session 3.2 zahri hj yunos

CYBER TERRORISM : THE RISING THREAT IN CYBER

DIMENSION?

Zahri Yunos Chief Operating Officer CyberSecurity Malaysia

Commonwealth Cybersecurity Forum 2014

London 5 – 6 March 2014

CRITICAL NATIONAL INFORMATION

INFRASTRUCTURE (CNII)

Critical National Information

Infrastructure (CNII) In Malaysia

DEFENCE & SECURITY

TRANSPORTATION

BANKING & FINANCE

HEALTH SERVICES

EMERGENCY SERVICES

VISION ‘Malaysia's Critical National Information Infrastructure shall be secure, resilient and self-reliant. Infused with a culture of security, it will promote stability, social well being and wealth creation’

CRITICAL NATIONAL

INFORMATION

INFRASTRUCTURE

Assets (real & virtual),

systems and functions that

are vital to the nation that

their incapacity or

destruction would have a

devastating impact on

• National defense &

security

• National economic

strength

• National image

• Government capability to

function

• Public health & safety

ENERGY

INFORMATION & COMMUNICATIONS

GOVERNMENT

FOOD & AGRICULTURE

WATER

3

Inter-

Dependent

4

http://www.mimos.my/logo.html

Interdependency of CNII

Referece: Lewis, T. G. (2006). Critical Infrastructure Protection in Homeland Security. Published by John Wiley & Sons, Inc., Hoboken,

New Jersey

ELECTRICITY

UTILITIES

Threats to CNII : Interdependency

SECTORS / SERVICES

SCADA = Supervisory Control & Data Acquisition

Threats to CNII : SCADA Systems

1

2

3

4

Reference: Using ANSI/ISA-99 Standards to Improve Control System Security by Tofino Security

The interconnection of SCADA systems to corporate networks & their

reliance on common operating platforms and remote excess - exposing

SCADA systems to vulnerabilities

7

Threats to CNII : The Use of ICT and

Cyberspace by Terrorist

Use of Internet

By Terrorist

Psychological Warfare

Publicity and

Propaganda

Data Mining

Fundraising

Recruitment and

Mobilization

Social Networking

Sharing Information

Planning and

Coordination

Reference: [1] Mantel, B.: (2009). Terrorism and the Internet. Should Web Sites That Promote Terrorism Be Shut Down?. From CQ Researchers, pp. 129-153 [2] Zhang, Y., Zeng, S., Huang, C.N., Fan, L., Yu, X., Dang, Y., Larson, C., Denning, D., Roberts, N., and Chen, H.: (2010). Developing a Dark Web Collection and Infrastructure for Computational and Social Sciences. IEEE International Conference on Intelligence and Security Informatics, pp. 59-64 [3] Li, X., Mao, W., Zeng, D., and Wang, F.: (2010). Automatic Construction of Domain Theory for Attack Planning. IEEE International Conference on Intelligence and Security Informatics, pp 65-70 [4] Fu, T., Abbasi, A., and Chen, H. A Focused Crawler for Dark Web Forums. Journal of the American Society for Information Science and Technology [5] Yunos, Z., Ahmad, R., Mat Ali, S., and Shamsuddin, S. Illicit Activities and Terrorism in Cyberspace: An Exploratory Study in the Southeast Asian Region. in:M. Chau et al. (Eds.): Pacific Asia Workshop on Intelligence and Security Informatics (PAISI 2012), 29 May 2012, LNCS 7299 Springer, Heidelberg, pp. 27-35, 2012

8

Use of cyber

space by terrorist

Psychological Warfare

Publicity and

Propaganda

Attacks against CNII

Fundraising

Recruitment and

Mobilization

Social Networking

Sharing Information

Planning and

Coordination

The perpetrator may utilize the cyberspace for

conducting cyber attacks on critical national

information infrastructure facilities

9

Many nations all over the world constantly increase their

dependency on cyberspace by maximising the use of ICT

Interdependencies that exist within critical infrastructures have

raised concerns - successful cyber attacks on one computer

system can have serious cascading effects on other, resulting in

potentially catastrophic damage and disruption

Through ICT, perpetrators can disrupt critical services, hence

affecting the nation’s operation and its ability to function.

Why would a perpetrator decide to use ICT instead of

using the usual methods of assassination, hostage-

taking, guerrilla warfare and bombing?

10

11

CYBER TERRORISM

Cyber Attack to CNII - Estonia

12

Cyber Attack on Estonia

• Occurred in May 2007

• Estonia was under cyber attacks for 3 weeks

• Attack targeted government, banking, media and police websites

• Paralyzed internet communication.

• Attacks from 128 sources outside Estonia

• US and European countries aided Estonia in overcoming the cyber attacks

You don't see buildings reduced to piles

of rubble or dead bodies strewn across

the street …...

There's nothing to take photos of ……

There's only economic damage, websites

that cannot be accessed and

transactions that cannot take place …..

By destabilizing the economy, the people of the country is subject to riots, rallies and protests, and crippling its stability which could result in violence and creating unrest in the country

YB Datuk Seri Dr Ahmad Zahid Hamidi, DSA 2012

Is it cyber

terrorism?

