weaknesses. The document examines why social engineering should be included in penetration testing and provides examples of common social engineering attacks like phishing, masquerading, and pretending to be in a position of authority. It argues that social engineering testing can improve security if conducted properly with employee engagement rather than blame.
The document summarizes and compares two papers about security issues in mobile networks. Both papers identify threats at different levels of mobile networks and propose security solutions. The first paper by Leung et al. examines threats using a case study approach and proposes solutions like trusted computing and IPSec. The second paper by Zdarsky et al. analyzes threats through risk assessment and emphasizes avoiding single points of failure. While using different methods, both papers agree on core security requirements and that mobile networks are vulnerable to attacks.
The document discusses mobile security risks and trends. It outlines the anatomy of a mobile attack, including infection vectors, installing backdoors, and exfiltrating data. Key findings include the challenge of BYOD, lack of security in mobile apps, and employees unwittingly introducing threats via personal devices. The OWASP Mobile Top 10 risks framework classifies common vulnerabilities such as improper platform usage, insecure data storage, weak authentication, and code tampering. Overall, the growth of mobile devices and lack of awareness regarding mobile security hygiene has introduced significant risks that organizations must address.
Symantec's Internet Security Threat Report for the Government SectorSymantec
Symantec has established the most comprehensive source of Internet threat data in the world through the Symantec Global Intelligence Network, which is made up of more than 41.5 million attack sensors and records thousands of events per second. This network monitors threat activity in over 157 countries and territories through a combination of Symantec products and services such as Symantec DeepSight Threat Management System, Symantec Managed Security Services, Norton consumer products, and other third-party data sources.
In addition, Symantec maintains one of the world’s most comprehensive vulnerability databases, currently consisting of more than 60,000 recorded vulnerabilities (spanning more than two decades) from over 19,000 vendors representing over 54,000 products.
Spam, phishing, and malware data is captured through a variety of sources including the Symantec Probe Network, a system of more than 5 million decoy accounts, Symantec.cloud, and a number of other Symantec security technologies. Skeptic, the Symantec.cloud proprietary heuristic technology, is able to detect new and sophisticated targeted threats before they reach customers’ networks. Over 8.4 billion email messages are processed each month and more than 1.7 billion web requests filtered each day across 14 data centers. Symantec also gathers phishing information through an extensive anti-fraud community of enterprises, security vendors, and more than 50 million consumers.
Symantec Trust Services provides 100 percent availability and processes over 6 billion Online Certificate Status Protocol (OCSP) look-ups per day, which are used for obtaining the revocation status of X.509 digital certificates around the world. These resources give Symantec analysts unparalleled sources of data with which to identify, analyze, and provide informed commentary on emerging trends in attacks, malicious code activity, phishing, and spam. The result is the annual Symantec Internet Security Threat Report, which gives enterprises, small businesses, and consumers essential information to secure their system effectively now and into the future.
In 2013, targeted attacks increased, with spear-phishing attacks rising 91% over 2012. Watering hole attacks utilizing unpatched website vulnerabilities and zero-day exploits also grew. Eight data breaches exposed over 10 million identities each, termed "mega breaches". A total of 552 million identities were breached in 2013, over 5 times more than the 93 million in 2012. Web attacks blocked per day rose 23% from 2012. 78% of websites had vulnerabilities, and 16% had critical vulnerabilities that could be easily exploited by attackers.
1) The document discusses the evolving nature of cyber security threats and how both nations and individuals are vulnerable due to increased connectivity and interdependence on internet-connected systems and infrastructure.
2) It notes that as critical systems like elections and power grids become networked and accessible online, national security will require addressing potential cyber attacks.
3) The document examines different types of cyber attacks and challenges like attribution, and argues that governments need to take cyber security seriously and invest appropriately in defenses given their growing reliance on digital technologies.
A LITERATURE SURVEY AND ANALYSIS ON SOCIAL ENGINEERING DEFENSE MECHANISMS AND...IJNSA Journal
This document provides a summary of a literature review on social engineering defense mechanisms and information security policies. It discusses previous research on social engineering attacks and defenses. It also describes a taxonomy of social engineering targets and defenses developed by the authors. Surveys were conducted to measure employee awareness of defenses and the incorporation of information security policies in organizations. The results found over half of employees were unaware of social engineering and organizations only incorporated about 50% of recommended security policies on average. This highlights the need for better education and policies to protect against social engineering attacks.
Social Engineering - Human aspects of grey and black competitive intelligence. What is social engineering? How it is used in the context of competitive intelligence and industrial espionage? How to recognize HUMINT / social engineering attacks? Which governments are known to use it?
An Indistinguishability Model for Evaluating Diverse Classes of Phishing Atta...CSCJournals
Phishing is a growing threat to Internet users and causes billions of dollars in damage every year. While there are a number of research articles that study the tactics, techniques and procedures employed by phishers in the literature, in this paper, we present a theoretical yet practical model to study this menacing threat in a formal manner. While it is common folklore knowledge that a successful phishing attack entails creating messages that are indistinguishable from the natural, expected messages by the intended victim, this concept has not been formalized. Our model attempts to capture a phishing attack in terms of this indistinguishability between the natural and phishing message probability distributions. We view the actions performed by a phisher as an attempt to create messages that are indistinguishable to the victim from that of “normal” messages. To the best of our knowledge, this is the first study that places phishing on a concrete theoretical framework and offers a new perspective to analyze this threat. We propose metrics to analyze the success probability of a phishing attack taking into account the input used by a phisher and the work involved in creating deceptive email messages. Finally, we study and apply our model to a new class of phishing attacks called collaborative spear phishing that is gaining momentum. Recent examples include Operation Woolen-Goldfish in 2015, Rocket Kitten in 2014 and Epsilon email breach in 2011. We point out fundamental flaws in the current email-based marketing business model which enables such targeted spear phishing collaborative attacks. In this sense, our study is very timely and presents new and emerging trends in phishing.
10 IJAERS-JUN-2015-42-Social Engineering on Social Networking sitesPuneeth Puni
This document discusses social engineering attacks on social networking sites. It begins by defining social engineering as influencing people to perform actions that benefit an attacker by exploiting human vulnerabilities. It then discusses how the large number of users and information on social networking sites provides more opportunities for attackers.
The document presents two models for social engineering attacks on social networking sites: a phase-based model outlining 8 phases an attacker would use, and a source-based model identifying three main sources of threats - insecure privacy settings, connections with strangers, and insecure content. Specific attack methods are also discussed like modifying privacy settings of a victim's friends after an initial phishing attack. The conclusion stresses the importance of understanding social engineering to help address this human-based
The document discusses cyber security threats and vulnerabilities. It provides statistics on malware attacks, vulnerable areas when online, and costs of cyber crimes. Emerging technologies like moving target and remote agent technologies are aimed to constantly change networks and monitor security, but collective global measures are still needed to maximize security as cyber attacks can significantly impact individuals, organizations, and entire economies.
