According to the United States General Accounting office, cyber security is defined as the defense against attacks on the information technology infrastructure. United States General Accounting Office, (2004) also defined cyber security as the process of combining of network and computer security so as to protect an individual’s IT assets.
Cyber security involves protecting any form of personal information and or any form of digital asset stored in the computer or in any digital memory device.
Cyber security can also be defined as the protection of all devices that rely on the internet including the networks themselves to the information that is stored in those devices such as the computer databases and even their applications.
Statistics Canada define cyber threats as an offence which involves a computer as the object of crime or as the tool used to commit a material component of the crime
Persons who try unsolicited access to either the devices of control or the network by means of a data communications pathway bring about cyber threats. The unsolicited entry can originate from either the employees of that particular company or via the Internet from anonymous people in undisclosed places.
There are diverse causes of the cyber threats to intrude into the control appliances and can originate from unfriendly governments, annoyed workers, aggressive hackers and terrorists. Cyber-barriers can vouch for protection against potential threats if installed around the Industrial Control System (ICS).
There are various forms of cyber threats that exist. According to an article by Masters (2011), the various forms of cyber attacks include cyber war, cyber terrorism, cyber espionage, and vandalism.
Clarke and Knake (2010), define cyber war as the action of a nation-state penetrating into another nation’s computer or network with the aim of causing disruption or confusion. Cyber war involves units organized along nation boundaries to carry out offensive operations using computers to attack other computers electronically. These kinds of attacks are carried out by individuals who are well versed with computer programming.
In an article by Dr. Elmusharaf (2004), the FBI defines cyber terrorism as a “premeditated, politically motivated attack against information, computer systems, computer programs, and data which result in violence against noncombatant targets by sub-nation groups or clandestine agents”. Terrorism has adverse effects to a nation because it endangers the security of a nation by stealing, exposing and destroying the most sensitive and secretive information. Dennings (2000), define cyber terrorism as unlawful attacks against computers, networks and the information that is stored in them so as to intimidate government or its people for political or social objectives.
Cyber espionage is the practice of obtaining secrets without the permission of the holder of the information from other individuals, competitors, rival groups, or enemies for personal or political advantage by illegally exploiting the internet, networks or individual computers. Lorents and Ottis (2010), define cyber espionage as the use of cyber attacks with aim of causing a loss of confidence of the target system. It involves cyber spying and the theft of industrial technology and state secrets.
Cyber vandalism is also another form of cyber threat. In an article by Pan (2010), cyber vandalism refers to where a private or government website or network is damaged, changed or defaced by an individual or a group of individuals. Vandalism may have a significant effect on a person or even a nation as it may lead to loss of important information or may even lead to loss of a person or country’s reputation, Satapathy (2000).
Cyber security is also threatened by the existence of computer viruses. A computer virus is a manmade program that is loaded in a computer without ones knowledge. The virus is dangerous because it can replicate itself and can lead to loss of information and an eventual stop of the running of the machine .computer virus are however counteracted by the use of anti-viruses which act as antidotes. Anti-viruses are essential in protecting any information stored from being corrupted by the virus.
More so, cyber security is usually threatened by the existence of hackers. Computer hacking is the practice of changing a computer hardware or software to accomplish a certain goal different from the original purpose. Hackers refer to individuals who are able to unlawfully access another person’s information by accessing their accounts. Cyber hacking can result to exposure of an individual’s information or even a nation-state’s secretive information. This information can thereafter be used to black mail an individual or a nation to doing certain things. This information exposure can also pose security issues to a person as well as a nation.
Cyber Security Standards
According to an article on the Science Daily, cyber security standards are defined as security standards which help organizations to put in place safe security measures so as to reduce the level of successful cyber security attacks. There are various international cyber security standards that have been put in place so help curb the increasing cases of cyber attacks. The major international cyber security standards are as discussed below;
ISO/IEC17799. Information Technology –Code of Practice for Information Security Management.
