session 3.2 zahri hj yunos
TRANSCRIPT
CYBER TERRORISM : THE RISING THREAT IN CYBER
DIMENSION?
Zahri Yunos Chief Operating Officer CyberSecurity Malaysia
Commonwealth Cybersecurity Forum 2014
London 5 – 6 March 2014
CRITICAL NATIONAL INFORMATION
INFRASTRUCTURE (CNII)
Critical National Information
Infrastructure (CNII) In Malaysia
DEFENCE & SECURITY
TRANSPORTATION
BANKING & FINANCE
HEALTH SERVICES
EMERGENCY SERVICES
VISION ‘Malaysia's Critical National Information Infrastructure shall be secure, resilient and self-reliant. Infused with a culture of security, it will promote stability, social well being and wealth creation’
CRITICAL NATIONAL
INFORMATION
INFRASTRUCTURE
Assets (real & virtual),
systems and functions that
are vital to the nation that
their incapacity or
destruction would have a
devastating impact on
• National defense &
security
• National economic
strength
• National image
• Government capability to
function
• Public health & safety
ENERGY
INFORMATION & COMMUNICATIONS
GOVERNMENT
FOOD & AGRICULTURE
WATER
3
Interdependency of CNII
Referece: Lewis, T. G. (2006). Critical Infrastructure Protection in Homeland Security. Published by John Wiley & Sons, Inc., Hoboken,
New Jersey
ELECTRICITY
UTILITIES
Threats to CNII : Interdependency
SECTORS / SERVICES
SCADA = Supervisory Control & Data Acquisition
Threats to CNII : SCADA Systems
1
2
3
4
Reference: Using ANSI/ISA-99 Standards to Improve Control System Security by Tofino Security
The interconnection of SCADA systems to corporate networks & their
reliance on common operating platforms and remote excess - exposing
SCADA systems to vulnerabilities
7
Threats to CNII : The Use of ICT and
Cyberspace by Terrorist
Use of Internet
By Terrorist
Psychological Warfare
Publicity and
Propaganda
Data Mining
Fundraising
Recruitment and
Mobilization
Social Networking
Sharing Information
Planning and
Coordination
Reference: [1] Mantel, B.: (2009). Terrorism and the Internet. Should Web Sites That Promote Terrorism Be Shut Down?. From CQ Researchers, pp. 129-153 [2] Zhang, Y., Zeng, S., Huang, C.N., Fan, L., Yu, X., Dang, Y., Larson, C., Denning, D., Roberts, N., and Chen, H.: (2010). Developing a Dark Web Collection and Infrastructure for Computational and Social Sciences. IEEE International Conference on Intelligence and Security Informatics, pp. 59-64 [3] Li, X., Mao, W., Zeng, D., and Wang, F.: (2010). Automatic Construction of Domain Theory for Attack Planning. IEEE International Conference on Intelligence and Security Informatics, pp 65-70 [4] Fu, T., Abbasi, A., and Chen, H. A Focused Crawler for Dark Web Forums. Journal of the American Society for Information Science and Technology [5] Yunos, Z., Ahmad, R., Mat Ali, S., and Shamsuddin, S. Illicit Activities and Terrorism in Cyberspace: An Exploratory Study in the Southeast Asian Region. in:M. Chau et al. (Eds.): Pacific Asia Workshop on Intelligence and Security Informatics (PAISI 2012), 29 May 2012, LNCS 7299 Springer, Heidelberg, pp. 27-35, 2012
8
Use of cyber
space by terrorist
Psychological Warfare
Publicity and
Propaganda
Attacks against CNII
Fundraising
Recruitment and
Mobilization
Social Networking
Sharing Information
Planning and
Coordination
The perpetrator may utilize the cyberspace for
conducting cyber attacks on critical national
information infrastructure facilities
9
Many nations all over the world constantly increase their
dependency on cyberspace by maximising the use of ICT
Interdependencies that exist within critical infrastructures have
raised concerns - successful cyber attacks on one computer
system can have serious cascading effects on other, resulting in
potentially catastrophic damage and disruption
Through ICT, perpetrators can disrupt critical services, hence
affecting the nation’s operation and its ability to function.
Why would a perpetrator decide to use ICT instead of
using the usual methods of assassination, hostage-
taking, guerrilla warfare and bombing?
10
11
CYBER TERRORISM
Cyber Attack to CNII - Estonia
12
Cyber Attack on Estonia
• Occurred in May 2007
• Estonia was under cyber attacks for 3 weeks
• Attack targeted government, banking, media and police websites
• Paralyzed internet communication.
• Attacks from 128 sources outside Estonia
• US and European countries aided Estonia in overcoming the cyber attacks
You don't see buildings reduced to piles
of rubble or dead bodies strewn across
the street …...
There's nothing to take photos of ……
There's only economic damage, websites
that cannot be accessed and
transactions that cannot take place …..
By destabilizing the economy, the people of the country is subject to riots, rallies and protests, and crippling its stability which could result in violence and creating unrest in the country
YB Datuk Seri Dr Ahmad Zahid Hamidi, DSA 2012
Is it cyber
terrorism?