Analysis of Rogue Access Points using Software-Defined RadioJuanRios179
This document analyzes how rogue WiFi access points can be created using software-defined radio (SDR) to intercept network traffic. It discusses how SDR allows simulating the physical, link, network, and transport layers needed for an access point. The researchers created a rogue access point using inexpensive SDR hardware and a Raspberry Pi "victim" to capture its network traffic as a proof-of-concept. Their work aims to help prevent such attacks by exposing how cybercriminals could carry them out.
Automatic Detection of Social Engineering Attacks Using Dialogiosrjce
IOSR Journal of Computer Engineering (IOSR-JCE) is a double blind peer reviewed International Journal that provides rapid publication (within a month) of articles in all areas of computer engineering and its applications. The journal welcomes publications of high quality papers on theoretical developments and practical applications in computer technology. Original research papers, state-of-the-art reviews, and high quality technical notes are invited for publications.
- Cloud applications have faced a wide variety of threats over the last few years including phishing attacks, malware distribution, and data leakage. Credential stealing, account hijacking, and exploiting vulnerabilities in cloud apps' designs are common attack methods.
- Threat actors include risky employees, malicious insiders, and hackers/state actors. Hackers target cloud apps and users to steal data and access accounts through phishing, malware, or exploiting app vulnerabilities.
- Common threats are credential theft through phishing pages hosted on cloud apps, man-in-the-browser attacks, malware distribution using cloud storage, and data leakage through oversharing of sensitive files on cloud apps. Proper security controls and user awareness are needed to
Hacking Municipal Government Best Practices for Protection of Sensitive Loc...Ben Griffith
1. Local governments are increasingly being targeted by cyber attacks as more infrastructure becomes internet-
connected. This exposes sensitive data and critical systems to risks.
2. State and local governments are often unprepared to deal with cybersecurity threats due to a lack of skilled
personnel and budgetary resources. They also may not adequately share intelligence about threats.
3. The annual cost of cyber attacks on businesses alone is estimated to be between $400-500 billion. Securing critical
infrastructure like power grids against cyber threats will require tremendous resources, with some projections
putting worldwide annual cybersecurity costs at trillions of dollars by 2020.
The Biggest Cyber and Physical Security Threats to Critical Infrastructure FM...Fas (Feisal) Mosleh
The Biggest Cyber and Physical Security Threats to Critical Infrastructure by Fas Mosleh, ex-HP, ex-IBM, ex-Broadcom. Discusses how critical infrastructure can be compromised by physical and security threats. Critical infrastructure refers to the systems, facilities, and networks that are essential to the functioning of a society and its economy. These are the assets that, if damaged or disrupted, could have a significant impact on public health and safety, economic security, and national security. Social engineering: This involves manipulating people into divulging sensitive information or taking actions that compromise security. Phishing is a primary example of such manipulation and is still one of the most prevalent types of attack. According to the 2021 Data Breach Investigations Report by Verizon, phishing was involved in 36% of all data breaches, making it the top threat action in the report. Phishing attacks are also becoming increasingly sophisticated and targeted, with attackers using social engineering tactics to trick victims into divulging sensitive information or downloading malware. This can include impersonating trusted individuals or organizations, creating convincing fake websites or emails, and using urgent or threatening language to pressure victims into taking action.
According to the 2021 State of the Phish Report by Proofpoint, 75% of organizations surveyed reported being targeted by phishing attacks in 2020, and 59% of those attacks were successful in compromising at least one user account or system. The report also found that COVID-19 related phishing attacks were particularly prevalent in 2020, taking advantage of the pandemic to trick victims into providing personal information or downloading malware.
5. Distributed denial of service (DDoS) attacks: These attacks flood a system with traffic, overwhelming it and causing it to crash or become unavailable.
6. Advanced persistent threats (APTs): APTs are sophisticated, long-term attacks that target specific organizations and can involve multiple stages of infiltration and exfiltration.
According to the 2023 CrowdStrike Global Threat Report, An uptick in social engineering tactics targeting human interactions – Tactics such as vishing direct victims to download malware and SIM swapping to circumvent multi-factor authentication (MFA).
This document discusses how critical infrastructure is increasingly being targeted by cybercriminals and nation-states through cyber attacks. It notes that while most critical infrastructure operators have strong physical security, many lack comprehensive cybersecurity strategies. It advocates for privileged access management solutions to help secure critical infrastructure according to new regulations and guidelines. Such solutions can help prevent attackers from gaining privileged access and help contain threats by isolating and auditing privileged sessions.
The document provides 10 predictions for the cybersecurity industry in 2022. It predicts that critical infrastructure will be a prime target for both cybercriminals and nation-states. Ransomware attacks will grow significantly in scope and impact, potentially disrupting entire societies. Cyber attacks will increasingly be used as a tool of foreign policy and domestic control by oppressive governments. Artificial intelligence and quantum computing developments will further escalate the arms race between attackers and defenders. Overall, 2022 will be a very challenging year for cybersecurity as threats become more powerful and widespread.
Case Study On Social Engineering Techniques for Persuasion Full Text graphhoc
This document discusses case studies on using social engineering techniques to spread spyware on Linux systems. In three case studies, the authors were able to use social engineering to successfully install a spyware program on Linux systems 100% of the time by exploiting users' interests and trust. The document advocates for user education as the best prevention against social engineering attacks, as software defenses cannot prevent attacks targeting human psychology.
The document discusses social engineering techniques used by cybercriminals. It describes a report from FireEye that analyzed the most common words used in spear phishing emails to compromise networks. Express shipping terms were included in about 25% of attacks to create urgency. Cybercriminals also use finance, tax, and travel terms. Spear phishing is effective as criminals personalize emails using social media information. This allows them to access corporate networks and steal intellectual property and customer data. The report provides insights into email attacks that evade traditional security solutions.
SYSTEM END-USER ACTIONS AS A THREAT TO INFORMATION SYSTEM SECURITYIJNSA Journal
As universities migrate online due to the advent of Covid-19, there is a need for enhanced security in information systems in the institution of higher learning. Many opted to invest in technological approaches to mitigate cybersecurity threats; however, the most common types of cybersecurity breaches happen due to the human factor, well known as end-user error or actions. Thus, this study aimed to identify and explore possible end-user errors in academia and the resulting vulnerabilities and threats that could affect the integrity of the university's information system. The study further presented state-of-the-art humanoriented security threats countermeasures to compliment universities' cybersecurity plans. Countermeasures include well-tailored ICT policies, incident response procedures, and education to protect themselves from security events (disruption, distortion, and exploitation). Adopted is a mixedmethod research approach with a qualitative research design to guide the study. An open-ended questionnaire and semi-structured interviews were used as data collection tools. Findings showed that system end-user errors remain the biggest security threat to information systems security in institutions of higher learning. Indeed errors make information systems vulnerable to certain cybersecurity attacks and, when exploited, put legitimate users, institutional network, and its computers at risk of contracting viruses, worms, Trojan, and expose it to spam, phishing, e-mail fraud, and other modern security attacks such as DDoS, session hijacking, replay attack and many more. Understanding that technology has failed to fully protect systems, specific recommendations are provided for the institution of higher education to consider improving employee actions and minimizing security incidents in their eLearning platforms, post Covid-19.
