CYBER SECURITY

Review Questions ..................................................................................

CYBER SECURITY

Jocelyn O. Padallan

ARCLER
P r e s s

www.arclerpress.com
Cyber Security
Jocelyn O. Padallan

Arcler Press
2010 Winston Park Drive,
2nd Floor
Oakville, ON L6H 5R7
Canada
www.arclerpress.com
Tel: 001-289-291-7705
001-905-616-2116
Fax: 001-289-291-7601
Email: [email protected]

e-book Edition 2020

ISBN: 978-1-77407-401-5 (e-book)

This book contains information obtained from highly regarded resources. Reprinted material
sources are indicated and copyright remains with the original owners. Copyright for images and
other graphics remains with the original owners as indicated. A Wide variety of references are
listed. Reasonable efforts have been made to publish reliable data. Authors or Editors or Publish-
ers are not responsible for the accuracy of the information in the published chapters or conse-
quences of their use. The publisher assumes no responsibility for any damage or grievance to the
persons or property arising out of the use of any materials, instructions, methods or thoughts in
the book. The authors or editors and the publisher have attempted to trace the copyright holders
of all material reproduced in this publication and apologize to copyright holders if permission has
not been obtained. If any copyright holder has not been acknowledged, please write to us so we
may rectify.

Notice: Registered trademark of products or corporate names are used only for explanation and
identification without intent of infringement.

© 2020 Arcler Press

ISBN: 978-1-77407-280-6 (Hardcover)

Arcler Press publishes wide variety of books and eBooks. For more information about
Arcler Press and its products, visit our website at www.arclerpress.com
ABOUT THE AUTHOR

Jocelyn O. Padallan is currently pursuing her Master of Science in Information

Technology from Laguna State Polytechnic University, Philippines and has
Master of Arts in Educational Management from the same University. She has
passion for teaching and has been an Instructor at Laguna State Polytechnic,
Los Banos Campus, Philippines.
TABLE OF CONTENTS

List of Figures ........................................................................................................xi

List of Abbreviations ...........................................................................................xiii
Preface........................................................................ ........................................xv

Chapter 1 Cyber Crime: A Market of Vulnerability .................................................... 1

1.1. Introduction ........................................................................................ 3
1.2. Challenges In Cyber World ................................................................. 6
1.3. The Dangers and Necessities............................................................... 9
1.4. Supporting and Building Up The Advanced And Digital Society ........ 11
1.5. Vulnerabilities In The Cyber World .................................................... 13
1.6. Essential Security And Privacy Goals ................................................. 18
1.7. Privacy Objectives ............................................................................ 21
1.8. Summary .......................................................................................... 23
Review Questions .................................................................................... 24
Choose The Correct Option ..................................................................... 24
References ............................................................................................... 27

Chapter 2 Cyber Security and Its Fundamentals ...................................................... 29

2.1. Introduction ...................................................................................... 30
2.2. The Web Is Not Just The Internet........................................................ 31
2.3. The Cyberspace (Figure 2.2) .............................................................. 32
2.4. Information Assurance Fundamentals................................................ 37
2.5. Basic Cryptography ........................................................................... 46
2.6. Summary .......................................................................................... 49
Review Questions .................................................................................... 51
Choose The Correct Option ..................................................................... 51
References ............................................................................................... 54
Chapter 3 Management Of Cyber Security .............................................................. 55
3.1. Cyber Security Management ............................................................. 56
3.2. Digital Security Mistakes................................................................... 58
3.3. Reach of Cyber Security Management Model ................................... 62
3.4. Levels of Cyber Security Model......................................................... 67
3.5. Risk Management ............................................................................. 74
3.6. Risk Assessment ................................................................................ 75
3.7. Risk Mitigation.................................................................................. 79
3.8. Assessment ....................................................................................... 82
3.9. Summary .......................................................................................... 83
Review Questions .................................................................................... 84
Choose The Correct Option ..................................................................... 84
References ............................................................................................... 87

Chapter 4 Cyber Investigators And Digital Forensics ............................................... 89

4.1. Examining Cyber Crime .................................................................... 90
4.2. Cybercrime Scene Processing And Forensic Services....................... 101
4.3. Digital Forensics ............................................................................. 103
4.4. Obstacles To Evidence Discovery And Analysis ............................... 105
4.5. Summary ........................................................................................ 112
Review Questions .................................................................................. 113
Choose The Correct Options .................................................................. 113
References ............................................................................................. 116

Chapter 5 Social Media, Botnet, And Intrusion Detection ..................................... 117

5.1. Introduction .................................................................................... 118
5.2. Botnet Offense ................................................................................ 120
5.3. Bot Lifecycle ................................................................................... 121
5.4. Botnet Correspondence Structure.................................................... 123
5.5. Contaminating The Client ............................................................... 125
5.6. Botnet Discovery Utilizing Honeypots ............................................ 128
5.7. Spamming Botnet Identification ...................................................... 130
5.8. System Based Botnet Recognition ................................................... 131
5.9. Conduct Investigation-Based Botnet Location ................................. 132
5.10. The Relation With Social Media Channels..................................... 133

viii
 Review Questions .................................................................................. 140
Choose The Correct Option ................................................................... 140
References ............................................................................................. 143

Chapter 6 Cyber Security And Industrial Control Systems ..................................... 145

6.1. What Are ICSs................................................................................. 146
6.2. Anchoring ICS And It Systems ......................................................... 148
6.3. Case Study: Maroochy Wastewater Wireless Scada Attack............... 150
6.4. Issues Encompassing ICS Cyber Security ......................................... 157
6.5. Vulnerabilities Of Industrial Control Systems (ICSs) ......................... 159
6.6. Potential Effects On ICSs ................................................................. 160
6.7. Limiting Risk: The Industry’s Response ............................................ 162
6.8. Boundaries To Improving Cyber Security ......................................... 162
6.9. Summary ........................................................................................ 165
Review Questions .................................................................................. 167
Choose The Correct Option ................................................................... 167
References ............................................................................................. 170

Chapter 7 Legal Framework For Cyber Security .................................................... 171

7.1. Introduction .................................................................................... 173
7.2. Invention Of A Cyber War Problem ................................................ 175
7.3. The Law Restricting Cyber War ....................................................... 178
7.4. International Law On The Use Of Force .......................................... 180
7.5. Achieving Cyber Security Lawfully.................................................. 183
7.6. Cyber Law Enforcement Cooperation .............................................. 185
7.7. Good Cyber Hygiene ...................................................................... 186
7.8. The Importance Of The Law Of Armed Conflict In
Cyber Operations Security ........................................................... 187
7.9. International Law And Cyber Warfare ............................................. 189
7.10. Summary ...................................................................................... 191
Review Questions .................................................................................. 193
Choose The Correct Option ................................................................... 193
References ............................................................................................. 196

Chapter 8 Cyber Security And Automation............................................................ 197

8.1. Introduction .................................................................................... 198

ix
8.2. Guideline For Dependable Automation........................................... 203
8.3. Honeypot Front-End Interface ......................................................... 208
8.4. Event Monitor ................................................................................. 211
8.5. Usage Of SNMP In Scada Environments ......................................... 213
8.6. Automatic Operation Of Security Controls ...................................... 214
8.7. The Security Content Automation Protocol ...................................... 217
8.8. Summary ........................................................................................ 219
Review Questions .................................................................................. 220
Choose The Correct Option ................................................................... 220
References ............................................................................................. 223

Index ..................................................................................................... 225

LIST OF FIGURES

Figure 1.1. The evolving subject of cybercrime

Figure 1.2. A conference on e-governance
Figure 1.3. Vulnerabilities of cyber world
Figure 1.4. Security and privacy goals
Figure 2.1. Components of cyberspace
Figure 2.2. The cyberspace
Figure 2.3. Qualities of the cyberspace
Figure 2.4. Information assurance fundamentals of cyber security
Figure 3.1. Strategies for cyber security
Figure 3.2. Center segments of the cyber security model
Figure 3.3. The three parts of risk management
Figure 3.4. Various processes in risk assessment
Figure 4.1. There are numerous efforts and ways to examine cybercrime
Figure 4.2. Cell phone is the most widely accepted form of stored communication
Figure 4.3. A digital forensic lab
Figure 5.1. Illustrations of botnets
Figure 5.2. The various stages of kill chain by intrusion
Figure 6.1. Layout of an industrial control system
Figure 6.2. PLC unit at power plants
Figure 6.3. SCADA layout
Figure 7.1. Cyber security legal framework
Figure 7.2. The use of force in international law
Figure 7.3. Cyber security
Figure 7.4. Assessing law enforcement and service provider cooperation in fighting
cybercrime
Figure 8.1. Examples of automated components
Figure 8.2. Data flow diagram of a fault repair use case in smart grids
Figure 8.3. Wingpath ModSnmp diagram (Modbus API simulator)

xi
LIST OF ABBREVIATIONS

AD active directory
CALEA Communications Assistance for Law Enforcement Act
CCE common configuration enumeration
CCM configuration compliance manager
CIA confidentiality, integrity, and availability
CIS customer information system
COTS customary business off-the-rack
CPE common platform enumeration
CPU focal handling unit
CSPs cloud specialist co-ops
CVE common vulnerabilities and exposures
CVSS common vulnerability scoring system
DCS distributed control systems
DHS Department of Homeland Security
DMS distribution management system
DNSBL DNS blacklisting technique
ED Enterprise Edition
FTP File Transfer Protocol
HMI human-machine interface
ICJ International Court of Justice
ICSs industrial control systems
IP internet protocol
ITAM IT asset management
LSH locality sensitive hashing
NIAG National Information Assurance Glossary
NIST National Institute of Standards and Technology
OSSIM Open Source Security Information Management
OVAL Open Vulnerability and Assessment Language
PLC programmable logic controllers
PUK pin unlock key
RISI repository for industrial security incidents
ROI rate of profitability
RTOS frequently utilize exclusive continuous working frameworks
RTU remote terminal units
SCADA Supervisory Control and Data Acquisition
SD secure digital
SIM subscriber identity module
SMS Systems Management Server
SNMP Simple Network Management Protocol
SQL Structured Query Language
SRTP secure real-time transfer protocol
VCS Veritas cluster server
VPN Virtual Private Network
WMS work management system
XCCDF Extensible Configuration Checklist Description Format

xiv
PREFACE

Cybercrime is a field that is, unfortunately, booming across the world due to
various mischievous elements that have a criminal mindset to cause an imbalance
in the society. The cyber-attacks by such elements result in heavy losses, not
only in terms of financial terms but also in terms of information leaks that may
affect the security of a nation and privacy and integrity of an organization. In
this book, I have tried to dwell upon various aspects that concern the cyber
world, the crime related to it, and the methods that have or are being adopted to
combat the issue.
Starting with the introduction of cybercrime to the readers, the book takes them
through the various dangers regarding the problem and the importance of having
cyber security as a tool to combat the issue. The book talks to the readers about
the various vulnerabilities that exist in the cyber world which make it easy for
the attackers to make their way into the cyberspace that belongs to someone
else. Then follows the various goals and objectives that drive the topic of cyber
security.
The readers are then informed in depth about the fundamentals of cyber security,
differentiating effectively between the cyberspace, the web, and the internet.
The book also dwells upon the various qualities that an ideal cyberspace should
possess followed by the various methods that can be used to cryptograph a piece
of code.
Then, the book takes the readers through the importance of management of
cyber security and the mistakes that might be made in the digital security of an
entity. This part also focuses on the topics that management of cyber security
should comprise of and the various levels into which a cyber security model may
be divided. The readers are imparted with the knowledge on the most important
subject in the cyber security management; that is, the one that concerns risk.
After the management of cyber security, the readers are informed about the
various investigative techniques and the methods that are used to examine
cybercrime along with the various obstacles the experts tend to face during the
process. The very hot topic in the field of cyber investigation ‘digital forensics,’
is also talked about in the book.
The book also throws light on the occurrence of botnets and how they tend
to invade the systems of the users. The various methods to detect the botnets
are also listed in the corresponding part. Having studied about the botnets,
the next step that the book takes is to consider the subject of the widely used
industrial controlled systems and the way in which any harm to these systems is
catastrophic for the industries.
The readers are also informed about the subject of legality in the cyber security
framework. The international laws that concern the cyber security, the laws that
curb the cyber wars that might take place on the cyberspace around the world
and disrupt certain activities, are all very important and a brush up on these
subjects is done in the corresponding chapter. The laws regarding the defense
systems of the armed forces are also discussed in brief. The laws also prevent
various attackers from attacking the industrial control systems of various
organizations, thus ensuring them of their security and privacy, helping them
work in a good atmosphere.
Lastly, the book covers the cyber security and its effect in the automation
field. The book lays down the guidelines for dependable automation and the
importance of such automation in the industrial context. This book gives a core
in-depth knowledge about cybercrime and its security and should interest all
the enthusiasts that want to contribute to the cyber security of the digital world.

xvi
 CHAPTER

1
CYBER CRIME: A MARKET OF
VULNERABILITY

LEARNING OBJECTIVES:
• Know about the dangers of cybercrime
• Get accustomed to the vulnerabilities in the cyber world
• Understand the essential goals regarding the security
and privacy of the data
• Learn the ways on how to support the development of
a digital society

KEYWORDS
• availability • security misconfiguration
• buffer overflow • selective methodology
• confidentiality • session management
• injection vulnerabilities • vulnerabilities
• integrity • worldwide dimension
• privacy goals
 2 Cyber Security

The Kind of Cyber Crimes that Take Place

A website enables foreign nationals to send some branded products to
their friends and relatives in the US after they pay for it online.
The company undertakes to deliver the products to the concerned
recipients. To take advantage of this, someone logged onto the website
under the fake identity of Barbara Campa and ordered a Nikon DSLR
Camera set and a tripod stand and lens cleaning unit. The person gave
their credit card number for payment and requested that the products
be delivered to Sam Cook somewhere in Chicago. The payment was
duly cleared by the credit card agency, and the transaction processed.
After following the relevant procedures of due diligence and checking,
the company delivered the items to Sam Cook.
At the time of delivery, the company took digital photographs
showing the delivery being accepted by Sam Cook. The transaction
closed at that, but after one and a half months the credit card agency
informed the company that this was an unauthorized transaction as the
real owner had denied having made the purchase.
The company lodged a complaint for online cheating at the national
investigative agency, which registered a case under various sections
of the penal code. The matter was investigated into, and Sam Cook
was arrested. Investigations revealed that Sam Cook, while working
at a company in Chicago gained access to the credit card number of
another American national which they misused on the company’s site.
The investigative agency recovered the DSLR camera and the
tripod stand and the lens cleaning unit. Thus, the person was arrested
and found guilty by the court of law.

Class Discussion Questions

• What are the vulnerabilities that the company left open,
which enabled the intruder to take advantage?
• What actions could have been taken to avoid the situation?
The above vignette offers a scenario in the vulnerabilities in the
field of cybercrime. The vignette focuses on various ways an entity can
think of to cause damage or loss to a company in the cyber world. The
 Cyber Crime: A Market of Vulnerability 3

chapter elaborates on the various vulnerabilities

in the cyber world and finds ways to tackle them.

1.1. INTRODUCTION
Cybercrime may be put down as a case of typical
kind of criminal flowchart that involves a cycle,
where the computer with the incorporation of
the various programs and data and the different
kinds of networks it makes use of, is capable of
both, conducting a type of attack and falling prey
to one. The advantages of cybercrime are taken
by the ones who are interested in supplying the
resources for its propagation.
The whole group of the criminals that take
law in their hands regularly for a living has started
to realize the ways they can take advantage from
the activities involving regular communication
and information exchange. They do it by using
the technology the best of its use to pass the
messages, plan the criminal activities and lastly,
know more about the kind of people they can
attack and target and the opportunities that keep
popping up from time to time (Figure 1.1).

Figure 1.1: The evolving subject of cybercrime.

Source: https://cdn.pixabay.com/photo/2015
/10/29/18/30/cyber-crime–1012751_960_720.jpg
4 Cyber Security

This advent of communication technology

has led to an increase in the effectivity of various
illegal crimes such as:
• Drug trafficking;
Drug trafficking is
a global illicit trade
• Human trafficking;
involving the cultiva- • Illegal trade of the rare species which
tion, manufacture, have been protected by various
distribution and sale
of substances which
authoritative organizations and their
are subject to drug parts;
prohibition laws. • Money laundering;
• Dealing in the trade of the products
that have been banned or seized and
various other economic crimes like
these.
Though it should not be, but the illegal
activities also provide benefits to the organizations
that trade or sell various protective software or
measures such as the anti-virus or anti-spam
software, taking advantage of the insecurity
that resides because of the prevailing criminal
activities taking place. These advantages are
also taken by the vendors and consultants that
deal in various computer security products,
including those who:
• Instill fear in the people to disturb
the stability, sell the products, or
manipulate or try to affect the process
of decision making to serve their
personal goals.
• Provide resources to various terrorist
and criminal organizations or
individuals for attacks across the
globe, to get the security budget of the
countries increased, so that they can
have some of it as their share.
 Cyber Crime: A Market of Vulnerability 5

• Reap direct benefits from the excess

amount of information that goes
beyond the scope of secure storage due
to spamming (the internet providers
and infrastructure developers).
• Make themselves rich by participating
in money laundering across the globe.
• Want to take advantage of the surveil-
lance that is kept by means of internet
or of the activities that malign a na-
tion’s reputation or an organization’s
image.
The synchronization of such organized
crime across the globe in the form of mob
crime, cybercrime or crime related to economic
matters, needs a holistic and combined approach
from the nations across the globe, in order
to answer fulfill the need for preserving the
security of the nation and various organizations
or individuals. The methods of the approach
will be applicable to the enhancement of the
reactions and responses of the people in charge
to control the security.
They may also be linked to the criminality
that is being discussed and to the basic
precautions that need to be taken. When all
these methods are adopted, they would make the
people involved in the process, more confident
of the technologies that use ICT and reduce the
opportunities that the criminals constantly look
for. Cybercrime is a subject of concern and of
awareness for the people internationally, a topic
which has been debated on various political and
judicial fronts and a foundation on which various
kinds of research has been taking place in the
field of technology, sociology, and economics.
 6 Cyber Security

Cybercrime is a subject that includes

all the actors in the circuit and is difficult to
be comprehended from a perspective or be
Cybercrime is any considered in a unique way whether the way is
criminal activity that legal or technical. The approach that makes it
involves a computer, somewhat possible to comprehend, so that some
networked device or
steps can be taken to prevent these crimes or
a network.
react in an appropriate way to these activities,
may be interdisciplinary in nature.

1.2. CHALLENGES IN CYBER

WORLD
To deal with the problem such as cybercrime, it
is needed that the one in charge of the actions
against it holds a strong political position that
can make the public and private organizations to
come on a common platform and instruct them
to work in a collaborative way at both national
and global scale.
It is hoped that such partnerships can be
formed as soon as possible as the actions against
cybercrime hold a very significant spot in the
current scenario and if these collaborations turn
out successful, which is inevitable, it would
provide great relief to the society and will also
result in economic benefits of various countries.
The cyber security is a subject that concerns
the sovereignty of a state, its national security, a
country’s cultural heritage and the steps taken to
conserve the important infrastructural objects,
networks, systems, and goods. In the last few
years, the personal security has been affected by
the increase in work through computers.
Some legal barriers need to be framed along
with the technically preventive steps that need
 Cyber Crime: A Market of Vulnerability 7

to be developed and implemented so that the

criminal thinking and inclination of people can
be prevented. It is very important that there is the
presence of a judicial and policing system which
has the tendency to be effective so that it can
deal with the crimes that pertain to computers.
The nations take up various measure so that
they can go against cybercrime and can keep a
check on the security concerning the framework
of the information technologies. Both the
subjects, like that of information security and
cyber security, come together to form a force
that results in the development of the emerging
nations and areas across the world from the
economic point of view.
The ones who are involved in the security of
the information and prevention of cybercrime are
vulnerable to threats from the criminals and to
the ever-increasing popularity and togetherness
of the economic crime, organized crime, and
cybercrime. A response that is multifaceted,
understandable, and international in nature, is
the need of the hour.
This response must also be able to answer
the questions for the security requirements of
various enterprises, nations, and people. There
is a lot of consideration regarding various points
of view, requirements, and the entities taking
part, so that a common point can be reached
between “freedom” and “security.” One more
thing that holds great significance is that the
security steps should be easy to comprehend and
be used rather than being complex to the extent
that no one is able to use them.
The volunteers should try not looking for the
best practices that should be taken up to tackle
8 Cyber Security

cybercrime. Rather they should try to instill good

practices, which include the legal procedures, in
a manner that each person is able to carry out the
practices in an accomplished way.
The community in charge of the information
at the international level and the knowledge
economy may be restricted by the advancement
and widespread acknowledgment of the structure
of the security against cybercrime throughout
the world.
The legitimacy of such a system or model
needs a testing multi-dimensional and multi-
partner approach for everybody – from people to
companies to nations. Cybercrime is not limited
by geographic or national borders.
A criminal can be situated in a nation unique
in relation to the one where the crime is carried
out. This shows a crucial lawful inquiry with
respect to technical conceivable outcomes.
Local laws are limited to regions, yet electronic
trades or information streams don’t have the
foggiest idea about any geographical limits.
The main conceivable answer is to attend
Cyber securi- the lawful issues identified with cyber security
ty refers to the body
and cybercrime at a global level. Inside the
of technologies,
processes, and setting of the Internet and the other parts of
practices designed the digital world, it is important to embrace
to protect networks, satisfactory global systems and instruments that
devices, programs, have regards for human rights. Again, and again,
and data from at-
the multifaceted nature of innovation benefits
tack, damage, or
unauthorized access. cybercriminals. Be that as it may, this isn’t an
issue that is impossible to find answers to.
In some cases, regardless of whether the
accessible security arrangements are error-
prone, it is not right to surmise that the general
public is unarmed against this new form of crime;
 Cyber Crime: A Market of Vulnerability 9

represented by some genuine cases, there is an

unmistakable union of cybercriminals and the
methods by which it is brought into existence.
Key techniques are laid out for figuring out
how to recognize dangers, to keep away from
dangerous activities and to find numerous types
of cybercrime on the Internet. Additionally,
even-minded responses are given to individuals
who utilize the Internet for private or individual
reasons and have worries about dangers,
intimidations, and security.

1.3. THE DANGERS AND

NECESSITIES

1.3.1. The Worldwide Dimension of Dan-

gers Identified with Cybercrime
Criminal dangers convey a worldwide dimension
that can affect all the parts of a company – most
of its partners. The company needs to know how
to safeguard its uprightness against the criminal,
similarly as it ensures itself, for instance, from
defilement. It needs to stay gainful and, in its
plans, to counter cybercrime, represent any loss
of benefits because of tending to the danger of
cyber criminality – that is, the costs associated
with giving counter-measures.
There is a need to build up a money-related
model that will ideally bolster the expenses of
securing the infrastructures and of anchoring
the frameworks, systems, information,
administrations, and individuals, and all other
related benefits and key property of a business
or open office.
10 Cyber Security

A company can never again disregard the

genuine perils that debilitate them. They know
that they have a squeezing obligation to secure
their ICT’s frameworks, information, data
streams, industrial, and business privileged
insights, and their accounts. They must be all
set and ready for the cybercriminal dangers that
may one day take place.

1.3.2. A Market in Entire Extension

There is no absence of assets in the field of
security. The security showcase is in unending
extension. Yet, the question arises whether the
administrations and items on offer are extremely
adjusted to the customer’s needs. Also, whether it
is safe to say that they are legitimately actualized
and properly managed. These inquiries endure
because of their importance to a situation
experiencing interminable change with a human
measurement that is hard to oversee. A portion
of the most exceedingly bad outcomes emerges
from straightforward human faults.
The various human faults that result in the
cyber-attacks are:
• Lacking administration;
• Easygoing carelessness (the password
composed on a piece of paper adhered
to the screen);
• Inadequacy (mistakes committed
when the technology is created or
actualized); or
• Even excessive amount of powers
conceded to the technical heads or
system managers.
 Cyber Crime: A Market of Vulnerability 11

Moreover, business people and other

commercial enterprises will tend towards staying
away from the expenses of security. Although, it
can even be more beneficial, for some financial
participants, that are not legitimately obliged to
give secure services, to pass such expenses on
either to the customer (through the need to buy
valuable items, experience training, or supplant
contaminated or traded off materials) or to society
by and large. The last case applies, for instance,
in case of a business making its staff excess in
the wake of getting to be bankrupt because of a
security disappointment or a digital attack.

1.4. SUPPORTING AND BUILDING

UP THE ADVANCED AND DIGITAL
SOCIETY

1.4.1. The Advancement of a Society Reconciliation is an

accounting process
The change of social communities into a data- that uses two sets
oriented society, a procedure made conceivable of records to ensure
by the reconciliation of new techniques and figures are correct
scientific and digital developments, in each and in agreement.
circle of movement and each sort of framework,
expands the reliance of people, associations,
and nations on data frameworks and systems.
This is a noteworthy source from where
a hazard can creep in, which must be treated
as a security chance. Furthermore, there is an
expanding attention to the significance of acing
operational PC dangers, with the developing
usage of new innovations, the presence of a
worldwide data innovation framework, and the
rise of new dangers produced by cyber attacks.
12 Cyber Security

There is a peril that individual or little

endeavors, and in addition, emerging nations,
in endeavoring to join the data-oriented society,
will put excessively few of their restricted assets
into the infrastructure meant for security. As a
result, the digital partition could offer ascent to a
security divide. There is additionally the peril that
emerging nations may turn out to be excessively
reliant on the enterprises that design and sell their
methods and techniques for cyber security.
The media transmission frameworks and the
administrations and exercises that they make
conceivable must be imagined, planned, set
up, and made do considering security. Security
is the foundation of any media transmission
movement; it ought to be an administration
that makes it conceivable to make different
administrations and produce value, for example,
e-government, e-health, e-learning, and so on.
It’s anything but a matter of innovation
alone. As of late, in any case, the fundamental
instruments of communication that have turned
out to be accessible have excluded the assets
that are both important and adequate to give, or
to ensure, a basic level of security (Figure 1.2).

Figure 1.2: A conference on e-governance.

Source: https://c1.staticflickr.com/6/5595/31042771
335_75e3fcf363_b.jpg
 Cyber Crime: A Market of Vulnerability 13

1.4.2. A Selective Methodology

The change to the data age uncovers the
significance of data innovation and clarifies
that this innovation should be aced. With
respect to the new dimensions that ICT makes
in specialized and financial terms, the security
of information, administrations, assets, and
foundations has turned into a key need.
It features the key and basic nature of what
is in question in arranging and actualizing cyber
security for nations, companies, and people.
Given the economy, material, and personnel
that nations have put into making their data
and media transmission framework, they
should guarantee that the foundation is secure,
very well overseen, and controlled. ICTs, like
all modern advancements, rise, and work in a
specific antique and physical setting.
The duty of the people in charge of making
the policy is to help the data upheaval with
the devices, methodology, laws, and morals
expected to deal with security and meet the
desires and needs of society.

1.5. VULNERABILITIES IN THE

CYBER WORLD
All the significant government associations
and monetary firms lay their attention upon the
issue of digital security in the present time and
age. To target, the delicate information of any
organization, especially of those that generally
keep open information about the public, has
been the objective of the most criminal and
unethical programmers of the world.
14 Cyber Security

Unlawful access by an unapproved

individual is the most annihilating thing that
could happen to an association, as its delicate
information would then be easily accessible to
the hacker and can be misused for any kind of
purpose.
Control, information, and robbery
of information, and in addition, leaking
of organizational secrets and closing
administrations, are some of the examples
and only a portion of the numerous things that
programmers have the permit to do once they
have access to a database.
The mention of the fact that more than 575
million dollars’ worth of harm has been caused
due to digital crime is characteristic of the
thought that digital terrorism and cybercrime is
the most unsafe thing in the present time and
age, when everything is automated.
Here are the five most hazardous digital
security vulnerabilities that are misused by the
criminal programmers worldwide:
Digital security is • buffer overflow;
an all-encompassing
• injection vulnerabilities;
term which includes
the tools you can • exposure of sensitive data;
use to secure your • broken session management and
identity, assets and
technology in the
authentication; and
online and mobile • security misconfiguration.
world.

1.5.1. Buffer Overflow

Buffer overflow is very normal and furthermore
meticulously hard to identify. In an attack
involving buffer overflow, an application
that stores information in more space than its
 Cyber Crime: A Market of Vulnerability 15

buffer’s capacity is abused into controlling and

exploiting other similar addresses. The control
incorporates overwriting the information on
those other buffer addresses and in addition
cause harm to or erase the information.
More than the problem of buffer overflow Buffer overflow is
being hard to identify, it is even harder to make an anomaly where
it happen, as the programmer must know the a program, while
writing data to a
buffer capacity component of the database.
buffer, overruns
Nonetheless, if the programmer has the the buffer’s bound-
information and technique to know about that, ary and overwrites
they can, without much of an effort, misuse this adjacent memory
by sending an application a bigger amount of locations.
information than it can store in the buffer meant
for it.
Having done such a thing, the hacker can
access the client’s system when the control has
come back their code.
Web servers and various personal systems,
for example, are quite vulnerable to these kinds
of cyber criminality.

1.5.2. Injection Vulnerabilities

An application transmitting untrusted
information to a translator is an example
of injection vulnerability. Whenever did
effectively, the attacks including injection
vulnerability can comfortably cause misfortune
and harm to information. For example, SQL
and XML parsers and program contentions are,
most often, the aims and targets of this kind of
an attack.
16 Cyber Security

1.5.3. Exposure of Sensitive Data

It very well may be fought vehemently that
the most dangerous and frequently happening
type of vulnerability is the unintended break
of touchy information. It might result in the
saddest harms and incident for any organization
on the planet. Therefore, the aggressors and
lawbreakers are dependable in the chase for
causing as much anguish and misfortunes to
the organization utilizing this powerlessness, as
could be expected under the circumstances.
The data that is being intended to assault
can be gotten to while it isn’t being utilized
and lies unattended in the framework, or in a
reinforcement database or while on the move to
some other framework. The programmers make
utilization of the product named malware when
it is lying in the framework, while cryptanalysis
strategies, for instance, a Man-in-the-Middle
system, is utilized when the information is in
travel.

1.5.4. Broken Session Management and

Authentication
Such kind of event uses ineffective places in the
session as well as authentication. This assault
exploits certain delicate spots in the session
administration and association confirmation
between the two frameworks. Inability to utilize
adequate encryption procedures can enable
programmers to do a wide range of digital secret
activities utilizing this defenselessness.
 Cyber Crime: A Market of Vulnerability 17

1.5.5. Security Misconfiguration

Very simple to maintain a strategic distance
from and very normal; however, heartbreaking
when misused in any case. The purposes behind
this weakness to be misused are many, such
as utilizing default framework settings and
passwords, running outdated programming, and
not keeping solid enough passwords. Albeit such
mix-ups are anything but difficult to maintain
a strategic distance from, it is disturbing how
often an assailant accesses a client’s framework
and the delicate information in it because of
inability to stay away from such errors.
Digital security is something that is a
significant critical issue. We endeavored to
make our peruses mindful of probably the most
widely recognized vulnerabilities and would
prescribe them to do additionally research
to realize everything to think about securing
their frameworks. Knowing is the underlying
objective, and this article is meant to help the
people in their underlying advance (Figure 1.3).

Figure 1.3: Vulnerabilities of the cyber world.

