CYBER TERRORISM : THE RISING THREAT IN CYBER DIMENSION?

Transcription

1 CYBER TERRORISM : THE RISING THREAT IN CYBER DIMENSION? Commonwealth Cybersecurity Forum 2014 London 5 6 March 2014 Zahri Yunos Chief Operating Officer CyberSecurity Malaysia

2 CRITICAL NATIONAL INFORMATION INFRASTRUCTURE (CNII)

3 Critical National Information Infrastructure (CNII) In Malaysia VISION Malaysia's Critical National Information Infrastructure shall be secure, resilient and self-reliant. Infused with a culture of security, it will promote stability, social well being and wealth creation DEFENCE & SECURITY TRANSPORTATION BANKING & FINANCE HEALTH SERVICES EMERGENCY SERVICES CRITICAL NATIONAL INFORMATION INFRASTRUCTURE Assets (real & virtual), systems and functions that are vital to the nation that their incapacity or destruction would have a devastating impact on National defense & security National economic strength National image Government capability to function Public health & safety ENERGY INFORMATION & COMMUNICATIONS GOVERNMENT FOOD & AGRICULTURE WATER 3

4 Inter- Dependent 4

5 Interdependency of CNII Referece: Lewis, T. G. (2006). Critical Infrastructure Protection in Homeland Security. Published by John Wiley & Sons, Inc., Hoboken, New Jersey

6 Threats to CNII : Interdependency ELECTRICITY UTILITIES SECTORS / SERVICES

7 Threats to CNII : SCADA Systems The interconnection of SCADA systems to corporate networks & their reliance on common operating platforms and remote excess - exposing SCADA systems to vulnerabilities Reference: Using ANSI/ISA-99 Standards to Improve Control System Security by Tofino Security SCADA = Supervisory Control & Data Acquisition 7

8 Threats to CNII : The Use of ICT and Cyberspace by Terrorist Reference: Planning and Coordination Sharing Information Psychological Warfare Use of Internet By Terrorist Publicity and Propaganda Data Mining [1] Mantel, B.: (2009). Terrorism and the Internet. Should Web Sites That Promote Terrorism Be Shut Down?. From CQ Researchers, pp [2] Zhang, Y., Zeng, S., Huang, C.N., Fan, L., Yu, X., Dang, Y., Larson, C., Denning, D., Roberts, N., and Chen, H.: (2010). Developing a Dark Web Collection and Infrastructure for Computational and Social Sciences. IEEE International Conference on Intelligence and Security Informatics, pp [3] Li, X., Mao, W., Zeng, D., and Wang, F.: (2010). Automatic Construction of Domain Theory for Attack Planning. IEEE International Conference on Intelligence and Security Informatics, pp Social Networking Fundraising [4] Fu, T., Abbasi, A., and Chen, H. A Focused Crawler for Dark Web Forums. Journal of the American Society for Information Science and Technology Recruitment and Mobilization [5] Yunos, Z., Ahmad, R., Mat Ali, S., and Shamsuddin, S. Illicit Activities and Terrorism in Cyberspace: An Exploratory Study in the Southeast Asian Region. in:m. Chau et al. (Eds.): Pacific Asia Workshop on Intelligence and Security Informatics (PAISI 2012), 29 May 2012, LNCS 7299 Springer, Heidelberg, pp ,

9 The perpetrator may utilize the cyberspace for conducting cyber attacks on critical national information infrastructure facilities Psychological Warfare Planning and Coordination Publicity and Propaganda Sharing Information Use of cyber space by terrorist Attacks against CNII Social Networking Fundraising Recruitment and Mobilization 9

10 Why would a perpetrator decide to use ICT instead of using the usual methods of assassination, hostagetaking, guerrilla warfare and bombing? Many nations all over the world constantly increase their dependency on cyberspace by maximising the use of ICT Interdependencies that exist within critical infrastructures have raised concerns - successful cyber attacks on one computer system can have serious cascading effects on other, resulting in potentially catastrophic damage and disruption Through ICT, perpetrators can disrupt critical services, hence affecting the nation s operation and its ability to function. 10

11 CYBER TERRORISM 11

12 Cyber Attack to CNII - Estonia Cyber Attack on Estonia Occurred in May 2007 Estonia was under cyber attacks for 3 weeks Attack targeted government, banking, media and police websites Paralyzed internet communication. Attacks from 128 sources outside Estonia US and European countries aided Estonia in overcoming the cyber attacks Is it cyber terrorism? You don't see buildings reduced to piles of rubble or dead bodies strewn across the street... There's nothing to take photos of There's only economic damage, websites that cannot be accessed and transactions that cannot take place.. Is it cyber crime? By destabilizing the economy, the people of Is it cyber the country is subject to riots, rallies and protests, and crippling its stability which war? could result in violence and creating unrest in the country YB Datuk Seri Dr Ahmad Zahid Hamidi, DSA