Social Engineering Role in Compromising Information/Network SecurityOladotun Ojebode
This document discusses the role of social engineering in compromising network security. It defines social engineering as manipulating people to gain sensitive information rather than exploiting technical vulnerabilities. While organizations implement security controls, social engineering remains effective because it targets human weaknesses. The document examines why social engineering should be included in penetration testing and provides examples of common social engineering attacks like phishing, masquerading, and pretending to be in a position of authority. It argues that social engineering testing can improve security if conducted properly with employee engagement rather than blame.
The document summarizes and compares two papers about security issues in mobile networks. Both papers identify threats at different levels of mobile networks and propose security solutions. The first paper by Leung et al. examines threats using a case study approach and proposes solutions like trusted computing and IPSec. The second paper by Zdarsky et al. analyzes threats through risk assessment and emphasizes avoiding single points of failure. While using different methods, both papers agree on core security requirements and that mobile networks are vulnerable to attacks.
The document discusses mobile security risks and trends. It outlines the anatomy of a mobile attack, including infection vectors, installing backdoors, and exfiltrating data. Key findings include the challenge of BYOD, lack of security in mobile apps, and employees unwittingly introducing threats via personal devices. The OWASP Mobile Top 10 risks framework classifies common vulnerabilities such as improper platform usage, insecure data storage, weak authentication, and code tampering. Overall, the growth of mobile devices and lack of awareness regarding mobile security hygiene has introduced significant risks that organizations must address.
Symantec's Internet Security Threat Report for the Government SectorSymantec
Symantec has established the most comprehensive source of Internet threat data in the world through the Symantec Global Intelligence Network, which is made up of more than 41.5 million attack sensors and records thousands of events per second. This network monitors threat activity in over 157 countries and territories through a combination of Symantec products and services such as Symantec DeepSight Threat Management System, Symantec Managed Security Services, Norton consumer products, and other third-party data sources.
In addition, Symantec maintains one of the world’s most comprehensive vulnerability databases, currently consisting of more than 60,000 recorded vulnerabilities (spanning more than two decades) from over 19,000 vendors representing over 54,000 products.
Spam, phishing, and malware data is captured through a variety of sources including the Symantec Probe Network, a system of more than 5 million decoy accounts, Symantec.cloud, and a number of other Symantec security technologies. Skeptic, the Symantec.cloud proprietary heuristic technology, is able to detect new and sophisticated targeted threats before they reach customers’ networks. Over 8.4 billion email messages are processed each month and more than 1.7 billion web requests filtered each day across 14 data centers. Symantec also gathers phishing information through an extensive anti-fraud community of enterprises, security vendors, and more than 50 million consumers.
Symantec Trust Services provides 100 percent availability and processes over 6 billion Online Certificate Status Protocol (OCSP) look-ups per day, which are used for obtaining the revocation status of X.509 digital certificates around the world. These resources give Symantec analysts unparalleled sources of data with which to identify, analyze, and provide informed commentary on emerging trends in attacks, malicious code activity, phishing, and spam. The result is the annual Symantec Internet Security Threat Report, which gives enterprises, small businesses, and consumers essential information to secure their system effectively now and into the future.
In 2013, targeted attacks increased, with spear-phishing attacks rising 91% over 2012. Watering hole attacks utilizing unpatched website vulnerabilities and zero-day exploits also grew. Eight data breaches exposed over 10 million identities each, termed "mega breaches". A total of 552 million identities were breached in 2013, over 5 times more than the 93 million in 2012. Web attacks blocked per day rose 23% from 2012. 78% of websites had vulnerabilities, and 16% had critical vulnerabilities that could be easily exploited by attackers.
1) The document discusses the evolving nature of cyber security threats and how both nations and individuals are vulnerable due to increased connectivity and interdependence on internet-connected systems and infrastructure.
2) It notes that as critical systems like elections and power grids become networked and accessible online, national security will require addressing potential cyber attacks.
3) The document examines different types of cyber attacks and challenges like attribution, and argues that governments need to take cyber security seriously and invest appropriately in defenses given their growing reliance on digital technologies.
A LITERATURE SURVEY AND ANALYSIS ON SOCIAL ENGINEERING DEFENSE MECHANISMS AND...IJNSA Journal
This document provides a summary of a literature review on social engineering defense mechanisms and information security policies. It discusses previous research on social engineering attacks and defenses. It also describes a taxonomy of social engineering targets and defenses developed by the authors. Surveys were conducted to measure employee awareness of defenses and the incorporation of information security policies in organizations. The results found over half of employees were unaware of social engineering and organizations only incorporated about 50% of recommended security policies on average. This highlights the need for better education and policies to protect against social engineering attacks.
Social Engineering - Human aspects of grey and black competitive intelligence. What is social engineering? How it is used in the context of competitive intelligence and industrial espionage? How to recognize HUMINT / social engineering attacks? Which governments are known to use it?
An Indistinguishability Model for Evaluating Diverse Classes of Phishing Atta...CSCJournals
Phishing is a growing threat to Internet users and causes billions of dollars in damage every year. While there are a number of research articles that study the tactics, techniques and procedures employed by phishers in the literature, in this paper, we present a theoretical yet practical model to study this menacing threat in a formal manner. While it is common folklore knowledge that a successful phishing attack entails creating messages that are indistinguishable from the natural, expected messages by the intended victim, this concept has not been formalized. Our model attempts to capture a phishing attack in terms of this indistinguishability between the natural and phishing message probability distributions. We view the actions performed by a phisher as an attempt to create messages that are indistinguishable to the victim from that of “normal” messages. To the best of our knowledge, this is the first study that places phishing on a concrete theoretical framework and offers a new perspective to analyze this threat. We propose metrics to analyze the success probability of a phishing attack taking into account the input used by a phisher and the work involved in creating deceptive email messages. Finally, we study and apply our model to a new class of phishing attacks called collaborative spear phishing that is gaining momentum. Recent examples include Operation Woolen-Goldfish in 2015, Rocket Kitten in 2014 and Epsilon email breach in 2011. We point out fundamental flaws in the current email-based marketing business model which enables such targeted spear phishing collaborative attacks. In this sense, our study is very timely and presents new and emerging trends in phishing.
10 IJAERS-JUN-2015-42-Social Engineering on Social Networking sitesPuneeth Puni
This document discusses social engineering attacks on social networking sites. It begins by defining social engineering as influencing people to perform actions that benefit an attacker by exploiting human vulnerabilities. It then discusses how the large number of users and information on social networking sites provides more opportunities for attackers.
The document presents two models for social engineering attacks on social networking sites: a phase-based model outlining 8 phases an attacker would use, and a source-based model identifying three main sources of threats - insecure privacy settings, connections with strangers, and insecure content. Specific attack methods are also discussed like modifying privacy settings of a victim's friends after an initial phishing attack. The conclusion stresses the importance of understanding social engineering to help address this human-based
The document discusses cyber security threats and vulnerabilities. It provides statistics on malware attacks, vulnerable areas when online, and costs of cyber crimes. Emerging technologies like moving target and remote agent technologies are aimed to constantly change networks and monitor security, but collective global measures are still needed to maximize security as cyber attacks can significantly impact individuals, organizations, and entire economies.