18 Cyber Security

1.6. ESSENTIAL SECURITY AND

PRIVACY GOALS
To prevail with the execution of efficient IoT
security, we should know about the essential
security objectives as pursues:
• confidentiality;
• integrity;
Authentication is
the act of proving • authentication and approval;
an assertion, such • availability;
as the identity of a
computer system • accountability;
user. • auditing; and
• non-renouncement.

1.6.1. Confidentiality
Confidentiality is an essential security highlight
in IoT; however, it may not be mandatory in a
few situations where information is introduced
openly. In any case, much of the time and
situations touchy information must not be
unveiled or perused by unapproved substances.
For example, quiet information, private business
information, and additional military information
and security certifications and mystery keys,
must be avoided by unapproved elements.

1.6.2. Integrity
To give solid administrations to IoT clients,
trustworthiness is a compulsory security property
much of the time. Diverse frameworks in IoT
have different honesty prerequisites. Misfortune
or control of information may happen because
of correspondence, conceivably causing loss of
 Cyber Crime: A Market of Vulnerability 19

human lives.
For example, a remote patient observing
framework will have high respectability
checking against arbitrary blunders because of
data sensitivities.

1.6.3. Authentication and Approval

Confidential-
A universal network of the IoT disturbs the ity refers to
protecting
issue of validation in view of the idea of IoT information from
conditions, where conceivable correspondence being accessed
would happen between gadget-to-gadget by unauthorized
(M2M), human to the gadget, and additionally parties.
human-to-human. Diverse validation
prerequisites require distinctive arrangements in
various frameworks. A few arrangements must
be solid, for instance, validation of bank cards
or bank frameworks. Then again, most should
be worldwide, for example, ePassport, while
others must be nearby. The approval property
permits just approved substances (any verified
element) to play out specific tasks in the system.

1.6.4. Availability
A client of a gadget (or the gadget itself) must be
equipped for getting to administrations whenever
at whatever point required. Distinctive equipment
and programming segments in IoT gadgets must
be hearty in order to give benefits even within
sight of pernicious elements or unfavorable
circumstances. Different frameworks have
diverse accessibility necessities.
For example, fire observing or human
services checking frameworks would almost
20 Cyber Security

certainly have higher accessibility prerequisites

than roadside contamination sensors.

1.6.5. Accountability
When creating security strategies to be utilized
in a safe system, account-capacity includes
excess and obligation of specific activities,
obligations, and arranging of the execution of
system security approaches. Responsibility
itself can’t stop assaults however is useful in
guaranteeing the other security systems are
working legitimately.
Center security issues like trustworthiness
and confidentiality might be pointless if not
exposed to accountability. Also, in the event
of a renouncement occurrence, a substance
would be followed for its activities through a
responsibility procedure that could be helpful
for checking within the story of what occurred
and who was really in charge of the episode.

1.6.6. Auditing
A security review is a methodical assessment
of the security of a gadget or administration
by estimating how well it complies with an
arrangement of set up criteria. Because of
numerous bugs and vulnerabilities in many
frameworks, security inspecting assumes a vital
job in deciding any exploitable shortcomings
that put the information in danger. In IoT, a
frameworks requirement for inspecting relies
upon the application and its esteem.
 Cyber Crime: A Market of Vulnerability 21

1.6.7. Non-Renouncement
The property of non-renouncement delivers
certain proof in situations where the client or
gadget can’t deny an activity. Non-revocation
isn’t viewed as an imperative security property
for a large portion of IoT. It might be relevant
in specific settings. For example, installment
frameworks where clients or suppliers can’t
deny an installment activity (Figure 1.4).
Learning Activity:
Try getting known to at
least five cases of different
types of vulnerabilities in
the real world and how
they affected the concerned
people or organization.

Figure 1.4: Security and privacy goals.

1.7. PRIVACY OBJECTIVES

Protection is an entity appropriate to decide how
much it will communicate with its condition
and to what degree the substance will impart
data about itself to other people. The principal
protection objectives in IoT are:
• Privacy in gadgets – relies upon
physical and replacement security.
Touchy data might be spilled out
of the gadget in instances of gadget
burglary or misfortune and strength to
side channel assaults.
22 Cyber Security

• Privacy amid correspondence

– relies upon the accessibility of
a gadget, and gadget honesty and
unwavering quality. IoT devices
ought to convey just when there is
required, to disparage the revelation
of information protection amid
correspondence.
• Privacy away – to secure the
protection of information put away
in gadgets, the accompanying two
things ought to be considered:
• Possible measures of information
required ought to be put away in
gadgets.
• Regulation must be stretched out to
give security of client information
after end-of-gadget life (cancellation
of the gadget information (Wipe) if
the gadget is stolen, lost or not being
used).
• Privacy in handling – relies
Client Information upon gadget and correspondence
is defined as personal trustworthiness. Information ought to
information obtained be unveiled to or held from outsiders
from or supplied by
clients for the pur-
without the learning of the information
pose of completing proprietor.
a sales transaction; • Identity protection – the character
invoicing; or deliver- of any gadget should just be found
ing data, products,
services or informa- by the approved substance (human/
tion. gadget).
• Location protection – the land
position of the important gadget
should just be found by approved
element (human/gadget).
 Cyber Crime: A Market of Vulnerability 23

1.8. SUMMARY
The problem of cybercrime is engulfing in its
own sense, and it is important to know about the
various vulnerabilities such as buffer overflow,
injection vulnerabilities and so on. This is
essential for carrying out various services such
as e-governance, e-learning, and e-trainings.
The various goals from the security and privacy
perspective may be defined as confidentiality,
integrity, availability, and so on, which drive the
subject of cyber security. In the next chapter,
the readers will be taken through the various
fundamentals of cyber security.
 24 Cyber Security

REVIEW QUESTIONS
1. Explain the dangers of cybercrime.
2. Communicate the necessity of having cyber security.
3. Enumerate the various vulnerabilities of the cyber world.
4. List the various goals regarding security and privacy.
5. Explain how to build up and support the various advancements
in cyber security.
6. What are the main dimensions of dangers that have been
identified with cybercrime?
7. Elaborate on few human faults that may result in cyber-attacks.
8. What do you understand by buffer overflow?
9. What are the main privacy objectives in the cyber world?
10. In what ways a user could get its sensitive data exposed outside
the digital world?

CHOOSE THE CORRECT OPTION

1. Various illegal crimes that are committed and happen due
to the criminal activities on the web are:
a. Drug trafficking
b. Money laundering
c. Human trafficking
d. All the above
2. Different types of vulnerabilities that exist in the cyber
world are all except:
a. Buffer overflow
b. Exposure of sensitive data
c. Security misconfiguration
d. Data Jealousy
3. Essential goals regarding the security and privacy of the
cyber world may be all except:
a. Confidentiality
b. Integrity
 Cyber Crime: A Market of Vulnerability 25

c. Piracy
d. Accountability
4. The companies have a squeezing obligation to secure
everything except:
a. Frameworks
b. Profits
c. Privileged Rights
d. Information
5. The advantages of the cybercrimes are taken by the people
such as those who do not:
a. Instill fear in the people to disturb the stability, sell the
products, or manipulate or try to affect the process of
decision making to serve their personal goals
b. Provide resources to various terrorist and criminal
organizations or individuals for attacks across the globe,
to get the security budget of the countries increased, so
that they can have some of it as their share
c. Reap direct benefits from the excess amount of
information that goes beyond the scope of secure storage
due to spamming
d. Like spreading peace in the world
6. Once the criminals have access to the database, they can
do all except:
a. Closing administrations
b. Robbing the information
c. Leaking of organizational secrets
d. Bidding for an object
7. The faults that humans may commit in the cyber security
may be all except:
a. Inadequacy
b. Lacking administration
c. Excessive workload
d. Carelessness
 26 Cyber Security

8. Various facilities that can be provided on the online portals

including the web may be listed as:
a. E-governance
b. E-learning
c. E-health
d. E-piracy
9. One of the vulnerabilities of the cyber world may be listed
as.
a. Security misconfiguration
b. Firewalls
c. Passwords
d. Excessive running of the PCs
10. The IOT devices should be able to have a privacy in
situations except:
a. Gadgets
b. In correspondence
c. While away
d. In criminal activities
 Cyber Crime: A Market of Vulnerability 27

REFERENCES
1. Abomhara, M., & Koien, G., (2015). Cyber security and the internet
of things: Vulnerabilities, threats, intruders and attacks. Journal of
Cyber Security and Mobility, [online] 4(1), pp. 65–88. Available
at: https://www.researchgate.net/publication/277718176_Cyber_
Security_and_the_Internet_of_Things_Vulnerabilities_Threats_
Intruders_and_Attacks [Accessed 13 November 2018].
2. O’Shea, K., Steele, J., Hansen, J. R., Jean, B., & Ralph, T., (2007).
Cyber Crime Investigations: Bridging the Gaps Between, Security
Professionals, Law Enforcement, and Prosecutors. Syngress
Publishing Inc.
3. Senki.org. (n.d.). Cyberspace Threats and Vulnerabilities. [online]
Available at: http://www.senki.org/wp-content/uploads/2015/03/
case_for_action.pdf [Accessed 13 November 2018].
 CHAPTER

2
CYBER SECURITY AND ITS
FUNDAMENTALS

LEARNING OBJECTIVES:
• Get an insight about the cyberspace
• Know about the difference between cyberspace, web,
and the net
• Dwell on the fundamentals of information assurance
• Learn about the basic kind of cryptography

KEYWORDS
• authentication • internet
• authorization • network
• confidentiality • speed
• cryptography • storage
• cyberspace • web
• fundamentals
 30 Cyber Security

2.1. INTRODUCTION
Digital security is an inexorably relevant and squeezing subject of
concern for people, organizations, and governments, and one that
is difficult to disregard. Hence, it becomes important to look at the
essential factors that indicate that cyber security is both critical
and hard to accomplish. The investigation starts by looking at the
advancing digital condition, proceeds with an examination of elements
that make digital security so difficult, and finishes up with a glance at
conceivable fates.
The objective is to slice through the publicity that encompasses
cyber security and to furnish the people with an unmistakable yet
nuanced point of view of what is essential and why. It may be a
challenge when crucial ideas are regularly inadequately comprehended
and where there are solid business and political motivators to overstate
apparent threats. To comprehend what is implied by ‘cyber security’ it
is useful to start by looking at a definition of the cyberspace:
“Cyberspace is an interactive domain made up of digital networks
that are used to store, modify, and communicate information. It
includes the internet, but also the other information systems that
support our companies, infrastructure, and services.”
The cyberspace can be partitioned into a model with many layers
involved:
• Physical establishments, for example, land, and submarine
links, and satellites that serve as correspondence pathways,
alongside routers that guide data to its destination.
• Logical building blocks that include programmed software,
for example, cell phone applications, working frameworks,
or internet browsers enable physical establishments to work
and convey.
• Data that travels the cyberspace, for example, web-based
social posts, writings, monetary exchanges or video
downloads. Prior to and after the transmission, this data is
regularly put away on (and altered by) PCs and cell phones,
or open or private cloud storage devices or networks.
 Cyber security and Its Fundamentals 31

• Individuals that control data, convey,

and structure the physical and logical
segments of the cyberspace.
Overall, these substantial and elusive layers
involve the cyberspace, which the people are
relying more and more on, for fundamental
parts of the day-to-day life. A reliable and stable
cyberspace is essential for the smooth working
of important infrastructural parts, for example,
energy, transport, food, health, and commerce.
As reliance goes up, so do the expenses of
disturbances caused—regardless of whether
incidental or purposeful—and the chances for
abuse and misuse.

2.2. THE WEB IS NOT JUST THE

INTERNET
At the point when cyber security is referred to,
numerous individuals tend to think about the
security of their gadgets, home or work PCs, or
the sites they visit every day. Be that as it may,
the cyberspace is significantly bigger than this
and incorporates the total of worldwide digital
systems.
It incorporates every single advanced
correspondence including vague and traditional
correspondence conventions or segregated
systems that are not available through the
internet. The internet (the IP—or Internet
Protocol (IP) system) is a marginally smaller
region that incorporates the most prominent
and generally utilized kinds of communication.
Vague and traditional correspondence
conventions or segregated systems include, for
example, atomic weapons storehouses
32 Cyber Security

Inside the internet, lies one more circle which

is commonly called ‘the web,’ or the pages that
can be gotten to utilizing an internet browser.
The internet and web are regularly referred to
conversely. However, they differ from each
other, and one of them sits inside the other. Even
though (and most mainstream analysis) cyber
security is being discussed, what is truly implied
is security regarding the internet, where, by far,
most of the worldwide correspondence happens.
Internet browsers include examples such as
Firefox, Chrome or Safari (Figure 2.1).

Figure 2.1: Components of cyberspace.

2.3. THE CYBERSPACE (FIGURE

2.2)

Figure 2.2: The Cyberspace.

Source: https://cdn.pixabay.com/photo/2016/10/21/11/10/
cyberspace–1757801_960_720.png
 Cyber security and Its Fundamentals 33

The four parts in the cyberspace depicted

above (physical, logical, data, and individuals)
have three essential qualities—network, speed, Cyberspace is an
and storage. These qualities empower both the individual as well as
positive and negative parts of the digital world international concept.
and ought to be comprehended with the end goal It is a widespread,
interconnected digital
to put the cyberspace in the setting. technology.
This is the way in which the people can start
to comprehend digital security—by inspecting
the essential layers of the cyberspace and their
qualities and investigating what this implies
for the wellbeing and steadiness of the rapidly
digitizing world (Figure 2.3).

Figure 2.3: Qualities of the cyberspace.

2.3.1. Network
Almost 40 percent of the total populace is
associated with the internet, through various
devices, for example, PCs, laptops, tablets,
and cell phones. Likewise, there are billions of
other associated ‘things.’ For example, sensors
implanted in automobiles, processing plants,
buildings, planes, TVs, and toasters.
34 Cyber Security

This quickly expanding network produces

worth and advantages that are more than the
total value of the parts when taken solely. This is
known as a positive ‘network impact’— as more
gadgets are associated, more data is produced
and shared, and the estimation of the system
keeps on increasing for everybody. There are
clear advantages, for example, from having the
capacity to email anybody around the world
who associated with the internet, rather than
being limited to Western Europe.
The estimation of interpersonal organizations,
for example, Facebook or LinkedIn, goes up
drastically as more individuals join. Boundless
network additionally recognizes patterns and
exercises that were already exceptionally
troublesome or difficult to spot, for example,
following the spread of irresistible ailments.
The network permits instant messages and
records to be sent without much worry of being
tampered, around the world promptly, rendering
the distance insignificant. This network is useful
for representatives who use telecommuting
for work or the students that may be checking
Facebook from a café. It is similarly useful for
programmers endeavoring to break into a PC
on the opposite side of the world, or make sites
disconnected from the digital world, utilizing
the figuring intensity of a botnet, for example, a
group of PCs that have been contaminated with
a nasty software.

2.3.2. Speed
The question that arises frequently is that what
is the reason that the cyberspace appears to
 Cyber security and Its Fundamentals 35

change so rapidly, providing the opportunities

and difficulties at more noteworthy pace than the
people have been familiar within the physical
world? There are various explanations behind
this change, and they may be found anywhere
through the twentieth century.
They may be the development of the
semiconductor and transistor. Unfaltering
innovations in technology drove Gordon Moore
(co-founder of Intel) to express his conviction
that architects would have the capacity to
increase the quantity of transistors to twice as
much, on a PC chip in every couple of years.
This perception, known as Moore’s Law,
was made in 1975 and has remained constant
for as far back as forty-three years. It implies
that the speed which is the processing power
of PC chips keeps on increasing consistently,
making PCs stronger, transforming cell phones
into handheld systems, and permitting the
searches on Google to be giving results quicker
than ever. Employing more transistors onto a
chip implies more prominent speed, and speed
is what bolsters the digital world.

2.3.3. Storage
More prominent network and speed are pleasant,
yet they mean little without storage. There is no
prominent use of an email, content, spreadsheet
or report in the event that it may very well
be sent and received, but cannot be stored or
recovered. The limit of the storage has verged
on coordinating Moore’s Law, for example,
generally multiplying every couple of years,
as hard drives have moved from gigabytes to
terabytes and keep on developing.
36 Cyber Security

Storage includes capacity, as well as

performance, or, in other words ‘input to output’
speed of a storing gadget. Performance has risen
drastically with the change, over the previous
ten years, from conventional hard drives with
spinning plates to strong and steady hard drives
that have no moving parts. The moving parts
include devices, for example, cell phones, and
flash drives.
Storage enables the people on the internet to
download and store music, recordings, pictures,
and substantially more. This is similarly
significant for the hackers who are searching for
huge stores of data, or who wish to steal vast
amounts of data from the systems that are traded
off.

2.3.4. Reliance and Double Use

The impacts of this network, speed, and storage
are numerous and different, however, somewhere
around two ramifications can be made out.
• To begin with, the developing world
is intensely subject to advanced
innovations, regularly in manners
that are unpretentious or not promptly
evident. The internet encourages
most of the digital correspondences,
including money-related exchanges,
phone calls, and video calls, and
instant messages. Basic infrastructure
divisions depend on the digital
network to have better efficiency and
more benefits.
Basic infrastructure facilities involve
examples such as food, transport, and water. As
 Cyber security and Its Fundamentals 37

James Lewis noticed: ‘the effect of the internet

is to lower transaction costs—everything else is
just advertising.’ This reliance on the web as the
focal sensory system of the globe is developing
relentlessly and hints at no abating.
• Second, all advancements are doubly
utilized. There are no sorts of network,
speed or storage that will profit just
the people who are desirable and leave
out the one that are not desirable.
The advantages of this condition,
for instance, the capacity to develop
without asking consent from anybody,
are accessible to all the users, whether
nasty or honest.
This critical point is frequently disregarded
by strategy creators who endeavor to force
innovative answers for societal issues as they
ask ‘wouldn’t you be able to simply make us
a universally useful PC that runs every one of
the projects, aside from the ones that unnerve
and outrage us?’ or “Wouldn’t you be able to
simply prepare us an internet that transmits any
message over any convention between any two
points, except when it upsets us?”

2.4. INFORMATION ASSURANCE

FUNDAMENTALS
Verification, approval, and non-repudiation are
apparatuses that framework creators can use to
keep up framework security as for classification,
uprightness, and accessibility. Seeing every one
of these six ideas and how they identify with each
other enables security experts to structure and
actualize secure frameworks. Every part is basic
38 Cyber Security

to by and large security, with the disappointment

of any one segment bringing about potential
framework bargain.
There are three key ideas, known as the CIA
group of three, which anyone who ensures a data
Integrity is the framework must comprehend: confidentiality,
practice of being integrity, and accessibility. Data security experts
honest and showing are devoted to guaranteeing the insurance of
a consistent and
uncompromising
these principals for every framework they
adherence to strong ensure.
moral and ethical Furthermore, there are three key ideas that
principles and values. security experts must comprehend to implement
the CIA standards legitimately: validation,
approval, and nonrepudiation. In this area, we
clarify every one of these ideas and how they
identify with one another in the computerized
security domain. All definitions utilized in
this area start from the National Information
Assurance Glossary (NIAG) distributed by the
U.S. Board on National Security Systems.

2.4.1. Authentication
Validation is imperative to any safe framework,
as it is the way to checking the source of a
message or that an individual is whom he or
she asserts. The NIAG characterizes validation
as a “security measure intended to build up
the legitimacy of a transmission, message, or
originator, or a method for checking a person’s
approval to get particular classifications of data.
There are numerous techniques accessible
to verify a man. In every technique, the
authenticator issues a test that a man must
answer. This test ordinarily contains asking
for a snippet of data that just real clients can
 Cyber security and Its Fundamentals 39

supply. These snippets of data normally fall into

the three arrangements known as variables of
authentication. Authenticator is
At the point when a validation framework the means used to
requires more than one of these factors, the confirm the identity
security network groups it as a framework of a user, that is,
to perform digital
requiring multifactor verification. Two authentication.
occurrences of a similar factor, for example, a
secret phrase joined with a client’s mom’s last
name by birth, are not multifaceted verification,
but rather consolidating a unique mark check
and an individual identification number (PIN) is,
as it approves something the client seems to be
(the proprietor of that unique finger impression)
and something the client knows (a PIN).
Confirmation likewise applies to approve the
source of a message, for example, a system bundle
or email. At a low level, message authentication
frameworks can’t depend on similar elements
that apply to human confirmation. Message
verification frameworks regularly depend on
cryptographic marks, which comprise of a
process or hash of the message produced with
a mystery key.
Since just a single individual approaches
the key that produces the mark, the beneficiary
can approve the sender of a message. Without a
sound confirmation framework, it is difficult to
assume that a client is who he or she says that
he or she is, or that a message is from who it
professes to be.

2.4.2. Authorization
While verification identifies with checking
characters, approval centers on figuring out
40 Cyber Security

what a client has consent to do. The NIAG

characterizes approval as “get to benefits
conceded to a client, program, or process.”
After a protected framework verifies clients,
it should likewise choose what benefits they
have. For example, an internet keeping money
application will confirm a client dependent on
his or her accreditations; however, it should
then decide the records to which that client
approaches. Furthermore, the framework figures
out what moves the client can make with respect
to those records, for example, seeing adjusts and
making exchanges.

2.4.3. Non-Repudiation
Envision a situation wherein Alice is purchasing
an auto from Bob and signs an agreement
expressing that she will pay $20,000 for the auto
and will take responsibility for on Thursday. If
Alice later chooses not to purchase the auto,
she may guarantee that somebody fashioned
her mark and that she isn’t in charge of the
agreement. To disprove her case, Bob could
demonstrate that a legal official open checked
Alice’s personality and stepped the report to
show this verification.
For this situation, the public accountant’s
stamp has given the agreement the property of
nonrepudiation, which the NIAG characterizes
as “confirmation the sender of information is
furnished with verification of conveyance and
the beneficiary is given evidence of the sender’s
personality, so neither can later deny having
prepared the information.”
 Cyber security and Its Fundamentals 41

In the realm of computerized

correspondences, no legal official can stamp each
transmitted message; however, nonrepudiation Cryptography is a
is yet vital. To meet this necessity, secure method of protecting
frameworks regularly depend on unbalanced (or information and
communications
open key) cryptography. While symmetric key
through the use of
frameworks utilize a solitary key to scramble codes so that only
and unscramble information, Hilter Kilter those for whom
frameworks utilize a key match. the information is
intended can read
These frameworks utilize one key (private) and process it.
for marking information and utilize the other key
(open) for confirming information. If a similar
key can both sign and confirm the substance of
a message, the sender can guarantee that any
individual who approaches the key could without
much of a stretch have fashioned it. Unbalanced
key frameworks have the nonrepudiation
property because the underwriter of a message
can keep his or her private key mystery.

2.4.4. Confidentiality
The term privacy is natural to a great many
people, even those not in the security business.
The NIAG characterizes classification as
“affirmation that data isn’t unveiled to
unauthorized people, procedures, or gadgets.”
Guaranteeing that unapproved parties
don’t approach a snippet of data is an intricate
undertaking. It is least demanding to comprehend
when separated into three noteworthy advances.
To start with, the data must have protections
equipped for keeping a few clients from getting
to it.
Second, limitations must be set up to confine
access to the data to just the individuals who
42 Cyber Security

have the approval to see it. Third, a validation

framework must be set up to confirm the
character of those with access to the information.
Validation and approval, depicted prior in
this area, are crucial to looking after secrecy;
however, the idea of classification principally
centers on hiding or securing the data.
One approach to secure data is by putting
away it in a private area or on a private system
that is restricted to the individuals who have
authentic access to the data. On the off chance
that a framework must transmit the information
over an open system, associations should utilize
a key that just approved gatherings know to
virtual private scramble the information.
network (VPN) For data going over the Internet, this
extends a private
network across a
security could mean utilizing a virtual private
public network, network (VPN), which scrambles all activity
and enables users between endpoints, or utilizing encoded
to send and receive email frameworks, which confine survey of a
data across shared or message to the planned beneficiary. On the off
public networks as
if their computing
chance that private data is physically leaving
devices were directly its ensured area (as when representatives
connected to the pri- transport reinforcement tapes between offices),
vate network. associations ought to encode the information if
it falls under the control of unapproved clients.
Privacy of advanced data additionally
requires controls. Shoulder surfing, the act of
investigating a man’s shoulder while at his or her
PC screen, is a nontechnical way for an assailant
to assemble private data. Physical dangers, for
example, basic burglary, likewise undermine
privacy.
The results of a rupture of privacy shift
contingent upon the affectability of the ensured
information. A rupture in Visa numbers, as on
 Cyber security and Its Fundamentals 43

account of the Heartland Payment Systems

preparing framework in 2008, could result in
claims with payouts well into a great many
dollars.

2.4.5. Integrity
In the data security domain, honesty typically
alludes to information uprightness, or
guaranteeing that put-away information is
precise and contain no unapproved changes.
The NIAG characterizes uprightness as pursues:
Nature of an IS (Information System)
mirroring the coherent rightness and unwavering
quality of the working framework; the legitimate
culmination of the equipment and programming
actualizing the insurance instruments; and the
consistency of the information structures and
event of the put away information.
Note that, in a formal security mode,
trustworthiness is deciphered more narrowly to
mean assurance against unapproved change or
destruction of information.
This central, which depends on verification,
approval, and nonrepudiation as the keys to
looking after respectability, is keeping those
without approval from adjusting information.
By bypassing a confirmation framework or
raising benefits past those regularly allowed to
them, an assailant can undermine the honesty of
information.
Programming blemishes and vulnerabilities
can prompt unplanned misfortunes in information
respectability and can open a framework to
unapproved modification. Projects regularly
firmly control when a client has perused to-
44 Cyber Security

compose access to specific information, yet a

product weakness may make it conceivable to go
around that control. For instance, an aggressor
can misuse a Structured Query Language (SQL)
infusion powerlessness to remove, adjust, or add
data to a database. Upsetting the respectability
of information very still or in a message in travel
can have genuine results. On the off chance that
it was conceivable to alter an assets exchange
message going between a client and his or her
internet managing an account site, an aggressor
could utilize that benefit to his or her leeway.
The aggressor could commandeer the
exchange and take the exchanged assets by
adjusting the record number of the beneficiary
of the assets recorded in the message to the
assailant’s own financial balance number.
Guaranteeing the trustworthiness of this kind of
message is indispensable to any safe framework.

2.4.6. Availability
Data frameworks must be open to clients for
these frameworks to give any esteem. On the
off chance that a framework is down or reacting
too gradually, it can’t give the administration it
should. The NIAG characterizes accessibility as
“opportune, dependable access to information
and data administrations for approved clients.”
Attacks on accessibility are to some degree not
quite the same as those on integrity and secrecy.
The best-known assault on accessibility is a
forswearing of administration (DoS) assault. A
DoS can come in numerous structures; however,
each frame upsets a framework in a way that
keeps real clients from getting to it. One type of
DoS is asset weariness, whereby an aggressor
 Cyber security and Its Fundamentals 45

over-burdens a framework to the point that it

never again reacts to real demands.
The assets being referred to might be the DOS is a platform-
memory, focal handling unit (CPU) time, independent acronym
organize transmission capacity, as well as for Disk Operating
whatever another segment that an assailant can System, which was
initially introduced
impact. One case of a DoS assault is organizing by IBM for the Sys-
flooding, amid which the assailant sends so much tem/360 mainframe
system activity to the focused-on framework and later became
that the movement immerses the system and no common shorthand
real demand can traverse. for the popular fam-
ily of disk-based
Understanding the parts of the CIA ternion operating systems for
and the ideas driving how to ensure these x86-based IBM PC
principals is imperative for each security compatibles.
proficient. Every segment demonstration like a
column that holds up the security of a framework.
If an aggressor breaks any of the columns, the
security of the framework will fall.
Verification, approval, and nonrepudiation
are devices that framework architects can use
to keep up these pillars. Seeing how these ideas
interface with one another is important to utilize
them viable (Figure 2.4).

Figure 2.4: Information assurance fundamentals of

cyber security.
46 Cyber Security

2.5. BASIC CRYPTOGRAPHY

This segment gives data on fundamental
cryptography to clarify the history and nuts
and bolts of figures and cryptanalysis. Later
areas will disclose present day cryptography
connected to advanced frameworks.
The English word cryptography gets from
Greek and makes an interpretation of generally
to “shrouded composing.” For a great many
years, bunches who needed to impart in mystery
created techniques to compose their messages in
a way that just the expected beneficiary could
peruse.
In the data age, all correspondence is liable
to listening in, and therefore cryptography has
progressed quickly. Seeing how cryptography
functions are vital for any individual who needs
to make certain that their information and
correspondences are protected from interlopers.
This area examines cryptography, beginning
with essential figures and cryptanalysis.
The antiquated Egyptians started the primary
known routine with regards to writing mystery
messages, utilizing nonstandard symbolic
representations to pass on mystery messages
as right on time as 1900 BC. Since that time,
individuals have created numerous techniques
for concealing the substance of a message.
These strategies are known as figures.
The most well-known established figure is
the substitution figure. Substitution figures
work by substituting each letter in the letter
set with another when composing a message.
For example, one could move the letters of the
English letters in order as appeared:
 Cyber security and Its Fundamentals 47

‘abcdefghijklmnopqrstuvwxyz’
‘nopqrstuvwxyzabcdefghijklm’
Utilizing this figure, the message “the
demonstration begins at midnight” would be
composed as
“gurnpgfgnegf ng zvqavtug.”
The content above, demonstrating to
translate the message, is known as the key. This
is an extremely straightforward substitution
figure known as the Caesar figure (after Julius
Caesar, who utilized it for military interchanges)
or ROT13 on the grounds that the characters in
the key are pivoted thirteen spaces to one side.
Cryptography is driven by the steady battle
between individuals who need to keep messages
mystery and the individuals who work to reveal
their implications. Substitution figures are
extremely defenseless against cryptanalysis, the
act of breaking codes.
With enough content, it is easy to start
supplanting characters in the ‘ciphertext’ with
their possible ‘cleartext’ partners. Indeed, even
without thinking about the Caesar figure, it is
anything but difficult to figure that a three-letter
word toward the start of a sentence is probably
going to be the. By supplanting all occurrences
of the letters ‘g,’ ‘u,’ and ‘r’ with ‘t,’ ‘h,’ and ‘e,’
the ‘ciphertext’ changes to
‘the nptftnetfntzvqavtht’
Next, the expert may see that the fourth word
is just two letters in length and finishes with ‘t.’
There are two likely conceivable outcomes for
this word: ‘at’ and ‘it.’ He picks ‘at’ and replaces
all events of ‘n’ in the sentence with ‘a.’
‘the able ftaetf at zvqavtht’
48 Cyber Security

With at set up, the example is clearer, and

the expert theories that if the letter ‘g’ means ‘t,’
the neighboring letter ‘f’ may mean ‘s.’
‘the adept staets at zvqavtht’
The word ‘staets’ now looks like ‘starts,’
and the investigator makes another substitution,
showing that ‘rst’ is equal to ‘efg,’ which
uncovers the full example of the figure and the
message. While the message is currently clear,
the importance of “the demonstration begins
at midnight” isn’t. Code words are an amazing
method for concealing a message, however,
in contrast to cryptography, can’t shroud the
significance of discretionary data without
concession to the importance of the code words
ahead of time.
Short messages can be hard to decode
because there is little for the investigator to
examine; however long messages scrambled
with substitution figures are helpless against
recurrence examination. For example, in the
English dialect, a few letters show up in a larger
number of words than others do.
‘E’ is by a wide margin the most well-known
letter in the English dialect and, in that capacity,
is additionally, in all probability, a character
in an article written in English. An examiner
Ciphertext is
could decide the doubtless clear text of any
encrypted text.
Plaintext is what ciphertext scrambled with a substitution figure.
you have before As appeared in the model sentence above, while
encryption, and ci- the ciphertext has all the earmarks of being
phertext is the arbitrary, designs remain that deceive the first
encrypted result.
content.
 Cyber security and Its Fundamentals 49

A definitive objective of any figure is to

deliver ciphertext that is unclear from arbitrary
information. Evacuating the examples inborn
in the first content is significant to delivering
ciphertext that is impossible to translate without Learning Activity:
the first key. In 1917, Gilbert Vernam built up Go to the internet and
search about various
the one-time cushion, a cryptographic figure other methods that are
that, with a properly randomized key, produces used for cryptography.
unbreakable ciphertext.
A one-time cushion is like a substitution
figure, for which another letter dependent on a
key replaces a letter, yet rather than utilizing a
similar key for the whole message, another key
is utilized for each letter. This key must be in
any event if the message and not contain any
examples a cryptanalyst could use to break the
code.