12
Is it cyber
crime?
Is it cyber
war?
Cyber Attack to CNII – Stuxnet
Stuxnet was targeted at Siemens industrial software and equipment running Microsoft Windows (June 2010). Symantec reported that nearly 60% of the approximately 100,000 infect hosts were located in Iran, which has lead to speculation that Stuxnet’s target was at Iran’s nuclear power plant or uranium enrichment plant
13
14
Cyber Attack to CNII – Shamoon
OP Malaysia – Cyber Attacks by Anonymous
Hackers (15-19 June 2011)
15
Definition: Cyber Terrorism
Reference: D. E. Denning, “Cyberterrorism,” Testimony given to the House Armed Services Committee Special Oversight Panel on Terrorism, 2000
“Cyber terrorism is the convergence of terrorism and cyberspace 1. It is generally
understood to mean unlawful attacks and threats of attack against computers,
networks and the information stored therein 2 when done to intimidate a government
or its people 3 in furtherance of political or social objectives 4. Further, to qualify as
cyber terrorism, an attack should result in violence against persons or property 5, or at
least cause enough harm to generate fear 6. Attacks that lead to death or bodily injury,
explosions, plane crashes, water contamination, or severe economics loss 7 would be
examples. Serious attacks against critical infrastructures could be acts of cyber
terrorism 8, depending on their impact. Attacks that disrupt nonessential services or
that are mainly a costly nuisance would not. 9”
16
Definition : Cyber Terrorism .. many more
• There are many definitions on cyber terrorism provided by researchers, policy makers and individuals
• Interestingly, most governments in the world do not agree on one single definition of cyber terrorism. There is no common definition of cyber terrorism
• The ambiguity in the definition brings indistinctness in action; as the old maxim goes “one man’s terrorist is another man’s freedom fighter” [1].
• According to Schmid, "there is no agreement among experts and there is not likely to be an agreement as long they cannot even agree on a common definition on terrorism (and cyber terrorism).“ [2]
Reference: [1] L. E. Prichard, J. J., and MacDonald, “Cyber Terrorism: A Study of the Extent of Coverage in Computer Security Textbooks,” Journal of Information Technology Education, vol. 3, 2004. [2] A. P. Schmid, “Root Causes of Terrorism: Methodological and Theoretical Notes, Empirical Findings and Four Inventories of Assumed Causal Factors,” 2005. 17
Cyber Terrorism Framework: Veerasamy
Reference : N. Veerasamy, “A Conceptual High-level Framework of Cyberterrorism,” International Journal of Information Warfare, vol. 8, no. 1, pp. 1-14, 2009. 18
Provide context in which cyber terrorism
is functioning
Methods of carrying cyber terrorism
Motivation
Cyber Terrorism Framework:
Heickero
Actor-target-effect Chain
Reference: R. Heickero, “Terrorism Online and the Change of Modus Operandi,” Swedish Defence Research Agency, Stockholm, Sweden, pp. 1-13, 2007. 19
Cyber Terrorism Framework:
Gordon and Ford
Reference: S. Gordon and R. Ford, “Cyberterrorism?,” Symantec White Paper, 2002.
Components Description
Perpetrator Group/Individual In cyber context, virtual interactions can lead to anonymity.
Place Worldwide The event does not have to occur in a particular location. The Internet has introduced globalization of the environment.
Action Threats/Violence/ Recruitment/
Education/Strategies
Terrorist scenarios typically are violent or involve threats of violence. Violence in virtual environment includes psychological effects, possible behavior modification and physical trauma.
Tool Kidnapping/ Harassment/ Propaganda/Education
Terrorist use the computer as tool. Facilitating identity theft, computer viruses, hacking are examples fall under this category.
Target Government Officials/Corporations
Potential targets are corporations and government computer systems.
Affiliation Actual/Claimed Affiliation refers to recruitment in carrying out given instructions. Affiliation can result in strengthening of the individual organizations as they can immediately acquire access to the information resources of their allies.
Motivation Social/Political Change Political, social and economic are the motivations present in the real-world terrorism.
20
Cyber Terrorism Framework:
Brickey
21
Reference: J. Brickey, “Defining Cyberterrorism: Capturing a Broad Range of Activities in Cyberspace,” CTC Centinel, United States Military Academy, West Point, Vol 5, Issue 8, pp. 4-6, Aug 2012.