Analysis of Rogue Access Points using Software-Defined RadioJuanRios179
This document analyzes how rogue WiFi access points can be created using software-defined radio (SDR) to intercept network traffic. It discusses how SDR allows simulating the physical, link, network, and transport layers needed for an access point. The researchers created a rogue access point using inexpensive SDR hardware and a Raspberry Pi "victim" to capture its network traffic as a proof-of-concept. Their work aims to help prevent such attacks by exposing how cybercriminals could carry them out.
Automatic Detection of Social Engineering Attacks Using Dialogiosrjce
IOSR Journal of Computer Engineering (IOSR-JCE) is a double blind peer reviewed International Journal that provides rapid publication (within a month) of articles in all areas of computer engineering and its applications. The journal welcomes publications of high quality papers on theoretical developments and practical applications in computer technology. Original research papers, state-of-the-art reviews, and high quality technical notes are invited for publications.
- Cloud applications have faced a wide variety of threats over the last few years including phishing attacks, malware distribution, and data leakage. Credential stealing, account hijacking, and exploiting vulnerabilities in cloud apps' designs are common attack methods.
- Threat actors include risky employees, malicious insiders, and hackers/state actors. Hackers target cloud apps and users to steal data and access accounts through phishing, malware, or exploiting app vulnerabilities.
- Common threats are credential theft through phishing pages hosted on cloud apps, man-in-the-browser attacks, malware distribution using cloud storage, and data leakage through oversharing of sensitive files on cloud apps. Proper security controls and user awareness are needed to
Hacking Municipal Government Best Practices for Protection of Sensitive Loc...Ben Griffith
1. Local governments are increasingly being targeted by cyber attacks as more infrastructure becomes internet-
connected. This exposes sensitive data and critical systems to risks.
2. State and local governments are often unprepared to deal with cybersecurity threats due to a lack of skilled
personnel and budgetary resources. They also may not adequately share intelligence about threats.
3. The annual cost of cyber attacks on businesses alone is estimated to be between $400-500 billion. Securing critical
infrastructure like power grids against cyber threats will require tremendous resources, with some projections
putting worldwide annual cybersecurity costs at trillions of dollars by 2020.
The Biggest Cyber and Physical Security Threats to Critical Infrastructure FM...Fas (Feisal) Mosleh
The Biggest Cyber and Physical Security Threats to Critical Infrastructure by Fas Mosleh, ex-HP, ex-IBM, ex-Broadcom. Discusses how critical infrastructure can be compromised by physical and security threats. Critical infrastructure refers to the systems, facilities, and networks that are essential to the functioning of a society and its economy. These are the assets that, if damaged or disrupted, could have a significant impact on public health and safety, economic security, and national security. Social engineering: This involves manipulating people into divulging sensitive information or taking actions that compromise security. Phishing is a primary example of such manipulation and is still one of the most prevalent types of attack. According to the 2021 Data Breach Investigations Report by Verizon, phishing was involved in 36% of all data breaches, making it the top threat action in the report. Phishing attacks are also becoming increasingly sophisticated and targeted, with attackers using social engineering tactics to trick victims into divulging sensitive information or downloading malware. This can include impersonating trusted individuals or organizations, creating convincing fake websites or emails, and using urgent or threatening language to pressure victims into taking action.
According to the 2021 State of the Phish Report by Proofpoint, 75% of organizations surveyed reported being targeted by phishing attacks in 2020, and 59% of those attacks were successful in compromising at least one user account or system. The report also found that COVID-19 related phishing attacks were particularly prevalent in 2020, taking advantage of the pandemic to trick victims into providing personal information or downloading malware.
5. Distributed denial of service (DDoS) attacks: These attacks flood a system with traffic, overwhelming it and causing it to crash or become unavailable.
6. Advanced persistent threats (APTs): APTs are sophisticated, long-term attacks that target specific organizations and can involve multiple stages of infiltration and exfiltration.
According to the 2023 CrowdStrike Global Threat Report, An uptick in social engineering tactics targeting human interactions – Tactics such as vishing direct victims to download malware and SIM swapping to circumvent multi-factor authentication (MFA).
This document discusses how critical infrastructure is increasingly being targeted by cybercriminals and nation-states through cyber attacks. It notes that while most critical infrastructure operators have strong physical security, many lack comprehensive cybersecurity strategies. It advocates for privileged access management solutions to help secure critical infrastructure according to new regulations and guidelines. Such solutions can help prevent attackers from gaining privileged access and help contain threats by isolating and auditing privileged sessions.
The document provides 10 predictions for the cybersecurity industry in 2022. It predicts that critical infrastructure will be a prime target for both cybercriminals and nation-states. Ransomware attacks will grow significantly in scope and impact, potentially disrupting entire societies. Cyber attacks will increasingly be used as a tool of foreign policy and domestic control by oppressive governments. Artificial intelligence and quantum computing developments will further escalate the arms race between attackers and defenders. Overall, 2022 will be a very challenging year for cybersecurity as threats become more powerful and widespread.
Running headEMERGING THREATS AND COUNTERMEASURES .docxrtodd599
Running head: EMERGING THREATS AND COUNTERMEASURES 1
LITERATURE REVIEW
Emerging threats and countermeasures in the U.S. critical infrastructure
Table of content
Background information 3
Research questions 3
Methodological approach 3
Data analysis and findings 3
Challenges in confronting threats 6
Conclusion and discussion 8
References…………………………………………………………………………………………9
Background information
In recent times, the province of security architecture has profoundly transposed by the escalation of threats targeting critical national infrastructure. The rise in such threats is directly related to the rapid integration of the infrastructures with emergent information technologies (IT). That said, it is easy to conclude that the destructive threats to the infrastructures are from cybercrime. Cybercrime manifests in several dimensions from worms, viruses to malware. It would be easy if such threats confronted quickly. However, the state of affairs is that it is not an easy endeavor at all, and hence protecting national infrastructure is even more challenging than it has ever been.Research questions
This essay answers the questions of the literature related to the emergent threats in the protection of critical national infrastructure. More also, it answers the question of the challenges involved in securing the infrastructures.Methodological approach
The study of data collection is conducted using a qualitative approach. Qualitative research is the scientific study of observations that seeks to describe, explore, explain, and diagnose phenomena by gathering non-numerical data.Data analysis and findings
It has not been easy protecting national infrastructure in the last two decades thanks to an increase in cybercrime. Public information systems are lucrative targets for hackers and other ill-motivated criminals. The state affairs have led to a conclusion that in a time in the current generation, the world is increasingly veering toward cyber warfare. The cost of cybersecurity threats is estimated to be over billions of dollars and still learning. Even with new measures, it appears the rate at which cybercriminals are expanding their technological dominion in the deep web is exceedingly strange.
Cybersecurity attacks take different dimensions. Perhaps one of the most devastating has been related to user inefficiency when handling systems. Most cybercriminal activities have shown an impeccable ability to surpass both the human and system shields that protect systems. In the dawn of the early 2000s, for example, the world was in a panic following an attack unleashed by two Philippine students. The attack, known as love bug exposed the value system behind the human-based security system. It is one of the weakness and which is solely flexible to easy manipulation. Following the love bug attack, the national intelligence system had to be switched off for several hours. The cutting-edge world has seen a multiplication in th.