2.6. SUMMARY
The cyberspace is a wide subject that involves
all the components including the web and the
internet. It is significant that the components
on which the cyberspace runs, like those of
network, speed, and storage are looked after
very closely, in order to ensure that there are no
obstacles in the working of cyberspace.
The fundamentals on which the cyber
security is dependent are authentication,
authorization, nonrepudiation, confidentiality,
integrity, and availability (CIA), wherein the
CIA remain the most sorted after fundamentals
and focused on.
Cyber security also depends a lot on the way
the messages are cryptographed. The criminals
try to break the norm of cryptography in any
50 Cyber Security

possible manner, but it becomes extremely

important for the people in charge of the
security to decipher the messages in any form of
their encryption. In the next chapter, the readers
will be taken through the management of cyber
security and risk management in organizations.
 Cyber security and Its Fundamentals 51

REVIEW QUESTIONS
1. Explain the meaning of cyberspace.
2. Differentiate clearly between cyberspace, web, and the
internet.
3. Enlist the various fundamentals of Cyber security.
4. Define the process of basic cryptography.
5. Dwell on the concept of Confidentiality, Integrity, and
Availability.
6. What are the three essential qualities of cyberspace?
7. Explain Moore’s Law.
8. What is nonrepudiation of data?
9. What are the main characteristics that have been outlined by
main National Information Assurance Glossary (NIAG)?
10. Define that one approach that would help in securing data.

CHOOSE THE CORRECT OPTION

1. In which year, Gilbert Vernam built up the one-time
cushion, a cryptographic figure?
a. 1912
b. 1917
c. 1915
d. 1927
2. Who can misuse a Structured Query Language (SQL)
infusion powerlessness to remove, adjust, or add data to a
database?
a. Aggressor
b. Criminal
c. Data Scientist
d. None of the above
3. The act of investigating a man’s shoulder while at his or
her PC screen is a _______________.
a. Technical Way
 52 Cyber Security

b. Non-Technical Way
c. Industrial Way
d. both a and b
4. When was Moore’s Law formulated?
a. 1956
b. 1976
c. 1975
d. 1989
5. Network, Speed, and _______________ are the three
important qualities that are found in the four parts of
cyberspace.
a. Data
b. Storage
c. Security
d. None of the above
6. Employing more transistors onto a chip implies
_______________.
a. Security
b. Storage
c. Prominent speed
d. Strong Network
7. Which framework is dependent upon cryptographic
marks, which comprise of a process or hash of the message
produced with a mystery key.
a. Validity
b. Confirmation
c. Message Verification
d. None of the above
8. _______________ can prompt unplanned misfortunes in
information respectability and can open a framework to
unapproved modification.
a. Programming Blemishes
b. Cyber Crime
 Cyber security and Its Fundamentals 53

c. Data Misuse
d. Hacking
9. _______________ work by substituting each letter in the
letter set with another when composing a message.
a Validity
b. Substitution Figure
c. Symbols
d. None of the above
10. Which alphabet is the most well-known letter in the English
dialect?
a. E
b. A
c. S
d. I
 54 Cyber Security

REFERENCES
1. Clemente, D., (n.d.). Fundamentals of Cyber Security. [ebook]
Available at: http://www.vertic.org/media/assets/VI%202015/
VI%20Chapter%2010.pdf [Accessed 13 November 2018].
2. Graham, J., Howard, R., & Olson, R., (2011). Cyber Security
Essentials. Taylor and Francis Group, LLC.
3. O’Shea, K., Steele, J., Hansen, J. R., Jean, B., & Ralph, T., (2007).
Cyber Crime Investigations: Bridging the Gaps Between, Security
Professionals, Law Enforcement, and Prosecutors. Syngress
Publishing Inc.
 CHAPTER

3
MANAGEMENT OF CYBER
SECURITY

LEARNING OBJECTIVES:
• Learn about the management of cyber security
• Know about the mistakes that are commonly committed
while dealing with cyber security
• Get an insight into a suggested model for an approach
to cyber security
• Understand the different levels of cyber security
• Learn the concept of risk management in cyber security

KEYWORDS
• administration • risk
• cyber security levels • risk assessment
• cyber security management • risk communication
• information assets • risk management
• management model
• mistakes
 56 Cyber Security

A Case Showing the Consequences of the Absence of Cyber

Security Management Systems
ABC Company gets attacked by a cyber attacker. The attacker
extracted some very confidential and valuable information from the
company’s database. The company management then hired a very
highly skilled team of professionals that were supposed to guard
against the cybercrimes. The company had also employed a variety of
different protective software and firewalls.
In spite of all the arrangements, the attacker was able to break into
the cyber systems and hack the computers. The management was not
aware of the gravity of the situation and had run out of the ideas for
countering the issue. No risk management model had been designed
or adapted for such situations. Actually, the resultant situation had
risen because of the absence of any kind of management model.

Discussion Question
1 What are the mistakes that the company could have avoided
on their part?
2. Is there a need for a management system for cyber security?
The above vignette offers a scenario about the need for a
management model for the security in the cyber world. The vignette
focuses on various ways in which an entity can fail if they do not
employ a cyber security management model. The chapter further
elaborates on what this model may mean and the need of it in the
cyber world.

3.1. CYBER SECURITY MANAGEMENT

3.1.1. Formation of a Model for Management of Cyber

Security
What is imperative is that digital dangers are exceptionally hard to
foresee, envision, and take preventive measures in time (Craig and
 Management of Cyber Security 57

Valeriano, 2016), so the Risk that digital assaults

will be effectively executed is expanding. This
is especially valid on account of Lithuania,
particularly in perspective of the current
geopolitical circumstance.
As of now, there is no digital security
administration show created which enables a
reaction to digital assaults, startling situations,
and vulnerabilities, so it is fundamentally
imperative to manage digital security issues
with regards to basic framework, with the end
goal to shield the essential interests of the state. Administration is
It ought to be noticed that the minor innovative the range of activi-
ties connected with
issues and arrangements don’t tackle every one organizing and
of the issues as a digital security administration supervising the way
model of basic framework ought to be always that an organization
enhanced alongside the quickly developing or institution func-
innovation (Water Information Sharing and tions.
Analysis Center, 2015) (Figure 3.1).

Figure 3.1: Strategies for cyber security.

Source: https://upload.wikimedia.org/wikipedia/
commons/1/1d/Cyber security_Strategy_5_Layer_
CS5L.png
58 Cyber Security

3.2. DIGITAL SECURITY MIS-

TAKES
There are normal errors that associations make when
contemplating the digital security of their assets:
• Falsely believing that every
foundation can be made safe from
any weakness. Every association that
works foundation and particularly
basic framework ought to comprehend
that full security is only a fantasy.
The most critical part of security is to
comprehend what are the most defenseless
regions, what exercises one should do to keep
away from dangers, which systems one must
distinguish unusual foundation action and have
a reasonable arrangement which depicts how to
diminish misfortunes and to re-establish ordinary
movement of your framework (WISAC, 2015).
Nonetheless, a principal perspective which
ought to be the most vital to associations is the
location and reaction for basic circumstances.
These things can altogether decrease loses
worried about digital security breaks
(TechRepublic, 2004).
• False sentiments that selecting the
best experts will spare you from the
digital danger. Every association
needs to comprehend that digital
security isn’t an office yet an entire
association’s methodology (WISAC,
2015; Singer and Friedman, 2014).
Qualifying digital security as one of the
offices and expert affiliation shape the beguiling
feeling of safety. This methodology is defective.
Digital security must be an essential goal and
 Management of Cyber Security 59

must turn into a key point of every association’s

colleague, on the grounds that the human factor
is the most helpless part in digital security
(TechRepublic, 2004; Wei et al., 2010). This
implies, for instance, digital security ought to
wind up one of the association’s arrangements,
which can impact profit.
• False reasoning about security
advancements and devices that are
utilized to guarantee the security.
Organizations that deliver specialized
hardware and programming will never
ensure that their items will safeguard
you from 100% of digital assaults.
Innovation and gear utilized in the
cutting-edge world to the satisfaction
of certain security highlights, for
example, identifying an interloper or
and so forth. Digital security is
an all-encompassing
These measures and instruments are vital
term which includes
and must be utilized in the industrial framework, the tools you can
yet it is simply innovation, and it can’t give you use to secure your
add up to digital security (TechRepublic, 2004; identity, assets and
Wei et al., 2010). Instruments must be a sure technology in the
online and mobile
item, which happens after the time when great
world.
and solid digital guard capacity is sent.
In any case, items alone don’t make the
IT office, everybody oversees digital security,
and the human factor remains the weakest
connection in connection to security (WISAC,
2015). Interest in devices is significant just when
individuals know about their moral obligation
and try to guard their systems.
For example: Social building, which is yet
one of the fundamental dangers confronting an
association dealing with their very own security.
60 Cyber Security

Innovation can help in such a manner, yet it is

critical that chiefs assume liability in taking care
of this issue. Associations need to comprehend
that every individual in the organization should
be advanced in training and should comprehend
the risk of digital assaults.
• False supposition that digital security
is just about compelling observing.
Observing in this setting has a wider
importance than simply checking
of gear and framework resources.
Checking is certifiably not a limited
specialized view, which is connected
to data assets, data frameworks
and system observing, yet is an
expansive view, which joins the entire
association of the encompassing
condition and current cybercrime
patterns following.
Checking is useless if nobody can gain from
it (WISAC, 2015). On the off chance that you
comprehend the outside changes and patterns in
the digital security, you will have the capacity to
utilize these bits of knowledge, and create fitting
approaches and procedures to be fruitful in the
battle against cybercrime over the long haul.
Digital security approach and methodology
must be founded on consistent learning and
advancement. Associations need to see how
dangers advance and create later, and what the
chances to get ready for the up and coming
dangers are.
This methodology is at last savvier since they
have certain points of interest over a transient
increment in security by building increasingly
elevated dividers. Every association must
 Management of Cyber Security 61

guarantee that the data about the security

powerlessness is shared to other people, on the
grounds that just the trading of data may give a
general image of the real security circumstance
in the city, state or the world scale (Govindarasu
and Hahn, 2017).
• False feelings that safety efforts that
are utilized by the association to
shield itself from digital dangers are
unrivaled. Security should initially be
resolved to accomplish its objectives.
Making successful digital security
and attempting to keep away from
digital assaults resembles running in
Olympic long-distance race; however,
security isn’t winning versus digital
assailants.
The assailants grow new strategies and
systems, and protectors are constantly one
stage behind. It appears that it is valuable to put
resources into progressively advanced safety
efforts to counteract assaults, yet the fact of the
matter is unique.
The digital security strategy must organize
interest in foundation furthermore, assets, instead
of the most recent innovation or frameworks that
can distinguish any risk (WISAC, 2015). As a
matter of first importance, you must comprehend
what sort of trespassers could be occupied with
the association’s exercises and why.
We should comprehend the estimation
of their advantages, to have the capacity to
evaluate and accept some Risk on the grounds
that unlimited cost advances, as has been said
previously, don’t guarantee finish security.
62 Cyber Security

The primary part of digital security is that

digital security ought to be the foundation of
the advancement of new IT arrangements and
frameworks, and not, as frequently occurs,
recalled just toward the finish of the venture like
has occurred.

3.3. REACH OF CYBER SECURITY

MANAGEMENT MODEL
Facilitate on we will give the digital security
administration module which can be utilized
to guarantee security to any basic framework
and additionally to enhance the digital security
of any business organization or government
association. Nonetheless, we won’t focus on
utilization of solid innovation hardware or
data security administration forms that are
utilized for making the basic framework more
secure, however, will give center data about the
proposed model
The exhibited model is built from the six
center fields that the creators observe to be most
basic during the time spent guaranteeing digital
security. Every one of these components have
the same significance and should be produced
throughout the entire association altogether, on
the grounds that simply the improvement of the
one a player in the model won’t roll out any huge
improvements to the security in association
(Figure 3.2).
 Management of Cyber Security 63

Figure 3.2: Center segments of the cyber security

model.
As it appeared in Figure 3.2, the model
comprises from the six center segments:

3.3.1. Lawful direction

This piece of the model is built from
prerequisites and lawful procedures and
perspectives that should be accomplished by
the association which is pondering the advanced
digital security. It must contain the entire vision
of all enactment demonstrations which will be
utilized in association’s everyday life (security
guidelines for representatives, data security
officers and system executives, any measures
which are utilized or are wanted to create an
association and so on.).

3.3.2. Great Administration

As far as digital security accomplishment, this
is possibly the most vital piece of the digital
64 Cyber Security

security administration display. Every cutting-

edge hierarchical pioneer needs to comprehend
the primary points of digital security in their
association and comprehend that there are
dangers that will never be rejected from
authoritative life.
The association needs to comprehend that
you can’t effectively stay away from all digital
dangers; however, you can limit the effect of
digital occurrences to the association on the off
chance that they happen.
Digital security must be the main stone
in any venture platform. Any task or action
which is arranged inside the association should
initially be completely investigated from a
security viewpoint. Just a decent understanding
that security, and particularly digital security, is
the central component of any undertaking will
give accomplishment to association extends and
will set aside some cash and assets.

3.3.3. Risk Administration

This is the association’s capacity to legitimately
distinguish dangers that are developing around
the association and guaranteeing they have the
authority abilities to control the effect of these
dangers. As was referred to before, associations
can’t maintain a strategic distance from all risks.
Sometimes it is more critical to have all
dangers recognized and have an emergency
course of action than attempt to stay away from
all dangers.
Truth be told, the association must learn not
exclusively to keep away from dangers, yet in
addition figure out how to acknowledge them.
 Management of Cyber Security 65

Here and there the capacity to recognize the

dangers and get ready emergency courses of
action will help the association than endeavoring
to stay away from the distinguished dangers.
Simply after cautious thought of all dangers
can the inquiry be replied; what is more
successful, evasion or the utilization or counter-
measures?

3.3.4. Security Culture

This should be coordinated in the digital
security administration demonstrate. This
measurement is presumably the hardest to
execute and control. You can utilize informatics, Endeavor is leading
arithmetic or risk administration innovations to the high-impact
entrepreneurship
endeavor to ascertain what is more valuable movement around
to the association – purchasing new security the world.
framework or tolerating the dangers of robbery;
however, it is significantly harder to with your
workforce, since they are individuals.
This viewpoint is vital, and the association
needs to comprehend that it is helpless as the
general population who are working there.
Security must be justifiable for each association
part, and every part should have a capacity to
figure out how to protect the association and
themselves from digital security episodes as slip-
ups can be basic to the security of the association.
One of the greatest digital security botches in
this measurement is normally connected with
the assessment of higher supervisors and IT
authorities that they should have more benefits
and access on their frameworks.
On the off chance that you require truly to be
ensured and need to have less issues with digital
66 Cyber Security

security, you must comprehend that all safety

efforts must be accessible to all workforce; else
you can lose your battle for digital security.

3.3.5. Innovation Administration

As has been referred to previously, digital
security isn’t just about the innovative way to
deal with the association however you should
utilize it to accomplish your hierarchical
objectives. Attempt to comprehend that your
insight about every part that is controlled by IT
can be powerless.
One should know every segment that you
use for your association work. This learning
will fill you in as to whether there are a few
parts, which are powerless and can be the
ruptured. The administration of advancements
and segments will give you a chance to diminish
the time, which is expected to expel the impacts
of the security occurrence or keep the ascent of
security episode.

3.3.6. Incident Administration

This measurement is firmly joined to the
legitimate measurement of the module. You
should have uncommon plans with respect to
the episode result administration. These designs
need to incorporate guidelines to association
individuals which must be connected if any
protected episode occurs. You must distinguish
which estimates must be actualized when
attempting to diminish the effect of the episode
and how to reestablish ordinary activity to your
association.
 Management of Cyber Security 67

Each field (measurement) of the proposed

digital security administration display must be
plainly recognized, estimated, and assessed and
the association needs to build up a reasonable
arrangement with respect to the issues that are
distinguished in each field of the digital security
administration demonstrate.

3.4. LEVELS OF CYBER SECURITY

MODEL
Each measurement of the proposed digital
security administration model can be isolated
into three levels: beginning level, moderate
level, and full joining level. Starting level of all
measurements is related with the association’s
capacity to plainly distinguish which issues can
be met by the association amid the execution of
the digital security demonstrate:
• The legitimate measurement
will comprise of the profound
investigation of the lawful structure
inside and outside the association
and distinguishing proof of the
considerable number of holes in the
lawful viewpoints that can influence
the digital security approaches of
association.
• The great administration
measurement will incorporate the
investigation of the administration
framework in the association, with
the likelihood to distinguish which
division or individual is engaged
with to the basic leadership process.
Indeed, even a little comprehension
68 Cyber Security

of the administrative procedure in the

association and the administration
procedure participation with the
Leadership is a
process by which digital security field will make the
an executive can association somewhat more grounded
direct, guide and on digital security field.
influence the
• The Risk administration measurement
behavior and work
of others towards starting level gathers every one of the
accomplishment of dangers that have any plausibility
specific goals in a to show up inside or outside the
given situation. association and can influence the
associations’ typical life and activity.
• The security culture measurement
needs the reasonable comprehension
of the association and its individuals
about all safety efforts which can
be utilized inside the association to
attempt to increment digital security.
• The innovation administration
measurement must incorporate
an unmistakable vision of the all
advances utilized in the association
on every day working procedures.
Just a reasonable perspective of
existing advances that are utilized
in the hierarchical life can recognize
what can be utilized as assault vectors
to these advances and what measures
can be utilized to avert or limit
assaults.
• The occurrence administration
measurement starting level in
the association must contain the
hierarchical capacity to comprehend
that every association can be
harmed through industrial or social
 Management of Cyber Security 69

perspectives and this harm can show

up whenever from any framework
fragment (equipment or programming)
or workforce. Episode administration
on this level can contain basic
guidelines to the association that can
be utilized on account of the strange
movement against the association.
The comprehension of the digital
occurrence nature is the first, and
perhaps the principle, venture to
expanding digital security in the
association.
Moderate level of every one of the six digital
security administration show measurements
incorporates the unmistakable arrangement and
perceivability of changes, which should be done
in association:
• The legitimate viewpoints should be
unmistakably recognized, and every
single working guidance should be
arranged and acquainted with every
individual from the association.
• The great administration measurement
needs to plainly recognize the
administration chain in the association
with clear outskirts of obligation
regarding every office that is engaged
with authoritative life.
• The Risk administration measurement
needs to distinguish the reasonable
arrangement of maintaining a
strategic distance from or tolerating
the dangers which were recognized
in the underlying level of the digital
security administration show; because
70 Cyber Security

occasionally the better choice is to

acknowledge a few dangers than
endeavor to keep away from them (it
costs increasingly or takes tremendous
assets).
• in the moderate level needs to
incorporate a reasonable arrangement
of dealing with the security culture
measurement workforce and giving
an unmistakable recognizable proof
of abilities that should be come to
by every association part (you must
design extra preparing for your IT
security experts and IT framework
clients because just qualified IT
individual ought not be the guarantee
of your digital security).
• The innovation administration must
incorporate clear and reasonable data
about the product and advances that are
utilized in the association, including
the existence cycle of utilized gear
and programming, in light of the
fact that most security breaks are
hidden inside the frameworks that are
obsolete, yet at the same time utilized
in authoritative working procedure
(this innovation review should be
done ceaselessly, in light of the fact
that it will give you a chance to design
fiscally what updates are required for
your current hardware).
• The episode administration
measurement in this level needs
to contain nitty gritty plans and
bearings about the association’s
recuperation designs if any digital
 Management of Cyber Security 71

security occurrences occur and the

typical work of the association is
disturbed. Every division of the
association or hierarchical part must
know the catastrophe recuperation
plan if a digital security assault on the
association is successful.
The moderate level of each measurement in
the digital security administration demonstrate
resembles the all-around prepared warrior who
has enough information how to achieve his
central goal, yet doesn’t overlook that even very
much prepared fighters now and again require
preparing to invigorate his insight. Associations
need to do convenient reviews of the digital
security administration display measurements
and auspicious updates to all designs.
Associations need to recollect that the
world is changed by the PC innovations and
this change procedure is yet occurring. At the
point when associations attempt to make due,
they must adjust to the progressions and play
by the guidelines of today’s advances and
innovations that will show up later. Generally,
the advanced association will battle to get by in
our interconnected world, and every association
needs to comprehend that it is difficult to make
its very own Arthur Conan Doyle’s Lost World.
The largest amount of the digital security
administration demonstrate is the full joining
(interoperability) level. It is characterized by
the full interconnection of all administration
demonstrate measurements. On this level, the
association is working like an expansive armed
force of troopers dealing with one general
mission and each measurement of the digital
72 Cyber Security

security demonstrate is a characteristic piece of

the association.
The incorporation of the digital security
administration show into the association is
an exceptionally troublesome process which
requires considerable comprehension, and this
learning can’t be related with the innovation or
data security fields.
The greatest issue is to interface innovations
and administration together because regularly
specialized, and administration pro talks diverse
dialects. Your association will change when
you start to comprehend digital security not
as an industrial order but rather as a genuine
administration challenge. The model which has
been displayed in this article presents a few
favorable circumstances to associations which
actualize it.
Every one of the measurements of the
displayed model should be auditable and
reestablished on a convenient premise, and this
procedure will give the association a superior
comprehension of the cybercrime world around
it and data about digital security slants that
assistance the association settle on the correct
choices and be more impervious to the digital
assaults.
It additionally presents the capacity to
empower authoritative pioneers to effectively
partake in basic leadership and forming the
digital security strategy and a chance to
appropriately survey the dangers identified with
security and legitimate recognizable proof of
such dangers. The capacity to figure out how
to oversee episodes and decrease the impacts
of a fruitful assault enables all individuals
 Management of Cyber Security 73

from the association to comprehend digital

security dangers by realizing what activities Assault is the act of
should be done to diminish the progressing inflicting physical
assault indications or which moves should harm or unwanted
be made to maintain a strategic distance from physical contact
upon a person or, in
vulnerabilities.
some specific legal
The capacity to enhance the associations’ definitions, a threat
notoriety in the outside condition because the or attempt to commit
association truly thinks about digital security such an action.
is more appealing to customers or colleagues
including the capacity to direct correspondence
inside the association, which makes the
association more impervious to assault.
This information makes security and certainty
inside an association which can without much
of a stretch manage digital security dangers and
maybe the time has come to step toward the
administration display lastly comprehended
that innovation and administration must walk as
one with the end goal to guarantee compelling
digital security (Figure 3.3).

Figure 3.3: The three parts of risk management.

74 Cyber Security

3.5. RISK MANAGEMENT

Risk Management is essentially to take a gander
at what could turn out badly, and after that
choose approaches to anticipate or limit these
potential issues. It includes three procedures:
risk appraisal, chance relief, and assessment.

3.5.1. Risk
Misfortune means
The likelihood of enduring mischief or
bad luck or the state
of having bad luck. misfortune. It alludes to an activity, occasion
or a characteristic event that could cause a
bothersome result, bringing about a negative
effect or outcome.

3.5.2. Risk Assessment

The way toward distinguishing dangers to data
or data frameworks, deciding the probability of
the event of the risk, and recognizing framework
vulnerabilities that could be abused by the
danger.

3.5.3. Risk Management

The way toward going out on a limb and
maintain a strategic distance from or decrease
risk to satisfactory levels.
The steps in risk management are (Figure
3.4):
1. Risk Assessment
• Classify data
• Identify the dangers
• Identify vulnerability
• Analyze Risk to data resources
 Management of Cyber Security 75

• Select a philosophy
• Summarize and impart risk
Risk assessment is a
term used to describe
the overall process or
method where you:
Identify hazards and
risk factors that have
the potential to cause
harm (hazard identifi-
cation).

Figure 3.4: Various processes in risk assessment.

2. Risk Mitigation
• Identify alternatives
• Choose an alternative
• Implement
 Accept the Risk
 Transfer the Risk
 Limit the Risk, set up con-
trol;
 Avoid the Risk
3. Assessment

3.6. RISK ASSESSMENT

Risk evaluation is the principal stage in the Risk
administration process. The risk is evaluated
by recognizing dangers and vulnerabilities, and
after that deciding the probability and effect for
each risk. It is imperative to assign an individual
or a group, who comprehends the association’s
main goal, to occasionally evaluate and oversee
data security chance.
76 Cyber Security

The assigned individual will work with

others from the association to comprehend
the business program part of data resources,
the innovation included, and the effect and in
addition the expenses of dealing with the risk.

3.6.1. Characterize Information

Before an association can evaluate the risk, it
should initially characterize the data resources
in the association. Characterization is the
assignment given to data from a characterized
class based on its affectability. Data resources
incorporate all classes of data (computerized
and non-automated), including (however not
constrained to) information contained in records,
Accessibility in the
documents, and databases.
sense considered
here refers to the Data resources typically include: open
design of products, records mission-basic frameworks, client
devices, services, or interfaces, inner devices, source code, and
environments so as to
be usable by people
private records. The association oversees
with disabilities. ensuring the classification, respectability, and
accessibility of the data resources.

3.6.2. Distinguish Threats

A risk is a power, association or individual,
which tries to access, or trade-off, data. By
taking a gander at the idea of the danger, its
ability, and assets, one can survey it, and after
that decide the probability of an event, as in risk
appraisal. A danger can be evaluated regarding
the likelihood of an assault.
There are numerous kinds of data security
dangers, and a few precedents are recorded
beneath:
 Management of Cyber Security 77

• Internal (for example, noxious or

unconscious workers);
• Mobile (for example, assailants who
take remote frameworks which,
thusly, give access to data);
• Physical (for example, assailants who
take PCs or go into server rooms, file
organizers, or workplaces);
• Natural (for example, fire, surges,
and seismic tremors bringing about
electrical blackouts, gear, and
equipment disappointments);
• Network (for example, aggressors
who endeavor to trade off frameworks
uncovered on an open system or
attempt to parody or emulate remote
frameworks);
• Social (for example, assailants who
attempt to trick representatives into
uncovering data through phishing);
• Malicious (for example, infections,
worms, and Trojan ponies, code that
may harm, uncover, or catch data).

3.6.3. Distinguish Vulnerabilities Trustworthiness is

a moral value
Vulnerabilities must be distinguished. considered to be a
virtue.
Vulnerabilities are shortcomings, in a
framework or office holding data, which can be
misused to obtain entrance or abuse framework
trustworthiness.

3.6.4. Examine Risk to Information Assets

There are inalienable dangers engaged with
containing and exchanging data. Data is liable
78 Cyber Security

to purposeful and unexpected activities by other

individuals or frameworks. On the off chance
that data is private, there might be unapproved
individuals who need to see it. For example,
contenders or displeased or inquisitive workers
may be the individuals who need to examine
risk.
Individuals may endeavor to break into the
gadgets containing the data or attempt to capture
the data amid exchange. Individuals may
likewise get secret data unconsciously and totally
coincidentally. Moreover, data frameworks can
be perniciously or coincidentally harmed. Data
security breaks like these can genuinely hurt an
association.
Risk for a given resource can be given in
the broadest shape utilizing the accompanying
condition:
Risk = (Probability of a risk happening
against a benefit) x (Value of advantage)

3.6.5. Select a Method

With the end goal to evaluate Risk in some design,
an association should build up a technique for
estimating Risk, so this data can be spoken with
others. There are numerous philosophies to
pick from; every association should figure out
which is ideal. At last, the association should
comprehend its data security dangers.

3.6.6. Condense and Communicate Risk

Risk must be estimated for every data resource,
and for the association in general, and afterward
 Management of Cyber Security 79

imparted so choices can be made to deal with

the Risk.
Data Resource
is a component of
3.7. RISK MITIGATION information technol-
ogy infrastructure
Risk mitigation is the way toward taking activities
that represents all the
to wipe out or decrease the likelihood of trading data available to an
off the privacy, honesty, and accessibility of organization, whether
esteemed data advantages for worthy levels they are automated or
non-automated.

3.7.1. Distinguish Options

It is up to the association to moderate dangers
with the goal that advantages are ensured. When
the risk to data resources has been estimated,
a choice must be made about how to moderate
that chance. The four strategies to distinguish
the choices are:

3.7.1.1. Acknowledge the Risk

An association may decide just to acknowledge
Risk under these situations:
• The Risk is viewed as low. For
example, the estimation of an
advantage is low, and the likelihood
of dangers influencing the benefit are
satisfactory.
• The expense of tolerating the Risk is
observed to be lower than the expense
of exchanging or constraining the
Risk.
If the expense of tolerating the Risk is
high or more than the expense of exchange or
restricting it, at that point the association ought
80 Cyber Security

not to acknowledge the Risk. The association

should then take a gander at exchanging or
restricting the Risk

3.7.1.2. Exchange the Risk

At the point when the Risk is exchanged, the
Risk is imparted to an outsider partially or in
entirety. This is regularly found in the utilization
of protection. Outsider protection associations,
for an expense, consent to acknowledge the
Risk and remunerate the data proprietor for the
full harm of a specific risk.
This is suitable for equipment or when the
recover esteem is gotten if the advantage is
obliterated or where an association needs to
restrict risk. Now and again, exchanging danger
may not be accessible. In different cases, the
Risk might be too high and too expensive to
safeguard.

3.7.1.3. Extend the Risk

At the point when a Risk is high for a specific
resource, and the Risk can’t be exchanged (i.e.,
not handy or cost-effective), at that point the Risk
ought to be constrained to a limited extent or in
full. The procedure incorporates recognizing the
most plausible dangers to a given resource and
distinguishing, looking into, or building up a
worthy control to that risk.
On account of constraining dangers, the
association may choose to arrange the buy of
programming for all PC gadgets to lessen the
effect of those dangers. Constraining danger
will mean controlling access to the system, by
introducing antivirus, spam ware and a firewall
where none exists. Preparing representatives,
 Management of Cyber Security 81

assistants, and contractual workers to know

about data security will likewise help diminish
the dangers. Constraining dangers may involve Spamware is
software designed
incidences, for example, an infectious disease,
by or for spam-
spam, and unapproved internet access. mers. Spam-
ware varies widely,
3.7.1.4. Stay Away from the Risk but may include
the ability to
Risk evasion is normal for a few of us; however, import thousands
for other people, chance taking is a piece of the of addresses, to
excites of life. With regards to one’s duty as a generate random
supervisor, they need to know when it is suitable addresses, to insert
fraudulent headers
to maintain a strategic distance from the Risk
into messages, to use
out and out. dozens or hundreds
There is no general response to when chance of mail servers
shirking will be suitable on the grounds that simultaneously, and
to make use of open
each condition is unique. Risk evasion might relays.
be utilized to ensure those benefits which are
at high Risk. A few models of this alternative
include:
• Building an office outside a surge
zone.
• Keeping PCs frameworks with
classified data or PPSI on them
separated from the Internet.

