Advances in Cyber Security: Technology, Operations, and Experiences

Advances in Cyber Security: Technology, Operations, and Experiences

D. Frank Hsu
Dorothy Marinucci
Copyright Date: 2013
Published by: Fordham University Press
Pages: 272
https://www.jstor.org/stable/j.ctt13x07xx
  • Cite this Item
  • Book Info
    Advances in Cyber Security: Technology, Operations, and Experiences
    Book Description:

    As you read this, your computer is in jeopardy of being hacked and your identity being stolen. Read this book to protect yourselves from this threat. The world's foremost cyber security experts, from Ruby Lee, Ph.D., the Forrest G. Hamrick professor of engineering and Director of the Princeton Architecture Laboratory for Multimedia and Security (PALMS) at Princeton University; to Nick Mankovich, Chief Information Security Officer of Royal Philips Electronics; to FBI Director Robert S. Mueller III; to Special Assistant to the President Howard A. Schmidt, share critical practical knowledge on how the cyberspace ecosystem is structured, how it functions, and what we can do to protect it and ourselves from attack and exploitation. The proliferation of social networking and advancement of information technology provide endless benefits in our living and working environments. However, these benefits also bring horrors in various forms of cyber threats and exploitations. Advances in Cyber Security collects the wisdom of cyber security professionals and practitioners from government, academia, and industry across national and international boundaries to provide ways and means to secure and sustain the cyberspace ecosystem. Readers are given a first-hand look at critical intelligence on cybercrime and security--including details of real-life operations. The vast, useful knowledge and experience shared in this essential new volume enables cyber citizens and cyber professionals alike to conceive novel ideas and construct feasible and practical solutions for defending against all kinds of adversaries and attacks. Among the many important topics covered in this collection are building a secure cyberspace ecosystem; public-private partnership to secure cyberspace; operation and law enforcement to protect our cyber citizens and to safeguard our cyber infrastructure; and strategy and policy issues to secure and sustain our cyber ecosystem.

    eISBN: 978-0-8232-5032-5
    Subjects: Sociology

Table of Contents

  1. Front Matter
    (pp. i-iv)
  2. Table of Contents
    (pp. v-vi)
  3. List of Figures
    (pp. vii-viii)
  4. Preface
    (pp. ix-xiv)
  5. Building a Secure and Sustainable Cyberspace Ecosystem: An Overview
    (pp. 1-34)
    D. Frank Hsu

    This overview provides a historical and contemporary perspective on various issues pertaining to the security and sustainability of the emerging cyberspace, which is embedded with intelligent networking sensors and systems, as well as information technology appliances and services. In particular, it explores how to build a secure and sustainable cyberspace ecosystem in the combined cyber-physical-natural (CPN) world. Its three sections give an overview of the emerging interconnected complex cyberspace, review the infrastructure for the combined CPN cyberspace, and provide a list of intellectual tools for collaboration, education, and partnership in order to build and sustain a secure cyberspace ecosystem. Finally,...

  6. Part I Technology
    • Improving Cyber Security
      (pp. 37-59)
      Ruby B. Lee

      Cyber security is essential given our growing dependence on cyberspace for all aspects of modern societies. However, today, attackers have the upper hand. In this chapter, I discuss the security properties needed, and some key strategies that may have the potential to level the playing field between attackers and defenders. These research strategies were developed at the National Cyber Leap Year summit, with experts from industry, academia, and government working collaboratively. These broad research thrusts can be interpreted at different levels of the system, and in different application domains. Because a promising direction explored at the summit is the use...

    • Practical Vulnerabilities of the Tor Anonymity Network
      (pp. 60-73)
      Paul Syverson

      Onion routing is a technology designed at the U.S. Naval Research Laboratory to protect the security and privacy of network communications. In particular, Tor, the current widely-used onion routing system, was originally designed to protect intelligence gathering from open sources and to otherwise protect military communications over insecure or public networks, but it is also used by human rights workers, law enforcement officers, abuse victims, ordinary citizens, corporations, journalists, and others. In this chapter the focus is less on what Tor currently does for its various users and more on what it does not do. Because Tor is used at...