Preparing today for tomorrow’s threats.
When companies hear the word “security,” what concepts come to mind
— safety, protection or perhaps comfort? To the average IT administrator,
security conjures up images of locked-down networks and virus-free devices.
An attacker, state-sponsored agent or hactivist, meanwhile, may view security
as a way to demonstrate expertise by infiltrating and bringing down corporate
or government networks for profit, military goals, political gain — or even fun.
We live in a world in which cybercrime is on the rise. A quick scan of the
timeline of major incidents (See Figure 1, Page 9) shows the increasing
frequency and severity of security breaches — a pattern that is likely
to continue for years to come. Few if any organizations are safe from
cybercriminals, to say nothing of national security. In fact, experts even
exposed authentication and encryption vulnerabilities in the U.S. Federal
Aviation Administration’s new state-of-the-art multibillion-dollar air
traffic control system
Marriage of Cyber Security with Emergency Management -- NEMADavid Sweigert
The document is a statement from the National Emergency Management Association (NEMA) to the House Committee on cyber incident response. It summarizes that a cyber attack could have catastrophic consequences comparable to a major natural disaster. It calls for emergency managers and cybersecurity experts to work together to understand vulnerabilities, plan coordinated responses, and ensure authorities and resources are adequate to address consequences. The threat is complex, involving threats from nations, hackers, and terrorists, and attacks could impact critical infrastructure systems. States are still determining roles and responsibilities for cyber response, so federal coordination and support is needed.
How to take down the 911 call center -- NFPA 1221 , Chapter 13David Sweigert
This document discusses potential cyber attacks on public safety answering points (PSAPs) that handle 911 calls. It notes that past attacks have disrupted PSAP operations and stolen data. The document argues that national standards for PSAP cybersecurity like NFPA 1221 Chapter 13 are not sufficient, as they focus on paperwork compliance rather than active security measures like penetration testing. It calls for greater integration of cybersecurity experts into emergency response through frameworks like Emergency Support Function 18. The document warns that adversaries are already gathering intelligence on PSAPs to identify vulnerabilities to exploit in future blended physical and cyber attacks.
This seminar discusses cyberterrorism, defined as disruptive or threatening activities against computers and networks to cause harm or further social, political, or ideological objectives. It provides an overview of the topic, including background information on the development of public interest in cyberterrorism since the late 1980s. The document outlines forms of cyberterrorism like privacy violations, secret information theft, demolishing e-governance systems, and distributed denial of service attacks. It also examines who may carry out cyberterrorism and why, as well as its potential impacts.
Online security – an assessment of the newsunnyjoshi88
This document discusses online security risks and recommendations. It begins with definitions of online security, information security, information warfare, and internet security risk. It then reviews literature finding increasing dependence on the internet, expansion of criminal activity online like identity theft, and growing demand for cybersecurity specialists. Specific examples of data breaches at major organizations are provided. The document recommends a multi-layered approach to online security including collaboration between governments, businesses, and individuals. It also recommends businesses reconsider security strategies with trends like cloud computing and social media increasing risk.
The document discusses cyber security issues and proposes policy solutions. It outlines current problems like a lack of security standards, interconnected systems being vulnerable, and attacks coming from anywhere. The document argues for establishing comprehensive cyber security policies, expanding US CERT, incentivizing businesses to regulate themselves, and addressing human vulnerabilities. The goal is to facilitate technological innovation in a safe, secure environment.
Security - intelligence - maturity-model-ciso-whitepaperCMR WORLD TECH
This document discusses the need for organizations to shift from a prevention-focused approach to cybersecurity to one focused on rapid detection and response. It notes that most organizations have mean times to detect threats of weeks or months, leaving critical systems vulnerable. The document introduces the concept of security intelligence and outlines a threat detection and response lifecycle that organizations should optimize to reduce their mean time to detect and respond to threats. This involves processes like discovering threats, qualifying them, investigating incidents, and mitigating risks.
This document summarizes a presentation on cybersecurity risks and management practices. It outlines the evolution of cyber threats from less advanced in the past to more sophisticated today. Significant risks to businesses are identified as data theft, malware that destroys systems, denial of service attacks, and reputational attacks. Case studies show how even large companies can be vulnerable to attacks through a single weak point. The document then covers different types of security threats like hacking, phishing, man-in-the-middle attacks, and botnets. It emphasizes the need for senior management leadership on cybersecurity and outlines best practices for managing risks and measuring return on investment in security.
CYBERWAR: THE NEXT THREAT TO NATIONAL SECURITYTalwant Singh
Cyber is a real threat and we can not keep our eyes shut to the same. Most of the countries surrounding us are involved in cyberwar covertly and we need to take steps to counter the same at the earliest.
Cyberterrorism involves using computer systems to disrupt or shut down critical national infrastructures like transportation and government operations. As countries rely more on computer systems, new vulnerabilities have emerged. Cyberterrorism is an attractive option for modern terrorists as it allows for large scale harm, psychological impact, and media attention while maintaining secrecy. While experts warn of possible cyber attacks crippling infrastructure systems, to date no confirmed acts of genuine cyberterrorism have occurred. National security and the IT industry are working to address this threat.
Similar to Cyber Threat to Public Safety Communications (20)
1. Cyber Threat to Public Safety Communications
Kory W. Edwards
Webster University
May 2016
2. Abstract
Public safety communications are the most crucial point of defense within the communication
critical infrastructure (CI) sector. This paper explores the past mistakes, the threats, challenges,
vulnerabilities and solutions in protecting public safety communications systems to ensure
communications flow from the public to the first responder and all the coordination between
them. This research paper traces the progression of public safety communications during the 9/11
attacks to modern infrastructure changes and the new threats they pose. Once identified,
solutions are offered for those vulnerabilities.
Keywords: Cybersecurity, Public Safety Communications, Cyberattack, Communications
Security, Disaster Response
Post 9/11 Connectivity Created Ubiquity
Public safety communication vulnerabilities attained prominence in the aftermath of the
September 11th
, 2001 terrorist attacks. Once the two planes hit the World Trade Center,
approximately 55,000 calls went out to the 911 emergency call center, of which 3,000 were
received within the first few minutes. (Sharp, et al 2011) Cell phone networks promptly became
overloaded as well, thus complicating first responder communications which typically used cell
phones as a back-up to land mobile radio (LMR) systems.
Radio repeaters on the Twin Towers were damaged and LMRs being used by police and
firefighters could not operate at a power strong enough to hear the evacuation calls from within
the buildings. (Sharp, et al 2011) With the addition of noise, operators talking over each other,
3. incompatible systems, differences in radio jargon and the confusion, public safety
communications underwent a significant break down during the crisis. America needed a remedy
for the future.
Since 9/11, the most common buzz words in emergency management are “redundancy” and
“interoperability”. Federal funding continues to flow to agencies of all levels of government,
Federal, state and local in order to procure systems that can operate in the same network or
bridge into each other’s networks. The big push for more powerful radios, converters for cell
phones to talk to LMRs, audio bridges to link LMR networks into a single channel, converters to
merge LMR and other communication platforms into a voice-over-IP communication and
broadband communications that ride over the internet have all increased interoperability and
redundancy of public safety communications significantly. But emergency managers often
overlook a key fact- connectivity creates ubiquity.