3.7.2. Pick an Option

When the association has recognized the
different alternatives for relieving Risk, one must
be chosen. The group or individual assigned to
deal with Risk administration should work with
the proper people and suggest to administration.
Remember the choice should be inspected at
whatever point the data resource changes since
the arrangement of the data resource may change
or the dangers and dangers change.
82 Cyber Security

3.7.3. Actualize the Option

Actualizing the choice includes putting
enthusiastically the decision that has been made
Learning Activity for relieving the risk. As recently characterized,
Learn and collect the conceivable activities are to acknowledge
information about the risk, exchange, as far as possible the risk,
the various organiza- or keep away from the risk. Every data resource
tions and their risk
presently has an appointed risk, and the choice
management systems
regarding the cyber for alleviating the risk has been picked.
security. Executing the picked choice will result in
specific systems being pursued or potentially
new controls set up. Constraining the risk by
setting up control will be the most ordinarily
picked alternative to ensure people’s data
resources and frameworks. Consistent observing
and standard refreshing are a piece of the usage
to keep the risk at an adequate level.

3.8. ASSESSMENT
An assigned group or individual ought to
finish to guarantee that the choice moderated
the risk for each distinguished data resource
has been actualized. At least, a yearly audit
should likewise be performed to guarantee that
the controls set up are yet useful and suitable
to ensure a given data resource. A specialized
security audit would comprise of checking on
the controls incorporated with a framework or
application to guarantee regardless they execute
as structured and are in consistency with
archived security strategies and techniques.
It would likewise incorporate checking on
security patches to guarantee they have been
introduced and are operational, auditing security
guidelines, for example, get to control records
 Management of Cyber Security 83

for cash, testing of firewall rules, and so on.

This sort of testing incorporates interruption as Firewall is a
network security
well as entrance testing of controls.
system that monitors
and controls
incoming and
3.9. SUMMARY outgoing network
traffic based on
The management of cyber security is as predetermined
important as the methods that are undertaken to security rules.
make sure that it is carried out in an appropriate
way. The model of cyber security management
dwells upon various segments of the cyber
security management including the levels of
cyber security that thrive in the model. The risk
management involves taking risks in a thought-
out way by properly assessing, mitigating, and
analyzing the risk that is to be taken while
undertaking cyber security.
The management of the risk talks about
encountering various vulnerabilities and
communicating the risk to the peers. It is also
important to characterize information in a
certain way. What is more important is to not
commit the usual mistakes of falsely believing
certain pre-defined things.
 84 Cyber Security

REVIEW QUESTIONS
1. Explain the management of cyber security.
2. Enlist the various mistakes of digital security.
3. Form a Cyber Security Management Model.
4. Enlist the various levels of cyber security.
5. Explain the whole process of Risk Management.
6. How do you manage cyber security through model formation?
7. In what ways false reasoning results in digital security lapse?
8. Describe the security culture that would help to achieve the
cyber security model.
9. What are the main points which fall under risk assessment to
manage risk in the cyber security world?
10. How do you characterize information in order to assess the
risk?

CHOOSE THE CORRECT OPTION

1. _______________ is the likelihood of encountering mischief
or misfortune?
a. Novelty
b. Pride
c. Risk
d. Life
2. _______________ is the way toward distinguishing dangers
to data or data frameworks, deciding the probability
of the event of the risk, and recognizing framework
vulnerabilities?
a. Risk Management
b. Risk Assessment
c. Risk Eradication
d. Risk Encountering
3. Numerous kinds of data security dangers are all except:
a. Mobile
 Management of Cyber Security 85

b. Physical
c. Network
d. Emotional
4. Segments of the cyber security management model
comprise of all except:
a. Lawful direction
b. Security culture
c. Social togetherness
d. Innovative administration
5. The three parts of risk management are all except:
a. Risk assessment
b. Risk forecasting
c. Risk mitigation
d. Assessment
6. Strategies of cyber security management involve:
a. Network
b. Firewall
c. Security Training
d. All the above
7. Risk assessment involves:
a. Classifying data
b. Identifying dangers
c. Identifying vulnerabilities
d. All the above
8. The false beliefs that usually occupy people’s minds are all
except:
a. Supposing that hiring experts will be enough
b. That every organization can be made safe from any kind
of vulnerability
c. That criminals can be in any form
d. That the best gadgets in the market are enough to fight
cyber crime
 86 Cyber Security

9. The method to maintain a strategic distance from or

decrease risk to satisfactory levels is known as:
a. Risk Management.
b. Risk mitigation
c. Risk Assessment
d. None of the above
10. Constraining danger will mean controlling access to
the system, by introducing antivirus, spam ware and
_______________
a Software
b. Hardware
c. Firewall
d. Malware
 Management of Cyber Security 87

REFERENCES
1. Cyber Security: Risk Management a Non-Technical Guide Essential
for Business Managers Office Managers Operations Managers,
(2012). [ebook] Available at: https://its.ny.gov/sites/default/
files/documents/risk-management-guide–2012.pdf [Accessed 13
November 2018].
2. Jenab, K., & Moslehpour, S., (2016). Cyber Security Management:
A Review. [online] Available at: https://www.researchgate.net/
publication/305220294_Cyber_Security_Management_A_Review
[Accessed 13 November 2018].
3. Limba, T., Plėta, T., Agafonov, K., & Damkus, M., (2017).
Cyber security management model for critical infrastructure.
Entrepreneurship and Sustainability Issues, [online] 4(4),
pp. 559–573. Available at: https://www.researchgate.net/
publication/317715298_Cyber_security_management_model_for_
critical_infrastructure [Accessed 13 November 2018].
 CHAPTER

4
CYBER INVESTIGATORS AND
DIGITAL FORENSICS

LEARNING OBJECTIVES:
• Learn the art of detecting a cybercrime
• Know about the ways in which the conclusions are
drawn
• Get to understand the concept of Digital Forensics
• Dwell upon the processing of a cybercrime scene
• Know about the obstacles that are usually faced which
extracting evidences

KEYWORDS
• anonymization • pursuit & seizure
• cybercrime examination • scene processing
• digital forensics • stored communications
• encryption • stored communications
• forensic services
• jumbling
 90 Cyber Security

The Case of Boston Killings and the Role of Digital Forensics

In a recent case, one woman was killed and another attacked after
meeting individuals through Craigslist, Boston was on high alert.
The attacks were quite similar in nature, and hence the investigative
agencies were employed with immediate effect. A team of digital
experts were given the responsibility to identify the source of the
invitations.
Fortunately, law enforcement had their suspect within a week of
the murder, thanks to digital forensics. Investigators tracked the IP
address from the emails used in the Craigslist correspondence to an
unlikely suspect: 23-year-old medical student Philip Markoff. Without
the digital trail of evidence, who knows how prolific Markoff could
have become.

Discussion Questions
1. How important is digital forensics for the field of cyber
security?
2. What is the scope of cyber investigations?
The above vignette offers a scenario about the forensics in the
digital world. The vignette brings out the importance of forensics in
tracing the path to the defaulters and criminals, who break cyber laws
and ethical boundaries to cause harm to others. The chapter elaborates
on the use of such forensic methods and their importance.

4.1. EXAMINING CYBER CRIME

4.1.1. Outlook and Technical Competencies

Indeed, even with solid substantive and procedural household criminal
laws and consent to worldwide instruments, for example, the Budapest
Convention, examinations may yield minimal except if police are all
around prepared and skilled (Figure 4.1).
 Cyber Investigators and Digital Forensics 91

Figure 4.1: There are numerous efforts and ways to

examine cybercrime.

Source: https://cdn.pixabay.com/pho-
to/2017/05/16/23/32/spyware–2319403_960_720.
jpg
A noteworthy errand looked by the more
extensive criminal equity network is conveying
a common understanding in regards to the
fundamental specialized aptitudes, learning,
and jobs performed amid examinations and
indictments (Graycar, 2001). Numerous
digital violations are advanced and effectively
thought out, expecting police to apply industrial
aptitude and deductive thinking to disentangle
complex ‘usual methodology’ and substantiate
components of an offense (Bromby, 2006).
Data security’s accentuation on equipment Anchoring is a
and programming answers for checking cognitive bias
activity and anchoring information is entirely where an individual
depends too heav-
deficient when setting against creatively mixed
ily on an initial
assault vectors (Ghosh, 2002). Composed and piece of informa-
determined digital assaults have dodged security tion offered when
insurances inside major worldwide partnerships making decisions.
and stolen data and cash without hardly lifting
a finger (Robertson et al., 2014). Progressed
mixed assaults use vulnerabilities in settled and
92 Cyber Security

remote systems to take certifications and direct

observation (Fire Eye Labs, 2015).
Hoodlums utilize conduct profiling to take on
the appearance of customary framework clients
while exploring private systems and abusing
applications to abstain from stimulating doubt
(Crowd Strike, 2015). Eventually, signature-
based business arrangements come up short on
the knowledge expected to recognize and kill
relentless accursed action that moves along the
side and discreetly (Brown, 2015).
The figure of speech ‘waste in, trash out’
mirrors the risk of delegating untrained and unfit
workforce to catch confirmation of noxious
movement and secure proof of digital crime
irritating. A prepared initiative is required to
adequately coordinate examinations and direct
the arrangement of scientific help (Horswell,
2004; Raymond, 2006).
Shockingly, officials with little in the method
for the specialized foundation, regularly fill
initiative positions in government, police, and
law implementation organizations inside these
zones. Like the composed criminal components
that grasp new advancements while sticking to
demonstrated strategies for carrying out crime,
examiners must think like their criminal foes to
decode the specialized underpinnings of digital
crime insulting (Endgame, 2015; Nuth, 2008).
Crime scene inspectors are the lynchpin of
effective examinations and the basic initial step
for starting the chain-of-authority (Stanley and
Horswell, 2004). Innovation enhances the limit
of police to catch a huge range of potential proof
(Mandel, 1987); however, it is the human side
 Cyber Investigators and Digital Forensics 93

of a digital crime which is essential for giving

importance and gauging criticalness of ESI. Digital crime begins
Police must translate and relate data to help when there is illegal
case hypotheses and seek after leads by starting activity. Done to
data or information
exchanges with key people that are integral to on computers or
an examination. It is basic for law requirement networks.
offices to hold workforce with this analytical
mentality to uncover digital crime insulting.
Beside electronic proof, examiners likewise
draw on other criminological science orders to
accumulate physical follow proof from crime
scenes, including print, hair, and fiber antiques
(Gilbert, 2004; Kaye, 1995; White, 2004).
Talented agents in the advanced space have a
characteristic feeling of interest joined with a
longing to clear up reality, set up certainties, and
uncover the response to specialized inquiries
that emerge amid a request.
Deductive and inductive thinking is
utilized to build up arrangements of occasions.
Customary law authorization methods including
reconnaissance, talking, inquiry, and seizure,
and formal legitimate process components
are then executed to help or disprove case
hypotheses. This mix of abilities goes past
essential conventions of ‘stowing and-labeling,’
or ‘monkey see, monkey do.’
The inclination is one of interfacing snippets
of data to frame general tenets or ends, and
distinguishing connections among apparently
random occasions. As a case unfurls, center
strategies are sensitive to address difficulties
as agents depend on instinct and smoothness
to seek after leads (Horswell, 2004; Robertson,
2004). Thusly, the analytical mentality is a
versatile way to deal with taking care of issues
94 Cyber Security

dependent on understanding the source material,

Reconnaissance is arrangement, and arranging, investigation,
a mission to obtain grouping, and recording, and evaluation.
information by visual
observation or other
The point “is to create taught ways to
detection methods, deal with basic leadership and to guarantee
about the activities all choices are significant, suitable, and can
and resources of an be exhibited to other people” (Hunton, 2011).
enemy or potential However, despite the inescapability of advanced
enemy, or about
the meteorologic,
data, many police and investigators are reluctant
hydrographic, to gather and present impalpable sources of
or geographic proof. The absence of driving edge devices and
characteristics of a contracting spending plans for acquiring assets
particular area. are continuous issues (Mislan, 2010).
Finding the correct mix of abilities to meet
the rigors of a digital crime request is extremely
troublesome. The mix of analytical and
specialized strategies utilized by computerized
crime scene investigation cross-examiners is
gotten from logical information and pragmatic
learning from rehashed casework. Albeit
legal examination can reveal the ‘conclusive
evidence’ which represents the moment of truth
a case, more frequently it adds an incentive
by giving the insight to set up actualities of a
validating sort (Saferstein, 1983).
The requirement for prepared examiners and
investigators who are acquainted with sources
of electronic proof is winding up progressively
basic as criminal acts move from physical to
advanced spaces. With the end goal to adequately
take care of the rigors of a digital crime request,
agents require a scope of ‘delicate’ and ‘hard’
aptitudes, combined with the experience to apply
those abilities in genuine and virtual conditions.
 Cyber Investigators and Digital Forensics 95

4.1.2. Pursuit and Seizure

Digital crime examination may include some type
of intrusive or coercive inquiry, reconnaissance,
or observing action by law requirement or
knowledge organizations (O’Harrow, 2005;
Stephenson, 2003; Zavrsnik, 2010).
‘Inquiry and seizure’ are a functioning
method of examination, which includes finding
proof, recognizing suspects, securing criminals,
and talking observers. Legitimate specialist and
best practices for executing hunt and seizure
warrants fluctuate significantly among wards
and criminal equity frameworks, including rules
administering dealing with electronic proof
(Jarrett and Hagen, 2009; United Nations Office
on Drugs and Crime, 2013).
At the point when police direct hunt
exercises, equipment, programming, fringe
stockpiling gadgets, and data in the double and
printed frame might be seized. It is occupant
for examiners to think about the propriety of
reviewing and forensically obtaining information
at the scene (i.e., ‘in situ’) and whether the
conditions may legitimize physically seizing
hardware for further examination in a research
center (Clancy, 2011).
In most western popular governments, Articulation is the
act of expressing
national administrative arrangements exist to
something in a
implement consistency with worldwide human coherent verbal
rights law, including the rights to security and form, or an aspect
opportunity of supposition and articulation. of pronunciation
involving the
For example, articles 10 and 17 of the articulatory organs.
Universal Declaration of Human Rights (1948),
article 6 of the European Convention for the
Protection of Human Rights and Fundamental
96 Cyber Security

Freedoms (1953), article 16 of the Convention

on the Rights of the Child (1989), article 22 of
the Convention on the Rights of Persons with
Disabilities (2006), article 14 of the Convention
on the Protection of the Rights of All Migrant
Workers and Members of Their Families (1990),
article 8 of the European Convention on Human
Rights (1950), article 11 of the American
Convention on Human Rights (1969), and
articles 10 and 17 of the International Covenant
on Civil and Political Rights (1966) to which
168 States are party.
Indeed, even in occasions where the UN
Member States are not bound by an arrangement
or tradition, these instruments present least
benchmarks and are intelligent of standard
legitimate standards. All things considered,
country expresses that have marked, yet not
Motivation is the approved an instrument, will undoubtedly
reason for people›s
regard its motivation and protest, as per article
actions, willingness
and goals. 18 of the Vienna Convention on the Law of
Treaties (1969).
Be that as it may, standard legitimate
standards have unquestionably lost a portion of
their intensity as of late, especially as for their
appropriateness to the internet (Brown, 2015).
For instance, the articles 2(4) and 51 of the
Charter of the United Nations (1945) can’t really
be depended upon to give staunch direction to
approach creators all-inclusive in regards to
information-driven threats (Schmitt, 2013).
All things considered, lawful national
structures likewise exist to secure protection,
conclusion, and articulation (For example,
article 13 of the Charter of Human Rights and
Responsibilities Act, 2006, Victoria). Before
 Cyber Investigators and Digital Forensics 97

beginning a pursuit, examiners must guarantee

that they comply with appropriate laws or hazard
having seized shows pronounced unacceptable
at preliminary.
In a few locales, there are special cases that
may legitimize warrantless inquiry and seizure
exercises (For example, assent, ‘crisis’ fear
monger circumstances, plain view principle,
seek identifying with capture, and so on.).
However, a genuine hunt of the information put
away on a gadget, for the most part, requires a
warrant in precedent-based law nations.
In conditions where there is a generous
danger of losing proof, for example, where
information is sterilizing, and other enemies
of legal sciences instruments are dynamic, a
few wards allow law authorization to play out
a restricted hunt of gadgets without a warrant
because of the apparent defenselessness of the
information (Dee, 2012).
Remote wiping and erasure instruments are
packaged preinstalled on numerous cell phones
and accessible for buy as business programming
or freeware. Amid warrant action, examiners
may likewise find legitimately secured sources
of ESI (For example, the teaching of lawful
expert benefit, open intrigue insusceptibility,
and so forth.), adding a layer of multifaceted
nature to the procedure of proof taking care of.
Many investigators encounter administrative
delays in obtaining legal authority to conduct
police investigations due to judicial uncertainty
about cybercrime offending. Albena Spasova,
who worked in promoting law reform in
Moldova and Bulgaria, commented: “Even
in 2001, I was meeting judges who thought
98 Cyber Security

cyber-crime was someone stealing a computer”

(Kshetri, 2013, p. 10).

4.1.3. Stored Communications

Throughout an examination, police often
assemble data around an occasion after it
has happened. The re-institution of digital
crime insulting expects specialists to follow
correspondences back to a source and recover
data about that correspondence (Herrera-
Flanigan and Ghosh, 2010; Schjølberg and
Ghernaouti-Hélie, 2011).
The limit of police to distinguish people
responsible for area names and IP addresses at
a given point in time is a crucial advance in the
analytical procedure (U.S. Branch of Justice,
‘Examinations Involving the Internet and
Computer Networks,’ 2007).
Examiners with the imperative lawful
specialist and related data about a suspect (For
example, username, IP address, time, and date
Endorser is a of suspicious movement) may likewise have the
person who is capacity to acquire endorser information, value-
authorized to sign a based or activity information, and substance
negotiable security information from specialist co-ops (Australian
in order to transfer
Government, 2012).
ownership from one
party to another or Examiners will probably build up a
to approve the terms connection between a suspect and the
and conditions of a commission of a crime if they can anchor
contract.
information from physical gadgets utilized by a
suspect to support supporter, value-based, and
content information.
Article 1d the Budapest Convention
characterizes “movement information” as
“any PC information identifying with a
 Cyber Investigators and Digital Forensics 99

correspondence by methods for a PC framework,

created by a PC framework that shaped a section
in the chain of correspondence, demonstrating
the correspondence’s starting point, goal,
course, time, date, size, span, or kind of hidden
administration” (Convention Committee on
Cybercrime, 2001) (Figure 4.2).

Figure 4.2: Cell phone is the most widely accepted

form of stored communication.

Source: https://encrypted-tbn0.gstatic.com/images?
q=tbn:ANd9GcRPDd7o8NeZbUDckM0jbwawoUN
rHmmDBA9VbK0Fx_gdY-tgGSP_
‘Content information’ isn’t characterized
in the Budapest Convention “however alludes
to the substance of the correspondence, that is,
the importance of the correspondence, or the
message or data being passed on (other than
100 Cyber Security

movement information)” (Broadhurst, 2006, pp.

408–433).
In a few purviews, broadcast communications
suppliers can supply examiners with put away
substance, for example, voice message, call logs,
and codes for getting to information contained
on Subscriber Identity Module (SIM) cards
by utilizing Pin Unlock Key (PUK) codes for
handsets (Nelson, Phillips, and Steuart, 2010).
Police may likewise follow telephones
continuously through the media communications
organize utilizing cell tower information in the
mix with geospatial innovation (e.g., Stingray)
which may likewise be modified to coordinate
telephone flags and voice prints (Boyle, 2007;
Farivar, 2015; Lichtblau, 2012; Van Brocklin,
2014).
However, the plenitude of media
communications bearers can make it to a great
degree hard to follow a solitary correspondence,
as various legitimate procedures are conceivably
required to just set up the beginning. Plans of
action identified with maintenance and capacity
of information additionally vary locally.
Regularly, police are capable “to effectively
follow a couple of steps, just to discover that an
upstream bearer has not held the data, which is
basic to proceed with the examination” (Herrera-
Flanigan and Ghosh, 2010, pp. 305–306). The
issue for law authorization concerns “down to
earth challenges in capturing the interchanges
and related information that courts have
approved it to gather” (Caproni, 2011). Some
specialist organizations are even hesitant to
permit police access to fundamental data about
 Cyber Investigators and Digital Forensics 101

a client, subsequently additionally defeating

examinations.
There is show contradiction among ISPs
in numerous locales concerning the lawful
procedure that police must pursue to get
supporter information. Essentially acquiring
Internet account data for a solitary client can be
“confounded and include an expansion in the
measure of printed material and time a specialist
spends on a case” (D’Ovidio and Doyle, 2003,
p. 15.).

4.2. CYBERCRIME SCENE

PROCESSING AND FORENSIC
SERVICES
Policing has been changed by computerized
legal sciences and the improvement of devices
to help insightful procedures into digital crime
affronting (Leibrock, 2008). As a logical field
of the undertaking, measurable science utilizes
innovation to aid the foundation of actualities by
an official courtroom.
Advanced crime scene investigation is a
part of scientific science, which incorporates
the disclosure, obtaining, and examination
of data related with computerized gadgets.
Initially utilized as an equivalent word for PC
crime scene investigation, the term advanced
legal sciences have extended to include the
examination of any gadget fit for putting away
data in the computerized frame.
Advanced criminology examinations have
an assortment of uses, and the utilization of
legal procedures in the computerized area is
progressively a fundamental component of
102 Cyber Security

cutting-edge examinations, yet additionally

to help or disprove the hypothesis of a case in
customary common and criminal examinations.
Criminology is the “As a criminological control, nothing since DNA
study of the law innovation has had such an extensive potential
enforcement and
impact on particular kinds of examinations
criminal justice
system. and indictments as PC legal science” (Noblett,
Pollitt, and Presley, 2000).
Industrial development and patterns
rising in both business and purchaser markets
drive advanced crime scene investigation
examinations. This steady condition of transition
makes investigatory and logical difficulties
with the end goal that examiners must adjust
to unmistakable varieties in the frame and
source of ESI. Issues related with ‘enormous
information’ are a specific worry because of
the predominance of expansive and complex
informational collections (Caltagirone, 2015).
The extent of proof situated at crime scenes
is presently huge and envelops all way of cell
phones, electronic capacity mediums, and PC
organizing peripherals (Ritter, 2006). Numerous
buyer gadgets have advanced into versatile
information holders, and essentially every class
of crime can include electronic proof in some
shape or another (Bennett, 2012).
Thusly, the quintessential ‘conclusive
evidence’ is progressively seen as the
quintessential ‘needle in a pile.’ Advanced
legal sciences examinations are an extended
procedure and the objective “isn’t unadulterated
information yet down to earth supposition”
(Kelly and Wearne, 1998, p. 18).
The insightful test is one of finding,
recognizing, contrasting, and deciphering
 Cyber Investigators and Digital Forensics 103

differing sources of potential proof (Mora

and Kloet, 2010; PMSEIC Working Group
on Science, Crime Prevention and Law
Enforcement, 2000). Advanced crime scene
investigation utilizes a mix of analytical and
specialized techniques to translate discoveries.
This methodology joins logical learning with
reasonable skill got from rehashed casework.
Albeit measurable examination can reveal the
‘indisputable evidence’ which represents the
moment of truth a case (Saferstein, 1987), more
regularly it adds an incentive by giving the
insight to build up realities of a supportive sort
(Akin, 2011; Shavers, 2013).

4.3. DIGITAL FORENSICS

Digital or computerized Forensics is the branch
Documentation is
which manages the violations which occur a set of documents
over the PCs, where a solitary PC framework provided on paper,
establishes a whole crime scene or at all it or online, or on
might contain some proof or data that can be digital or analog
helpful in the examination. Nonetheless, in media, such as
audio tape or CDs.
specialized terms, it tends to be characterized as
the procedure of ID, procurement, conservation,
investigation, and documentation of any
advanced proof.
Computerized legal sciences are the way
toward gathering proof from any figuring
gadget and examining, breaking down and
safeguarding the equivalent to introduce it
as lawfully permissible proof in the official
courtroom (Figure 4.3).
104 Cyber Security

Figure 4.3: A digital forensic lab.

Source: https://upload.wikimedia.org/wikipedia/
commons/b/b4/Digital_forensics_lab.jpg
The goal of advanced legal sciences is
to pursue the institutionalized examination
process while archiving any proof that is put
away carefully which may demonstrate to the
individual in charge of the crime.
The examiners utilize different systems
and scientific applications to seek concealed
envelopes, recover erased information, decode
the information or reestablish harmed documents
and so on. An exhaustive examination can
disclose to us when any record was made,
altered, printed, spared or erased.
There are a few issues that can be looked by
advanced crime scene investigation analysts like
the documents that are encoded take additional
time, the quickly changing PC innovation,
and hostile to legal sciences apparatuses
can signify additional time and cash for the
examining association. Be that as it may, as the
crime’s recurrence rises so does its need to get
researched. Along these lines, the procedure
which should be pursued must be intensive and
 Cyber Investigators and Digital Forensics 105

up to its full advancement level with the end

goal to fathom the case.

4.4. OBSTACLES TO EVIDENCE

DISCOVERY AND ANALYSIS

4.4.1. Resourcing and Liability

Live crime scene investigation is “the methods
and system of getting antiquities of evidential
incentive from a machine that is running at the
season of examination” (Biggs and Vidalis,
2009). Unstable information subsisting in RAM
and systems administration peripherals must be
caught live to guarantee that data is safeguarded Encryption is the
(Hay, Nance and Bishop, 2009). process of encoding
Full circle encryption and remote a message or
information in such
associations with processing assets may
a way that only
likewise call for live legal sciences strategies to authorized parties
obtain data. Be that as it may, amid legitimate can access it and
procedures the uprightness of electronic proof those who are not
might be raised doubt about if the police authorized cannot.
can’t clarify the results of insightful exercises
performed on live frameworks.
At last, any live method performed on a
running gadget makes changes to the framework
state. Consequently, it might be difficult to repeat
the live framework state to check and approve
discoveries, when control is expelled (Carrier,
2006). It is therefore that any movement,
which changes information on a framework, is
debilitated.
This data commonly comprises the first
proof and any adjustment to document metadata
is like defiling a crime scene (Shipley and
106 Cyber Security

Reeve, 2006). By the by, freedoms might be

taken, given that activities can be adequately
clarified and advocated under the watchful eye
of an official courtroom.

4.4.2. Distributed Computing and Data

Mapping
Individual, open, and private areas are
progressively interconnected through the
arranged foundation, extending from few
gadgets associated in closeness to many gadgets
connected through virtual private systems that
length topographical and jurisdictional limits
(Smith, 2004; Zatyko and Bay, 2011).
The notoriety of distributed computing has
intensified cross-fringe analytical and protection
issues since residential laws are naturally
nearby, and the cloud is inherently worldwide.
Inside their server farms, cloud specialist co-ops
(CSPs) offer access to ground-breaking figuring
and systems administration framework (Grace
and Mell, 2011).
Assets are conveyed to clients as an
administration that is gotten to remotely over
a system. The administration contributions
are recognized by usefulness and conveyance
display. Distributed computing is a power
multiplier, and the growing purchaser base all
around offers digital offenders both a unified
pool of unfortunate casualties and new roads to
abuse computerized assets and sidestep location
(Mills, 2012).
Cloud administrations may turn into the
objective of criminal action (For example,
unapproved get to, framework undermine,
 Cyber Investigators and Digital Forensics 107

information burglary, spying/stalking, and so

on.). In a similar vein, Cloud administrations
may likewise be utilized as a method for carrying
out criminal action (For example, sloping edge
for exfiltrated information, vehicle for spread
of kid misuse material, stage for perpetrating
misrepresentation and other illegal action,
watering opening for malware appropriation,
asset for Distributed Denial of Service Attack
reflection and enhancement, and so forth.).
Specialists routinely experience gadgets
associated with cloud administrations amid
warrant movement including remote work area
sessions, remote administrations associated with
cell phones, dynamic Virtual Private Network
(VPN) associations, and availability to webmail Synchronization is
and long-range informal communication stages. the coordination of
Because of computerized cloud reinforcement events to operate a
and synchronization among shopper gadgets, system in unison.
information is regularly repeated crosswise over
different distributed computing situations.
This data can give fundamental insights
about exploitation, how a guilty party carried
out a crime, and proof of earlier acts exhibiting
a course of lead. Information capture attempt
strategies utilized by police organizations may
encourage access to information put away and
transmitted by means of cloud administrations.
Nonetheless, where CSPs have tasks that
length numerous nations, information for
individual cloud clients might be topographically
scattered and possibly pooled with information
from different clients (i.e., multi-tenure),
contingent upon the cloud organization show
executed. This fundamentally thwarts crime
scene examination and occasion recreation.
108 Cyber Security

Keeping up proof coherence can be mind-

boggling as both put away and transmitted
information might be recovered from
divergent purposes of birthplace inside
distributed computing frameworks (i.e., trans-
fringe information streams, conveyed record
frameworks, information reinforcement and
replication/synchronization, and so on.)
which influences the legitimate arrangements
overseeing information access and revelation.

4.4.3. Web-Based and Satellite Telecom-

munications
At the point when the media communications
industry presented computerized, switch-based
broadcast communications benefits during the
1990s, the limit of exploring experts to capture
voice correspondences was fundamentally
weakened.
In the US, Congress established the
Communications Assistance for Law
Enforcement Act (1994) (CALEA) to defeat
this issue, expecting bearers to be capable “to
disconnect and convey specific correspondences,
to the rejection of different interchanges, and to
have the capacity to convey data with respect to
the beginning and end of the correspondence”
(Caproni, 2011). This is normally alluded to as
dialing, and flagging data or pen enlist data.
The approach of direct distributed systems,
which can transmit interchanges by means of
settled broadband Internet associations and
remote passageways, has represented a critical
test for exploring experts.
 Cyber Investigators and Digital Forensics 109

Observation is significantly harder to

achieve on the grounds that unadulterated
shared systems don’t have a brought together
server through which parcels of information
are steered. Block attempt additionally ends up
risky where correspondences conventions use
encryption for protection, for example, Secure
Real-time Transfer Protocol (SRTP) (Forte,
2006; Schjølberg & Ghernaouti-Hélie, 2011).
Law implementation and national security
organizations have campaigned “that their
capacity to wiretap criminal and fear-based
oppression suspects is going dim as individuals
progressively impart online rather than by
phone” (Savage, 2010).