13 Cyber Attack to CNII Stuxnet Stuxnet was targeted at Siemens industrial software and equipment running Microsoft Windows (June 2010). Symantec reported that nearly 60% of the approximately 100,000 infect hosts were located in Iran, which has lead to speculation that Stuxnet s target was at Iran s nuclear power plant or uranium enrichment plant 13

14 Cyber Attack to CNII Shamoon 14

15 OP Malaysia Cyber Attacks by Anonymous Hackers (15-19 June 2011) 15

16 Definition: Cyber Terrorism Cyber terrorism is the convergence of terrorism and cyberspace 1. It is generally understood to mean unlawful attacks and threats of attack against computers, networks and the information stored therein 2 when done to intimidate a government or its people 3 in furtherance of political or social objectives 4. Further, to qualify as cyber terrorism, an attack should result in violence against persons or property 5, or at least cause enough harm to generate fear 6. Attacks that lead to death or bodily injury, explosions, plane crashes, water contamination, or severe economics loss 7 would be examples. Serious attacks against critical infrastructures could be acts of cyber terrorism 8, depending on their impact. Attacks that disrupt nonessential services or that are mainly a costly nuisance would not. 9 Reference: D. E. Denning, Cyberterrorism, Testimony given to the House Armed Services Committee Special Oversight Panel on Terrorism,

17 Definition : Cyber Terrorism.. many more There are many definitions on cyber terrorism provided by researchers, policy makers and individuals Interestingly, most governments in the world do not agree on one single definition of cyber terrorism. There is no common definition of cyber terrorism The ambiguity in the definition brings indistinctness in action; as the old maxim goes one man s terrorist is another man s freedom fighter [1]. According to Schmid, "there is no agreement among experts and there is not likely to be an agreement as long they cannot even agree on a common definition on terrorism (and cyber terrorism). [2] Reference: [1] L. E. Prichard, J. J., and MacDonald, Cyber Terrorism: A Study of the Extent of Coverage in Computer Security Textbooks, Journal of Information Technology Education, vol. 3, [2] A. P. Schmid, Root Causes of Terrorism: Methodological and Theoretical Notes, Empirical Findings and Four Inventories of Assumed Causal Factors,

18 Cyber Terrorism Framework: Veerasamy Provide context in which cyber terrorism is functioning Methods of carrying cyber terrorism Motivation Reference : N. Veerasamy, A Conceptual High-level Framework of Cyberterrorism, International Journal of Information Warfare, vol. 8, no. 1, pp. 1-14,

19 Cyber Terrorism Framework: Heickero Actor-target-effect Chain Reference: R. Heickero, Terrorism Online and the Change of Modus Operandi, Swedish Defence Research Agency, Stockholm, Sweden, pp. 1-13,

20 Cyber Terrorism Framework: Gordon and Ford Components Description Perpetrator Group/Individual In cyber context, virtual interactions can lead to anonymity. Place Worldwide The event does not have to occur in a particular location. The Internet has introduced globalization of the environment. Action Tool Threats/Violence/ Recruitment/ Education/Strategies Kidnapping/ Harassment/ Propaganda/Education Terrorist scenarios typically are violent or involve threats of violence. Violence in virtual environment includes psychological effects, possible behavior modification and physical trauma. Terrorist use the computer as tool. Facilitating identity theft, computer viruses, hacking are examples fall under this category. Target Government Officials/Corporations Potential targets are corporations and government computer systems. Affiliation Actual/Claimed Affiliation refers to recruitment in carrying out given instructions. Affiliation can result in strengthening of the individual organizations as they can immediately acquire access to the information resources of their allies. Motivation Social/Political Change Political, social and economic are the motivations present in the real-world terrorism. Reference: S. Gordon and R. Ford, Cyberterrorism?, Symantec White Paper,

21 Cyber Terrorism Framework: Brickey Reference: J. Brickey, Defining Cyberterrorism: Capturing a Broad Range of Activities in Cyberspace, CTC Centinel, United States Military Academy, West Point, Vol 5, Issue 8, pp. 4-6, Aug

22 Cyber Terrorism Framework: Yunos & Ahmad Critical National Information Infrastructure computer system Critical Infrastructure Civilian population Political Ideological Social Economic Network warfare Psychological operation Motivation Tools of Attack Factor AND Target C y b e r Te r r o r i s m Impact Method of Action Mass disruption or seriously interfere critical services operation Cause fear, death or bodily injury Severe economic loss Unlawful means Illegal acts Cyberspace (includes the Internet, telecommunications networks, computer systems, and embedded processors and controllers) Borderless Domain Reference: R. Ahmad, Z. Yunos, S. Sahib, and M. Yusoff, Perception on Cyber Terrorism: A Focus Group Discussion Approach, Journal of Information Security, vol. 03, no. 03, pp ,