The ability to connect all these platforms together offers many benefits, but the more
components connected to the internet also provides for more entrances for cyber-attack.
Components linking systems then become single points of failure that a cyber attacker can reach
from literally anywhere around the world with the right skills.
Attacks on Public Safety Communications
What is an attractive target?
Just in the year 2013, there were over 600 instances where citizens were denied emergency
services as a result of a cyber-attack; 200 of these attacks directly targeted offices of public
4. safety and their systems. (Macri 2014) Since 9/11, significant emphasis is placed on
interoperability between agencies and levels of government. Interoperability plans often rely on
increased connectivity to the open internet for remote maintenance, remote diagnostics and
conversion of signals between networks. Each of these connections offer a cyber attacker
additional access points from which they can monitor public safety communications, intercept
sensitive data or conduct a cyber-attack.
Aside from the actual public safety communications systems, which are increasingly more
complex and composed of more secure components, the public’s ability to communicate with
911 services presents a prime target. Cyber-attacks have become so increasingly routine that IT
professionals and their executive chain no longer focus on individual or repetitive attacks. The
sheer volume and variety of penetrations and probes do not garner attention unless there is a
significant loss of data or productivity. As Federal funds flow to agencies large and small to
improve interoperability and redundancy, few agencies invested in protecting the public’s link to
911 call centers. As of May, 2015, over 200 attacks were conducted against 911 call centers
using a telephone denial-of-service (TDOS) attack. (Viebeck 2015) Similar to a distributed
denial-of-service (DDOS) attack, the attackers launch a large volume simultaneous calls to 911
which ties up the system and prevents the receipt of legitimate emergency calls.
The most attractive targets are those easiest to get access to and most likely to cause the biggest
effect. These would be the ability of the public to call 911, 911 call center’s ability to receive and
process calls, and the single points of failure within interoperable bridge systems.
5. The Attacks
In recent years, we’ve seen sporadic attacks on both 911 systems, other public safety networks or
supporting companies and infrastructure. Here’s just a small sample:
In early 2016, a cyberattack flooded Spartanburg County, SC non-emergency phone
lines and pushed the calls onto the 911 system which jammed the 911 call center
and slowed dispatching to respond to emergencies. (Stone 2016)
In April 2016, a cyberattack shut down various public safety systems of the Newark
Police Department, NJ. The virus used in the attack prevented staff from accessing
criminal data and the primary system used to dispatch first responders for 3 days.
The police had to use their back-up system until the virus was remediated.
(Coleman 2016)
In March 2016, a cyberattack flooded VOIP Innovations, a leading provider of
voice over IP services, with service requests and denied their customers access to
the system. The attack was so intense and so frequent that the FBI considered the
attack a national security threat. (Hartmans 2016) Why? Because first responder
agencies use VOIP in their primary networks or use components such as the
Raytheon ACU-1000 for interoperability. The ACU-1000 converts numerous land-
mobile-radio (LMR) and other communications systems to a single VOIP signal,
which allows them to talk to each other. (Raytheon 2012) This becomes a single
point of failure in a mass casualty of major event situation management.
In December 2014, cyber attackers disrupted the emergency 911 system in
Indianapolis, IN for several days. The attackers either entered the system directly or
by way of an individual computer. Not only did the penetration of the system occur,
6. but the attackers stayed within the system to see how police responded to the
incident. (Brilliant 2015)
Threat of Secondary Attacks
If the inability to contact emergency services were not concerning enough, the combination of a
major terrorist attack followed by a cyber-attack on first responder systems could significantly
compound the loss of life. Currently, cyberattacks from terrorist organizations have inflicted
minimal damage and mostly consist of nuisance attacks. The concern with cyberattacks being
combined with a physical attack within the U.S. relates to both future capabilities and the
organizations’ ability to purchase cyberattack capabilities. The Islamic State of Iraq and the
Levant (ISIL) obtained significant financial support from oil field seizures and other means.
These funds could easily be used to recruit a successful cyber attacker to provide a secondary
attack in the aftermath of a physical attack.
Security Challenges of Public Safety Communications
Complacency
Recent mass casualty incidents in previously little known locations like San Bernardino, CA,
Charleston, SC, Colorado Springs, CO, and Fort Hood, TX show us that public safety
communications are of concern in places outside of the major metropolitan areas that most often
receive attention. Many agencies and local governments believe that their city, county or town
will never see such an event occur. And they might be right. Especially when facing significant
expenses in upgrading their public safety networks, why put forth the effort and funding for a
small possibility?
7. Between frequently changing legal and technological requirements and the massive coordination
needed to improve interoperability and continuity between agencies, most heads of agencies are
not willing to dedicate time, manpower and a large portion of their budget to fix their
cybersecurity vulnerabilities. (Burger, et al 2016) Public safety officials are not likely to pay
close attention to cyber-attacks that happened “over there” in a distant city or state. In fact, many
heads of agencies that hire security experts become complacent over the daily threat briefs and
worries of their security staff. The security director who constantly cries wolf cannot get the
action they need when it is significant. So, should a cyber security professional not mention the
daily threats? Our society has become tone deaf to the headlines about cybersecurity issues. And
our complacency becomes a major challenge in address the security needs to public safety
communications.
Expense/Funding
Budgets always have been a battle for any security professional. The biggest challenge facing a
Chief Information Security Officer (CISO) is normally not identifying the vulnerabilities and
solutions, but obtaining the budget necessary to fortify their networks. Take for example the
following headlines over just the last year:
How to be a successful CISO without a “real” cybersecurity budget (SEP 2015)
How to calculate ROI and justify your cybersecurity budget (DEC 2015)
Rebalancing your cybersecurity budget with deception technology (APR 2016)
A recent study showed that across all industries, government failed industry-standard security
tests the worst. In fact, government agencies fixed fewer than 1/3 of detected cyber-security
8. problems and most often due to budget constraints. (Ward 2015) Whereas private companies
such as Target have been financially and legally held accountable for data theft, government
agencies are often not held to the same standards. The theft of millions of Federal employee
personal information during the Office of Personnel Management data breach is a perfect
example of why government should dedicate more funds to cybersecurity, but do not have the
same legal and financial incentives to do so as a private company does through litigation risks.
Interoperability
Since 9/11, many agencies have progressed in the issue of interoperability between agencies.
With the support of the Department of Homeland Security, universal standards of data
management, enabling of broadband capabilities for voice, data and video, and hardware
solutions such as audio bridges and higher-power land-mobile-radio systems have become
commonplace. Even joint command centers have sprung up to bring crisis management
participants face-to-face when needed.
The increased interoperability also comes with its own set of challenges though. Not every
agency can afford to participate in these joint interoperability ventures due to funding or
incompatible systems. Expenses often are cost prohibitive for smaller or rural agencies using
outdated and incompatible systems meaning they must bear a larger expense in order to become
interoperable. Instead, they end up relying on less expensive options such as augmenting LMR
networks with broadband. Aside from the broadband cyber vulnerabilities, this option typically
uses first responder commercial smartphones that lack mission-critical voice capabilities such as
radio-to-radio and one-to-many communications. (DHS 2014)
9. Shared systems between agencies also run the risk of being tied into an agency that has not
employed security measures, that lacks diverse routing or redundancy in electrical power. When
agencies lack common security policies and training, one of the agencies might be enabling
insiders to accidentally or intentionally disrupt operations or security throughout the share
network.
