1,304 research outputs found
Proportionality and its Applicability in the Realm of Cyber Attacks
With an ever-increasing reliance on State cyber-attacks, the need for an international treaty governing the actions of Nation-States in the realm of cyberwarfare has never been greater. States now have the ability to cause unprecedented civilian loss with their cyber actions. States can destroy financial records, disrupt stock markets, manipulate cryptocurrency, shut off nuclear reactors, turn off power grids, open dams, and even shut down air traffic control systems with the click of a mouse. This article argues that any cyber-attack launched with a reasonable expectation to inflict “incidental loss of civilian life, injury to civilians, or damage to civilian objects,” must be subject to the existing laws of proportionality. This article further examines the broader concept of proportionality, and the difficulties associated with applying a proportionality analysis to an offensive cyber-strike. This paper asserts that the ambiguities and complexities associated with applying the law of proportionality—in its current state and within a cyber context—will leave civilian populations vulnerable to the aggressive cyber actions of the world’s cyber powers. Consequently, this article stresses the necessity of developing a proportionality standard within a unified international cyberwarfare convention and asserts that such a standard is required in order to prevent the creation of a pathway towards lethal cyber aggressions unrestrained by the laws of war
Multi-Layer Cyber-Physical Security and Resilience for Smart Grid
The smart grid is a large-scale complex system that integrates communication
technologies with the physical layer operation of the energy systems. Security
and resilience mechanisms by design are important to provide guarantee
operations for the system. This chapter provides a layered perspective of the
smart grid security and discusses game and decision theory as a tool to model
the interactions among system components and the interaction between attackers
and the system. We discuss game-theoretic applications and challenges in the
design of cross-layer robust and resilient controller, secure network routing
protocol at the data communication and networking layers, and the challenges of
the information security at the management layer of the grid. The chapter will
discuss the future directions of using game-theoretic tools in addressing
multi-layer security issues in the smart grid.Comment: 16 page
The Urgency of Defining Indonesia’s National Critical Infrastructure
Abstract: Indonesia has experienced millions of cyber attacks but it has never been able to be handled properly and completely, partly because of weak policies and conventional perspectives in understanding cyber threats. A country's vital infrastructure is related to a country's national interests, so threats to vital infrastructure are tantamount to threatening Indonesia's national interests. The level of use and dependence of a country on information and communication technology is directly proportional to the level of security and defense vulnerability in a country. Communication network connectivity and information technology cause security in this domain to become a separate issue in itself. This study aims to outline the importance of Indonesia to establish a national vital infrastructure in Indonesia in order to prepare Indonesia to face threats in the fifth domain. Determination of national vital infrastructure is urgent because it is closely related to the determination of jurisdiction, national defense and security policies in the cyber domain. This research is a normative study using a comparative approach. The results showed that Indonesia still uses a conventional perspective in seeing the form of threats and determining national vital objects as stipulated in Presidential Regulation No. 63 year 2014. Therefore, in order to face the threats of defense, security as well as national interests of Indonesia in the cyber domain, government needs to evaluate existing policies in accordance with the modern threats, as well as to establish and define Indonesia's vital national infrastructure.Keywords: national interest, security, defense, critical infrastructure, cyber threat.Urgensi Penetapan Infrastruktur Vital Nasional Indonesia Abstrak: Indonesia mengalami jutaan serangan cyber namun tidak pernah dapat ditangani dengan baik dan tuntas, hal ini diantaranya disebabkan karena lemahnya kebijakan dan perspektif konvensional dalam memahami ancaman cyber. Infrastruktur vital suatu Negara sangat terkait dengan kepentingan nasional suatu Negara, sehingga ancaman terhadap infrastruktur ini sama artinya dengan mengancam kepentingan nasional Indonesia. Tingginya penggunaan dan ketergantungan suatu Negara terhadap teknologi informasi dan komunikasi berbanding lurus dengan tingkat kerentanan keamanan dan pertahanan disuatu Negara. Konektifitas jaringan komunikasi dan teknologi informasi menyebabkan keamanan di domain ini menjadi masalah tersendiri yang kompleks. Penelitian ini bertujuan untuk menguraikan pentingnya Indonesia untuk menetapkan dan mendefinisikan infratruktur vital nasional di Indonesia dalam rangka mempersiapkan Indonesia menghadapi ancaman pertahanan dan keamanan di domain kelima. Upaya penentuan infrastruktur vital nasional ini penting segera dilakukan karena berkaitan erat dengan upaya penentuan yurisdiksi, kebijakan pertahanan dan keamanan nasional Indonesia di domain. Penelitian ini merupakan penelitian normatif dengan menggunakan pendekatan komparatif. Hasil penelitian menunjukkan bahwa Indonesia masih menggunakan perspektif konvensional dalam melihat bentuk Ancaman dan menentukan objek vital nasional sebagaimana diatur dalam Peraturan Presiden No. 63 tahun 2014. Oleh karena itu, dalam rangka menghadapi ancaman pertahanan dan keamanan serta kepentingan nasional indonesia di domain cyber maka pemerintah perlu mengkaji kembali kebijakan yang ada sesuai bentuk ancaman modern dan menetapkan infrastruktur vital nasional milik Indonesia.Kata kunci: national interest, security, defense, critical infrastructure, cyber threat
Stealthy Deception Attacks Against SCADA Systems
SCADA protocols for Industrial Control Systems (ICS) are vulnerable to
network attacks such as session hijacking. Hence, research focuses on network
anomaly detection based on meta--data (message sizes, timing, command
sequence), or on the state values of the physical process. In this work we
present a class of semantic network-based attacks against SCADA systems that
are undetectable by the above mentioned anomaly detection. After hijacking the
communication channels between the Human Machine Interface (HMI) and
Programmable Logic Controllers (PLCs), our attacks cause the HMI to present a
fake view of the industrial process, deceiving the human operator into taking
manual actions. Our most advanced attack also manipulates the messages
generated by the operator's actions, reversing their semantic meaning while
causing the HMI to present a view that is consistent with the attempted human
actions. The attacks are totaly stealthy because the message sizes and timing,
the command sequences, and the data values of the ICS's state all remain
legitimate.
We implemented and tested several attack scenarios in the test lab of our
local electric company, against a real HMI and real PLCs, separated by a
commercial-grade firewall. We developed a real-time security assessment tool,
that can simultaneously manipulate the communication to multiple PLCs and cause
the HMI to display a coherent system--wide fake view. Our tool is configured
with message-manipulating rules written in an ICS Attack Markup Language (IAML)
we designed, which may be of independent interest. Our semantic attacks all
successfully fooled the operator and brought the system to states of blackout
and possible equipment damage
- …