ebook img

Cyber Infrastructure Protection - Vol. II (2013) PDF

2013·2.8 MB·English
Save to my drive
Quick download
Download
Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.

Preview Cyber Infrastructure Protection - Vol. II (2013)

C y b e r I n f r a s CYBER t CYBER r U.S. ARMY WAR COLLEGE u c t IINNFFRRAASSTTRRUUCCTTUURREE u r e PPRROOTTEECCTTIIOONN P r o t e c Volume II t i o n Visit our website for other free publication downloads V http://www.StrategicStudiesInstitute.army.mil/ o l To rate this publication click here. u m e I I VLTE ioad nceuisrekite nt B H. J Saad by Tarek Saadawi ood ura Louis H. Jordan, Jr. ddw rai en Vincent Boudreau a, uJ r . Editors This Publication SSI Website USAWC Website Strategic Studies Institute and U.S. Army War College Press CYBER INFRASTRUCTURE PROTECTION VOLUME II Editors Tarek Saadawi Louis H. Jordan, Jr. Vincent Boudreau May 2013 The views expressed in this report are those of the authors and do not necessarily reflect the official policy or position of the Department of the Army, the Department of Defense, or the U.S. Government. Authors of Strategic Studies Institute (SSI) and U.S. Army War College (USAWC) Press publications enjoy full aca- demic freedom, provided they do not disclose classified informa- tion, jeopardize operations security, or misrepresent official U.S. policy. Such academic freedom empowers them to offer new and sometimes controversial perspectives in the interest of further- ing debate on key issues. This report is cleared for public release; distribution is unlimited. ***** This publication is subject to Title 17, United States Code, Sections 101 and 105. It is in the public domain and may not be copyrighted. ***** Comments pertaining to this report are invited and should be forwarded to: Director, Strategic Studies Institute and U.S. Army War College Press, U.S. Army War College, 47 Ashburn Drive, Carlisle, PA 17013-5010. ***** All Strategic Studies Institute (SSI) and U.S. Army War College (USAWC) Press publications may be downloaded free of charge from the SSI website. Hard copies of this report may also be obtained free of charge while supplies last by placing an order on the SSI website. SSI publications may be quoted or reprinted in part or in full with permission and appropriate credit given to the U.S. Army Strategic Studies Institute and USAWC Press, U.S. Army War College, Carlisle Barracks, PA. Contact SSI by visiting our website at the following address: www.StrategicStudiesInstitute.army.mil. ***** The Strategic Studies Institute and USAWC Press publishes a monthly email newsletter to update the national security community on the research of our analysts, recent and forthcoming publications, and upcoming conferences sponsored by the Institute. Each newsletter also provides a strategic com- mentary by one of our research analysts. If you are interested in receiving this newsletter, please subscribe on the SSI website at www.StrategicStudiesInstitute.army.mil/newsletter/. ISBN 1-58487-571-2 ii CONTENTS Foreword .......................................................................v Preface ..........................................................................vii 1. Introduction ...............................................................1 Tarek Saadawi, Louis H. Jordan, Jr., and Vincent Boudreau PART I: ECONOMICS AND SOCIAL ASPECTS OF CYBER SECURITY .............................15 2. E xploring the Economics of the Malicious Software Market ....................................................17 Thomas J. Holt 3. The Emergence of the Civilian Cyber Warrior ........................................................ 53 Max Kilger PART II: LAW AND CYBERCRIME ........................83 4. C hanging the Game: Social and Justice Models for Enhanced Cyber Security ................. 85 Michael M. Losavio, J. Eagle Shutt, and Deborah Wilson Keeling 5. A n Institutional and Developmental Analysis of the Data Breach Disclosure Laws....................................................107 Melissa Dark iii 6. Cyber Security and Identity: Solutions for Critical Infrastructure that Protect Civil Liberties and Enhance Security ..........................139 Joshua Gruenspecht 7. Exploring the Utility of Open Source Data to Predict Malicious Software Creation ................................................................ 183 George W. Burruss, Thomas J. Holt, and Adam M. Bossler PART III: CYBER INFRASTRUCTURE ..................219 8. ISP Grade Threat Monitoring ..............................221 Abhrajit Ghosh 9. The Challenges Associated with Assessing Cyber Issues ..........................................................235 Stuart H. Starr Appendix I: Abbreviations and Acronyms ...........259 About the Contributors ............................................261 iv FOREWORD There is a relentless struggle taking place in the cy- bersphere as government and business spend billions attempting to secure sophisticated network and com- puter systems. Cyber attackers are able to introduce new viruses, worms, and bots capable of defeating many of our efforts. The U.S. Government has set a goal of modernizing the nation’s energy grid. A cy- ber attack on our energy grid could cut off service to large areas of the country. Government, business, and academia must therefore work together to understand the threat and develop various modes of fighting cy- ber attacks, and to establish and enhance a framework