Vulnerabilities of Public Safety Communications
Next Generation 911 Systems
Today’s trend in 911 systems is the implementation of Next Generation 911 (NG911) systems
which operate on an Internet Protocol (IP). These systems offer a wide range of broadband
options for voice, data, video and interconnection of public and private networks. Unfortunately,
this new system subjects 911 communications to significant vulnerabilities that come with an IP
connected system. In order to be functional for a wide array of agencies, these systems require
standardized identity management and credentialing system-wide. The use of credentials allows
a potential attacker numerous attack vectors and wide-spanning access which would allow the
attack to spread quickly and proliferate across systems. (DHS 2015) DHS is of the opinion that
these risks do not undermine the benefits of the NG911 system; however, they acknowledge that
as attacks increase in complexity and sophistication beyond the TdoS attacks currently used, the
system will be more at risk. But such a statement begs two questions, how do we know these
more sophisticated attacks do not already exist? And, how soon before we begin to see these new
attack strategies. By ascribing to a new system with known flaws and multiple chokepoints, and
especially by publishing these vulnerabilities, are we not encouraging new attack development?
10. Reliance Upon Telephony
Modern public safety communications systems rely heavily upon telephony. The New York
Police and Fire Departments, for example, operate a dedicated, private LTE carrier using the 2.5
GHz spectrum leased by the Brooklyn Archdiocese. (Careless, et al 2011) This now subjects the
entire New York emergency response to standard LTE attacks on the commodity hardware and
software used, rogue base stations renegotiation attacks (forcing the communications to less
secure GSM channels), man-in-the-middle (MiM) attacks, jamming, attacks using stolen secret
key (K) attained from the carrier’s HSS/AuC or the UICC manufacturer, physical attacks on base
stations or availability attacks on eNodeB and Core. (Bartock, et al 2015)
Those public safety communications systems that rely on VOIP communications for
interoperability also have significant vulnerabilities to deal with. Internet bound packets can be
intercepted or significant strain on VPN hardware can cause delays and broken communications.
These VOIP systems all lead to virtual chokepoints at gateways and base station control
functions (BCFs) and securing them at a firewall is challenging. Other VOIP security is
depended upon updated patches to phones, good underlying network security, operating system
security, DoS attacks, packet interception, unsecure open ports, wireless connectivity exposure
and spam over IP telephony. (Ruck 2010)
The ability to conduct attacks on telephony is not complicated but does require specialized
equipment that is not difficult to obtain. Especially when dealing with cellular systems, the most
secure operating system is the Android or iOS operating system on the phones; however, at least
two other operating systems exist on handsets and they have significantly more vulnerabilities.
11. The base board operating system controls all functions involving radio frequency (RF)
transmission and controls. They rely on signals being dent on the downlink from a tower as
being both secure and direct commands. Shifting an LTE signal to GSM or UMTS where
security flaws are more exploitable can be done with a cause code 8 which bricks the handset
and instructs it to stop looking for LTE. This would knock a first responder’s handset off the
secure LTE network and since most of these specialized LTE systems do not have a GSM
channel in their neighbor list, the phone becomes dead at least until power cycled away from the
rogue base station’s reach.
SIM cards on cellular devices are also a vulnerability. Reverse engineering of a SIM card can
grant unauthorized access, or hacking of an authorized SIM card can give a cyber attacker access
to about 13% of authorized devices in order to steal data or conduct a TDoS attack from within
the specialized network. (Anthony 2013)
Shortage of Cyber Security Professionals
Despite all the improving hardware, software, encryption, awareness and companies willing to
sell and install the latest and greatest in cyber security and cyber defense systems, one final
vulnerability remains and is growing. This would be the shortage of cyber security professionals
to employ and acknowledgment of the need for these professionals. Many companies and
government entities have shifted their hiring practices to ensure new head of security are also
information security or cyber security trained; however, the fact remains that roughly 300,000
cyber security jobs remain unfilled in the U.S. and that number is likely to grow to over 1.5
million in the next 5 years. (Zarya 2016)
12. This shortage means that public safety agencies must compete for this talent pool with private
corporations which typically offer higher salaries than government entities can afford to pay. The
shortage also leads to expansion of the talent pool by hiring foreign cyber security experts or
relying on offsite cyber security companies for support through consulting roles or crisis
assistance. Hiring foreign professionals runs the risk of terrorist sympathizers infiltrating these
agencies to either conduct cyber reconnaissance or an attack. And the hiring of consultants or
outside crisis management companies means a delayed response to these attacks and a response
to only attacks that are blatantly noticeable.
What does a public safety agency do about the daily attacks that do not rise to the crisis threshold
but could be indicative of probing or planning for a larger attack? How can an agency respond
rapidly and effectively if their support is not onsite? It is imperative that we recognize the
vulnerability within our employee talent in addition to the hardware and software security issues.
Solutions for First Responder Communications
Communication of Information Via Fusion Center Network
One of the benefits of the actions taken by the Department of Homeland Security after the 9/11
Report was issued was the establishment of a state fusion center network. Federal funding
supports these state and major metropolitan area analysis centers that now exist in every state
and territory, with the exception of Wyoming. Embedded analysts and liaisons at these fusion
center connect agencies of all levels of government and private sector partners through face-to-
face interaction at the center. In addition, useful tools such as Adobe Connect sessions are
13. offered for free through the DHS portals. These communications systems remove crisis
discussions from the agency’s standard networks and onto an internet based platform that may
not be linked to the victim agency’s networks and therefore not targeted in the cyber-attack.
Use of these fusion center tools can allow access to key personnel using any device that is able to
connect to the internet via cellular or land-based Ethernet connections, regardless of the ISP or
connection. Voice, data, messaging and video are all offered on the platform and through the
embedded DHS Intelligence Officers, information can travel rapidly through the fusion center
network to other state, localities and centers which may need to prepare for subsequent or
simultaneous attacks. These DHS Intelligence Officers have already established rapport and
contact with key players within their area of responsibility. This is a significant resource that is
often under-utilized.
Network In-A-Box
An alternate cellular back-up solution would be a closed cellular network such as the Multi-
Radio Network-in-a-Box system offered by a joint venture between Radisys, Octasic and
Quortus. (Radisys 2015) This product is a portable cellular base station platform that can handle
up to 32 cellular devices per box and is deployable via UAV, vehicle or backpack. It uses
4G/LTE, 3G and 2G air interfaces, allowing any cellular device to connect to it but allows the
agency to restrict which devices can connect to the platform by using a whitelist/blacklist
authentication.
14. In order to cover larger distances or urban environments, the system can be deployed with
multiple platforms and establishing a crisis specific cellular channel, frequency and neighbor list.
