1,304 research outputs found

    Proportionality and its Applicability in the Realm of Cyber Attacks

    Get PDF
    With an ever-increasing reliance on State cyber-attacks, the need for an international treaty governing the actions of Nation-States in the realm of cyberwarfare has never been greater. States now have the ability to cause unprecedented civilian loss with their cyber actions. States can destroy financial records, disrupt stock markets, manipulate cryptocurrency, shut off nuclear reactors, turn off power grids, open dams, and even shut down air traffic control systems with the click of a mouse. This article argues that any cyber-attack launched with a reasonable expectation to inflict “incidental loss of civilian life, injury to civilians, or damage to civilian objects,” must be subject to the existing laws of proportionality. This article further examines the broader concept of proportionality, and the difficulties associated with applying a proportionality analysis to an offensive cyber-strike. This paper asserts that the ambiguities and complexities associated with applying the law of proportionality—in its current state and within a cyber context—will leave civilian populations vulnerable to the aggressive cyber actions of the world’s cyber powers. Consequently, this article stresses the necessity of developing a proportionality standard within a unified international cyberwarfare convention and asserts that such a standard is required in order to prevent the creation of a pathway towards lethal cyber aggressions unrestrained by the laws of war

    Multi-Layer Cyber-Physical Security and Resilience for Smart Grid

    Full text link
    The smart grid is a large-scale complex system that integrates communication technologies with the physical layer operation of the energy systems. Security and resilience mechanisms by design are important to provide guarantee operations for the system. This chapter provides a layered perspective of the smart grid security and discusses game and decision theory as a tool to model the interactions among system components and the interaction between attackers and the system. We discuss game-theoretic applications and challenges in the design of cross-layer robust and resilient controller, secure network routing protocol at the data communication and networking layers, and the challenges of the information security at the management layer of the grid. The chapter will discuss the future directions of using game-theoretic tools in addressing multi-layer security issues in the smart grid.Comment: 16 page

    The Urgency of Defining Indonesia’s National Critical Infrastructure

    Get PDF
    Abstract: Indonesia has experienced millions of cyber attacks but it has never been able to be handled properly and completely, partly because of weak policies and conventional perspectives in understanding cyber threats. A country's vital infrastructure is related to a country's national interests, so threats to vital infrastructure are tantamount to threatening Indonesia's national interests. The level of use and dependence of a country on information and communication technology is directly proportional to the level of security and defense vulnerability in a country. Communication network connectivity and information technology cause security in this domain to become a separate issue in itself. This study aims to outline the importance of Indonesia to establish a national vital infrastructure in Indonesia in order to prepare Indonesia to face threats in the fifth domain. Determination of national vital infrastructure is urgent because it is closely related to the determination of jurisdiction, national defense and security policies in the cyber domain. This research is a normative study using a comparative approach. The results showed that Indonesia still uses a conventional perspective in seeing the form of threats and determining national vital objects as stipulated in Presidential Regulation No. 63 year 2014. Therefore, in order to face the threats of defense, security as well as national interests of Indonesia in the cyber domain, government needs to evaluate existing policies in accordance with the modern threats, as well as to establish and define Indonesia's vital national infrastructure.Keywords: national interest, security, defense, critical infrastructure, cyber threat.Urgensi Penetapan Infrastruktur Vital Nasional Indonesia Abstrak: Indonesia mengalami jutaan serangan cyber namun tidak pernah dapat ditangani dengan baik dan tuntas, hal ini diantaranya disebabkan karena lemahnya kebijakan dan perspektif konvensional dalam memahami ancaman cyber. Infrastruktur vital suatu Negara sangat terkait dengan kepentingan nasional suatu Negara, sehingga ancaman terhadap infrastruktur ini sama artinya dengan mengancam kepentingan nasional Indonesia. Tingginya penggunaan dan ketergantungan suatu Negara terhadap teknologi informasi dan komunikasi berbanding lurus dengan tingkat kerentanan keamanan dan pertahanan disuatu Negara. Konektifitas jaringan komunikasi dan teknologi informasi menyebabkan keamanan di domain ini menjadi masalah tersendiri yang kompleks. Penelitian ini bertujuan untuk menguraikan pentingnya Indonesia untuk menetapkan dan mendefinisikan infratruktur vital nasional di Indonesia dalam rangka mempersiapkan Indonesia menghadapi ancaman pertahanan dan keamanan di domain kelima. Upaya penentuan infrastruktur vital nasional ini penting segera dilakukan karena berkaitan erat dengan upaya penentuan yurisdiksi, kebijakan pertahanan dan keamanan nasional Indonesia di domain. Penelitian ini merupakan penelitian normatif dengan menggunakan pendekatan komparatif. Hasil penelitian menunjukkan bahwa Indonesia masih menggunakan perspektif konvensional dalam melihat bentuk Ancaman dan menentukan objek vital nasional sebagaimana diatur dalam Peraturan Presiden No. 63 tahun 2014. Oleh karena itu, dalam rangka menghadapi ancaman pertahanan dan keamanan serta kepentingan nasional indonesia di domain cyber maka pemerintah perlu mengkaji kembali kebijakan yang ada sesuai bentuk ancaman modern dan menetapkan infrastruktur vital nasional milik Indonesia.Kata kunci: national interest, security, defense, critical infrastructure, cyber threat

    Stealthy Deception Attacks Against SCADA Systems

    Full text link
    SCADA protocols for Industrial Control Systems (ICS) are vulnerable to network attacks such as session hijacking. Hence, research focuses on network anomaly detection based on meta--data (message sizes, timing, command sequence), or on the state values of the physical process. In this work we present a class of semantic network-based attacks against SCADA systems that are undetectable by the above mentioned anomaly detection. After hijacking the communication channels between the Human Machine Interface (HMI) and Programmable Logic Controllers (PLCs), our attacks cause the HMI to present a fake view of the industrial process, deceiving the human operator into taking manual actions. Our most advanced attack also manipulates the messages generated by the operator's actions, reversing their semantic meaning while causing the HMI to present a view that is consistent with the attempted human actions. The attacks are totaly stealthy because the message sizes and timing, the command sequences, and the data values of the ICS's state all remain legitimate. We implemented and tested several attack scenarios in the test lab of our local electric company, against a real HMI and real PLCs, separated by a commercial-grade firewall. We developed a real-time security assessment tool, that can simultaneously manipulate the communication to multiple PLCs and cause the HMI to display a coherent system--wide fake view. Our tool is configured with message-manipulating rules written in an ICS Attack Markup Language (IAML) we designed, which may be of independent interest. Our semantic attacks all successfully fooled the operator and brought the system to states of blackout and possible equipment damage
    • …
    corecore