4.4.4. Anonymization
Email information is regularly a fundamental
source of proof for police examinations. Header Criminal ac-
data inside email strings can help police in tion is a proce-
dure by which a
recognizing the root of a correspondence and person accused
may even pinpoint to the physical area of a of committing
suspect. a crime is charged,
brought to trial and
Message substance and email connections can
judged. Main part of
likewise uncover individual about criminals and a criminal action is
co-backstabbers, including monetary exchanges the trial where
and direct proof identified with criminal action, innocence or guilt
and point by point records of correspondences of accused is
determined.
among culprits and unfortunate casualties. Cul-
prits that utilize advanced strategies for culpable
are very much aware of vulnerabilities related
with typical email transmissions.
Rather, they will utilize secure online
email administrations, remailers, and other
anonymizing strategies to convey discretely.
110 Cyber Security

Anonymization procedures are extraordinarily

made to cover a client’s personality
while exploring the Internet or sending
correspondences (Morris, 2004). Anonymizing
remailers are really go-between mail servers
that work as a door between the sender of an
email and the beneficiary.
At the point when email goes through the
remailer benefit, recognizing data is stripped
from the email header. Message content,
including connections, would then be able to be
namelessly sent to the beneficiary
Digital crime guilty parties likewise misuse
intermediary servers to hide online movement
(Spence, 2003). Intermediary administrations
empower clients to build up an association
with a system by means of a mediator server.
Regular intermediary servers can be arranged
for access control, reserving administrations,
and improved data security (Brown, 2015).
Unknown intermediaries additionally
allow clients to buy in with money or Bitcoin
Learning Activity: installments to cover or distort their character
Come across various amid the enlistment procedure. When arranged,
investigators and top
a scrambled ‘multi-bounce’ intermediary
forensic agencies that
investigate cyber- administration can be utilized to conceal an IP
crime and enlist at address, mimic another IP address, or divert
least one case about movement to cloud purposes of birthplace over
how the agency car- the system (Li, He, Huang, et al., 2011).
ried out its investiga-
tion.
4.4.5 Jumbling and Encryption
When executing inquiry and seizure warrants,
it tends to be extremely troublesome for police
to physically find gadgets at crime scenes
and different premises. Streak stockpiling is
 Cyber Investigators and Digital Forensics 111

regularly incorporated inside normal family unit

machines and individual things, for example,
toys, pens, shades, watches, adornments, and
gear labels (Young, 2009). Small scale Secure
Digital (SD) cards, portable SSDs, and remote
stockpiling gadgets can be hidden inside divider
pits, under tiles, and inside roof and floor spaces.
Regardless of whether specialists can
discover concealed gadgets, the substance of
information put away on those gadgets may
have been encoded. Steganography is a ‘data
carrying’ method that masks data inside the code
of normal documents, for example, realistic
pictures, reports, and sound accounts (Graham,
Howard, and Olson, 2011). Media records are
perfect hosts for steganography as they are very
expansive and won’t quickly excite doubt amid
investigation (Li et al., 2011; Shelly, 2004).
Examiners might have the capacity to
recognize the utilization of steganography Steganography
is the practice of
by applying ‘steganalysis’ to look at the mark
concealing a file,
of a speculate document against a realized message, image, or
unique to distinguish irregularities. In any video within another
case, even steganalysis may yield little esteem file, message, image,
where steganography has been joined or video.
with cryptography. System steganography,
specifically, is extremely hard to distinguish
because of secret control of lost, degenerate,
covered up or unused information fields inside
system movement.
A typical system is to cover up ‘steganograms’
inside VoIP transmissions amid video or sound
conferencing. Amid a normal VoIP call, bundles
of information might be quietly exchanged
between members.
112 Cyber Security

A while later, these gathered datagrams

can be reconstituted as important information
(Lubacz, Mazurczyk, and Szczypiorski, 2010).
The utilization of steganography to disguise
and convey pernicious code is additionally a
developing system utilized by malware creators
to sidestep system and host-based identification
components (Dell Secure Works, 2015).

4.5. SUMMARY
The investigation of cybercrime is a tedious
task and requires special kinds of skills to be
accomplished. It ranges from examining the
crime to processing the crime scene and using
digital forensics for the required assistance.
There are various obstacles that the experts
encounter in detecting a crime scene and
examining it like a distributed form of data,
different forms of communication, anonymous
messages and encryptions and that too in
jumbled form and many more. Digital forensics
helps to deal with all such kinds of obstacles and
result in smooth functioning of the system. In
the next chapter, the intrusion from the botnets
is discussed, which strengthens the argument of
the above chapter.
 Cyber Investigators and Digital Forensics 113

REVIEW QUESTIONS
1. Explain how a cybercrime is examined.
2. Enlist the points on what happens in the processing of a scene
of cybercrime.
3. Dwell on the concept of digital forensics.
4. Enlist various obstacles that the investigators must face while
analyzing the evidence and detecting them.
5. Explain the process of anonymization.
6. How do deductive and inductive thinking help in building the
arrangement of occasions?
7. What do you understand by enquiry and seizure in the cyber
world?
8. Explain resourcing and liability.
9. What is data mapping?
10. What is the use of Steg Analysis?

CHOOSE THE CORRECT OPTIONS

1. Examiners might have the capacity to recognize the
utilization of steganography by applying
a. Dig analysis
b. Steganalysis
c. Round analysis
d. Steno analysis
2. A ‘data carrying’ method that masks data inside the code
of normal documents is known as:
a. Bibliography
b. Agnometry
c. Steganography
d. Oliography
3. CALEA stands for:
a. Communications Assistance for Law Enforcement Act
b. Centre for Assistance of Law Enforcement Act
 114 Cyber Security

c. Communication Acknowledgement for Law Enforcement

Act
d. Communications Assistance for Law Enactment Act
4. SRTP stands for
a. Secure Real-time Transfer Protocol
b. Small Real-time Transfer Protocol
c. Secure Real-time Traffic Protocol
d. Secure Reality Transfer Protocol
5. VPN stands for
a. Virtual Private Network
b. Variable Private Network
c. Virtual Public Network
d. Virtual Private Narrative
6. ………. is the branch which manages the violations which
occur over the PCs
a. Digital Security
b. Cyber Innovation
c. Digital Forensics
d. Cyber Crime Investigation
7. _______________ is a method of examination, which
includes finding proof, recognizing suspects, securing
criminals, and talking observers
a. Inquiry and Seizure
b. Investigation
c. Mitigation
d. Assessment
8. Who stated: “As a criminological control, nothing since
DNA innovation has had such an extensive potential impact
on particular kinds of examinations and indictments as PC
legal science”?
a. Noblett, Pollitt, and Presley
b. Li, He, Huang
c. Biggs and Vidalis
 Cyber Investigators and Digital Forensics 115

d. Mora and Kloet

9. Who worked in promoting law reform in Moldova and
Bulgaria?
a. Albena Spasova
b. Schjølberg
c. Noblett
d. Presley
10. IP stands for
a. Internet Protocol
b. Internet Protection
c. Intranet Protection
d. Internet Proactiveness
 116 Cyber Security

REFERENCES
1. Brown, S. D. C., (2015). Investigating and Prosecuting Cyber Crime:
Forensic Dependencies and Barriers to Justice. [eBook] Available
at: https://www.cybercrimejournal.com/Brown2015vol9issue1.pdf
[Accessed 13 November 2018].
2. Computer Forensics, Part 1: An Introduction to Computer Forensics,
(2004). [eBook] Available at: http://www.isfs.org.hk/publications/
ComputerForensics_part1.pdf [Accessed 13 November 2018].
3. Rana, N., Khatter, K., Sansanwal, G., & Singh, S., (n.d.). Taxonomy
of Digital Forensics: Investigation Tools and Challenges. [eBook]
Available at: https://arxiv.org/ftp/arxiv/papers/1709/1709. 06529.
pdf [Accessed 13 November 2018].
 CHAPTER

5
SOCIAL MEDIA, BOTNET, AND
INTRUSION DETECTION

LEARNING OBJECTIVES:
• Get an insight about the intrusion processes of botnets
• Know about the lifecycle of a bot
• Learn about the different methods of detecting and
discovering botnets
• Know the various methods in which the intrusion
contaminates the clients
• Understand the relation of botnets with social media
channels and their adverse effects

KEYWORDS
• spamming
• botnet
• twitter
• contamination
• drive-by-download
• honeypots
• social media
 118 Cyber Security

George Walsh created botnets in the form of malware and infects

the devices made by him with that malware. He did that to shut
down the services of various social media platforms such as Twitter,
Facebook or Instagram, in a region or to block the services of certain
entertainment channels such as YouTube or Netflix. This may have
caused conundrum in the digital world which could deprive the users
of the services they have paid for and brought down the revenues as
well as the reputation of the service providers.
Another case of using the infected viruses is by using another
powerful botnet for, say, a “click fraud” scheme, used to artificially
generate advertising revenue by making it appear that a real user
clicked on an online ad. This deed also deprived the service providers
and the advertisers of the opportunity to market the product and poses
as an unfair competition to the other earners.

Discussion Questions
1. Are the botnets all that bad?
2 What are the various ways to prevent the botnet intrusion into
cyberspace?
The above vignette offers a scenario about the vicious use of
botnets in the digital world. The vignette brings forth the various ways
in which botnets can harm the security of certain systems and breach
the privacy of certain entities. The chapter explains the various types
of botnets and the vulnerabilities they use to get into the cyberspace
and the ways in which they can be avoided.

5.1. INTRODUCTION
Today, our reliance on the web has developed a complex. So, needs
to secure our immense individual data open through web interfaces,
for example, online passwords, privileged corporate insights, web-
based keeping money records, and person to person communication
accounts like Facebook.
The presence of botnets in the web scene in the course of the most
recent decade and their regularly changing conduct has caused genuine
 Social Media, Botnet, and Intrusion Detection 119

difficulties that can’t be effortlessly cured. As

indicated by writing, a botnet is characterized
to be an arrangement of contaminated hosts Botmaster is a
(likewise called bots or zombies) that run person who operates
independently and consequently, controlled by the command and
a botmaster (bot herder) who can coordinate control of bot-
nets for remote
his/her pernicious aims utilizing the tainted bots process execution.
(Figure 5.1).

Figure 5.1: Illustrations of botnets.

Source: https://upload.wikimedia.org/wikipedia/
commons/thumb/c/c6/Botnet.svg/2000px-Botnet.
svg.png
A portion of the noticeable noxious
assignments that can be credited to botnets
incorporates DDoS (Distributed denial of-
benefit), spam, phishing, ransom wares, and data
fraud. In a botnet DDoS assault, the botmaster
can direction every one of its bots to assault a
specific server (precedent: update.microsoft.
com) at a specific date, time, and for a span by
means of a noxious or mysterious intermediary
utilized as a venturing stone to shroud the
genuine instructing hub.
In a spam crusade, the hubs that shape the bot
organize oversee sending spam by carrying on
120 Cyber Security

as spam transfer focuses, conveying spam sends

to a rundown of proposed injured individual
email tends to be chosen by the botmaster.
Spam is electronic For example, a hub which is a piece of a spam
junk mail or junk botnet could be sent a rundown of email delivers
newsgroup postings. to spam for the day with a payload of the spam
that will be sent.
These spam messages could publicize
pharmaceutical items and may likewise convey
assist contamination executables by means of
email connections or connections to select more
bots, as done by botnets, for example, Storm,
and Waledac. In a phishing trick, botnets oversee
going about as web intermediaries or web servers
to convey scam website substance to benevolent
clients to accumulate their e-keeping money or
MasterCard certifications.
For example, the locales could have content
which resembles a managing an account site
asking for login subtle elements qualifications
which when entered by the client, can be
utilized by the botmaster to get to authentic
saving money destinations. In the end, the assets
are exchanged to accounts that leave no trails
(Nazario and Holz, 2008).
Botnets, for example, Storm have been
known to contaminate more than 2 million hosts
while Conficker has tainted more than 9 million
hosts as indicated by a few appraisals. As can be
seen, the sweeping impacts of vindictive goals
of botnets and their lords are a genuine risk.

5.2. BOTNET OFFENSE

With the end goal to more likely comprehend
the difficulties that the security network faces
 Social Media, Botnet, and Intrusion Detection 121

with the end goal to disassemble botnets, it first

needs to be seen how botnets work, and the
numerous apparatuses and strategies utilized by
them.

5.2.1. Setting up an Order and Control

Server
The initial phase in making a botnet is to set up
the Command and Control (C&C) server. This is
where the tainted hosts answer to the botmaster,
telling it that a host has been contaminated
effectively. This is additionally the area where
the contaminated hosts recover the full rundown
of directions that the tainted bot should run

5.3. BOT LIFECYCLE

Not at all like the underlying progressed botnets, Botnet is a number
for example, Agobot which conveyed a rundown of Internet-
of endeavors to perform on a defenseless host connected devices,
and its whole direction set at the season of each of which is
running one or more
starting contamination, each propelled bot today
bots.
utilizes various stages with the end goal to frame
a botnet (Schiller et al., 2007; Gu et al, 2007).
This was for the most part done first, to
stay away from mark recognition by system
interruption location frameworks, for example,
grunt (Roesch, 1999) and second, to decrease
the underlying disease size of the bot double to
make it less traceable while utilizing drive-by-
download assaults.
• Stage 1 of a bot’s lifecycle is the
underlying contamination/endeavor
of a host. In this progression, the bot
paired needs to initially taint the host
122 Cyber Security

by endeavoring to abuse at least one

security vulnerabilities that may pre-
exist on a framework.
• When tainted, stage 2 is the procedure
by which the bot reports back to the
botmaster utilizing the command and
control (C&C) channel to illuminate
him that the host has been effectively
traded off. Data identified with the
host, for example, opened secondary
passages, have activity framework
settings and system abilities are only
a portion of the points of interest
that are accounted for back amid this
stage.
• In stage 3, the bot downloads
new executables. This procedure
is additionally alluded to as egg
downloading. This could be
the segment that identifies and
incapacitates antivirus programming,
or could give potential updates to the
bot malware with its full direction
rundown to make it more useful.
• In stage 4, the downloaded malware
is executed on the bot. The bot at this
stage has turned out to be completely
utilitarian.
• In stage 5, the bot begins tuning in
to the order and control channel to
recover payload data from associates
or servers and could execute the
directions that are passed on utilizing
 Social Media, Botnet, and Intrusion Detection 123

the payload. It isn’t important that the

divert utilized in stage 3 is a similar
direct utilized in stage 5.
• In stage 6, the bot could alternatively
report the consequences of executing
the directions to the server. This
component is utilized by numerous
botnets to track the usefulness of the
bot so that the botnet could be stack
adjusted.

5.4. BOTNET CORRESPONDENCE

STRUCTURE
The most critical segment of a botnet that chooses
if it very well may be effortlessly disassembled
is its correspondence structure which is utilized
to order and control the tainted hosts of a botnet.
The kind of correspondence utilized between a
bot customer and its order and-control server or
between any two bot customers can be separated
into two sorts:
• Push-based directing; and
• Pull-based telling.
Every technique has its very own preferences
and hindrances. In a push-based correspondence,
the bot ace “pushes” the order that the bots are to
run. The upside of push-based correspondence
lies in the way that botmasters can promptly
request that bots play out a specific undertaking.
This considers more tightly control.
Nonetheless, the characteristic disservice of
such a strategy is the measure of activity that
124 Cyber Security

can be watched leaving the server, or the tight

planning connection between different checked
hubs that are a piece of the equivalent botnet,
prompting less demanding location of tainted
hosts.
This shortcoming has been used by most
botnet identification strategies, for example,
Botsniffer (Gu et al., 2008). A case of push-
based correspondence is the utilization of IRC
servers for order and control. In a draw-based
correspondence, every bot is permitted to
occasionally recover the following order to keep
running from a server.
This encourages not exclusively to keep
away from glimmer swarms at a command-and-
control server; however, the infusion of arbitrary
postponements in direction recovery from bot to
the server makes it harder to follow an order and
control server.
This enables the server to take cover behind
customary web movement. Most existing
botnets utilized for spamming (5 of best 9) utilize
http convention, a draw-based correspondence,
to disguise correspondence as real clients
(Steward, 2009).
Notwithstanding the essential channel of
interchanges, bots additionally have an auxiliary
correspondence normally as secondary passages
made by Trojans/bot programming introduced
in each contaminated host. This channel is
just utilized by the botmaster if the essential
correspondence channel has been endangered
(Figure 5.2).
 Social Media, Botnet, and Intrusion Detection 125

Figure 5.2: The various stages of kill chain by the

intrusion.

Source: https://upload.wikimedia.org/wikipedia/
commons/1/1d/Intrusion_Kill_Chain_-_v2.png

5.5. CONTAMINATING THE

CLIENT
The essential technology that makes the botnet
is the underlying disease of the client which
changes over a perfect host into a bot. Clients
can be contaminated in one of three different
ways.

5.5.1. Drive-by-Downloads
As noted in various papers (Provos et al.,
2007, 2008; Wang et al., 2006; Ikinciand et al.,
2008; Siefert et al., 2007) drive-by-downloads
have turned into a new danger that misuse
shortcomings regularly found in internet
browsers and program modules.
In this procedure, the client is tainted by a per-
nicious connection inserted in the webpage that
126 Cyber Security

dependent on the client specialist (program)

begins off a progression of assaults (assault
Malware is any vector) to download malware into the client’s
program or file that is machine with no acknowledgment by the client
harmful to a computer
user. other than to have visited the website.
This malevolent site could be facilitated
by a vindictive substance. It could host third
gathering notice joins which stack noxious
substance; or be an authentic site that has been
contaminated before outsider commercials could
incorporate the activity of syndication (Daswani
and Stoppelman, 2007) by which space on a
site is sold for promotion connects to outsider
locales that serve the advertisement content.
Authentic locales could be contaminated
by a SQL infusion assault which would then
contain pernicious iframe pointers to malevolent
servers. Not at all like system checking for
vulnerabilities, which are obstructed by firewalls
and NATs, drive-by-download utilizes a draw-
based strategy that sidesteps generally channels.
Provos and others in 2008 take note of that
many the tainted hosts demonstrate associations
with IRC servers or HTTP asks for not long after
contamination affirming the way that drive-by-
downloads prompt making of botnets.
The malware or pernicious iframe pointers
are generally jumbled inside the HTML source.
Rather than rethinking the adventures, these
vindictive connections utilize instant endeavor
packs, for example, Mpack, IcePack or EL
Fiesta that contain redone disease vectors.
However, Provos and others in 2008,
specifies examining surely understood URLs to
check for vindictiveness, a URL may appear to
be kind before all else amid introductory output,
 Social Media, Botnet, and Intrusion Detection 127

yet may begin carrying on malevolently later.

The creators revealed the nearness of more than
3 million malignant URLs recognized over a
multi-month time span, and 1.3% of query items
returning malevolent URLs in Google seeks.

5.5.2. Noxious Connections (Social

Designing)
A couple of botnets, for example, Storm, and
Waledac utilize social designing as the assault
vector. In this procedure, clients have messaged
a web interface, facilitated by a hub in the bot
organize that a considerate client would be
tempted to visit.
When the URL is visited, the botmaster
utilizes social designing, for example, the
requirement for missing glimmer module or Video codec is an
electronic circuit
video codec to lure the client into downloading an or software that
executable and along these lines contaminating compresses or
the client. The utilization of custom packers decompresses digital
and included encryption makes it relatively video.
unthinkable for antivirus programming to
identify perniciousness of the downloaded
parallel.

5.5.3. Defenseless Hosts

Most botnet assault vectors still exist that have
not been completely fixed. For instance, a portion
of the underlying botnets, for example, SDBot,
Rbot, Agobot, Spybot, and Mytob were framed
because of different Windows vulnerabilities.
Likewise, the ongoing worm having a
botnet instructing structure (Downadup/
Conficker/Kido) that abuses MS08–067 spreads
128 Cyber Security

fundamentally because of lacking fixing. As

pointed out by (Brumley et al., 2007, 2008),
assault vectors for a powerlessness can be made
inside hours of a fix being made accessible by a
seller.
The distinction between a fixed and an
unpatched rendition of the product permits
malware creators to recognize the fundamental
vulnerability that unpatched frameworks are
powerless against.

5.6. BOTNET DISCOVERY

UTILIZING HONEYPOTS
The fundamental research approach to recognize
and penetrate botnets in a previous couple
of years has been by means of the utilization
Honeypot is of honeypots. A honeypot can be inexactly
a computer or characterized to be a machine that is nearly
computer system
checked to look for a potential invasion. The
intended to mimic
likely targets of honeypot machine could be a genuine powerless
cyberattacks. machine, however, is normally a machine
running in a virtual domain.
The utilization of honeypots lies in the way
that any activity that attempts to enter or contact
a honeypot can be considered as inalienably
pernicious since as a matter of course, honeypots
don’t without anyone else’s input contact
different hosts except if taught to do as such
and subsequently ought not to show any system
movement. The utilization of in excess of one
honeypot in a system is known as a honeynet.
The reason for a honeypot characterizes its sort.
Some of them incorporate (Riden and Seifert,
2008):
 Social Media, Botnet, and Intrusion Detection 129

5.6.1. Customer Honeypots

A Client honeypot is a machine that searches for
malignant servers, carrying on as a customer.
A portion of the noticeable undertakings here
incorporates Strider Honey monkeys (Wang
et al., 2006), Monkey Spider (Ikinciand et al.,
2008), Capture HPC (Seifert, 2008), Shelia
(Rocaspana, 2007) and the Miter Honeyclient
(Miter, 2007).
A large portion of these undertakings utilizes
combinations (URL) accumulated from spam
traps as seed esteems, and afterward effectively
visit the locales utilizing a virtual machine that
contains diverse levels of fixing. This enables the
framework to identify the weakness assaulted,
and the arrangement of the defenseless machine.

5.6.2. High Interaction Honeypot

Third era honey wall (‘Roo”) (Roo, 2005) is
a high association honeypot that enables the
aggressor to connect at all levels. The honey
wall is set between a honeynet and the outside
world, gathering information from the system.
Roo utilizes grunt inline (Snortinline, 2005) to
hinder all cordial assault movement from the
honeynet.

5.6.3. Low Interaction Honeypot

A low communication honeypot imitates
vulnerabilities as opposed to facilitating a
genuine defenseless framework. Along these
lines, these sorts of honeypots can be effectively
identified if an assailant collaborates with
130 Cyber Security

this hub. These are primarily valuable for a

computerized worm like bots that spread.
Some examples of realized models include:
• Nepenthes (Baecher, 2006)
Emulates different windows vulnerabilities
on different windows ports by means of the
stateful limited state machine. It can copy 16,000
IP addresses on a solitary machine. Intended
to gather self-repeating malware naturally.
Contains 21 diverse weakness modules. Has
a module for parsing shellcodes that are XOR
encoded and a module for recovering double
Shellcode is from remote server acquired by parsing
defined as a set of
shellcode.
instructions injected
and then executed by • Honeyd (Provos, 2007b)
an exploited program.
Implements a little daemon which makes
virtual has on a system. Enables one to make
a recreated system of more than 60,000 has on
a solitary host enabling genuine hosts to exist
together among virtual hosts, in this way making
it to a great degree troublesome for aggressors
to find the genuine has in the system.
Each host highlight can be arranged
independently. Li and others in 2008 utilized
one-year worth of honeynet information caught
utilizing half darknet sensors and half honeyed
sensors to achieve the end that most botnet
hubs filter arbitrarily instead of checking only a
neighborhood IP extend much of the time.

5.7. SPAMMING BOTNET

IDENTIFICATION
Given that the essential utility of botnets is
in sending spam, numerous analysts have
 Social Media, Botnet, and Intrusion Detection 131

investigated dissecting botnets that are utilized

solely to send spam, for example, the Storm,
Srizbi, and Rustock botnets. Although the
measure of spamming botnets has decreased
altogether because of network access suppliers
blocking C&C servers and additionally the area
suppliers for these botnets, spamming botnets
remain a functioning risk (Steward, 2009).
Ramachandran and others, 2008, utilized a
DNS blacklisting technique (DNSBL) where it
makes a chart of hubs that are in any capacity
connected to the known srizbi botnet. If a bot
having a place with srizbi questions an expansive
DNSBL of a web access supplier, relationship of
the questioning hub or the one being questioned
with the srizbi list gives a rundown of new
companions who are tainted by srizbi. This
procedure could be rehashed different rounds to
discover all related bots which send spam.

5.8. SYSTEM BASED BOTNET

RECOGNITION
Some botnet location frameworks have depended
on identifying bot activity utilizing system level
information. This is essentially done utilizing
system sniffing interruption identification
apparatuses, for example, grunt notwithstanding
other system stream screens.
For Example, Bothunter (Gu et al., 2007)
utilizes a vertical relationship calculation which
attempts to catch the diverse strides of a bot life-
cycle. The 5 phases of a bot utilized in Bothunter
are:
• Inbound filtering: where organize
checking is done to check whether an
132 Cyber Security

inner host is examined for from outer

host;
• Exploit utilization: where an
adventure parcel is sent from outer to
inside host;
• Egg downloading: where a twofold
of the malware is recovered by the
tainted host from the outside system;
• Outbound bot coordination exchange:
where Command and Control activity
is watched;
• Outbound assault proliferation: where
the inward host endeavors to assault
an outside host.
The framework tosses a notice if at least two
Localhost is a
hostname that means
outbound bot endeavor stages are seen or proof
this computer. It is of localhost contamination pursued by a solitary
used to access the outward correspondence from the tainted host
network services that is seen. The creators utilize a mix of grunt and
are running on the oddity identification instruments called SCADE
host via the loopback
network interface.
and SLADE for discovery.

5.9. CONDUCT INVESTIGATION-

BASED BOTNET LOCATION
More as of late, specialists have endeavored to
identify botnets by following their system and host
conduct. Bayer et al. (2009) as of late proposed
the relationship of conduct investigation of
malware by means of bunching of the conduct
of host framework calls through their ANUBIS
dynamic examination device and the utilization
of Locality Sensitive Hashing (LSH) grouping
calculation. Their instrument works by playing
out a disconnected investigation of a malware
test like CWS and Box.
 Social Media, Botnet, and Intrusion Detection 133

Lee and Mody in 2006, performed k-medoid

grouping of occasions produced by running
noxious executables. Every occasion is spoken
to by document adjustments or vault changes.
They utilize alter separation of occasions among
executables to the group. They demonstrated
that alter remove estimations for separation
don’t work when the quantity of occasions goes
higher than 500.
Utilizing k-medoid additionally has the
disadvantage that the real number of groups
must be foreordained. Having a k which is
not exactly the genuine number of bunches
cause anomalies to be incorporated, in this way
altogether affecting the group highlights.

5.10. THE RELATION WITH

SOCIAL MEDIA CHANNELS
Social media life, like Twitter, Facebook, and
YouTube make another correspondence open
door for pernicious botnets. A Command and
Control (C&C) channel is pivotal for a botnet.
Bots require standard directions from the
botmaster, for instance, to start or synchronize
an assault, transfer gathered information, or
refresh the malware. A substantial number of
countermeasures has been produced and sent
against C&C when all is said in done. Botnets
respond to these measures by utilizing new
correspondence components that are harder to
identify and quell. With the landing of online
networking-based C&C, there are currently 4
noteworthy C&C-instruments:
• IRC is a straightforward and
demonstrated C&C procedure. It is
134 Cyber Security

appealing for the botmaster, in view

of its straightforward administration,
with a continuous or “tight” power
over the botnet through a forever
settled association. Anyway,
particularly for this kind of C&C,
numerous countermeasures have been
produced. A precedent is crafted by
Cook and others
• A more modern C&C-component
utilizes shared correspondence, in
view of conventions like Kademlia.
The inherent decentralized structure
is hard to counter, and the utilization
of distributed conventions is across
the board, because of famous
record sharing and correspondence
conventions, as BitTorrent and
Skype. Anyway, the nonattendance
of incorporated control makes
administration complex, and because
of firewalls and NATs, numerous
companions can’t get approaching
associations, bringing about the
system of which the accessibility and
strength exceptionally rely upon a
predetermined number of hubs.
• Another C&C-instrument utilizes
HTTP to trade data. The prevalence of
HTTP makes abnormality discovery
troublesome. Moreover, numerous
botnets decentralize the HTTP-
benefit by quick fluxing A-records,
IP-locations of DNS-servers, or even
area names. This makes it hard to
bring the administration somewhere
near IP or area boycotting.
 Social Media, Botnet, and Intrusion Detection 135

• A somewhat new C&C-instrument

utilizes online life for C&C. A
botmaster posts directions as messages
on a well-known social medium, like
Twitter or Facebook. Bots bring the
guidelines by frequently surveying
certain pages. Precedents of such
botnets are Trojan. Whitewell that
utilizes Facebook, Twitter NET, that
utilizes Twitter, and Trojan 2.0, that
utilizes Google gatherings.
On the off chance that a botnet mirrors the
correspondence examples of typical clients that
visit a mainstream social medium, recognition
will turn out to be exceptionally troublesome
with traditional system IDS-methods, on the
grounds that there are no peculiar locations,
area names, conventions, or ports included and
a huge division of the everyday real movement
of ordinary PCs comprises of visits to internet-
based life.
A further increment of the C&C
imperceptibility is conceivable by
steganographic methods, to shroud the directions
in evidently ordinary messages, account motion,
by making the bots visit distinctive records or
even unique media, and SSL/TLS encryption,
to block the content investigation in the system.
Numerous web-based life offer, as of now
HTTPS access, as an option that contrasts
with the still famous decoded HTTP access.
Troublesome identification isn’t the main reason
that web-based social networking-based C&Cs
can possibly turn into the most critical botnet
control component on the Internet.
136 Cyber Security

Other helpful properties from the point of

view of the botmaster are basic usage, basic
Networking is the
administration of uses that read from and keep
practice of transport- in touch with internet-based life, versatility, and
ing and exchanging high accessibility of the online networking
data between nodes administrations.
over a shared me-
dium in an informa-
tion system. 5.10.1. Discovery Principle
System movement does not happen precipitously.
Something triggers a moving stream. On
account of a visit to a social medium, the trigger
is normally a console or mouse occasion, caused
by a human client. In any case, if a bot visits a
social medium to get new guidelines, or transfer
reaped data, the movement isn’t activated
by client occasions, however by inside state
changes of the malware.
This considers recognition of botnet activity
to online life by the nonappearance of client
occasions that could possibly have set off the
movement. System movement is caught from
an embedded system connect. If a movement
stream is started to a social medium, without
going before console occasions or mouse
occasions, the stream is delegated potential bot-
begun by the causality indicator.
There are a few different ways to execute the
taps to catch the console and mouse occasions.
For instance, by snares in the working
arrangement of the customer PC that gets the
occasions. Another plausibility is the inclusion
of an equipment gadget that screens the signs
on the transport from the client gadgets to the
customer PC. If there should arise an occurrence
of a virtual customer PC, the tap can even be
executed in the hypervisor.
 Social Media, Botnet, and Intrusion Detection 137

The likelihood of executing taps, causality

location, and extension totally outside the Hypervisor is
customer PC result in an identifier that is not so computer software,
much noticeable but rather safer against direct firmware or hardware
that creates and runs
assaults. virtual machines.
The causality location works with a little
time window that begins specifically after a
client occasion and separates between streams
that are caused or not caused by the client
occasion. It doesn’t rely upon known marks;
thus, correspondence of multi day-bots can
likewise be distinguished. Also, as opposed to
most inconsistency identification systems, the
characterization is constant, bringing about the
potential square of a malignant stream right now
of the principal departure parcel.
For the simplicity of the clarification, it
is centered on Twitter.com as a delegate case
of a famous social medium; consequently, all
outcomes can be reached out to other internet-
based life. It is accepted that all lawful movement
to Twitter.com is straightforwardly caused by
client occasions and all bot-begun activity isn’t
synchronized with client action.