How is this platform different from a carrier platform? It offers the security of being a closed
network that does not connect to outside carrier networks. This inhibits a rogue tower or internet
attack since it is detached from public cellular networks. If the frequency were to be intercepted,
that frequency can be changed for the authorized devices. A visual log of SMS transmissions
between devices can also serve as a time-stamped record of the event management and decisions.
Satellite Backup
There is a common misperception that redundancy and diversity of communications can be
achieved through multiple options of terrestrial communications. Unfortunately, this ends up
leading to diversity of the carrier but not the pathway. (Bardo 2015) If the entire infrastructure
collapses due to a major terrorist attack or natural disaster (as in 9/11), what options remain?
This is where satellite communications become essential. Just as satellite communications can be
deployed at sea or on a battlefield without significant infrastructure, these satellite
communications systems are a fail-safe in a catastrophic event. Modern satellite communications
allow for sleeve devices that can be added to off-the-shelf cellular devices to convert them to
satellite capable handsets. Satellite communications should be an integral part of any continuity
of operations planning.
Recruitment of Cyber Security Professionals
As mentioned in the vulnerabilities section of this paper, there is a shortage of cyber security
professionals. A solution to this problem is to recruit or train IT personnel within the agency to
15. understand cyber security issues. Agency sponsorship of certification courses such as Certified
Information Systems Security Professional (CISSP) and Security + courses, attached with an
employment commitment obligation (to prevent employee loss) could augment the agency’s IT
skills.
In addition to training and recruitment, executives must break the complacency mindset and
dedicate resources and attention to improving their cyber security status. In government, where
loss is not as much of a concern, policies must be adopted to hold government executives
accountable in the event that their agency suffers a significant loss of data or service capability.
Conclusion
No public safety communications system is 100% secure from cyber-attack and no agency has
the funding to reach the pinnacle of cyber security. However, it is incumbent upon public safety
leadership to seek out solutions to improve their security standing. Lives are on the line, as we
learned during the 9/11 attacks, those lives can be first responders and citizens. Communications
are the key to an effective disaster response and our attackers understand that by disrupting these
communications they can maximize the effects of their attack. The solutions outline above are
just a few of the possibilities and as technology evolves, so must our communications defenses.
16. References
Sharp, K.; Losavio, K. (2011) 9/11, 10 Years Later., PSC Online, Retrieved from:
http://psc.apcointl.org/2011/09/06/911-10-years-later
Macri, G. (2014) Emergency services like 911 n longer cyber-safe, GAO reports.
TheDailyCaller.com, Accessed from: http://dailycaller.com/2014/01/30/emergency-
services-like-911-no-longer-cyber-safe-gao-reports/
Viebeck, E. (2015). DHS: 911 Call Centers Vulnerable to Cyber-Attack. TheHill.com, Retrieved
from: http://thehill.com/policy/cybersecurity/241442-dhs-911-call-centers-vulnerable-to-
cyberattack
Stone, A. (2014) Cyberattack: The Possibilities Emergency Managers Need to Consider.
EmergencyMgmt.com, Retrieved from:
http://www.emergencymgmt.com/safety/Cyberattack-Emergency-Managers.html
Coleman, V. (2016) Cyber Attack Temporarily Shut Down Newark Police Computer Systems.,
NJ.com, Retrieved from:
http://www.nj.com/essex/index.ssf/2016/04/cyber_attack_shuts_down_newark_police_co
mputer_sys.html
Hartmans, A. (2016) VOIP Innovations Suffers Cyberattack., Pittsburgh Business Times.
Retrieved from: http://www.bizjournals.com/pittsburgh/news/2016/03/17/voip-
innovations-suffers-cyberattack.html
Raytheon (2012) ACU-1000 Datasheet. PSI Company. Retrieved from:
http://www.psicompany.com/man-prod-info/Raytheon-JPS/Control-Equipment/ACU-
1000/ACU-1000-Datasheet.pdf
17. Brilliant, J. (2015) Hackers Target Indianapolis 911 Center. WTHR.com Retrieved from:
http://www.wthr.com/story/27897557/hackers-target-indianapolis-911-center
Burger, E.; Welch, T. (2016) Complacency in the Face of Evolving Cybersecurity Norms is
Hazardous, Legaltech News, Retrieved from:
http://poseidon01.ssrn.com/delivery.php?ID=04310512712102512509107200409409412
100903600008206109110602100102511101202308307301112005810012204202405311
407111201207411107602009003403703409907012109909207106504204600000007712
5102095114095093001086003092000106100109001126026102125106089113097006&
EXT=pdf
Ward, M. (2015) All Industries Fail Cybersecurity, Govt The Worst., CNBC.com, Retrieved
from: http://www.cnbc.com/2015/06/23/all-industries-fail-cybersecurity-govt-the-
worst.html
Department of Homeland Security (DHS) (2014), The Hybrid Public Safety Microphone (Turtle
Command) Land Mobile Radio Converging with Broadband., Retrieved from:
https://www.dhs.gov/sites/default/files/publications/The%20Hybrid%20Public%20Safety
%20Microphone-Turtle%20Command-
Land%20Mobile%20Radio%20Converging%20with%20Broadband_0.pdf
Department of Homeland Security (DHS) (2015) Cyber Risks to Next Generation 911., Retrieved
from:
https://www.dhs.gov/sites/default/files/publications/NG911%20Cybersecurity%20Primer
%20FINAL%20508C%20(003).pdf
18. Careless, J. and Bischoff, G. (2011) What a Difference a Decade Makes., Urgentcomm.com,
Retrieved from: http://urgentcomm.com/networks-amp-systems-mag/what-difference-
decade-makes
Bartock, M.; Cichonski, J.; and Franklin, J. (2015) LTE Security – How Good Is It?, National
Institute of Standards and Technology (NIST), Retrieved from:
http://csrc.nist.gov/news_events/cif_2015/research/day2_research_200-250.pdf
Ruck, M. (2010) Top Ten Security Issues Voice Over IP (VOIP), Designdata.com, Retrieved
from: http://www.designdata.com/wp-
content/uploads/sites/321/whitepaper/top_ten_voip_security_issue.pdf
Anthony, S. (2013) The Humble SIM Card Has Finally Been Hacked: Billions of Phones at Risk
of Data Theft, Premium Rate Scams., Extremetech.com, Retrieved from:
http://www.extremetech.com/computing/161870-the-humble-sim-card-has-finally-been-
hacked-billions-of-phones-at-risk-of-data-theft-premium-rate-scams
Zarya, V. (2016) How These Mormon Women Became Some of the Best Cybersecurity Hackers
in the U.S., Fortune.com, Retrieved from: http://fortune.com/2016/04/27/mormon-
women-cybersecurity/
Radisys (2015) Radisys, Octasic and Quortus Partner to Deliver a Multi-Radio Network-in-a-
Box for Defense and Public Safety Sectors., Radisys.com, Retrieved from:
http://www.radisys.com/press-releases/radisys-octasic-and-quortus-partner-deliver-multi-
radio-network-box-defense-and-public-safety
Bardo, T. (2015), Why Public Safety Plans Should Include Satellite Communications.,
Hughes.com, Retrieved from: http://www.hughes.com/resources/why-public-safety-
plans-should-include-satellite-communications?locale=en