    • Defending Software Systems against Cyber Attacks throughout Their Lifecycle
      (pp. 74-89)
      Hira Agrawal, Thomas F. Bowen and Sanjai Narain

      Malware usually enters a distributed software system along three avenues. First, it may be hidden surreptitiously within application code by a malicious developer. Examples of malicious code include Trojan horses, backdoors, and logic bombs. This code can be triggered by the developer or his accomplices—afterthe application has been deployed in the field—using secret input values that are known only to them. Current malware detection techniques do not detect such code. Telcordia’s Software Visualization and Analysis Toolsuite (TSVAT) system [5] helps detect such code by combining static program analysis and dynamic program testing techniques. TSVAT “forces” the tester...

    • Improve Availability of Networks: Internet Exchange Points and Their Role in Cyberspace
      (pp. 90-106)
      Akio Sugeno

      The Internet could not exist withoutInternet exchange points(IXPs). The concept of IXPs was developed in the early 1990s, and IXPs have continued to grow in quantity, location, and size (traffic volume) as the Internet has grown. There are, however, very few books or papers written about IXPs. Knowledge of IXPs has long been confined to industry experts. In this chapter, I provide an overview of IXPs along with their roles in the Internet. The first part of this chapter identifies the architecture of the Internet. The second identifies the concept of peering (a prerequisite for IXPs). The third...

  7. Part II Operations
    • Tor: Uses and Limitations of Online Anonymity
      (pp. 109-120)
      Andrew Lewman

      Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. Tor provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy.

      Individuals use Tor to keep websites from tracking them and their family members, or to connect to news sites, instant messaging services, or the like when these are blocked by their local Internet providers. Tor’s hidden ser vices let users publish...

    • Authoritative Data Sources: Cyber Security Intelligence Perspectives
      (pp. 121-138)
      Kuan-Tsae Huang and Hwai-Jan Wu

      Many reports indicate that the United States currently faces a multifaceted, technologically based vulnerability. Our information systems are being exploited on an unprecedented scale by state and non-state actors, resulting in a dangerous combination of known and unknown vulnerabilities, strong adversary capabilities, and weak situational awareness. Many cyber security issues arose due to the lack of systematic management of authoritative data sources (ADS).

      This chapter presents the concepts and applications of ADS, authoritative data elements, and trusted data sources to enable rapid business processes. It also discusses trusted intelligent decision making in network-centric business environments. We describe a methodology to...

    • The Evolving Consumer Online Threat Landscape: Creating an Effective Response
      (pp. 139-145)
      Adam Palmer

      The proliferation of Internet-connected devices in the consumer market has created a dramatic shift from a single point PC-based threat risk to an expanded threat perimeter that includes tablet devices, smartphones, and Internet-connected televisions. Consumer home network growth now requires security for a consumer’s entire digital lifestyle and not just a single-point stationary device. The difficulty of securing this expanded threat landscape is exacerbated by the rise of unique attacks that sometimes render traditional antivirus strategies in effective. This expansion of the consumer digital threat landscape presents new challenges for law enforcement and security professionals. The solution is improved reputation-based...

    • Partners in Cybercrime
      (pp. 146-170)
      Eileen Monsma, Vincent Buskens, Melvin Soudijn and Paul Nieuwbeerta

      Hijacked online banking sessions, theft of credit card data, virus infections, spam … living in the age of the world wide web implies that we are all vulnerable to cybercrime—crime committed using mainly computerized means [21]. In the 1990s, cybercrime primarily seemed to be the domain of computer savvy youngsters motivated by recognition for their skills [27]. However, the rapid development of computer technology in recent years has been immediately followed by an increase in cybercrime and associated costs. In line with the “criminal enterprise model,” cybercriminals are now seen as profit-seeking entrepreneurs who follow ordinary market rationality: they...

  8. Part III Experiences
    • Securing IT Networks Incorporating Medical Devices: Risk Management and Compliance in Health Care Cyber Security
      (pp. 173-187)
      Nicholas J. Mankovich

      The U.S. health care sector continues to grow, even in a difficult economic climate. In 2009, health care accounted for 17.3 percent of the gross domestic product [2]. The medical technology industry in the United States accounted for 6 percent of the total health care industry revenue in 2008 [22]. The U.S. Department of Homeland Security has identified the Healthcare and Public Health (HPH) sector as one of the thirteen critical cyber security infrastructures [18]. Cyber security threats can affect both the manufacturing and direct care delivery role of medical technology, as it contributes to the prevention, diagnosis, and treatment...