23 Extended CERT-taxanomy from Howard and Longstaff (1998) Reference: K. Stefan et. all, Taxonomy for Computer Incidents, In Cyber Warfare and Cyber Terrorism, Chapter XLVIII, pp 414,

24 Initiatives in Safeguarding Malaysia CNII Against Cyber Threats

25 CNII Protection Against Cyber Terrorism Topping the list of possible perpetrator abuse of the ICT and cyberspace is the potential for actual attacks on the network itself, or cyber terrorism Terrorist cyber-attack on critical information infrastructure is possible, where motivation and resources are fundamental Therefore, there is a need to have a strategy at the national level for the protection of the CNII against cyber terrorism The strategy for the CNII protection could be through industry cooperation and information sharing, awareness and education program, adequate laws related to infrastructure protection, R&D program and organizational structure 25

26 The National Cyber Security Policy - Background and Objectives The National Cyber Security Policy formulated by MOSTI NCSP Adoption and Implementation The policy recognizes the critical and highly interdependent nature of the CNII and aims to develop and establish a comprehensive program and a series of frameworks that will ensure the effectiveness of cyber security controls over vital assets Objectives: Address The Risks To The Critical National Information Infrastructure (CNII) To Ensure That Critical Infrastructure Are Protected To A Level That Is Commensurate With The Risks To Develop And Establish A Comprehensive Program And A Series Of Frameworks 26

27 The National Cyber Security Policy - Policy Thrust INTERNATIONAL COOPERATION Ministry of Communication & Multimedia CYBER SECURITY EMERGENCY READINESS National Security Council COMPLIANCE & ENFORCEMENT Ministry of Communication & Multimedia EFFECTIVE GOVERNANCE 1 National Security Council 5 Malaysia's Critical National Information Infrastructure shall be secure, resilient and self-reliant. Infused with a culture of security, it will promote stability, social well being and wealth creation R & D TOWARDS SELF RELIANCE Ministry of Science, Technology & Innovation Copyright 2010 CyberSecurity Malaysia LEGISLATION & REGULATORY FRAMEWORK Attorney General s Chambers CYBER SECURITY TECHNOLOGY FRAMEWORK Ministry of Science, Technology & Innovation CULTURE OF SECURITY & CAPACITY BUILDING Ministry of Science, Technology & Innovation

28 The National Cyber Security Policy - Current Progress A STUDY ON THE LAWS OF MALAYSIA TO ACCOMMODATE THE LEGAL CHALLENGES IN THE CYBER ENVIROMENT PT 1 EFFECTIVE GOVERNANCE PT 2 LEGISLATION & REGULATORY FRAMEWORK PT 3 CYBER SECURITY TECHNOLOGY FRAMEWORK NATIONAL STRATEGY FOR CYBER SECURITY ACCULTURATION AND CAPACITY BUILDING PROGRAM PT 7 CYBER SECURITY EMERGENCY READINESS PT 4 CULTURE OF SECURITY & CAPACITY BUILDING 28

29 PT1: EFFECTIVE GOVERNANCE Public-Private Partnership Public-private partnership is essential in order to enhance the security of Malaysia s cyber space Government led and supported by the industries, academia and NGOs 29 29

30 PT7: CYBER SECURITY EMERGENCY READINESS National Cyber Crisis Management Plan NATIONAL CYBER CRISIS MANAGEMENT PLAN A framework that outlines the strategy for cyber attacks mitigation and response among Malaysia s Critical National Information Infrastructure (CNII) through public and private collaboration and coordination 30

31 PT8: INTERNATIONAL COOPERATION ENGAGE Participate in relevant cyber security meetings and events to promote Malaysia s positions and interests in the said meetings and events PRIORITIZE Evaluate Malaysia s interests at international cyber security platforms and act on elements where Malaysia can get tangible benefits and voice third world interests LEADERSHIP Explore opportunities at international cyber security platforms where Malaysia can vie for positions to play a leadership role to project Malaysia s image and promote Malaysia s interests ASEAN Regional Forum 31

32 PT8: INTERNATIONAL COOPERATION APCERT DRILL 2012, 2013 & Source: Secretariat, APCERT / JPCERT-CC

33 Conclusion Cyber world offers great opportunity, but the emergence of cyber threats brought together a number of repercussions that should not be taken for granted Hence it is important to address these threats in a comprehensive manner. These include: To have an integrated policy framework To enhance the use of technology and process to mitigate the threats To inculcate a cyber security acculturation through continuous training and awareness programs Public-Private Partnership is essential to enhance the security and safety of cyber space 33

34