5.10.2. Recognition of Botnet Traffic to

Twitter.Com
The recognition calculation proposed in this
segment is connected to program access to
Twitter.com with Internet Explorer and Firefox.
In the program situation distinguishing is on
three client occasions that can solely trigger
Twitter movement:
• Left mouse clicks, normally on
Twitter connect;
138 Cyber Security

• Enter key, regularly amid login or

consummation of the message or
“Tweet”;
• F5-key to reload a page.
Ordinary Twitter movement dependably
begins with the demand of a protest from
Learning Activity: Twitter.com. Precedents of asked for Twitter.
Enlist the famous com-objects are a course of events with tweets,
botnets that cause a
a hunt guidance, or a login. Straightforwardly
significant amount
of harm in the cyber after the stacking of the primary HTML arranged
world and read about protest, extra questions, like contents, media,
them in detail commercials, and following items are stacked
from different areas, as Twimg.com and Google.
com.
Bots that use Twitter as a C&C-channel must
begin with a demand of a Twitter.com question,
because different arrangements are unordinary
and raise doubt. The Twitter.com question can
specifically contain C&C guidelines or results,
or connection to different articles with C&C-
related substance. Our recognition calculation
tests for the nearness of important client
occasions inside a specific time period, just
before a departure stream to Twitter.com is
started.
A Twitter.com stream is named non-bot if
the stream is client prompted, as outlined by the
suggestion:
tget − tu< Tug → client actuated
A confusing variable is DNS. On the off
chance that the customer store does not contain
a legitimate DNS record of Twitter.com, a DNS
query will happen between the client occasion
and the genuine visit to Twitter.com.
 Social Media, Botnet, and Intrusion Detection 139

The Twitter.com stream with is presently

named non-bot if the stream is client actuated,
as shown by the suggestion:
(tdnsq− tu<Tud) ∧ (tdnsa − tdnsq<Tdd) ∧ (tget − tdnsa<Tdg)
→ client initiated
Identification execution depends generally
on an appropriate estimation of the characterized
windows Tug, Tud, and Tdg. Expansive windows
increment the likelihood that departure botnet
activity is unintentionally started inside a
window, with a false negative thus. Alternately
little windows increment the likelihood that
client instigated movement begins soon after a
window, with a false positive subsequently. The
measure of Tdd relies upon the most extreme
expected reaction time of the DNS-server.
The estimation of Tdd isn’t basic in the
identification procedure, since it’s anything
but a reaction time of the conceivably tainted
customer PC. In addition, causality between
DNS ask for and DNS reaction can likewise
be dictated by the UDP customer port or DNS
payload as opposed to timing.
 140 Cyber Security

REVIEW QUESTIONS
1. Explain what botnet offense is.
2. Explain the structure of botnet correspondence.
3. Enlist the ways in which the botnets can be detected.
4. Establish a relationship between the botnets and their effect on
social media channels.
5. Explain how a botnet can be investigated using its location.
6. What is bot lifecycle?
7. How many stages are there in the lifecycle of a bot? Explain.
8. Explain various stages of kill chain by the intrusion.
9. What do you understand by the term noxious connections?
10. How do you discover botnets by using honeypots?

CHOOSE THE CORRECT OPTION

1. Botnet detection using honeypots can be done by all except:
a. Customer honeypots
b. High interaction Honeypot
c. Low Interaction Honeypot
d. Supplier Honeypot
2. The users can be contaminated by botnets by all the
methods except:
a. Drive-by downloads
b. Noxious connections
c. Defenseless hosts
d. Strong hosts
3. DNSBL stands for
a. DNS Boycotting System
b. DNS Blacklisting technique
c. DNS Blackmailing Linguistic
d. None of the above
 Social Media, Botnet, and Intrusion Detection 141

4. _______________ used the technique of DNSBL

a. Ramachandra
b. Lee and Mody
c. Whitewell
d. Gu and others
5. C&C stands for _______________.
a. Command and Control
b. Confusion and conundrum
c. Concoction and control
d. Collaborative control
6. _______________is a realized module of low interaction
honeypot?
a. Nepenthes
b. Gorilla
c. Lion
d. Spambot
7. Which key is used to reload a page?
a. F6
b. F9
c. F10
d. F5
8. _______________utilizes a vertical relationship calculation
which attempts to catch the diverse strides of a bot life-
cycle
a. Bothunter
b. Botgoon
c. Botcon
d. Botrobber
9. A new danger that misuse shortcomings regularly
found in internet browsers and program modules is
_______________.
a. Drive-by-download
 142 Cyber Security

b. Vulnerable hosts
c. Noxious Connection
d. None of the above
10. LHS, in the cyber world, stands for _______________.
a. Locality Sensitive Hashing
b. Leftover Sensitive Hashing
c. Locality Side Hashing
d. Locality Stable Hashing
 Social Media, Botnet, and Intrusion Detection 143

REFERENCES
1. Burghouwt, P., Spruit, M., & Sips, H., (n.d.). Towards the Detection
of Botnet Communication through Social Media by Monitoring User
Activity. [ebook] Available at: https://pdfs.semanticscholar.org/
eb9b/ae26deca34640139e462e0eec10ad17c1c77.pdf [Accessed 13
November 2018].
2. Vuong, S., & Alam, M., (n.d.). Advanced Methods for Botnet
Intrusion Detection Systems. [ebook] Available at: https://cdn.
intechopen.com/pdfs/14357.pdf [Accessed 13 November 2018].
3. Walsh, Terrorism on the Cheap. Rollie Lal, “Terrorists and Organized
Crime Join Forces,” International Herald Tribune, May 25, 2005,
at [http://www.iht.com/articles/2005/ 05/23/opinion/edlal.php].
Barbara Porter, “Forum Links Organized Crime and Terrorism,” By
George! summer 2004 [http://www2.gwu.edu/~bygeorge/060804/
crimeterrorism.html].
 CHAPTER

6
CYBER SECURITY AND
INDUSTRIALC ONTROL
SYSTEMS

LEARNING OBJECTIVES:
• Get to know the Industrial controlled systems
• Understand the problems that the ICS cyber security
face
• Dwell on the possible effects on the ICS
• Know about the industry’s response to limit the risk
• Learn about the obstructions that block the improvement
of cyber security

KEYWORDS
• risk limitation
• anchoring
• SCADA
• ICS
• information robbery
• IT systems
 146 Cyber Security

In a very high powered and industrialized country, the industrial

control systems (ICSs) are very susceptible to cyber-attacks. In a case
in Iran, the attackers targeted the ICSs of a nuclear power plant by
introducing a virus in the system. The introduction of the virus in a
nuclear power plant can be a very dangerous affair for the survival of
many. The operations of the plant stopped, and all their developments
and work came to a halt.
The generation of power from nuclear fuel, the running of various
machines, the testing of certain weapons for the defense purposes and
many more dependent activities were forced to stop. This affected the
working of various other departments and offices, resulted in a loss of
national revenue, created an atmosphere of confusion and conundrum
and raised many questions on the security of the nation and the risk at
which it was.

Discussion Questions
1. What is the role of cyber security in the ICSs?
2. What is the path that enables the attackers to creep into the
cyberspace of the ICSs?
3. What all can be done to make the attempts of such attackers
redundant?
The above vignette offers an insight into the threats that some
industries may be susceptible to. Once a criminal manages to inject
some virus into the control systems of the industries, they may create
havoc in the concerned sector or to the related ones too. This chapter
dwells further upon the dangers posed by such attacks on the working
of ICSs.

6.1. WHAT ARE ICSS

ICSs work the modern frameworks around the world counting electric
power, water, oil/gas, pipelines, synthetic concoctions, mining,
pharmaceuticals, transportation, and assembling. ICSs measure,
control, and give a perspective of the process (when just the area of
the administrator).
 Cyber Security and Industrial Control Systems 147

Ordinary kinds of ICSs incorporate

Supervisory Control and Data Acquisition
(SCADA), Distributed Control Systems (DCS), Field instrumen-
tation to measure
Programmable Logic Controllers (PLC), and monitor flow,
Remote Terminal Units (RTU), and field level, pressure,
instrumentation. ICSs are normally used all temperature and
through the worldwide industrial foundations. analyze liquids.
All college designing projects offer courses in
charge framework hypothesis.
ICS systems and workstations including the
human-machine interface (HMI) are by and large
IT-like frameworks and might be defenseless to
standard IT vulnerabilities and dangers. Thusly,
they can use IT security advancements, and
conventional IT instruction and preparing apply.
The field instrumentation and controllers, for
the most part, don’t use business off-the-rack
working frameworks and are PC asset compelled
(Figure 6.1).

Figure 6.1: The layout of an industrial control sys-

tem.

Source: http://www.doncio.navy.mil/FileHandler.
ashx?id=4910
They frequently utilize exclusive,
continuous working frameworks (RTOS) or
148 Cyber Security

installed processors. These frameworks have

distinctive working necessities and can be
affected by digital vulnerabilities commonplace
of IT frameworks and furthermore digital
vulnerabilities extraordinary to ICSs.
ICSs keep on being updated with cutting
edge correspondence abilities and organized
to enhance process proficiency, profitability,
administrative consistency, and security. This
systems administration can be inside an office
or even between offices landmasses separated.
Whenever an ICS does not work legitimately,
it can result in effects going from minor to
disastrous. Thusly, there is a basic need to
guarantee that electronic effects do not cause, or
empower, misoperation of ICSs.

6.2. ANCHORING ICS AND IT

SYSTEMS
Anchoring frameworks comprise of physical
security, IT security, and ICS security. Physical
security is by and large surely knowing and
regularly tended to by specialists originating
from the military or law authorization.
IT security by and large manages customary
business off-the-rack (COTS) equipment and
programming and associations with the Internet
with specialists originating from IT and the
military. There is little uncertainty that IT
security is important and that frameworks are
ceaselessly being examined, tried, and hacked.
The third perspective extraordinary to the
modern network, ICS security, is substantially
less comprehended, has little mastery, also,
and is regularly not thought about basic. Those
 Cyber Security and Industrial Control Systems 149

working around there are for the most part

either from the IT security network with little
information of ICSs or ICS specialists proficient Restricted Data
in the activity of frameworks, not security. is a category of
proscribed informa-
The Triad of Confidentiality, Integrity, and tion, per National
Availability (CIA) adequately characterizes the Industrial Security
innovations required for anchoring frameworks. Program Operating
In the IT area, digital assaults frequently center Manual (NISPOM)
on the procurement of restrictive data.
Therefore, the CIA ternion results in Secrecy
being the most critical quality which manages
that encryption is required. Be that as it may,
in the ICS space, digital assaults will result
in the general spotlight on destabilization of
resources. Besides, most ICS digital episodes
are inadvertent and regularly happen due to an
absence of compelling message honesty and
additionally suitable ICS security approaches.
Thusly, integrity and availability are
considerably more vital than Confidentiality
which reduces the significance of encryption
and fundamentally raises the significance of
validation and message honesty. ICS security
research and training should center on advances
that address Integrity and Availability.
ICS security is a designing issue requiring
building arrangements. Versatility and heartiness
are the basic factors in the survivability of traded
off ICSs. ICS security requires a reasonable way
to deal with innovation plan, item improvement,
and testing, improvement, and use of proper
ICS strategies and techniques, investigation of
purposeful and unexpected security dangers,
and proactive administration of correspondences
crosswise overview, order, and control, checking,
and wellbeing. It is a lifecycle process starting
150 Cyber Security

with the applied plan through the retirement of

the frameworks (Figure 6.2).

Figure 6.2: PLC unit at power plants.

Source: https://upload.wikimedia.org/wikipedia/
commons/f/f6/Kozloduy_Nuclear_Power_Plant_-_
Control_Room_of_Units_3_and_4.jpg

6.3. CASE STUDY: MAROOCHY

WASTEWATER WIRELESS SCADA
ATTACK
Maroochy Wastewater Wireless SCADA Attack
Vitek Boden, a man in his late 40s, worked
for Hunter Watertech, an Australian firm that
introduced SCADA radio-controlled sewage
hardware. Seeker Watertech introduced radio-
controlled sewage hardware for the Maroochy
Shire Council in Queensland, Australia. Boden
connected for a vocation with the Maroochy
Shire Council, clearly after he strolled far from
a “stressed relationship” with Hunter Watertech.
The committee chose not to contact him.
Thus, Boden chose to get even with both the
committee and his previous boss. He stuffed
 Cyber Security and Industrial Control Systems 151

his vehicle with stolen radio gear appended

to a (perhaps stolen) PC. He drove around the
territory on no less than 46 events from February
28 to April 23, 2000, issuing radio directions
to the sewage hardware he (presumably)
introduced.
Boden made a huge number of liters of crude
sewage spill out into nearby stops, streams, and
indeed, even the grounds of a Hyatt Regency
lodging. “Marine life kicked the bucket, the
river water turned dark, and the stench was
horrendous for occupants,” said an agent of the
Australian Ecological Protection Agency.
Boden just got captured when a policeman
pulled him over for a petty criminal offense
after one of his assaults. A judge condemned
him to two years in imprison and requested him
to repay the one noteworthy cleanup referred
to above. Boden’s assault turned into the main
broadly known case of somebody malignantly
breaking into a control framework.

6.3.1. The Attack

The offenses happened between February 9,
2000, and April 23, 2000. Vitek Boden has
gotten to PCs controlling the Maroochy Shire
Council’s sewerage framework, modifying
electronic information specifically sewerage
siphoning stations causing breakdowns in their
tasks. Vitek Boden had been utilized by Hunter
Watertech as its site boss on the Maroochy
SCADA venture for around two years until
leaving in December 1999.
At about the season of his abdication, he
moved toward the Council looking for work.
152 Cyber Security

He was advised to enquire again later. He made

another way to deal with the Council for work
in January 2000 and was informed that he would
not be utilized. The sewerage framework at that
point encountered a progression of deficiencies:
• Pumps were not running when they
ought to have been;
• Alarms were not answering to the
local PC;
• Lost correspondence between the
focal PC and different siphoning
stations.
Mediation is a A representative of Hunter Watertech was
dynamic, structured,
delegated to investigate the issue. He started
interactive process
where a neutral third observing and recording all signs, messages, and
party assists disputing movement on the radio system. As an aftereffect
parties in resolving of his examinations, he presumed that many the
conflict through the issues being experienced with the framework
use of specialized
came about because of human mediation
communication
and negotiation as opposed to gear disappointment. Other
techniques. specialized specialists imparted his insight.
Further, the proof uncovered that the
issues related with the assault stopped when
Vitek Boden was captured. On an event amid
the examination, the examiner discovered that
siphoning station 14 seemed, by all accounts,
to be the source of the messages debasing the
framework.
He physically checked the siphoning
station also, found out that it was working
legitimately and bore no indications of having
been physically messed with. He presumed that
the source of the false messages was a PDS
Compact 500 PC with a location of 14 and he
changed the distinguishing proof number of
siphoning stations 14 to 3 with the goal that any
 Cyber Security and Industrial Control Systems 153

genuine messages from that station could be

recognized as originating from station 3.
On the other hand, any messages originating
from a station distinguishing itself as 14 would
be known to be fake.
On March 16, 2000, when glitches happened
in the framework, the agent imparted over the
system with a sham siphon station 14 that was
sending messages to degenerate the framework.
He was incidentally effective in modifying his
program to prohibit the counterfeit messages
however then had his PC close out of the system
for a brief period.
The gatecrasher was presently utilizing
PDS distinguishing proof number 1 to send
messages. Further issues at that point happened
because of a man increasing remote PC access
to the framework and adjusting information with
the goal that whatever capacity ought to have
happened at influenced siphoning stations did not
happen or happened in an unexpected way. The
focal PC was unfit to practice legitimate control
and, at incredible burden and cost, experts must
be prepared all through the framework to remedy
shortcomings at influenced siphoning stations.
On one event, a siphoning station flooded
making crude sewerage escape. On April 23,
2000, an interloper, by methods for electronic
messages, debilitated alerts at four siphoning
stations utilizing the distinguishing proof of
siphoning station 4. The interruptions started
just after 7:30 pm and finished up soon after
9:00 pm.
At this point, Vitek Boden had fallen under
doubt and was under observation. Cops found
a vehicle driven by him. At the point when
154 Cyber Security

Boden’s vehicle was pulled over and looked at

around 10:00 pm, a PDS Minimized 500 PC,
later recognized in proof as the property of
Hunter Watertech, was found, just like a PC.
On examination, it was discovered that the
product to empower the workstation to speak
with the PDS framework through the PDS PC
had been re-introduced in the workstation on
February 29, 2000.
The PDS Compact PC had been customized
to distinguish itself as siphon station 4 – the
recognizable proof utilized by the gatecrasher
in getting to the Council sewerage framework
prior that night.
The product program introduced in the PC
was one created by Hunter Watertech for its
utilization in changing designs in the PDS PCs.
There was proof that this program was required
to empower a PC to get to the Council’s sewerage
framework and had no other viable utilize.
The unchallenged proof of a police PC
master was the program had been utilized no
less than multiple times between April 7 and
April 19 and that it was last utilized at 9:31 pm
on April 23, 2000.
Additionally, found in the auto was a two-
way radio set to the frequencies of the repeater
stations and the leads important to interface
the PDS PC the PC and the radio. The agent
and others gave proof that the director of
the individual in charge of the unapproved
intercessions in the PC framework showed a
point by point nature with the framework, past
that which was probably going to be held even
by Board specialized staff.
 Cyber Security and Industrial Control Systems 155

Specialized specialists other than the agent

likewise gave proof that the PC glitches, the
subject of the charges, were the aftereffect of
human intercession. At the point when captured
by police Boden stated in a taped discussion
that all the things in the vehicle were his own.
He said he had been dependent upon Rainbow
Beach and that he utilized the PC for study,
individual correspondence and worked in his
privately-run company.
He later sent a letter to the police asking for
the quick return of his property. Examination
of the PC found in the auto uncovered start
up and close occasions (on and after February
28, 2000) reliable with the season of the
assaults which the examiner had revealed and
logged. The presence of different issues in the
framework demonstrated that the glitches were
the consequence of human mediation.
When it was exhibited that the breakdowns
came about because of human intercession,
the presence of different issues moved toward
becoming of restricted centrality, and the agent
was inflexible that the glitches in the framework
could just have been caused by unapproved
human mediation. Boden tried to build up that
a portion of the electronic messages that offered
ascend to the charges could have been caused
by framework breakdown or by mistake with
respect to Council workers.
One of his contentions in such manner
demonstrated three arrangements of
indistinguishable messages around the same
time from addresses 000, 099 and 004. The
Crown battled that just the message radiating
from location 004 was started by Boden. Boden
156 Cyber Security

indicated alternate messages as proof that

damaged messages of the idea of those depended
on by the Crown may have been caused other
than by human mediation.
Another observer, a designer practicing
in PC building who, for a period, was Hunter
Waterjet’s venture design on the establishment
of the modernized sewerage system– said that
every one of the three messages were created
by the PDS design program utilized on the PDS
Compact PCs.
His sentiment was that the messages, other
than the ones from location 004, were produced
by people endeavoring to amend the consequence
of the supposed unapproved intercession. He
too gave proof that that 000 and 099 messages
were not making harm the PC framework. The
examiner allowed proof some days after the fact
that the PC build and accordingly had a greater
chance to consider the conceivable clarifications
for the 000 and 099 messages.
His proof was that these messages happened
more than a few days and came about from the
activities of upkeep staff who were either worker
of Hunter Watertech or Chamber representatives
under bearing of the previous. He precluded the
likelihood of industrial blunder. He said that the
004 messages were unquestionably created by a
man not the same as the person who produced
alternate messages.
 Cyber Security and Industrial Control Systems 157

6.4. ISSUES ENCOMPASSING ICS

CYBER SECURITY

6.4.1. General Data about Assaults

Belief system is an
Various distinctive sorts of assaults exist: ideology or set of
principles that helps
• Focused on assaults: for instance, us to interpret our
in the facilitation of a belief everyday reality.
system or for business/monetary
profit, attempted by an individual
or gathering of people against an
association with a view to causing
hurt, by disturbing procedures, or
even by causing material harm.
Assailants are composed of people
who have the assets to accomplish
their destinations.
Underground elements offer digital assault
administrations by means of the Internet, or
distribute turn-scratch instruments to do assaults
(“misuse kits”2); 2 Some “abuse packs” are
formally sold as cyber security devices with
the point of distinguishing vulnerabilities
amid reviews, for instance. These “packs” can
obviously likewise be utilized by assailants.
• “Challenge” assaults: the goal of
which is to show the specialized
capacity to hack into supposedly
secure frameworks, however, the
impacts of which, as far as the security
of benefits and people or brand
picture, are genuine for the people in
question;
• Certain non-focused assaults:
trying to influence whatever number
158 Cyber Security

individuals as could be expected

under the circumstances, can make
critical harm inside organizations
(for instance, malware, and spam
crusades) (Figure 6.3).

Figure 6.3: SCADA layout.

Source: https://upload.wikimedia.org/wikipedia/
commons/2/23/SCADA_Systems_Layout.png

6.4.2. Human Carelessness

Carelessness isn’t the aftereffect of any willful
or noxious activity; however, its impact can be
like that of an assault. It can make vulnerabilities
that are hard to recognize, which can be abused
by aggressors or which can basically weaken
framework accessibility. For instance, the
automatic alteration of the setting of the set point
for control or adjustment of a caution may have
tragic ramifications for the nature of items, and
administrations gave, the earth or the wellbeing
and security of people.
The utilization of a USB stick – regardless
of whether individual or not – to exchange
information between detached ICSs can
cause framework inaccessibility if the stick
 Cyber Security and Industrial Control Systems 159

is contaminated with a malware. In these two

exceptionally solid cases drawn from genuine
experience, the people included had not
planned to bring on any damage. Be that as it
may, the effect on the ICSs was genuine. Such
carelessness may emerge because of an absence
of workforce preparing and data on the issues.

6.5. VULNERABILITIES OF
INDUSTRIAL CONTROL SYSTEMS
(ICSS)
Vulnerabilities may have different beginnings,
and it isn’t the reason for this manual for
list them. The expanding requirement for a
combination of organization information and
access to it progressively from any point on
the planet, and the cutting of advancement and
ownership expenses and arranging limitations
have encouraged the intermingling of the
industrial and administration IT fields.
Ethernet systems are currently utilized
in ICSs and even as field buses. They offer
functionalities, for example, a mutual system
framework and the likelihood of utilizing
IP layers (for instance, for remote support).
Advancement, upkeep, and remote support are
as of now altogether created on conventional
stages made from administration IT (Net
or Java stages, for instance). Frameworks
institutionalization and new functionalities
have driven vulnerabilities from the domain of
administration IT to ICSs.
The frameworks, alluded to as restrictive,
regularly ailing in security instruments,
are not insusceptible to vulnerabilities that
160 Cyber Security

could be misused by spurred and sorted out

assailants. Though the field of administration
data frameworks is routinely ready to redress
vulnerabilities, especially using fixes distributed
by programming originators and editors, in
the industrial field, because of accessibility
and security limitations, it isn’t conceivable to
receive the equivalent defensive measures.
Responsiveness as a This distinction in responsiveness when
concept of computer looked with open vulnerabilities is one of the
science refers to the fundamental dangers of industrial control
specific ability of a
system or functional
frameworks. The absence of preparing of clients,
unit to complete social contrasts or absence of consciousness of
assigned tasks within the dangers related with cyber security may
a given time. comprise a further huge powerlessness.

6.6. POTENTIAL EFFECTS ON ICSS

Various incidents on ICSs happen every year,
except few get media consideration, for example,
the occurrence with the atomic power station in
the United Kingdom connected to Conficker,
the occurrence related with the Slammer
worm in the USA, or, in 2010, the summed-up
proliferation of the Stuxnet worm. Their effects
might be breaking down along various diverse
lines, which are listed underneath.

6.6.1. Material Harm

Modifications made to the standard arrangements
of modern frameworks can result in physical
corruption which frequently has material – and
furthermore human – outcomes.
 Cyber Security and Industrial Control Systems 161

6.6.2. Loss of Turnover

Production downtime causes huge income
misfortune. Changes made to assembling
parameters prompt rebellious items that create
real expenses.

6.6.3. Effect on the Environment

A framework disappointment after the malignant
picking up of control can result in framework
brokenness (For example opening of toxin
holders) and cause the site and its condition
to end up contaminated. Such an occurrence
happened in Australia as of late.
For instance, Stuxnet is malware that
objectives ICSs. It misuses numerous
vulnerabilities that exist in the Microsoft
Windows working framework and the SCADA
WinCC programming made by Siemens. The
malware alters the program executed by certain
industrial PLCs from the Simatic S7 territory
fabricated by Siemens. The changes made can Obliteration is the
total destruction of
prompt a log jam underway yet in addition to the something, so that
physical obliteration of the plants kept running nothing remains of it.
by the PLC.

6.6.4. Information Robbery

Loss of prized formulas, duplicating, contender
advantage.

6.6.5. Common/Criminal Risk-Image and

Eminence
Service inaccessibility, for example, interruption
to water or power supplies and the supply of
162 Cyber Security

inadequate items that jeopardize the buyer

can result in legitimate activity for harms or
just damage the picture of the organization
(consumer loyalty and trust).
These different effects create money related
misfortunes related with the loss of movement
or the installment of pay to potential unfortunate
casualties (clients, people, neighborhood
governments, affiliations, States, and even the
European Union) and weaken the picture of the
organization.

6.7. LIMITING RISK: THE

INDUSTRY’S RESPONSE
A few businesses have been more proactive than
others in limiting the danger of digital assaults.
Most end clients have made a couple of clear
strides in stopping certain holes. For instance,
as indicated by the Repository for Industrial
Security Incidents (RISI) database, over 60% of
offices had actualized fix and hostile to malware
administration programs in 2011.
Learning Activity: In any case, the critical change to recognize
Read about some fa- and dispose of the greatest vulnerabilities
mous cases of failure includes a larger amount of commitment that
of ICSs that took place a couple of associations have started. This is
due to a cyber-attack
on them. Also, know
on account of there are different obstacles to
about what it resulted executing digital security activities.
into

6.8. BOUNDARIES TO IMPROVING

CYBER SECURITY
The paragraph beneath records the key
obstructions to enhancing digital security in
modern situations:
 Cyber Security and Industrial Control Systems 163

6.8.1. Progressively Open and Communi-

ty Oriented Nature of Modern Conditions
Before industrial systems were basically
disconnected frameworks, running exclusive
control conventions, utilizing specific equipment
and programming. Nonetheless, modern
design has changed after some time, with
communitarian components that include interior
and outer coordination. Senior administration
presently requires ongoing information access
for investigation, basic leadership and detailing.
Consequently, the level of confinement of
industrial control frameworks has diminished
altogether in the course of the most recent
couple of decades as the utilization of IP-based,
remote, and cell phones in modern situations
has expanded. What’s more, heritage control
frameworks were not intended to fight with
current danger levels.
Albeit open and community-oriented
frameworks have raised efficiency and
productivity, they have likewise made
frameworks more powerless against assault. Remote access is
As per the RISI database, roughly 35% of the ability to ac-
industrial control framework security episodes cess a computer or
in 2011 were started through remote access. a network remote-
ly through a network
This isn’t amazing when another finding from connection.
a similar report demonstrates that near 65% of
offices enable remote access to their control
frameworks.

6.8.2. Lacking End Client Mindfulness

and End Client Dormancy
End clients in specific ventures (quite in
foundation conditions, for example, control,
164 Cyber Security

oil, and gas, water, and wastewater and atomic

offices) demonstrate an abnormal state of
mindfulness and valuation for the requirement
for an exhaustive security technique. They will,
in general, have nitty-gritty digital security
designs and techniques set up. Their worry is
genuine.
Their venture of time and capital in securing
their advantages is impressive. Be that as it
may, many end clients in different businesses
(counting producing) are either unconscious
of the danger of digital assaults or hesitant to
actualize security procedures in their endeavors,
as interests in digital security don’t seem to have
an unmistakable rate of profitability (ROI).
Vulnerability is This prompts a smug ‘pause and watch’
a weakness which
can be exploited by
approach that just required control or the
a threat actor, such as heartbreaking case of a digital assault may
an attacker, to perform change. Given the vulnerability of the
unauthorized actions administrative scene today, this outlook may
within a computer endure.
system.
Another explanation behind low take-up of
security arranging and execution among a few
enterprises is the way that the assignment shows
up excessively overwhelming and sizable;
examination does not prompt activity, and the
vision of an aggregate framework update stays
only that – a dream. At last, in the tweaked control
particularly if the fix isn’t tried thoroughly. This
expands the association’s hesitance to follow up
on potential dangers.
 Cyber Security and Industrial Control Systems 165

6.8.3. Expanded Utilization of Business

Off-the-Rack IT Arrangements in
Industrial Conditions
While the steady move toward IT-based
arrangements in the modern space was made
for business benefits, simplicity of-operability
and combination, it has likewise brought about
control frameworks confronting expanded
presentation to malware and security dangers
that are focused at business frameworks.
This builds the hazard to control framework
accessibility.

6.8.4. Insufficient Gifted Labor

While the modern segment prides itself on an
exceedingly talented workforce concentrated
on computerization frameworks, such item
aptitude does not generally convert into
satisfactory ability in industrial IT systems.
This hole debilitates an association’s capacity to
create far-reaching assurance and anticipation
strategies environment of an industrial site, and
it is hard to foresee how a recently presented fix
will affect the working of the control framework.

6.9. SUMMARY
ICSs are an integral part of any industry and are
widely known in the forms of SCADA, PLC,
and other such ways. The whole industry is
dependent on their smooth functioning, and any
sort of illegal intrusion in these systems may
prove to be very harmful for the whole industry.
The various harms that can come out of their
non-working may involve materialistic damage,
166 Cyber Security

loss of income, information theft and many such

catastrophic occurrences.
The industry has developed various
mechanisms to respond to any threat of such
an attack, but there exist certain boundaries
that prove to be obstacles in their way such
as insufficiently skilled labor, progressively
open nature of modern communication and
many such things. In the next chapter, the legal
framework regarding the prevention of cyber
attacks has been discussed, which also ensures
the industries about the security of their systems
against such threats.
 Cyber Security and Industrial Control Systems 167

REVIEW QUESTIONS
1. Explain what the Industrial Control Systems are.
2. Elaboration the anchoring of ICSs and IT systems.
3. Enlist the various issues that surround the ICS cyber security.
4. Enumerate the various possible effects on ICSs.
5. Explain about the various boundaries that exist in improving
the cyber security.
6. Describe the Maroochy wastewater wireless SCADA attack.
7. What are the main challenges that are encountered in the ICS?
8. What are the impacts of attacks on ICS on the environment?
9. What are the challenges that may be encountered in fixing
cyber security?
10. How does the excessive mindfulness prove to be a barrier in
improving cyber security?