This is an international code of practice that offers guidelines and voluntary directions for the information security management. The fields that require vital security in a company, ranging from commencing, applying and preserving the protection of the information are detailed in the ISO/IEC17799, and it is the foundation for building up particular instructions for the organization. Matters ranging from creating a security strategy for the organization, the safety measures of the organization, cataloging and managing the assets, the protection of the workers, workplace security, managing the access, improving the systems and preservation are described in this paper.
NIST PCSRF- Protection Potential Profile for Industrial Control Systems
The security prerequisites affiliated with the Industrial Control Systems were compiled by Process Control Securities Requirement Forum (PCSRF). The NIST PCSRF paper tackles the potential security concerns applicable to those considered as the constituents of the nationwide information infrastructure. Courtesy of Idaho National Laboratory (2005), it identifies the security potential that may be found in the programmable electronic components among them an industrial control structure.
ISA SP99- Manufacturing and Control System Security Standard
The committee in charge of preparing this document aimed at improving the confidentiality, integrity and availability of systems used for manufacturing or control. The committee also wanted to provide criteria for procuring and implementing secure control systems. The committee provide two other documents; ISA-TR99.00.02-2004-Integrating Electronic Security into the Manufacturing and Control System Environment and ISA TR99-01-Security Technologies for Manufacturing and Control Systems which provide an evaluation assessment of the existing forms of both the technology of the electronic defense and the applications applicable in the sectors of both the building plants and controlling field. It was meant to provide recommendations and guidance for effective use of electronic security technology and developing a site and plan for manufacturing and control systems environment, Idaho National Laboratory (2005).
Cyber Security Measure
There are various cyber security measures that can be applied to ensure that personal, organizational or even government information is safe. The core cyber security measures are confidentiality, integrity and availability.
National Institute of Standards and Technology define information confidentiality as preserving authorized restrictions on information access and disclosure, including means for protecting personal privacy and proprietary information; consecutively, it’s also used to refer to the mutual assertion among authorized personnel or associations. . When data isn’t handled in a way that secures the confidentiality of the information therein, it results to a breach of confidentiality.
Data integrity is another vital measure to curb cyber threats. Data integrity refers to ensuring that data stored is not tampered with and that it can be highly relied upon .
Another principle of cyber security is availability which means the presence of information when need arises. A number of computer manufacturers use the term data availability to refer to the products and services that vouch for the persistence availability of data in performance circumstances that are either normal or “disastrous”. Briefly, for data availability to be accomplished there must be superfluity of the location of data storage and accessibility.
Cyber security is very important in our day to day lives. This is because of the various advancements in technology. It is therefore very important to understand the various threats that are associated with the internet and computers. This will help individuals, organizations and even the government to keep their information safe and to also ensure that correct information is accessed when it is needed.
Elmusharaf, D. M. (2004, April 8). Cyber Terrorism:. The New Kind of Terrorism. .retrieved on 01 October 2011 from http://www.crimeresearch.org/articles/Cyber_Terrorism_new_kind_Terrorism/
Laboratory, I. N. (2005). A comparison of cross-sector cyber security standards. Idaho Falls.
Pan, V. (2010, March 03). Retrieved October 01, 2011, from http://trudalane.net/resources/node/230#Cyber_Vandalism.
Peeter Lorents, R. O. (2010). Knowledge bass framework for cyber weapons and conflicts. Tallin, Estonia: CCD, COE Publications.
Richard.A.Clarke, & Knake, R. (2010). Cyber War: The Next Threat to National Security and What To Do About It. Chicago: Amazon.
Satapathy, C. (2000). Economic and Political Weekly. Impact of cyber vandalism on the internet, 1059-1061.
Science Daily (n.d) Cyber Security Standards. Retrieved from http://www.sciencedaily.com/articles/c/cyber_security_standards.htm
United States General Acting Office, G. (2004, May). Technical Assessment. Cyber Security for Critical Infrastructure Protection
International Standard ISO/IEC 17799:2000 Code Practice for Information Security and Management. http://csrc.nist.gov/publications/secpubs/otherpubs/reviso-faq-110502.pdf