    • Computer Forensics from a Law Enforcement Perspective
      (pp. 188-199)
      Kevin Kelly

      Computerized information has become an integral part of our everyday lives as it has created a new perspective, almost a parallel virtual world that reflects our own physical world. This cyber world is abundant with evidence, especially when it comes to combating, investigating, and solving almost any crime, not just crimes committed with the assistance of computers, but all types of crimes. Computer forensics is the science of gathering and preserving electronic evidence or digital artifacts off electronic media. This digital evidence needs to be forensically preserved so it can be presented in litigation, to prove innocence, guilt, or to...

    • Computer Crime Incidents and Responses in the Private Sector
      (pp. 200-206)
      Edward M. Stroz

      Companies can fall victim to various types of computer crime and accidental incidents. One type of incident is a data breach in which information a company has in its possession is stolen or in some way improperly released. An obvious example we have all read about is the theft of individual social security account numbers (SSANs) or credit card numbers. There are other forms of data breach, too, such as the theft of trade secrets.

      If we just focus on data breaches, we see that the size of this problem alone is striking. According to figures posted in 2010 by...

    • Information Technology for a Safe and Secure Society in Japan: Toward a Cyber-Physical Solution
      (pp. 207-218)
      Kazuo Takaragi

      This chapter introduces the topic of information technology for a safe and secure society in Japan, showing an emerging trend toward a cyber-physical solution. Notable security incidents in the United States and Japan, and the Japanese national strategy for information security, are discussed first, followed by a discussion of emerging security technologies in Japan (such as a multiple risk communicator), cryptography, and other core elements.

      Japan, like every industrialized nation, has experienced a great rise in notable security incidents. To deal with this increasing problem, the National Information Security Center has been established; its goal is to create a National...

  9. Part IV Partnership, Policy, and Sustainability
    • Public-Private Partnerships Changing the World
      (pp. 221-225)
      Kathleen L. Kiernan and Dyann Bradbury

      In 1961, United States President John F. Kennedy captivated the imagination of our nation when he announced before a joint session of Congress that “this nation should commit itself to achieving the goal, before the decade is out, of landing a man on the moon and returning him safely to the earth” [1]. NASA had yet to send a man into orbit to travel around the earth, and many were doubtful that even this could be done. In a clever way, he gave everyone permission to think differently. He gave everyone permission to imagine what we as a nation could...

    • Cyber Security: Protecting Our Cyber Citizens
      (pp. 226-234)
      Preet Bharara

      We all recognize the importance of using every law enforcement tool at our disposal to combat threats to our cyber security. Computer networks—including the biggest one of all, the Internet—are crucial infrastructures supporting our global economy.

      We in the Southern District of New York are critically aware of this. You need look no further than Wall Street, the nation’s vital financial industry, for an obvious illustration of this fact. The securities exchanges, traders, and brokers rely heavily—if not exclusively—on computer systems to make billions of dollars worth of transactions each day.

      Long gone are the days...

    • Cyber Security: Safeguarding Our Cyberspace
      (pp. 235-240)
      Robert S. Mueller III

      We live in a wired world. Our networks help us to stay in touch with family and friends, collaborate with colleagues worldwide, and shop for everything from books to houses. They help us manage our finances and make businesses and government more efficient. But our reliance on these networks also makes us vulnerable. Criminals can use the Internet to commit fraud and theft on a grand scale, and to prey on our children. Spies and terrorists can exploit our networks to steal our secrets, attack our critical infrastructure, and threaten our national security. And because the web offers near-total anonymity,...

    • Cyber Security: Securing Our Cyber Ecosystem
      (pp. 241-244)
      Howard A. Schmidt

      More than a decade ago, cyber crime was seen as a high school “hacker” trying to break into a system to prove his or her computer savvy. What were once regarded as the simple pranks of clever minds have evolved into well-organized criminal activity threatening both world commerce and the safety and security of a country’s infrastructure.

      In 2010, the Internet served as a trading platform for $10 trillion in business. This number will more than double in ten years. Yet many small businesses, a little less than 50 percent of them, do not use antivirus software and even fewer...

  10. List of Contributors
    (pp. 245-250)
  11. INDEX
    (pp. 251-258)