CHOOSE THE CORRECT OPTION

1. As per the RISI database, what percentage of industrial
control framework security were presented in 2011?
a. 30%
b. 34%
c. 35%
d. 40%
2. What is the major consequence of production downtime?
a. Huge Productivity Loss
b. Huge time loss
c. Huge Income loss
d. None of the above
3. Ethernet systems are currently utilized in _______________
and even as field buses.
a. Industrial Control Systems
b. Production Centers
c. Corporate World
 168 Cyber Security

d. All of the above

4. What is the term used for the composed people who have
the assets to accomplish their destinations?
a. Aggressors
b. Assailants
c. Data Analyst
d. None of the above
5. Which Framework is associated with administration
systems and now and then specifically to the Internet?
a. Modern Control
b. Industrial Control
c. Message Verification
d. Validity
6. When was the product to empower the workstation to
speak with the PDS framework through the PDS PC re-
introduced in the workstation?
a. 2001
b. 2003
c. 1998
d. 2000
7. _______________ and heartiness are the basic factors in
the survivability of traded off ICSs.
a. Confidentiality
b. Versatility
c. Validity
d. Integrity
8. According to RISI, in which year 60% of offices had
actualized fix and hostile to malware administration
programs?
a. 1998
b. 2000
c. 2011
d. 2010
 Cyber Security and Industrial Control Systems 169

9. Who formulated SCADA WinCC Programming?

a. Siemens
b. Hunter Water-tech
c. Boden
d. None of the above
10. Boden connected for a vocation with the _______________
clearly after he strolled far from a “stressed relationship”
with Hunter Water-tech.
a. RISI
b. Maroochy Shire Council
c. CIA
d. None of the above
 170 Cyber Security

REFERENCES
1. Fernandez, I., (2013). Cyber Security for Industrial Automation
& Control Environments Protection and Prevention Strategies
in the Face of Growing Threats. [eBook] Available at: http://
www2.schneider-electric.com/documents/support/white-papers/
white-paper-cyber security-for-industrial-automation-control.pdf
[Accessed 13 November 2018].
2. Managing Cyber Security for Industrial Control Systems, (2014).
[eBook] Available at: https://www.ssi.gouv.fr/uploads/2014/01/
Managing_Cybe_for_ICS_EN.pdf [Accessed 13 November 2018].
3. Weiss, J., (2013). Industrial control system (ICS) cyber security
for water and wastewater systems. Securing Water and Wastewater
Systems, [online] pp. 87–105. Available at: https://www.researchgate.
net/publication/289881199_Industrial_Control_System_ICS_
Cyber_Security_for_Water_and_Wastewater_Systems [Accessed
13 November 2018].
 CHAPTER

7
LEGAL FRAMEWORK FOR
CYBER SECURITY

LEARNING OBJECTIVES:
• Know about the various cyber attacks
• Understand how a problem related to cyber-attack got
invented
• Dwell upon the restrictions imposed by law on
Cyberwar
• Know about how to attain legit cyber security
• Have an insight about the transnational law as well as
cyber warfare
• Understand the Importance of the Law of Armed
Conflict in guarding Cyber Operations

KEYWORDS
• law enforcement
• armed conflict
• legal framework
• cyber hygiene
• legality
• cyberwar
• transparency
• international law
 172 Cyber Security

The Role of Law in Cyber Security

A sophisticated cybercrime organization hacked into the computer
system of a credit card processor, and acquired the account and PIN
information for prepaid debit card accounts. The hackers manipulated
the account’s security features, dramatically increasing the account
balance and eliminating withdrawal limits. This turned the once
ordinary debit card into a carte blanche.
The compromised account information was then distributed to a
trusted global network of cells (known as “cashers”), who encoded the
account data on magnetic stripe cards, such as an ordinary gift card.
Then, at a preordained date and time, the hacker released the PIN
numbers to the network of cashers and the cashing began, continuing
until the hacker shut down the operation.
As the cashier emptied ATMs around the world, the hacker
remained inside the financial institution’s network, monitoring their
progress and ensured he got his fair cut. After the cards were shut
down, cashers wend about laundering their proceeds into portable
assets such as luxury cars and expensive watches.
The hackers received their cut via digital currency, wire transfers,
or personal delivery. These cyber-attacks rely on highly sophisticated
hackers working in close concert with organized criminal cells on the
ground. By using prepaid debit card accounts, the scheme can steal
money without depleting the bank accounts of real individuals, which
would raise alarms much quicker.

Discussion Questions
1. What are the laws that restrict this kind of cyber criminality?
2. What are the legislative procedures to claim that a fraud or
crime has taken place with an individual in digital space?
The above vignette offers an insight into the threats that some anti-
social elements and criminals may pose to the financial institutions.
This calls for the implementation of strict laws and design of a suitable
legal framework which discourages the people from getting involved
in such criminal activities. This chapter discusses about the various
 Legal Framework for Cyber Security 173

kinds of laws that exist around the world to curb

such activities.

7.1. INTRODUCTION
Cyber security has always been acknowledged
as a peppery topic in terms of the transnational
law and thus, is very relevant to the discussions
related to the issues of security. Therefore, it
becomes quite essential for the civil society
to acquire the internet which is safe as well as
secure or encrypted.
The General of US also possesses this
belief that the US is much unprotected today in
comparison to that of the previous years with
respect of the security along with one major
cause, in accordance to his respective perception,
is the likelihood of those cyber attacks (Figure
7.1).

Figure 7.1: Cyber security legal framework.

Source: https://slideplayer.com/slide/7976731/
174 Cyber Security

Thus, other people also second to this

agreement in consideration with the viewpoint
regarding the volatility of US and various other
nations who all are struggling or fighting with
Overreaction is an
emotional response
the cyber- war in today’s time.
to new information This opinion has been referred by the cyber
about a security, mania and thus, is being considered as quite an
which is led either by
overreaction or an exaggeration to the risk of
greed or fear.
attacks within the cyber sector.
The key defiance or challenge to the
respective government is to have an assurance
regarding the protection or security of general-
public, which is the first and foremost concern
for them, from the infiltration as well as the
crime pertaining on the internet.
The extensive majority belonging to the
cyber-attacks have not been carried out by
the hackers who have been sponsored by
the government itself but by the criminals,
possessing the intention of stealing some secrets
related to the business as well as the information
regarding the finances.
Thus, much of the robust attempts are being
made so that they could be able to discourage
the governments who all tend to characterize the
internet, which has been sighted as the problem
or the issue related to fighting with the war.
Singer and Schachteman have also argued
regarding the likeness to the fighting up with the
war, specifically when it is the case of fighting
the cold war that are being acknowledged as
quite deleterious to the process of prevention
or aversion of the original challenges to the
protection or the security related to the cyber
sector, infiltration as well as the crime.
 Legal Framework for Cyber Security 175

Several pessimist repercussions have been

witnessed by the researchers regarding the
comparisons amongst such incidents which have
been related to the war in acquiring a higher
level of security within the sector of cyber.
Singers, Mueller as well as various have
been arguing that in case, the major goal or
the objective of any government is to have a
secured internet along with its accessibility then,
the pertaining approach for this is significantly
flawed.
Thus, in order to fit or fix the issue regarding
the security of the internet within the category
of warfighting, has resulted in a flawed analysis
belonging to the pertinent transnational law.
There pertains an apt transnational law
which has been acknowledged as quite relevant
for providing with the assistance in the domain
of commerce as well as communication on the
internet, but this specificity of the law is not
being considered as the law of armed conflict at
an international level.

7.2. INVENTION OF A CYBER WAR

PROBLEM
The concerns related to the security of the
internet are as ancient as the internet itself. In
the year 1998, approximately 3000 hackers from
China had attacked the sites of the government
of Indonesia.
Since after that, there have been hundreds of
thousands of attacks by the hackers into the core
networks related to the computer which tends to
belong to the ministries of defense, media along
with the pertaining banks.
176 Cyber Security

And thus, incidents like these have been

occurring since then on a regular basis. Much of
the institutions belonging to the sector of cyber
have a hold of unfiltered or crime as the major
reason or purpose and therefore, have been
categorized as the ones exploiting the network
of computers. In here, the small group has been
addressed as the attacks within the network of
computer.
The sanctions on North Korea in 2014 and
2015 after it was tagged as the perpetrator
of the hack that took down the Sony Pictures
Perpetrator is often
Entertainment computer network. That attack
a suspect until it has
been proven that he cost the company hundreds of millions of dollars
or she carried out the and was purportedly the secretive nation’s
offense. response to “The Interview,” a comedy about
the assassination of its leader by two bumbling
Internet entertainment writers.
These might have been addressed as being
the intervention or the interference within the
network of computers, like those which have
been opposed to the exploitation of the computer
network or the attacks within the computer
networks.
The interference or the intervention within
the computer network is generally much closer
to the language belonging to the trade or the
economic injury instead of the attack that is
being considered as the terminology which is
connected or associated along with the category
of the military.
There pertain two such cases which have
been consistently discussed by the various
researchers so that they could be able to aid the
opinion or perception that the security of internet
generally is related primarily to the security of
 Legal Framework for Cyber Security 177

the military. These have been discussed below:

Interference is a
phenomenon in
7.2.1. Estonia & NATO, April 2007 which two waves
superpose to form
As a revert to the mobile memorial of the Soviet a resultant wave of
war, the people who used to hack the computer greater, lower, or the
networks started to have an interference within same amplitude.
the websites of the government of various
nations by the dispersed neglection of the attacks
based on the services that have been provided.
The hackers, then, vandalized many of the
sites and redirected the users of those specific
sites to the pictures or the images of soldiers of
Soviet.
Thus, interference or the intervention like
these stayed approximately for a month and had
severely impacted or influenced the newspapers
as well as many of the existing banks. Various
officials have also had this claim that it was
almost like that of the conventional military
force that closed- down many of the ports and
therefore addressed to the respective episode in
terms of the cyber- war.
The establishment of the interference
or intervention within the cyber sector has
remained quite uncertain or volatile in today’s
time. It has been greatly believed that many
of the countries might be instigating, but the
experts or the researchers were never capable of
incorporating this.
Many of the officials did not provide with
any kind of response along with the counter-
attack or retaliation, but it was quite successful in
establishing a facility for the defense of internet
which was also being addressed as the center of
excellence for cooperative cyber defense.
178 Cyber Security

Many of the countries have now been able

to create a unit of volunteers belonging to the
experts of the cyber sector who are close to
the guard of US National and thus, has been
successful in becoming a leader in the process
of determining many ways of defeating the
interference or the intervention online.

7.2.2. Georgia-Russia, 2008

It was primarily known for its utilization of
the internet at the time of the conflict of the
conventional armed forces so that they could be
able to have an interference within the civilian
utilization of the internet, which has occurred
in the conflict of the year 2008 in the Georgian
enclave belonging to South Ossetia.
Georgia had flamed up the conflict by
attacking the soldiers of Russia who were
a major member or part belonging to the
contingent, keeping up with the peace, in South
Ossetia, within the terminologies of the treaty
related to the Georgia Russia of the year 1991.
On the 7th as well as 8th August, Georgia
had got to stage an attack belonging to the
conventional military forces that resulted in
killing up of about a dozen soldiers of Russia
and making others injured.
Thus, this intervention lasted for about a
month whereas the corporeal fighting stayed
there for approximately a week.

7.3. THE LAW RESTRICTING

CYBER WAR
As it has been previously indicated being at the
 Legal Framework for Cyber Security 179

outset, the prominence or the importance on the

space of cyber as the battle space, has been found
to be in tension along with the transnational law
that helps in providing with the governance
belonging to the utilization of the force. Many
of them tend to prefer or choose to cancel or
exclude the transnational or violate it from the
pertaining discussion altogether.
While the others do not prefer to rule out the
transnational law but then providing with the
interpretation of it many ways that being under
the effect would exclude it.
The president of US had also provided with
International law
an indication regarding the international law, is the set of rules,
in the year 2011, that would be playing a major norms, and stan-
role in the process planning of cyber security for dards generally
the US, but then provided with the specification accepted in relations
that it would certainly be the transnational law, between nations.
being interpreted by all those who defend a
broad access of the US to spot to force.
It has been witnessed within the strategy
with respect to the cyberspace at an international
level, wherein White House has reported it,
and when asked for the warrant, the United
States will provide the response to the various
acts which are hostile in correspondence to the
cyberspace, as they would have done in case of
any other risk or threat to the respective country.
Each state tends to hold an already inhibit
access or right to have a self- defense, and thus,
one can recognize many of the acts based on
hostility that have been conducted with the help
of cyberspace, which could be able to compel
the actions taking place within the respective
partners of the military.
180 Cyber Security

This provides with an indication regarding

the reading of the charter of United Nations
which has helped in sidestepping the express
term which means that in case the armed attack
happens.
Whilst many of them may acquire comfort
within the fact that at least the respective
administration has been looking up for the
transnational law in many guises, the record it
possesses belonging to the compliance along
with the transnational law within the affairs of
the security of military in usually considered to
be way far from the model.
Having a consideration of the analogy or the
comparison to the chemical weapons, wherein
those chemicals can be transformed into various
robust as well as powerful weapons resulting in
great destruction, which the officials in defense
are required to plan for, but the sector belonging
to the non- military ones is wherein majority
of the utilization of the chemical as well as the
regulation are being discovered.
The transnational community was not able
to handle or tolerate the extensive utilization of
the chemical sector which was being subjugated
by the military.

7.4. INTERNATIONAL LAW ON

THE USE OF FORCE
The argument is required to initiate in accordance
with the charter of the United Nations being the
usual or the general rule. Many of the articles
have generally tend to forbid the utilization of
the force excluding the case of the self-defense
which has been set out in many of the rules
 Legal Framework for Cyber Security 181

that have been made or in accordance with the

authorization of the Security Council (Figure
7.2).

Figure 7.2: The use of force in international law.

Source: https://www.open.edu/openlearn/society-
politics-law/the-use-force-international-law/con-
tent-section–1
The document belonging to the outcome of
World Summit has provided with the statement
regarding the assistance or the support from the
community at an international level for the strict
or stern compliance along with the rules being
made by Charter on the utilization of the force.
Moreover, the transnational court belonging
to the justice within the six cases has specified
essential rules related to the customary law at an
international level as well as the usual principles
which all are pertaining to the lawful retreat to
the utilization of the force.
In accordance to the sayings in the case of
Nicaragua, the forbidding or the prohibition
182 Cyber Security

of the armed attacks might be applying to the

process of sending through the state belonging
to the armed brands related to the territory of
the various other states, in case of an operation
like this, due to the scale it possesses along with
the effects that have been classified being the
armed attack instead of just the frontier incident,
which has been carried out with the help of the
consistent forces of army.
The ICJ had successfully made assessments
that seems to be almost like them belonging to
the scale as well as effects based on the violent
action within the case of the Oil Platforms. The
attack of Stuxnet was not equal to that of the
armed attacks, whilst being unlawful.
Secondly, the process of attribution has not
provided with the affirmation at the standard
of the transnational evidentiary in any of the
mentioned three cases. The practices or the
exercise belonging to the state have provided
with the indication regarding the case for the
attribution that is being required to be made
along with the evidence or proof that are explicit
as well as convincing.
Thus, usually in the matter of the attacks
within the cyber sector, the evidence which is
convincing is hard to discover or find, providing
with the anonymity belonging to the technology
that has been involved, the process of attribution
of the attack within the cyber sector to the state
might be quite complex or critical.
Within the case belonging to the attacks
within the cyber sector, wherein it becomes
very difficult to find the convincing evidence
provided with the anonymity of the technologies
that have been involved, acknowledgment of the
 Legal Framework for Cyber Security 183

cyber-attack belonging to a certain state might

prove to be quite hard. Cyberattack is
deliberate exploitation
of computer systems,
7.5. ACHIEVING CYBER technology-dependent
enterprises and
SECURITY LAWFULLY networks.
Various questions arise for example: what all
might be done to provide with the response
regarding the contravention belonging to the
principle of the non- intervention, what measures
are obtainable to respond to the intervention
within cyber network, in case the transnational
law has raised significant hurdles or obstacles
to both the utilization of the weapons as well as
the process of guarding cyberspace against the
attacks within the cyber sector with the help of
the utilization of force (Figure 7.3).

Figure 7.3: Cyber security.

Source: https://cyprus-mail.com/2018/10/12/top-
resources-websites-to-prepare-for-cyber-security-
certifications-with-practice-tests/
In usual terms, the transnational law
provides with the assistance for the regulation of
the cyberspace being an economic as well as the
184 Cyber Security

communication facet and holds the intimidating

means of providing with the legit response to
the cyber incitement of all kinds or types.
The similar types of the intimidating
measures which are legit to have an apt
utilization in opposition to the wrongs as well as
the contravention of the treaties that have been
controlled by the armed forces, will certainly be
legit for the purpose of using it in the case of
attacks within the cyber sector.
Within the facet or the aspect of the
economy, reactions to the contraventions are
being considered or acknowledged as the
countermeasures within the facet of the arms
hold, which are known as the sanctions.
Countermeasures are generally the measures
relating to the intimidating enforcement that does
not possess the involvement of the utilization
of the considerate military forces, which are
accessible to all the provided states that tend to
act unilaterally in reaction to the wrongful act
on an international or transnational level.
Much of the treaties, such as the treaty
of nuclear non- proliferation as well as the
convention of the chemical weapons, for arms
control are being provided for the Security
Council so that they could be able to take up
actions within the case of the contravention or
violation. Many details regarding the sanctions
along with the countermeasures have been
provided by the various researchers, but still,
it is required to get stressed on as despite the
accessibility of the pertaining choices or the
alternatives to the utilization of the military force.
However, guarding or securing the cyberspace,
making the above available or accessible for
 Legal Framework for Cyber Security 185

the communication as well as the economic

utilization, will usually be requiring various
measures for a defense that are not the offensive
ones. Thus, great security of the computer can
never get replaced by the countermeasures,
keeping the measures of military segregated.

7.6. CYBER LAW ENFORCEMENT

COOPERATION
Whatever be the reasoning for the position
within United States, the process of drafting up
of the treaty based on the disarmament along
with seeking for the various alternatives or the
Cyberspace is an
choices to the military force for the monitoring
individual as well as
or inspecting the cyberspace have been international concept.
considered as important in case the internet is It is a widespread,
required to stay accessible for its utilization by interconnected
the civilians (Figure 7.4). digital technology.

Figure 7.4: Assessing law enforcement and service

provider cooperation in fighting cybercrime.

Source: https://pjp-eu.coe.int/en/web/eap-pcf/
criminal-justice-action-on-cyber-crime/-/asset_
publisher/09DmhuF7y5vF/content/assessing-law-
enforcement-and-service-provider-cooperation-in-
fighting-cybercrime?inheritRedirect=false
186 Cyber Security

Being an addition to the incorporation

or the establishment of the explicit rules and
regulations for the rights within the country
as well as the responsibilities or duties on the
internet, wherein the treaty could be able to
provide with the clarification related to what
all is acceptable or allowable conduct for the
individuals.
A treaty can specify the type or the kind
of the activity that all the states are required to
manage with the help of the nation’s law along
with the enforcement agencies as well as in
collaboration with the various other agencies,
be it the domestic ones or the transnational ones.
An exemplary for this part belonging to the
comprehensive treaty is accessible in accordance
with the format of the conventions of Budapest
based on the cybercrime.

7.7. GOOD CYBER HYGIENE

At the culmination of the day, the various
countermeasures, the enforcement of the law
and even the sanctions do not provide the
potential or capability of replacing the frontline
computers or become a substitute of it along
with the measures for network security.
Thus, an important step in keeping with the
defense of good cyber is the application of the
best exercises or the practices and providing
with the information or education to everyone,
who are legally utilizing the internet, regarding
the safe use.
In accordance with the view, the comparison
should better be made to stop the pandemics
instead of the war the even crime. The Internet
 Legal Framework for Cyber Security 187

has helped in making it easy for hackers to

purloin the information secretively. And, this is
happening largely because of the proliferation
of the respective smartphones.
The various organizations, as well as
the government, is required to seek for the
incentives so that they could be able to get
the collaboration from the pertaining private
institutions or corporations and to endorse as well
as provide aid to the transnational collaboration
or the cooperation, specifically with the help of
transnational organizations.
Thus, in such process, there persists a
requirement of the strained comparisons or the
analogies relating to the cyber-attacks to the
standard kinetic attacks. The internet is way less
secured or guarded in comparison to the time
of the existence of the cyber command or the
NATO CCDCOE.
This time is being acknowledged as the
time for crime demilitarization and thus, a
concentration or the focus on the tranquil security
or guarding of the internet. And, therefore, it is
required that the main aim should always be:
the best guard of the cyber sector is the great
defense of computers.

7.8. THE IMPORTANCE OF THE

LAW OF ARMED CONFLICT IN
CYBER OPERATIONS SECURITY
Many of the lawyers have been facing difficulty
and are struggling with the concepts or the
norms, for example, the ones related to the
armed conflicts along with the armed attack
since many years.
188 Cyber Security

There persists a usual consensus that

is supposed to have a consideration of the
repercussions or within the norms of cyber,
all the indirect repercussions of the process of
deployment of malware that is being regulated
by the transnational law.
IHL as well as jus ad bellum, which means
the right or access to a spot to the force, that
is pertaining to the operation or the functions
involved in the cyber sector and thus, possess a
part to play.
When the utilization of the various digital
devices that are quite offensive and which
might result in some injury, death, destruction or
damage, the law that is governing the conflicts
related to the armed forces becomes relevant.
For example: Suppose there are two
countries: Country A and Country B. In case,
the country A stations malware in Country B,
possessing the goal or target of damaging the
crucial or critical infrastructure viz. the hold of
the civil aviation and the nation’s grid- the plane
will tend to get crashed and thus, resulting in
Learning Activity:
Know about the vari-
several deaths, injuries, and damages. If this has
ous legal obligations been done by the digital malware and causes them
that one should take damage to a degree which is almost equivalent
into consideration to the attack that has been caused by the armed
while working on forces by dropping the bomb on the like goals;
cyberspace in the US.
thus, there persists no reason to differentiate
malware from that of the conventional weapon.
Thus, to this respective degree, there exists a
role or part for the law belonging to the conflicts
or tiffs of the armed forces.
One of the major issues or the problems
is one of the attributions. The state has been
addressed to perform in the self- defense with
 Legal Framework for Cyber Security 189

respect to the attack by the armed forces, be it

the kinetic or otherwise.
However, cyber tends to provide with the
specific challenge, which is to recognize or
identify who all were, in reality, responsible
for the attack or who was the culprit. Thus, this
issue of attribution that has not been sighted in
the various other kinds of warfare tends to cause
much difficulty.
Therefore, a question arises as to if there
pertains responsibility or mandate on the states,
which are technologically sophisticated, to have
an apt utilization of the cyber weapons that
might be causing less destruction of the civilians
in comparison to that of the bomb. And, thus,
questions like these are quite essential and Obligation is a
requires cautious acknowledgment. course of action that
someone is required
In the context of attacks, there is an obligation to take, whether legal
to attempt to minimize civilian causalities. This or moral.
raises the question as to whether there is an onus
or obligation on technologically sophisticated
states to use cyber weapons that will cause less
civilian damage than a bomb.

7.9. INTERNATIONAL LAW AND

CYBER WARFARE
Cyber warfare is usually being referred to as the
spiteful utilization of the technologies belonging
to the information as well as the communication
by the actors of the state.
This, at times, becomes quite a problem
causing as these actors of the state possess more
of the resources and are being known as more
of sophisticated in relation to the cybercriminals
related to run-of-the-mill.
190 Cyber Security

These actors of the states are being trusted on

to persist behind many of the remarkable attacks
within the cyber sector of the bygone years, for
example: the ransomware attack of WannaCry
that many of them have been attributed.
If a cyber-attack was launched by a nation
state with the intent of achieving a military
objective, this cyber situation is defined as cyber
warfare. If an individual launched a cyber-attack
with the intent of causing psychological distress
to another individual, it could be concluded that
cyberbullying has taken place. By following
this method, we can define almost any cyber
situation, including cyber warfare.

7.9.1. A Setback for International Rules

on Cyber War
Back in the year 2016, much was written
regarding the paucity of any of the legal
agreement amongst the various pertaining
nations or the countries, based on how the
transnational law is supposed to get applied to
the warfare of the cyber sector.
And, this has been assumed that not much
can be visible regarding meaningful headway
within this arena. And it is believed that it is
still pending in part to the dismantlement of the
fifth GGE, which is the group of United Nations
belonging to the experts of the government on
the issue of growth or development in the facet
of information as well as telecommunications
in accordance to the norms related to the
transnational security.
 Legal Framework for Cyber Security 191

7.9.2. More Transparency in the Processes

for Disclosure of Zero-Day Vulnerabilities
Without the transnational consensus based on
the legit framework, the respective nations or
the countries will initiate to have a lead with
the help of the example. On one part, the United
States has begun to work on this by leaking out
the details belonging to this process so that they
could be able to notify or inform the developers
regarding the zero-day vulnerabilities.
The intelligence community has also Intelligence is the
provided with the caution to Congress that ability to acquire and
apply knowledge and
minimums of 30 countries prefer an adoption of
skills, the collection
the offensive cyber potentiality and thus, would of information of
be integrating them in the form of planning and military or political
military operations. value.

7.9.3. More Cyber Attacks Causing

Physical Disruption: The Threat to
Critical Infrastructure
There has been a mention regarding the threats
related to the cyber-attacks to the industry of
energy. These risks or threats have continued to
foster. The Reuters has announced the watershed
cyber-attack in opposition to the unstated critical
facility of the infrastructure.
And, such type of attacks has still not
happened in the United States.

7.10. SUMMARY
The legal frameworks of the various nations about
cyber security have been quite encouraging, in
the sense that they need to eradicate the problem
192 Cyber Security

of cybercrimes in every sense. There have been

heavy penalties in the cases of various attacks
that have taken place around the world. The
attackers have been advised to develop good
cyber hygiene to avoid any occurrences of the
cyber-attacks on various entities.
Laws have also been framed to guard and
protect the armed forces against the various
cyber-attacks that take place around the world
and threaten the internal security of various
nations. There has been an emphasis on
achieving the cyber security lawfully across the
globe and avoiding any occurrence of cyberwar.
 Legal Framework for Cyber Security 193

REVIEW QUESTIONS
1. Explain Cyber-attacks and cyber security.
2. Explain the importance of International law on the utilization
of the force.
3. Describe a good hygiene cyber.
4. How cyber-attacks cause physical disruption.
5. Explain the concept of cyber law enforcement cooperation.
6. What was the opinion that was provided by the Cyber Mania
in the context of cyber security?
7. In what year was the problem of cyberwar discovered?
8. Describe the situation of the first cyberwar.
9. What laws restrict cyberwar?
10. What is the importance of a legal framework in armed conflict?

CHOOSE THE CORRECT OPTION

1. Who has argued that analogies to warfighting, especially
fighting the Cold War, are detrimental to preventing the
real challenges to cyber security, crime, and espionage?
a. Singers
b. Schachtman
c. Mueller
d. Both a and b
2. CNI stands for _______________.
a. Computer Network Interference
b. Computer Non- Interference
c. Common Network Interference
d. Common Network Intellect
3. In which year cyber command was established?
a. 2010
b. 2003
c. 2016
d. 2001
 194 Cyber Security

4. In which year 3000 Chinese hackers attacked on Indonesian

government sites
a. 2001
b. 2013
c. 1998
d. 1996
5. Who indicated that international law would play a role in
US cyber security planning?
a. Obama
b. Trump
c. Hillary Clinton
d. George Bush
6. In how many cases the International Court of Justice (ICJ)
has pointed to important rules of customary international
law and general principles relevant to the lawful resort to
the use of force?
a. 9
b. 12
c. 3
d. 6
7. What has made it easier for hackers to steal information
remotely?
a. Computer
b. Social Media
c. Internet
d. Smartphones
8. What from below is relevant to cyber operations and have
a part to play?
a. IHL
b. jus ad bellum
c. ILT
d. Both a) and b)
 Legal Framework for Cyber Security 195

9. Who was believed to be behind some of the most notable

cyber-attacks of this past year, such as the WannaCry
ransomware attack?
a. Country actors
b. White hat hackers
c. Script kiddies
c. State actors
10. Who has announced the watershed cyber-attack
in opposition to the unstated critical facility of the
infrastructure?
a. The Reuters
b. GGE
c. RAND Corporation
d. State actor
 196 Cyber Security

REFERENCES
1. Adams, M., & Reiss, M., (2018). International Law and Cyberspace:
Evolving Views. [online] Lawfare. Available at: https://www.
lawfareblog.com/international-law-and-cyberspace-evolving-
views [Accessed 2 November 2018].
2. Lang, A., Licker, M., Krishnamurthy, V., Muyl, C., Lang, A., Ahern,
S., et al., (2018). Cyber Security 2018 – The Year in Preview:
International Law and Cyber Warfare | Security, Privacy and the
Law. [online] Securityprivacyandthelaw.com. Available at: http://
www.securityprivacyandthelaw.com/2017/12/cyber security–
2018-the-year-in-preview-international-law-and-cyber-warfare/
[Accessed 2 November 2018].
3. O’Connell, M., Arimatsu, L., & Wilmshurst, E., (2012). Cyber
Security and International Law (p. 12). [ebook]. Available at:
http://www.securityprivacyandthelaw.com/2017/12/cyber security–
2018-the-year-in-preview-international-law-and-cyber-warfare/
[Accessed 2 November 2018].
4. Volkov, M., (2018). Cyber Security: The Law and Regulatory
Framework – Corruption, Crime & Compliance. [online]
Corruption, crime & compliance. Available at: https://blog.
volkovlaw.com/2018/01/cyber security-law-regulatory-framework/
[Accessed 2 November 2018].
 CHAPTER

8
CYBER SECURITY AND
AUTOMATION

LEARNING OBJECTIVES:
• Understand the guidelines for dependable automation
• Know about how to create a model through business
analysis
• Learn how Honeypot Front-End Interface is used
• Get to know the purpose of Event Monitor
• Understand the usage of SNMP
• Dwell upon the protocol of security content automation

KEYWORDS
• information systems
• automation
• orchestration
• automation protocol
• security management
• data flow
• security tool
• dependability models
• SNMP
• vulnerability assessment
 198 Cyber Security

8.1. INTRODUCTION
The “security automation” which is also known as security automation
solution is defined as the utilization of identical protocols and
specifications to perform precise security functions. These days, the
technologies under security automation are an essential part of the
operations of information technology within various organizations.
Most of the functions that are described in this chapter refer to
the cooperative effort among U.S. government agencies mainly
the Department of Homeland Security (DHS), the Department of
Commerce, National Institute of Standards and Technology (NIST)
and the Department of Defense (DoD), and among product vendors of
the commercial security.
A huge number of individual computer systems are maintained by
the federal government. Every day, the government also deals with
various substantial challenges of information security. The scale and
intricacy of attaining efficient risk management on the computer
systems lead the government to sponsor a great number of research
and development projects.
To recognize the importance of utilizing automation in the first
position, consider the equivalence of the industrial assembly line
development, for example by Ford Motor Company in the early
20th century. The previously used manufacturing steps were not
replaced by this assembly line. Instead, it took benefit of automation,
standardization, and consistent process.
Improved quality and increased efficiency can be attained by
using the specifications for mechanisms of automated delivery
and interchangeable parts. In the same way, by using explicit
interchangeable assessment and reporting the precisions, attaining the
requirements of security becomes more accurate, more effective and
less costly. An example of this is patch management software
The patch management software accomplishes various tasks that
 Cyber Security and Automation 199

are completely related to patching. The tasks are

used to be done manually such as recognizing the Risk manage-
availability of new patches, getting the patches ment is the process
from vendors and authenticating the integrity of identifying,
of the patches, deciding the systems present assessing and
in an organization that requires the patch and controlling threats
to an organization›s
allocating the patches to the suitable systems capital and earnings.
that require them and then installing them.
Consider a situation on having a huge
network of computers systems and applications,
and a person rapidly analyze the challenge of
scalability. Vulnerability assessment software is
another form of security automation technology.
The vulnerability assessment software works
on an information system to do a sequence of
checks of vulnerabilities, for example, lost
patches or wrong configuration settings of the
security, despite having an individual to perform
each check manually.
Different fields of security management
are supported by the automation which
includes the basic requirement to analyze what
is being managed. Renowned fields of the
information technology service delivery for
example configuration management and asset
management may intersect with the activities of
security management, to construct an approach
to the well-versed management system. The
components of automation together perform as
the interlocking gears to monitor the systems of
business and enabling of efficient management
(Figure 8.1).
200 Cyber Security

Security man-
agement is the
identification of
an organization›s
assets (including
people, buildings,
machines, systems
and information
assets), followed by
the development,
Figure 8.1: Examples of automated components.
documentation, and
implementation Following are the few conducts that common
of policies and
processes of business and security automation
procedures for
protecting these complement each other:
assets. • IT Asset Management (ITAM):
The process of automation gathers
the information about different
components of an information
system and some relatable data
such as purpose, location, and
owing organization of the asset. The
automated process provides support
to the complete understanding of what
requires to be secured. For example,
the tools of automation provide NRT
that is near-real-time information
regarding the licenses that are being
utilized or report of a new network
host.
Consecutively, the ITAM processes offer
significant information back to the management
of the security and tools of monitoring, for
example by informing monitoring tools
or assessment of which the host check for
compliance.
• Configuration Management:
Various organizations depend upon
 Cyber Security and Automation 201

automated configuration systems. This

is to keep track the characteristics of
the system, for example, the number
of machines utilizing a specific
processor and to keep the versions of
software updated.
Automated configuration systems include
IBM’s Tivoli or Microsoft’s System Center
Configuration Manager. These products are a
common choice to utilize for authentication of
specific settings of security that whether they
are at their place or not. Also, they play a role
in the subsequent approaches for automated and
standardized remediation of misconfiguration. Information
• Vulnerability Assessment: Precise system is the in-
tools and methods aim for potential formation and
communication
or known vulnerabilities that are
technology (ICT)
inherent to the information system. that an organization
Combining the products that uses, and also
recognize vulnerability with other the way in which
processes of IT, helps to guarantee people interact with
this technology in
that the complete life cycle of security
support of business
is functioning efficiently. processes. Some
The product of vulnerability reports the authors make a clear
identified devices back to an inventory service distinction between
information systems,
to support inventory processes. This procedure computer systems,
frequently consists of verification of software and business pro-
updates like patch management to correct the cesses.
discovered vulnerabilities.
These examples have just defined the
approaches that IT service delivery and security
function with each other to provide support
to the organization. Processes of service
such as configuration management and asset
management incorporate much more than what
is described here. These examples demonstrate
202 Cyber Security

the number of automated processes that work

together to offer an efficient management of
information resource and better security of
information, both.
Each of these processes like configuration,
vulnerability, asset management, and compliance
are significant essentials. They denote the very
Security automa- first wave of competences that are supported
tion is the automatic by the security automation. The practitioners
handling of secu-
rity operations- of security automation are performing on a
related tasks. It thrilling set of issues and challenges for future
is the process of capabilities of automation comprising automated
executing these tasks, reporting of the incident, integration of event
such as scanning management, automated, and standardized
for vulnerabilities,
without human remediation, identification, and structured threat
intervention. modeling, enhanced tracking of supply chain
and various other possibilities that are waiting
to be discovered.
The products that support the automation
and the processes influence the external
information to gain their aim that is security
content or security management content. The
content provides information about automation
product on how to accomplish the task.
Taking advantage of the security content
among the group of practitioners of security
and within an organization helps to enable the
repeatable as well as consistent practices of
security management. This provides support
to the common understanding of the exact
posture of security information systems that are
managed. This also facilitates the significant
reporting of the status of security management.
There are numerous examples of security
content available within the universal
repositories, for example, the U.S. National
 Cyber Security and Automation 203

Checklist Program. Manufacturers of software,

government agencies and security researchers
frequently share their proficiency by internet
sites as well as by electronic mailing. Main forms
of security content comprise the following:
• Security Checklist;
• Knowledge regarding the elements of
individual security;
• Security needs from regulatory
mandates and other resources.