12

Is it cyber

crime?

Is it cyber

war?

Cyber Attack to CNII – Stuxnet

Stuxnet was targeted at Siemens industrial software and equipment running Microsoft Windows (June 2010). Symantec reported that nearly 60% of the approximately 100,000 infect hosts were located in Iran, which has lead to speculation that Stuxnet’s target was at Iran’s nuclear power plant or uranium enrichment plant

13

14

Cyber Attack to CNII – Shamoon

OP Malaysia – Cyber Attacks by Anonymous

Hackers (15-19 June 2011)

15

Definition: Cyber Terrorism

Reference: D. E. Denning, “Cyberterrorism,” Testimony given to the House Armed Services Committee Special Oversight Panel on Terrorism, 2000

“Cyber terrorism is the convergence of terrorism and cyberspace 1. It is generally

understood to mean unlawful attacks and threats of attack against computers,

networks and the information stored therein 2 when done to intimidate a government

or its people 3 in furtherance of political or social objectives 4. Further, to qualify as

cyber terrorism, an attack should result in violence against persons or property 5, or at

least cause enough harm to generate fear 6. Attacks that lead to death or bodily injury,

explosions, plane crashes, water contamination, or severe economics loss 7 would be

examples. Serious attacks against critical infrastructures could be acts of cyber

terrorism 8, depending on their impact. Attacks that disrupt nonessential services or

that are mainly a costly nuisance would not. 9”

16

Definition : Cyber Terrorism .. many more

• There are many definitions on cyber terrorism provided by researchers, policy makers and individuals

• Interestingly, most governments in the world do not agree on one single definition of cyber terrorism. There is no common definition of cyber terrorism

• The ambiguity in the definition brings indistinctness in action; as the old maxim goes “one man’s terrorist is another man’s freedom fighter” [1].

• According to Schmid, "there is no agreement among experts and there is not likely to be an agreement as long they cannot even agree on a common definition on terrorism (and cyber terrorism).“ [2]

Reference: [1] L. E. Prichard, J. J., and MacDonald, “Cyber Terrorism: A Study of the Extent of Coverage in Computer Security Textbooks,” Journal of Information Technology Education, vol. 3, 2004. [2] A. P. Schmid, “Root Causes of Terrorism: Methodological and Theoretical Notes, Empirical Findings and Four Inventories of Assumed Causal Factors,” 2005. 17

Cyber Terrorism Framework: Veerasamy

Reference : N. Veerasamy, “A Conceptual High-level Framework of Cyberterrorism,” International Journal of Information Warfare, vol. 8, no. 1, pp. 1-14, 2009. 18

Provide context in which cyber terrorism

is functioning

Methods of carrying cyber terrorism

Motivation

Cyber Terrorism Framework:

Heickero

Actor-target-effect Chain

Reference: R. Heickero, “Terrorism Online and the Change of Modus Operandi,” Swedish Defence Research Agency, Stockholm, Sweden, pp. 1-13, 2007. 19


Gordon and Ford

Reference: S. Gordon and R. Ford, “Cyberterrorism?,” Symantec White Paper, 2002.

Components Description

Perpetrator Group/Individual In cyber context, virtual interactions can lead to anonymity.

Place Worldwide The event does not have to occur in a particular location. The Internet has introduced globalization of the environment.

Action Threats/Violence/ Recruitment/

Education/Strategies

Terrorist scenarios typically are violent or involve threats of violence. Violence in virtual environment includes psychological effects, possible behavior modification and physical trauma.

Tool Kidnapping/ Harassment/ Propaganda/Education

Terrorist use the computer as tool. Facilitating identity theft, computer viruses, hacking are examples fall under this category.

Target Government Officials/Corporations

Potential targets are corporations and government computer systems.

Affiliation Actual/Claimed Affiliation refers to recruitment in carrying out given instructions. Affiliation can result in strengthening of the individual organizations as they can immediately acquire access to the information resources of their allies.

Motivation Social/Political Change Political, social and economic are the motivations present in the real-world terrorism.

20


Brickey

21

Reference: J. Brickey, “Defining Cyberterrorism: Capturing a Broad Range of Activities in Cyberspace,” CTC Centinel, United States Military Academy, West Point, Vol 5, Issue 8, pp. 4-6, Aug 2012.