Cyber Terrorism Framework:
Yunos & Ahmad
Mass
disruption or
seriously
interfere critical
services
operation
Cause fear,
death or bodily
injury
Severe
economic loss
Network
warfare
Psychological
operation
Critical National
Information
Infrastructure
computer system
Critical Infrastructure
Civilian population
C y b e r Te r r o r i s m
Target
Impact
Method of Action
Domain
Tools of Attack
Motivation Political
Ideological
Social
Economic
Cyberspace
(includes the Internet, telecommunications
networks, computer systems, and embedded
processors and controllers)
• Borderless
Unlawful
means
Illegal acts
Factor ‘AND’
22
Reference: R. Ahmad, Z. Yunos, S. Sahib, and M. Yusoff, “Perception on Cyber Terrorism: A Focus Group Discussion Approach,” Journal of Information Security, vol. 03, no. 03, pp. 231-237, 2012
Reference: K. Stefan et. all, “Taxonomy for Computer Incidents”, In Cyber Warfare and Cyber Terrorism, Chapter XLVIII, pp 414, 2008 23
Extended CERT-taxanomy from Howard and Longstaff (1998)
Initiatives in Safeguarding Malaysia CNII Against Cyber Threats
CNII Protection Against Cyber Terrorism
Topping the list of possible perpetrator abuse of the ICT and
cyberspace is the potential for actual attacks on the network
itself, or “cyber terrorism”
Terrorist cyber-attack on critical information infrastructure is
possible, where motivation and resources are fundamental
Therefore, there is a need to have a strategy at the national
level for the protection of the CNII against cyber terrorism
The strategy for the CNII protection could be through industry
cooperation and information sharing, awareness and
education program, adequate laws related to infrastructure
protection, R&D program and organizational structure
25
The National Cyber Security Policy - Background and Objectives
Objectives:
Address The Risks To The
Critical National Information
Infrastructure (CNII)
To Ensure That Critical
Infrastructure Are Protected
To A Level That Is
Commensurate With The
Risks
To Develop And Establish A
Comprehensive Program And
A Series Of Frameworks
20
05
The National
Cyber Security
Policy
formulated by
MOSTI
20
06
NCSP Adoption
and
Implementation
The policy recognizes the critical and
highly interdependent nature of the CNII
and aims to develop and establish a
comprehensive program and a series of
frameworks that will ensure the
effectiveness of cyber security controls
over vital assets
26
The National Cyber Security Policy - Policy Thrust
Copyright © 2010 CyberSecurity Malaysia
INTERNATIONAL
COOPERATION
Ministry of Communication &
Multimedia
‘Malaysia's Critical
National Information
Infrastructure shall be
secure, resilient and
self-reliant. Infused
with a culture of
security, it will
promote stability,
social well being and
wealth creation
CYBER SECURITY
EMERGENCY
READINESS
National Security Council
COMPLIANCE &
ENFORCEMENT
Ministry of Communication &
Multimedia
R & D TOWARDS
SELF RELIANCE
Ministry of Science,
Technology & Innovation
CULTURE OF SECURITY
& CAPACITY BUILDING
Ministry of Science,
Technology & Innovation
CYBER SECURITY
TECHNOLOGY
FRAMEWORK
Ministry of Science,
Technology & Innovation
LEGISLATION &
REGULATORY
FRAMEWORK
Attorney General’s Chambers
EFFECTIVE
GOVERNANCE
National Security Council 1
2
3
4 5
6
7
8
27
The National Cyber Security Policy - Current Progress
PT 1
EFFECTIVE
GOVERNANCE
A STUDY ON THE LAWS OF
MALAYSIA TO ACCOMMODATE
THE LEGAL CHALLENGES IN
THE CYBER ENVIROMENT
PT 2
LEGISLATION & REGULATORY
FRAMEWORK
PT 3
CYBER SECURITY TECHNOLOGY
FRAMEWORK
NATIONAL STRATEGY FOR
CYBER SECURITY
ACCULTURATION AND
CAPACITY BUILDING
PROGRAM
PT 4
CULTURE OF SECURITY & CAPACITY BUILDING
PT 7
CYBER SECURITY EMERGENCY READINESS
28
29
PT1: EFFECTIVE GOVERNANCE Public-Private Partnership
29
Public-private partnership is essential in order to enhance the security of Malaysia’s cyber space – Government led and supported by the industries, academia and NGOs
PT7: CYBER SECURITY EMERGENCY READINESS National Cyber Crisis Management Plan
NATIONAL CYBER CRISIS MANAGEMENT PLAN
A framework that outlines the strategy for cyber attacks mitigation and response among Malaysia’s Critical National Information Infrastructure (CNII) through public and private collaboration and coordination
30
PT8: INTERNATIONAL COOPERATION
31
ENGAGE
Participate in relevant cyber security meetings and events to promote Malaysia’s positions and interests in the said meetings and events
PRIORITIZE
Evaluate Malaysia’s interests at international cyber security platforms and act on elements where Malaysia can get tangible benefits and voice third world interests
LEADERSHIP
Explore opportunities at international cyber security platforms where Malaysia can vie for positions to play a leadership role to project Malaysia’s image and promote Malaysia’s interests
ASEAN Regional Forum
+
Source: Secretariat, APCERT / JPCERT-CC
PT8: INTERNATIONAL COOPERATION APCERT DRILL 2012 , 2013 & 2014
• Cyber world offers great opportunity, but the emergence of cyber threats brought together a number of repercussions that should not be taken for granted
• Hence it is important to address these threats in a comprehensive manner. These include:
To have an integrated policy framework
To enhance the use of technology and process to mitigate the
threats
To inculcate a cyber security acculturation through continuous
training and awareness programs
• Public-Private Partnership is essential to enhance the security and safety of cyber space
Conclusion
33