What Should We Do in Cyber Security?

August 14, 2019 posted by

So, essentially, we’re already saying that we need to
do something about cyber security. So how can that be done? Making them go away is not
an easy thing obviously. One thing we can do is we can
make sure that crime doesn’t pay. We’re actually going to
talk about cyber laws. But making threats go away is nice idea, but it hasn’t really
been all that effective. You can reduce vulnerabilities, but we’re never going to have
zero vulnerabilities. Complex systems, unfortunately,
always going to be error-prone, and some of those errors are going to be
vulnerabilities that can be exploited. The three things that you always talk
about when you talk about securing or protecting access to information,
is the data sensitive in the sense that it can not
be disclosed to unauthorized parties. Well that is really means
the data has what we call a confidentiality requirement. You want to stop and prevent disclosure. It could be seen, but can only be seen
by those who are authorized to see it. Another requirement is
what’s called integrity, that’s really means that no one
should be able to corrupt it. So maybe not sensitive in the sense
nobody should be able to see it if they are not authorized, but
it could have integrity requirement. Only authorized people should be
able to write it or modify it. No one else should be able to change it,
and that is an integrity requirement. The third requirement we have for
data is what’s called availability. The data is critical in the sense,
what we use it for is critical, so if the data goes away in order to
be able to do something that’s really important to us. We can’t access our online banking
services because the server has been compromised, is down, or is a denial of
service attack, or something like that. So these are called the CIA,
Confidentiality, Integrity, and Availability requirements for
sensitive data. So here we’re only talking about data
which is sort of the cyber side. We should say that cyber attacks could
also have physical consequences. So by successfully
attacking the computers, we will be able to cause harm for
their physical system. Most well-known case of this is
the Stuxnet malware that infiltrated the Iranian nuclear plant network,
and destroyed centrifuges, and so on. So, that’s an example where it’s not
just this information disclosure, or corruption, but there’s actually a physical
manifestation of a cyber attack. When we say what should we do? Well, we need to protect data and
we need to protect systems.

No Comments
Tags: , ,

Leave a Comment

Your email address will not be published. Required fields are marked *