Yunos & Ahmad

Mass

disruption or

seriously

interfere critical

services

operation

Cause fear,

death or bodily

injury

Severe

economic loss

Network

warfare

Psychological

operation

Critical National

Information

Infrastructure

computer system

Critical Infrastructure

Civilian population

C y b e r Te r r o r i s m

Target

Impact

Method of Action

Domain

Tools of Attack

Motivation Political

Ideological

Social

Economic

Cyberspace

(includes the Internet, telecommunications

networks, computer systems, and embedded

processors and controllers)

• Borderless

Unlawful

means

Illegal acts

Factor ‘AND’

22

Reference: R. Ahmad, Z. Yunos, S. Sahib, and M. Yusoff, “Perception on Cyber Terrorism: A Focus Group Discussion Approach,” Journal of Information Security, vol. 03, no. 03, pp. 231-237, 2012

Reference: K. Stefan et. all, “Taxonomy for Computer Incidents”, In Cyber Warfare and Cyber Terrorism, Chapter XLVIII, pp 414, 2008 23

Extended CERT-taxanomy from Howard and Longstaff (1998)

Initiatives in Safeguarding Malaysia CNII Against Cyber Threats

CNII Protection Against Cyber Terrorism

Topping the list of possible perpetrator abuse of the ICT and

cyberspace is the potential for actual attacks on the network

itself, or “cyber terrorism”

Terrorist cyber-attack on critical information infrastructure is

possible, where motivation and resources are fundamental

Therefore, there is a need to have a strategy at the national

level for the protection of the CNII against cyber terrorism

The strategy for the CNII protection could be through industry

cooperation and information sharing, awareness and

education program, adequate laws related to infrastructure

protection, R&D program and organizational structure

25

The National Cyber Security Policy - Background and Objectives

Objectives:

Address The Risks To The

Critical National Information

Infrastructure (CNII)

To Ensure That Critical

Infrastructure Are Protected

To A Level That Is

Commensurate With The

Risks

To Develop And Establish A

Comprehensive Program And

A Series Of Frameworks

20

05

The National

Cyber Security

Policy

formulated by

MOSTI

20

06

NCSP Adoption

and

Implementation

The policy recognizes the critical and

highly interdependent nature of the CNII

and aims to develop and establish a

comprehensive program and a series of

frameworks that will ensure the

effectiveness of cyber security controls

over vital assets

26

The National Cyber Security Policy - Policy Thrust

Copyright © 2010 CyberSecurity Malaysia

INTERNATIONAL

COOPERATION

Ministry of Communication &

Multimedia

‘Malaysia's Critical

National Information

Infrastructure shall be

secure, resilient and

self-reliant. Infused

with a culture of

security, it will

promote stability,

social well being and

wealth creation

CYBER SECURITY

EMERGENCY

READINESS

National Security Council

COMPLIANCE &

ENFORCEMENT

Ministry of Communication &

Multimedia

R & D TOWARDS

SELF RELIANCE

Ministry of Science,

Technology & Innovation

CULTURE OF SECURITY

& CAPACITY BUILDING



CYBER SECURITY

TECHNOLOGY

FRAMEWORK



LEGISLATION &

REGULATORY

FRAMEWORK

Attorney General’s Chambers

EFFECTIVE

GOVERNANCE

National Security Council 1

2

3

4 5

6

7

8

27

The National Cyber Security Policy - Current Progress

PT 1

EFFECTIVE

GOVERNANCE

A STUDY ON THE LAWS OF

MALAYSIA TO ACCOMMODATE

THE LEGAL CHALLENGES IN

THE CYBER ENVIROMENT

PT 2

LEGISLATION & REGULATORY

FRAMEWORK

PT 3

CYBER SECURITY TECHNOLOGY

FRAMEWORK

NATIONAL STRATEGY FOR

CYBER SECURITY

ACCULTURATION AND

CAPACITY BUILDING

PROGRAM

PT 4

CULTURE OF SECURITY & CAPACITY BUILDING

PT 7

CYBER SECURITY EMERGENCY READINESS

28

29

PT1: EFFECTIVE GOVERNANCE Public-Private Partnership

29

Public-private partnership is essential in order to enhance the security of Malaysia’s cyber space – Government led and supported by the industries, academia and NGOs

PT7: CYBER SECURITY EMERGENCY READINESS National Cyber Crisis Management Plan

NATIONAL CYBER CRISIS MANAGEMENT PLAN

A framework that outlines the strategy for cyber attacks mitigation and response among Malaysia’s Critical National Information Infrastructure (CNII) through public and private collaboration and coordination

30

PT8: INTERNATIONAL COOPERATION

31

ENGAGE

Participate in relevant cyber security meetings and events to promote Malaysia’s positions and interests in the said meetings and events

PRIORITIZE

Evaluate Malaysia’s interests at international cyber security platforms and act on elements where Malaysia can get tangible benefits and voice third world interests

LEADERSHIP

Explore opportunities at international cyber security platforms where Malaysia can vie for positions to play a leadership role to project Malaysia’s image and promote Malaysia’s interests

ASEAN Regional Forum

+

Source: Secretariat, APCERT / JPCERT-CC

PT8: INTERNATIONAL COOPERATION APCERT DRILL 2012 , 2013 & 2014

• Cyber world offers great opportunity, but the emergence of cyber threats brought together a number of repercussions that should not be taken for granted

• Hence it is important to address these threats in a comprehensive manner. These include:

To have an integrated policy framework

To enhance the use of technology and process to mitigate the

threats

To inculcate a cyber security acculturation through continuous

training and awareness programs

• Public-Private Partnership is essential to enhance the security and safety of cyber space

Conclusion

33