8.2. GUIDELINE FOR

DEPENDABLE AUTOMATION
The integration requirements of automation
environment are relatively heterogeneous.
Though the fundamentals of the information
systems and the functions of these systems are
well defined, and hence, it is easy to provide
the guidance to implement the dependable
automation. The general steps of automation
integration can be identified. The model for
evolving automation applications is derived
from Eerola (2013) and Salmenperä et al.,
(2013).

8.2.1. Create an Essential Model through

Business Analysis
An important abstract or business model
describes the aim of the use case deprived
of technical details. It gives an answer to the
question that what is done, but the question how
it is done remain unanswered. The essential
model elucidates the business requirement that
is being solved by the use case, describing it
204 Cyber Security

in terms which are clear to the experts from

different areas. The result can be expressed by
using a simple data flow diagram. This step must
outline the business risks, high-level security
and automation dependability requirements
(Brown, 2008) (Figure 8.2).

Figure 8.2: Data flow diagram of a fault repair use

case in smart grids.

Source: https://link.springer.com/chap-
ter/10.1007/978–3–319–18302–2_15
The use case begins with the smart meter
which reports about a problem. The need of
business is to allocate a crew of workforce
to resolve the issue or problem. The Work
Management System (WMS) get a repair order
from the system and then dispatch the crew of
workforce to resolve the issue or problem.
Then, WMS reports back to the system and
inform the status of the repair work. The WMS
and smart meter are the technical information,
but from the integration solution aspect, they are
a kind of external systems. This model is easy
and spontaneous to hold for the non-electricity
professionals. This model does not specify the
functioning of the system internally.
 Cyber Security and Automation 205

8.2.2. Define the Use Case Explicitly

After getting an answer to the question “what
is done,” the next process is to define “how
things are done.” It also comprises a few
technical information regarding the system.
The utilization of middleware or the complex
architecture must not be yet defined. This can
be attained by using the data flow diagrams and
neglecting the implementation of the flows.
Hence, this process must have technical
information and participating systems. Smart
meter fault use case data flows begin from alarm
event at a smart meter which leads to dispatching
of the repair crew. It comprises some technical
information on the systems and sub-processes.
This step can advantage from using general use
case modeling rules and principles.
Questions that must be answered are like
“what or who starts the use case?” it could be
initiated by a user action or an event, it could
be continuous or time-based “housekeeping
routine.” What kind of orchestration or
Orchestra-
coordination is required? This depends upon the tion describes
complexity of the case. Till this point, it is not automated
essential to analyze which system will take care arrangement,
of the orchestration or coordination. What is coordination, and
the extent of automation that does the process management of
complex computer
need human intervention at some point in time? systems, and
services.
8.2.3. Determine the Participating Infor-
mation Systems
It is quite essential to list out the systems that are
required to be integrated. After the explanation
of use case, which system will participate?
Although it is essential to list them. This aids to
206 Cyber Security

simplify that all needed systems are recognized

and whether unnecessary systems are mentioned.
The definition of use case depicts what kind of
functionality and information is needed.
Depending on this, it is easy to look which
system has the essential details and can do the
needed functions, the Customer Information
System (CIS) and Distribution Management
System (DMS) in the case.

8.2.4. Define the Orchestration of the

Process
The definition of a general use case defines the
kind of orchestration that is required to manage
the whole transaction. This step will concentrate
on the implementation process of orchestration.
The possible situations and conditions of errors
must also be considered in this step. A simple
transfer of data needs very minute orchestration
different to more complicated long-running
transactions. It is very essential to describe
clearly the amount of transaction complexity is
handled. Also, this is a design decision
In the case of the example, the orchestration
can be handled by the DMS. The data
management system will get the alarm and then
it is responsible for locating the fault, referring
the CIS for the details of costumer, problem
prioritization and transferring an order of repair
to the WMS. Also, it will update the status
depending upon the reports of the WMS.
 Cyber Security and Automation 207

8.2.5. Define and Implement Processes

Data management is
Identify the use case as well as the participating an administrative
systems along with their functions related to the process that includes
selected paradigm. Most vital software products acquiring, validating,
in the electricity industry probably will remain storing, protecting,
and processing
as huge, monolithic structures for the predictable required data to
future. Though, few information or functionality ensure the
within these systems can be uncovered to accessibility,
provide easy access to other systems. reliability, and
timeliness of
the data for its users.
8.2.6. Define Data Flows
The diagram shown above defines the various
flow of data between information storages and
processes. To the endpoint systems, few flows
are internal, and few are inter-system. The inter-
system flows are required to be handled by
the selected implementation framework. This
step can recognize crucial points of failure in
the system and depicts the main dependability
effect of previous design on automation.

8.2.7. Define the Information Content of

Data Flows
Depending upon the data flows that are defined
in the previous steps, it is upfront to describe
what kind of details and information each flow
has. The consequence of this step is an inclusive
definition of the details or information content
of each flow.

8.2.8. Create Dependability Models

The details or information contained in the data
flows has some security and automation needs,
208 Cyber Security

for example, confidentiality, privacy, real-time,

alarm, and auditability. This step must describe
those needs. An alliance between an information
security personnel and an automation expert is
strongly suggested for this step. The experts of
information security know the correct question
Information that will introduce the requirements of security.
security is the The experts of automation have the complete
set of processes knowledge of the system, and they know how to
that maintain the
confidentiality,
give answers to these questions also.
integrity and
availability of
business data in its 8.2.9. Choose Information Security
various forms. Implementation Methods
Once the requirements of security are defined,
suitable methods of security implementation
must be utilized. This comprises both the general
decisions for example, “this flow of data requires
to be encrypted to offer confidentiality,” and the
details that are specific to the implementation
only for example, “this choice of design provides
these technologies for the encryption.”

8.2.10. Implement the Solution/

Orchestration
This is the last step in which the actual solution
is implemented. The secured process of
development must be used to assure that the
requirements are completely met.

8.3. HONEYPOT FRONT-END

INTERFACE
The link with the field network or automation
is built through the Honeypot Front-End
 Cyber Security and Automation 209

Interface. There are four major components of

the Honeypot Front-End Interface (Figure 8.3):
• The Modbus API simulator that
receives Modbus commands. It
behaves like a regular PLC and
provides all the important protocol
functionality, for example, access to
Modbus operations.
• A File Transfer Protocol module
(FTPD), which provides a File
Transfer Protocol (FTP) service
like the ones normally available on
commercial PLCs.
• A Simple Network Management
Protocol (SNMP) module providing
the SNMP (Case et al., 1990) device
management functionalities and
interfaces found on PLCs (SNMPD).
• A Port Scan detection module which
can detect any activity of probing in
the remaining TCP/IP service ports.

Figure 8.3: Wingpath Mod SNMP diagram (Mod-

bus API simulator).

Source: https://link.springer.com/chap-
ter/10.1007/978–3–319–18302–2_16
210 Cyber Security

The Modbus API module mainly executes

the Modbus TCP protocol variant that is broadly
utilized in SCADA systems.
The operation of the protocol is quite easy
Protocol is a standard
set of rules that allow to understand, for example, and a master station
electronic devices to transfers the commands to an RTU/PLC, that
communicate with further responds them back. The master station
each other. frequently polls and variates the register values
of the present RTU/PLC. The commands are
generally the read or write functions in most of
the situations.
Same as PLC, the Modbus API module
executes registers or variables for keeping values,
allowing, and attacker to make interaction with
it, polling, and then altering the values, along
with the honeypot responding to the requests of
the attacker with the consistent response.
The Modbus API module also consists of
a Modbus message parser. This is generally
utilized to separate out the different fields to
transfer them to the Event Monitor. In addition to
the Modbus message fields, this module stocks
additional details and information regarding the
interaction like the source IP and a timestamp.
The Modbus message fields include
protocol identifier, transaction identifier, unit
identifier, the length field, data bytes, and the
function code. The behavior of the Modbus
API can be configured, and to some level, it is
programmable to mimic a broad range of real
RTU/PLC devices better.
This is the main characteristic to avoid
sophisticated attackers from making the
difference between the real devices and
honeypots. If every honeypot has the identical
predefined behavior, then it will be easy to
 Cyber Security and Automation 211

define the exclusive “behavior profile” for the Protocol Identifier is

honeypots and hence, cooperating their stealth. defined as the identi-
The SNMPD and FTPD modules provide fier that points to
a specific protocol
management services and file transfer that which will be utilized
is usually found in different Modbus PLCs to search the resource.
respectively. Every module has a program
which monitors the logs generated by these
services. The program is attentive of any kind of
log entry and can report it to the Event Monitor
for additional analysis.
To better cover, the interactions, a Port Scan
module is utilized. This module is not related to
the technology context of SCADA, being able
of taking interactions of the generic network to
spot the existence of an attacker.
It hears to the residual ports that are not
covered by the other modules, for example,
Modbus API, SNMP, and FTPD. Based on the
configuration that is utilized in the honeypot, it
can perform an interaction report that is simple.
Alternatively, it can also send the detailed
information to the Event Correlator.

8.4. EVENT MONITOR

The details or information found in the Honeypot
Front-End Interface is recognized by the Event
Monitor. The module is further categorized into
four sub-modules:
• Filter;
• Event Assembly;
• Event reduction and aggregation; and
• Event transmission (Event Tx).
Any event must pass through all the sub-
modules. The sequence of the movement of
212 Cyber Security

events will be like: filter, event reduction

File transfer is the and aggregation, event assembly and event
transmission of a transmission.
computer file through
a communication The modules of Filter and Event reduction
channel from one and aggregation preprocess the security events,
computer system to enhancing the system resources for example
another.
network and processing, and cause to improve
the scalability of the solution up to larger
scenarios of SCADA network.
The filter module is basically utilized to
filter the related events as per earlier described
configurations. The previously defined
configurations are kept in a file which is read
when the module begins or by a Management
and Watchdog module request.
For example, the filter module can remove
the events of no use. Appropriate events are
then transferred to the Event reduction and
aggregation module that develops an event to
aggregate them by same features such as events
that are related to groupings.
To create security event messages by
utilizing a standard format, the module of Event
Assembly is responsible. The structure of event
message depends upon the IDMEF (Intrusion
Detection Message Exchange Format). It is
a standard data format which is designed for
Intrusion Detection Systems (Debar et al., 2007).
Using intrusion detection message exchange
format as a standard message format can
enhance the interoperability from software
amongst different vendors. The intrusion
detection message exchange format messages
depend upon XML, accepting an object-oriented
data model where the top class is the intrusion
 Cyber Security and Automation 213

detection message exchange format -Message

Class.
Scalability is
This IDMEF class has further two classes: an attribute that
The Heartbeat Class and the Alert Class. describes the
Every second level classes include various ability of a process,
network, software
aggregated classes that have the details or organization to
and information regarding the message, for grow and manage
example, classification, sources, and detect increased demand.
time. The widely used format is IDMEF. It is
being maintained by different types of Host and
Network IDS.
Therefore, it smoothens the integration
between existing applications of intrusion
detection and the proposed SCADA honeypots.
IDMEF messages are transferred by using a
secure channel between a high-level Event
Correlator and the Honeypot that is accountable
for processing and correlation of the event.
The precise nature of the node of processing
may variate from case-to-case by presuming the
kind of a classical IDS application or the kind of
distributed and specialized correlation engine.
The secure message transmission is certified by
the Event Tx module.

8.5. USAGE OF SNMP IN SCADA

ENVIRONMENTS
The significance of comprising an SNMP
service on the honeypot is concerned with
the context that SNMP is used extensively in
SCADA environments although some authors
suggest to not allow SNMP traffic in SCADA
networks for the reasons of safety (Krutz, 2006).
For instance, SNMP is broadly used to
manage the PLC and RTU devices. Also, SNMP
214 Cyber Security

is used in the case of manufacturers to sample

out the details and information from the control
devices and hence complements the operations
of SCADA.
The way of executing SCADA/SNMP hybrid
variates from one manufacturer to another.
In fact, Wingpath uses a Modbus to SNMP
converter which acts as a doorway between the
Modbus slaves and an SNMP manager.
To select the value from a given PLC,
the manager of SNMP sends a SNMP GET
command to the ModSnmp server. Then, this
server sends a request of Modbus to the PLC,
gets the equivalent response and then sends
a GETRESPONSE message to the SNMP
manager.
Other methods utilize the traps of SNMP to
poll the information from PLCs (Tsubakimoto,
2011) Moxa also utilizes the SNMP to collect
the details and information from control devices.
Despite the gateway method of Wingpath and
Tsubakimoto (2011), its control devices are
SNMP capable (Moxa, 2009).
This agent of SNMP can mimic the
functionalities of expected device management
typically of SNMP and, if required, it can also
be organized to provide advanced access to
industrial process information.

8.6. AUTOMATIC OPERATION OF

SECURITY CONTROLS
After the process of risk assessment and the
countermeasure selection, the controlling
measures of the information security must be
executed and functioned to mitigate the risk. In
 Cyber Security and Automation 215

total 133 security controls have been specified

by the ISO 27001.
Few of them is more concerned to the human
resource problems and processes, while several
others are related to the technology. The hard-
and software tools and automatable controls that
provide support to the automation are briefly
defined below:

1. Controls that can be automated

The security control can be computerized if
the control operation can be done without the
involvement of humans in the process. In a few
conditions, the controls can be only partially
automated.
The recognition of controls which can be
automated whether partially or completely
depends on the following criteria:
• The monitoring and operation of the
control need machine-readable and
-processable resources only. Those are
the controls, for example, awareness
training that cannot be automated as
they need the training of humans.
• The control can be partially or
completely executed by at least one
security application defined in the Hardware secu-
following subsection. rity is vulnerability
protection that
2. Soft- and hardware tools comes in the form
of a physical device
To recognize the controls that are automatable, rather than software
various enterprise level software and hardware that is installed on
security solutions were studied, mainly those the hardware of a
that permits the automation of the control computer system.
operations in a unified manner.
216 Cyber Security

Following are the software and hardware

tools that have been studied in context with their
potential of security control automation:
• Microsoft: Systems Management
Server (SMS) and Active Directory
(AD);
• nCircle: IP360 and Configuration
Compliance Manager (CCM);
• Alien Vault: Open Source Security
Information Management (OSSIM);
• Symantec: Protection Suite Enterprise
Edition (ED), NetBackup, and Veritas
Cluster Server (VCS);
• PfSense;
• APC Infrastructure;
• VMware vSphere;
• Honeywell.
It is essential to explain that the examples
of security applications defined in the above
Learning Activity: sections are not exhaustive. The analysis
Learn about the dif- was done to recognize the controls that are
ferent ways in which automatable.
the automation has
been affected by the
In addition to the automation support potential
cyber-attacks and read of the tool, the analysis further demonstrates that
about at least one case there is no such tool that provides support to the
where the automation whole range of potentially automatable controls.
has suffered. As an alternative, a combination of various tools
is required to enhance the automation within the
organizations.
Hence, it is very critical to establish the
standards of interoperability to provide support
to the communication between various security
tools.
 Cyber Security and Automation 217

8.7. THE SECURITY CONTENT

AUTOMATION PROTOCOL
The recent work related to the automation of Security software is
information security has concentrated on format a broad term that
standardization and nomenclature by which the encompasses a suite
products of security software transfer the details of different types
of software that
and information regarding the flaws of software, deliver data and
identification of software and configurations of computer and
the security. network security in
These attempts resulted in the definition of various forms.
the SCAP that is Security Content Automation
Protocol. It has been specified by the National
Institute of Standards and Technology (US).
SCAP can be used in the inspection phase of
the information security management process to
provide an automated way of:
• Monitoring the settings of system
security configuration.
• Analyzing the systems for the signs of
compromise.
• Having an awareness of the situations
that are being capable of determining
the security posture of systems and
the organizations at any point in time.
SCAP has two major elements. The first one
is a protocol which has a suite of specifications
that are used to standardize the format as well as
nomenclature by which software becomes able
of communicating the information regarding the
flaws and configurations of security.
The second one is that SCAP has software
flaw and configuration standardized data of
reference which is also called as SCAP content. It
has different areas of an application comprising:
218 Cyber Security

• Automated checks for the known

vulnerabilities.
• Automating the security configuration
settings verification.
• Producing reports that connects the
low-level settings to the high-level
requirements.
The current components of the SCAP
protocol are:
• Common Platform Enumeration
(CPE): nomenclature and dictionary
of product names and versions.
• Common Vulnerabilities and
Exposures (CVE): Nomenclature
and dictionary of security-related
software flaws.
• Common Configuration Enumeration
(CCE): Nomenclature and dictionary
of system configuration issues.
• Common Vulnerability Scoring
System (CVSS): Specification for
measuring the relative severity of
software flaw vulnerabilities.
• Open Vulnerability and Assessment
Language (OVAL): Language
for specifying low-level testing
procedures used by checklists.
• Extensible Configuration Checklist
Description Format (XCCDF):
Language for specifying checklists
and reporting checklist results.
 Cyber Security and Automation 219

8.8. SUMMARY
As the world advances and looks forward to
the digital age, it becomes significant to focus
on the element of cyber security in the world
of automation. The machines need to secure
themselves against any kind of cyber attacks,
and the best way to initiate that is by laying
down certain guidelines for the manufacturing
of these machines.
There needs to be a protocol for the security
in the automation industry and periodical
monitoring of the working and functioning of
the machines. These methods help to prevent
the cyber attacks on the automated processes of
various industries, keeping them safe from the
foreign digital intrusions.
 220 Cyber Security

REVIEW QUESTIONS
1. Explain the guidelines for dependable automation.
2. Explain the usage of SNMP.
3. The protocol of security content automation.
4. Define Honeypot Front-End Interface.
5. Define the components of automation.
6. What is the security automation solution?
7. What is the importance of patch management software?
8. What is vulnerability assessment?
9. How to create an essential model through business analysis?
10. What are the main security controls that can be automated?

CHOOSE THE CORRECT OPTION

1. The components of SCAP includes _______________.
a. Common Platform Enumeration (CPE)
b. Extensible Configuration Checklist Description Format
(XCCDF)
c. Common Configuration Enumeration (CCE)
d. All the above
2. Common Configuration Enumeration (CCE) is used for
_______________.
a. Nomenclature and dictionary of product names and
versions
b. Language for specifying checklists and reporting checklist
results
c. Nomenclature and dictionary of system configuration
issues
d. Specification for measuring the relative severity of
software flaw vulnerabilities
3. Software and hardware tools used for security control
automation are _______________.
a. PfSense.
 Cyber Security and Automation 221

b. APC Infrastructure
c. VMware vSphere
d. All the above
4. The module of event monitor is further sub-divided into
_______________.
a. Filter and Event Assembly
b. Event reduction and aggregation
c. Event transmission (Event Tx)
d. All the above
5. The automated components are _______________.
a. IT asset management
b. Vulnerability management
c. Security management
d. Both a & b
6. The patch management software accomplishes various
tasks that are completely related to _______________.
a. Patching
b. Management
c. Security
d. Automation
7. A form of security automation technology is
_______________.
a. Vulnerability assessment
b. Automation assessment
c. Patching
d. Security implementation
8. Which is not a step under the guideline for dependable
automation _______________.
a. Defining the use case
b. Defining and implementing the processes
c. Defining the data flows
d. None of the above
 222 Cyber Security

9. Language for specifying checklists and reporting checklist

results is a part of _______________.
a. Common Platform Enumeration (CPE)
b. Common Configuration Enumeration (CCE)
c. Extensible Configuration Checklist Description Format
(XCCDF)
d. Common Vulnerability Scoring System (CVSS)
10. CCE stands for _______________.
a. Common Configuration Enumeration
b. Computer Configuration Enumeration
c. Common Computer Enumeration
d. Common Configuration End-interface
 Cyber Security and Automation 223

REFERENCES
1. Lehto, M., & Neittaanmäki, P., (2015). Cyber Security: Analytics,
Technology, and Automation (pp. 215–251). [ebook] Springer.
Available at: http://file.allitebooks.com/20151011/Cyber%20
Security-%20Analytics,%20Technology%20and%20Automation.
pdf [Accessed 2 November 2018].
2. Montesino, R., & Fenz, S., (n.d.). Automation Possibilities in
Information Security Management (p. 4). [ebook]. Available at:
https://www.sba-research.org/wp-content/uploads/publications/
PID1947709.pdf [Accessed 2 November 2018].
3. Security Automation Essentials, (2018). [ebook] (p. 27). Available
at: https://resources.infosecinstitute.com/wp-content/uploads/
Security-Automation-Essentials.pdf [Accessed 2 November 2018].
 INDEX

A Automatic alteration 158

Accessibility 37, 38, 44 B
Accompanying condition 78 Bot customer 123
Accountability 18, 20 Botnet assault 127
Accursed action 92 Business program 76
Active Directory (AD) 216
Administration framework 67 C
Administrative consistency 148 Client honeypot 129
Administrative procedure 68 Client interfaces 76
Amid warrant action 97 Cloud specialist co-ops (CSPs)
Annihilating 14 106
Anti-spam software 4 Collaboration 186, 187
Antivirus programming 122, 127 Command and Control (C&C)
Asset management 199, 201, 202, 121, 133
221 Common Configuration Enumera-
Attack reflection 107 tion (CCE) 218, 220, 222
Auditing security 82 Common Platform Enumeration
Australian Ecological Protection (CPE) 218, 220, 222
Agency 151 Common Vulnerabilities and Ex-
Authentic access 42 posures (CVE) 218
Authoritative life 64, 69 Common Vulnerability Scoring
Authoritative organizations 4 System (CVSS) 218, 222
Automated configuration systems Company management 56
201 Computerized Forensics 103
226 Cyber Security

Computerized security domain 38 D

Computer security 4
Data amid 78
Computer system 172
Data assets 60
Confidentiality 1, 18, 20, 23, 149,
Data innovation 11, 13
168
Data-oriented society 11, 12
Confidentiality, integrity, and
Data resources 76
availability (CIA) 49
Data security 38
Configuration Compliance Man-
Data upheaval 13
ager (CCM) 216
DDoS (Distributed denial of-bene-
Conundrum 146
fit) 119
Cordial assault 129
Deductive thinking 91
Crime pertaining 174
Defenseless machine 129
Criminal cells 172
Demilitarization 187
Criminal equity 91, 95
Department of Defense (DoD) 198
Criminal equity network 91
Department of Homeland Security
Criminality 5, 9, 15
(DHS) 198
Criminal offense 151
Digital assailants 61
Criminal thinking 7
Digital assaults 57, 59, 60, 61, 72
Criminological control 102, 114
Digital crime affronting 101
Critical harm 158
Digital crime insulting 92, 93, 98
Cryptography 29, 41, 46, 48, 49,
Digital danger 58
51
Digital forensics 89, 90, 112, 113
Customer Information System
Digital security administration 57,
(CIS) 206
62, 64, 65, 67, 69, 71, 72
Cyber attacker 56
Digital terrorism 14
Cybercrime 1, 2, 3, 5, 6, 7, 8, 9,
Digital vulnerabilities 148
14, 23, 24
Digital world 8, 24
Cyber defense 177
Digitizing world 33
Cyber incitement 184
Direct observation 92
Cyber security management 55,
Distributed Control Systems
56, 83, 85
(DCS) 147
Cyber security management model
Distribution Management System
56, 85
(DMS) 206
Cyberspace 30, 32, 33
DNS blacklisting technique (DNS-
Cyber warfare 189
BL) 131
Cyber weapons 189
Cyber world 1, 2, 3, 17, 24, 26
 Index 227

E Human intercession 155

Human-machine interface (HMI)
Economic injury 176
147
Egg downloading 132
Human mediation 152, 155, 156
Electronic messages 153, 155
Human trafficking 4, 24
Electronic proof 93, 94, 95, 102,
105 I
Encryption 149
IDMEF (Intrusion Detection Mes-
Enormous information 102
sage Exchange Format) 212
Ethical boundaries 90
Inbound filtering 131
Exhaustive examination 104
Individual identification number
Explicit interchangeable assess-
(PIN) 39
ment 198
Individual security 203
Extensible Configuration Check-
Industrial control systems (ICSs)
list Description Format (XC-
146
CDF) 218, 220, 222
Industrial development 102
F Infectious disease 81
Information-driven threats 96
File Transfer Protocol (FTP) 209
Information exchange 3
File Transfer Protocol module
Information respectability 43, 52
(FTPD) 209
Information technology 79
Financial balance 44
Internal security 192
Financial institution’s network 172
Internet Protocol (IP) 31
Financial participants 11
Interpersonal organizations 34
Focal handling unit 45
Intervention online 178
Focal sensory system 37
Intimidating enforcement 184
Frameworks institutionalization
Investigative agency 2
159
IS (Information System) 43
Freeware 97
IT security network 149
G
L
Geopolitical circumstance 57
Leadership 67, 72
Global network 172
Legitimacy 8
H Legitimate measurement 66, 67
Legitimate process 93
Heartland Payment Systems 43
Legitimize warrantless inquiry 97
Human confirmation 39
Live crime 105
228 Cyber Security

Locality Sensitive Hashing (LSH) P

132
Patch management software 198,
M 220, 221
Pertinent transnational law 175
Malware 118, 122, 126, 128, 130,
Physical gadgets 98
132, 133, 136
Physical security 148
Media transmission 12, 13
Pin Unlock Key (PUK) 100
Media transmission movement 12
Plausibility 68
Methodical assessment 20
Policing system 7
Mob crime 5
Political motivators 30
Multifaceted nature 8
Potential proof 92, 103
Multifactor verification 39
Private business information 18
Multi-month time span 127
Private data 42
Multi-partner approach 8
Proficiency 148
Mysterious intermediary 119
Profitability 148, 164
N Programmable Logic Controllers
(PLC) 147
Nasty software 34
Prominent network 35
National Information Assurance
Psychological distress 190
Glossary (NIAG) 38, 51
National Institute of Standards and R
Technology (NIST) 198
Reconnaissance 93, 95
Network security 186
Remote Terminal Units (RTU) 147
Nonrepudiation 38, 40, 41, 43, 45,
Remote wiping 97
49, 51
Repository for Industrial Security
Noxious movement 92
Incidents (RISI) 162
Nuclear power plant 146
Responsibility 20
O Retaliation 177
Risk administration 68, 69, 75, 81
Online cheating 2
Risk appraisal 74, 76
Open Source Security Information
Risk evasion 81
Management (OSSIM) 216
Risk Management 74, 84, 86, 87
Open Vulnerability and Assess-
Risk management model 56
ment Language (OVAL) 218
Risk mitigation 79, 85, 86
Ordinary movement 58
Organizing flooding 45
Outbound assault proliferation 132
 Index 229

S System sniffing interruption 131

Secure Digital (SD) 111 T
Secure Real-time Transfer Proto-
Telecommuting 34
col (SRTP) 109
Tranquil security 187
Security automation technology
Transient increment 60
199, 221
Transnational community 180
Security circumstance 61
Transnational evidentiary 182
Security Council 181, 184
Transnational law 171, 173, 175,
Security disappointment 11
179, 180, 183, 188, 190
Security vulnerabilities 122
Transnational security 190
Simple Network Management Pro-
tocol (SNMP) 209 U
Social designing 127
Unapproved intercession 156
Sociology 5
Unauthorized transaction 2
Solid substantive 90
Unending extension 10
Solitary client 101
Unscramble information 41
Solitary machine 130
Sovereignty 6 V
Spam botnet 120
Validation 38, 42
Spamming botnets 131
Veritas Cluster Server (VCS) 216
Srizbi botnet 131
Versatility 149, 168
Standardization 198, 217
Vindictive substance 126
Standardized remediation 201,
Violent action 182
202
Virtual domain 128
Structured Query Language (SQL)
Virtual machine 129
44, 51
Virtual private network (VPN) 42
Subscriber Identity Module (SIM)
Vulnerability 15, 16
100
Vulnerability assessment software
Substance information 98
199
Supervisory Control and Data Ac-
quisition (SCADA) 147 W
Symmetric key 41
Web movement 124
Synthetic concoctions 146
Website substance 120
System interruption 121
Well-versed management system
System level information 131
199
Systems Management Server
Work Management System (WMS)
(SMS) 216
204