Transcript Informacijska ili kibernetska sigurnost


Kriminalitet u kibernetskom prostoru
Suvremene oblike
Igor Bernik, Univerza v Mariboru, Fakulteta za varnostne vede
Informacijska ili kibernetska sigurnost
evolucija ili revolucija
 Revolucija infrastrukture
 Eksplozija podataka
 Stalno uključen, stalno priključen u kibernetski prostor
 Buduče financije - cash ili e-payment, substituti?
 Nove, strože regulacije i standardi
 Više interneta – zemlja nije jedna, zemlja je više?
 Novi modeli identitete i poverenja? (new identity and
trust models)
Kibernetski kriminalitet
u modernom svjetu
 Institucije i zakonodaja, medžunarodna usaglašenost
 Izvršioci kibernetskog kriminala, motivi, klasifikacija
izvršioca
 Kibernetička infrastruktura za vršenje različitih krivičnih
djela
 Zaštita sistema od napada
 Novi pojavni oblici kibernetskog kriminaliteta
 Strah pred kibernetskim kriminalitetom
 Istraživanje kibernetskog kriminaliteta
Introduction of topic
 What do we understand as cybercrime
 What is particularly ‘cyber’ about it?
 We belive: Criminal acts is punishable by law.
 For most of criminal acts conducted in cyberspace
we use ’classic legislation’ (theft, abuse, child
pornograpy, etc.).
Cybercrime is the use of information technology
to carry criminal acts.
Guidelines
To ensure protection against cyber criminals, to
reduce endangerment and avoid possible
consequences, it is important to adhere to the
following basic guidelines:
 Be careful when opening links received by e-mail
(Trojan horse malware, phishing etc.).
 Be aware that your personal data can be used to
profile your activities, thus making you vulnerable to
manipulation and/or identity theft.
 Try to check the identity of anyone who wishes to
acquire your personal data.
 Be careful which data and software application you
load onto your computer or mobile device. Some
applications enable theft of personal or business
data.
Guidelines, cont.
 Make sure that your anti-virus program is regularly
updated and that a firewall is installed.
 Protect your passwords, and take notice of anyone who
is shoulder surfing while you type them in.
 Periodically change your passwords, choose “strong”
passwords.
 Most importantly: use your common sense.
Informing and educating about the dangers of cyber
crime must become widespread, common and
continuous at all level of society.
Users will know how to use this technology rationally
and responsible, and will not be afraid of it.
Conclusion
 Users are relatively well informed about the
various types of cybercrime, but the public is more
aware of threats exposed by the news media, than
of those from which they should truly protect
themselves.
 Better security and thus greater safety can only be
ensured, if users conduct themselves responsibly
in cyberspace.
Lack of understanding translates into
inadequate security.
Informacijska i(li) kibernetska borba
poznato ili novo dogadganje

Informacije i kibernetski prostor, snaga informacija i informacijski
konflikt

Tehnike, izvršioci i žrtve informacijske borbe

Državno izvajanje informacijske borbe, špijunaža, aktivna borba,
asimetrična, borba, informacijske operacije, propaganda

Uloga organizacija i industrijska špijunaža

Uloga država v informacijskem bojevanju; SAD, Kineska, Rusija,
Izrael, ... položaj malih zemalja

Medžunarodna zakonodavstvo, odbrana

Političko i ideološko motivirane grupe
ICT and Internet
Crucial operations
Daily work
Business
Economic loss,
physical impact
Cyber crime
Information warfare
Information warfare
Information warfare = warfare for information power.
Right information are basic capital of arganization!?
Military, state, organizational and NGOs.
Asimetric warfare.
Nature of information warfare
STATE IW
Espionage (Echelon)
Kinetic war (NCW, GIG)
Information operations
Propaganda
CORPORATE IW
Harassment
Industrial espionage
CIVIL IW
Cyber terrorism
Hacktivism
ECD
Animal, environment
rights group
Recommendations for counterfeiting
1. Information security politics should consider ISO standards.
2. Implementation of latest technology.
3. National strategy of information (cyber) security.
4. Mandatory information security standards for all organizations.
5. Safety classifications of valuable information.
6. International cooperation.
What needs to be done for improvement?
National level
1. Universal definition.
2. Definition of acceptable usage of ICT.
3. International harmonization.
4. Abolish legal constraints.
5. Trained law agencies.
Organizational level:
1. Business ethics.
2. Security awareness.
3. Data classification and personal limitation.
4. Risk management and uninterrupted business.
Further research: understanding, protection.
Kibernetski terorizam
šta je kibernetskog u terorizmu
 Kibernetksi terorizam ili klasički kibenetksi kriminalitet
 Nivoi kibernetskog terorizma, kibernetski prostor i
terorističke akcije
 Izvršioci klasičkog kibernetskog kriminaliteta i teroristi
 »Risk management« na področju kibernetskog terorizma
 Posljedice kibernetskog terorizma, preventivne mjere
 Mjere protiv kibernetskim terorističkim napadima
 Aktivnosti na ravni organizacija, država, EU, NATO, globalno
Cyber Terrorism - facts
 IS are a basic support element of every organizational
structure - organizations cannot achieve their visions
without them
 Companies feels necessity of securing IS
 Protection; risk management system - allows us to know
our enemy
 Threats to IS are multiple and constant. Reason for
protecting our IS is to defend it from external malware one of those vicious attacks is also CT.
Cyber Terrorism – sum
 Definition: Cyber Terrorism is carefully planned,
politically motivated attack on information,
computer system, programs and data.
Cyber Terrorism causing fear, damage or even
death using attack with the enterprise IS
influencing the (global) society and media
attention.
Computers as weapon
•
•
Can not cause death or injury - indirect risks.
Consequences and acts are therefore indirect.
Computers control critical infrastructure: storage of vital
information-damage or loss can lead to loss of lives (ex:
medical environment).
Difference with classic form of terrorism:
• High level of computer knowledge
• High level of motivation (possibility of recruiting hackers
for terrorist needs)
Difference is also seen in the usage of computers - at the
moment computers are used as a support for planning and
executing classical terrorist attacks- that will change in the
future.
Cyber Terrorism – consequences
 Psychological
 Physical
 Economic
The most exposed critical areas: information and
communications, electrical network, gas and oil
(storage, transport, extraction), banking and
finances, transport, water supply systems,
government services. We must physical separate
critical IS from internet.
Protection
 Countries and organizations must take proactive
measuraments for protecting IS and critical
infrastructure from CT
 Risk management system is unavoidable (similar as
classic system - consequences are the most
important factor)
 Decision regarding the form of protection is
dependent on every organization by itself
Conclusion




Cyber terrorism is (still) misunderstood.
Terrorist actions in cyber world can become more often. New generations of terrorists
are born in information society. They will posses knowledge of ICT and combine it with
high level of motivation.
Damage caused by these attacks can be bigger.
High level of safety culture in organizations shows us that they are well prepared.
Cybercrime and terrorism are unavoidable threats. What can we do?




Prepare better process of recovery in case of incident.
Preventive actions, education and raising safety culture will leads to improving
information security.
Risk management process - we must know our threats to fight them.
Following trends of security and threat development is necessary.