for deep analysis for this multidimensional issue. The cyber infrastructure protection conference for academic year 2010-11 focused on the strategic and policy directions, and how these policy directions should cope with the fast-paced technological evolu- tion. Topics addressed by the conference attempted to answer some of these questions: How serious is the cyber threat? What technical and policy-based approaches are best suited to securing Telecommu- nications Networks and Information Systems Infra- structure security? What role will government and the private sector play in homeland defense against cyber attack on critical civilian infrastructure, financial and logistical systems? What legal impediments exist on efforts to defend the nation against cyber attacks, es- pecially in the realm of preventive, preemptive, and retaliatory actions? Our offerings here are the result of a 2-day collo- quium titled Cyber Security Infrastructure Protection, conducted on June 8-9, 2011, by the Center of Infor- mation Networking and Telecommunications (CINT) v at the Grove School of Engineering, the Colin Powell Center for Public Policy—both at the City University of New York, City College (CCNY)—and the Strategic Studies Institute at the U.S. Army War College. The colloquium brought together government, business, and academic leaders to assess the vulnerability of our cyber infrastructure and provide strategic policy directions for the protection of such infrastructure. Given the complexities of national security in the 21st century and the fast-changing nature of the cyber domain, the Strategic Studies Institute proudly pres- ents the results of this very relevant colloquium. We are sure it will be an essential read for both the practi- tioner and academic alike to gain a better understand- ing of cyber security. DOUGLAS C. LOVELACE, JR. Director Strategic Studies Institute and U.S. Army War College Press vi PREFACE This book is a follow-on to our earlier book pub- lished in 2011 and represents a detailed look at various aspects of cyber security. The chapters in this book are the result of invited presentations in a 2-day confer- ence on cyber security held at the City University of New York, City College, June 8-9, 2011. Our increased reliance on the Internet, informa- tion, and networked systems has also raised the risks of cyber attacks that could harm our nation’s cyber in- frastructure. The cyber infrastructure encompasses a number of sectors including the nation’s mass transit and other transportation systems, railroads, airlines, the banking and financial systems, factories, energy systems and the electric power grid, and telecommu- nications, which increasingly rely on a complex ar- ray of computer networks. Many of these infrastruc- tures’ networks also connect to the public Internet. Unfortunately, many information systems, computer systems, and networks were not built and designed with security in mind. As a consequence, our cyber infrastructure contains many holes, risks, and vulner- abilities that potentially may enable an attacker to cause damage or disrupt the operations of this cyber infrastructure. Threats to the safety and security of the cyber infrastructure come from many directions: hackers, terrorists, criminal groups, and sophisticat- ed organized crime groups; even nation-states and foreign intelligence services conduct cyber warfare. Costs to the economy from these threats are huge and increasing. Cyber infrastructure protection refers to the defense against attacks on such infrastructure and is a major concern of both the government and the private sector. vii A key contribution of this book is that it provides an integrated framework and a comprehensive view of the various forms of cyber infrastructure protec- tion. We, the editors, strongly recommend this book for policymakers and researchers. viii CHAPTER 1 INTRODUCTION Tarek Saadawi Louis H. Jordan, Jr. Vincent Boudreau In recent years, the analysis of cyber security has moved into what one might call a series of second-gen- eration conversations. The first generation, dominated by engineers and computer programmers, regarded the issue as primarily a technical matter, and sought responses from cyber threats mainly in the develop- ment of protective software and hardware design. In its early phases, cyber threats were primarily regard- ed as politically neutral, and without a great deal of economic motivation. Hence, how these threats were generated, and what social or political actors or sys- tems directed these attacks, mattered little. Up-to-date anti-virus software and other protective technology were judged sufficient to protect both personal and public cyber assets against attack. Several things have changed since those early con- versations. First, and most obviously, technology has grown more complex and more networked. As our society demanded more interactive cyber systems, the danger of contamination across these systems has grown. Second, cyber attacks have become less eco- nomically or politically neutral than in previous gen- erations. Evidence is mounting that both governments and insurgent groups are using cyber platforms as a way of mounting attacks. Threats to cyber security from economically motivated groups, and especially, increasingly well-organized criminal syndicates, are 1

See more

The list of books you might like

Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.