Chapter 5 Cyber Security PDF
Document Details
Uploaded by EngagingSard5865
Tags
Related
- Internet of Things (IoT) PDF
- Revision for Final Exam INF406 Medical Information System PDF
- ACY 2003 Contemporary Computer Technologies and Information Systems for Accounting Cyber Security PDF
- APT Reconnaissance - Chapter 4 PDF
- Securing Information Systems PDF
- Introduction to Distributed Systems and IoT Security PDF
Summary
This chapter discusses cyber security, highlighting the importance of coordinated efforts throughout an information system. It emphasizes the evolving nature of security risks and the need for a proactive, adaptable approach, illustrated by NIST's updated guidelines. The global cyber security market is also discussed.
Full Transcript
Ensuring cyber security requires coordinated efforts throughout LIVING IN THE IT ERA an information system. Elements of cyber security include: ►► Application security...
Ensuring cyber security requires coordinated efforts throughout LIVING IN THE IT ERA an information system. Elements of cyber security include: ►► Application security ►► Information security ►► Network security ►► Disaster recovery / business continuity planning ►► Operational security ►► End-user education One of the most problematic elements of cyber security is the quickly and constantly evolving nature of security risks. The traditional approach has been to focus most resources on the most KEY WORD crucial system components and protect against the biggest known threats, which necessitated leaving some less important system Cyberspace refers to the virtual computer components undefended and some less dangerous risks not protected world, and more against. Such an approach is insufficient in the current environment. specifically, is an electronic medium used to form a global computer network to facilitate online communication. To deal with the current environment, advisory organizations are promoting a more proactive and adaptive approach. The National Institute of Standards and Technology (NIST), for example, recently issued updated guidelines in its risk assessment framework that recommended a shift toward continuous monitoring and real-time assessments. According to Forbes, the global cyber security market reached $75 billion for 2015 and is expected to hit $170 billion in 2020. THE SIZE OF CYBERSPACE LEARNING OBJECTIVE The cyberspace ecosystem is built upon the physical Understand the size infrastructure of the Internet and is basically composed of of cyberspace users, points of online interaction (websites, for instance) and the volume of activity that occurs online. The online ecosystem gets larger as the number of users, points of interaction and volume of activity increases. This section lays out a three-part framework for understanding the scope, size, width and breadth of cyberspace. Cyberspace is essentially an amalgamation of the number of users (people and devices, etc.), the number of points of interaction (websites and domains, etc.) and the activity linking these broad categories (data flows and commerce, etc.). 150 CYBERSPACE PRIVACY AND SECURITY Table 5.1: The size of cyberspace Minimum Maximum Mean Standard Deviation Internet Users 1,562,067,594 2,925,249,355 2,252,889,661 500,996,210 Email Users 1,300,000,000 2,504,000,000 1,951,333,333 514,583,586 Active Mobile Broadband 422,000,000 2,693,000,000 1,318,000,000 808,928,097 Accounts Number of Smartphones 139,290,000 1,244,890,000 567,862,857 419,380,858 Number of Domains 177,000,000 288,000,000 230,042,857 41,667,488 Number of Websites 172,338,726 968,882,453 471,754,976 307,845,943 Volume of Data Flows 1.2209x10 11 7.6685x10 11 4.10154x10 11 2.46421x1011 (Gigabytes) Volume of Mobile Data 396,816,000 42,336,000,000 13,020,825,714 15,811,807,798 (Gigabytes) Number of Google Searches 637,200,000,000 2,161,530,000,000 1,538,311,571,429 5.83699x1011 Internet’s contribution to 1.92x1012 2.45x1012 2.19207x1012 2.18547x1011 GDP (Boston Consulting Group) Internet’s contribution 1.42x1012 1.72x1012 1.57879x1012 1.25132x1011 to GDP (McKinsey & Company) The basic point is that the ecosystem of cyberspace is big and getting a lot bigger at a fairly rapid pace. This growth is akin to the growth of a population in a city or country, in the sense that a fixed amount of crime and a growing population will result in a lower crime rate or a better chance that one will not be subject to a crime. As detailed below, data was collected from a variety of sources on the following variables for the concept of Internet users: ►► the number of Internet users; ►► the number of email users; ►► the number of active mobile broadband subscriptions; and ►► the number of smartphones sold to end-users. The following data was collected on the concept of points of online interaction: ►► the number of domains; and ►► the number of websites. 151 And on the volume of online activity: LIVING IN THE IT ERA ►► the volume of total data flows; ►► the volume of mobile data flows; ►► the annual number of Google searches; and ►► the Internet’s contribution to GDP. Table 5.1 provides some basic summary statistics for the data capturing the size of cyberspace. Internet Users The number of Internet users is a good measure of the size of cyberspace because it shows the actual number of people that are KEY WORD a part of the “network of networks.” In this sense, it is akin to Broadband is wide the number of people in a city or country. It is also a good proxy bandwidth data for the number of devices online, although this number surpassed transmission which transports multiple that of humans on the network around 2008. Data on the number signals and traffic of Internet users from 2008 to the end of 2014 was taken from the types. The medium can website Internet Live Stats, which provides real-time statistics on be coaxial cable, optical various indicators of the size of the Internet. fiber, radio or twisted pair. Email is one of the most basic uses of the Internet. The number of email users online is a good measure of the size of the active population base of the online ecosystem because it captures not just the number of people who have Web access (as done via Internet users statistics), but also the number of people who actually use the Internet as a part of their daily lives. Email users, therefore, are an active subset of all Internet users. In 2014, for example, there were 421,249,355 more Internet users than email users for that year. Data on email users from 2008 to 2012 was taken from a data aggregation blog called Royal Pingdom, which is operated by the website monitoring company Pingdom. Increasingly, people access the Internet via a mobile platform rather than a traditional desktop computer. For example, in January 2014, mobile usage surpassed desktop usage in the United States for the first time. The trend is even more pronounced in the developing world, where Internet access has expanded primarily by skipping the fixed access/desktop stage and moving directly into the mobile/ wireless broadband stage. Active mobile broadband subscriptions are 152 a measure of individuals who access the Internet via a mobile device, such as a smartphone CYBERSPACE PRIVACY AND SECURITY or tablet. They are a smaller, yet rapidly growing, subset of all Internet users. Data on active mobile broadband subscriptions is taken from the International Telecommunication Union’s statistics. One user can operate multiple devices online. Each device can potentially be subject to a cybercrime, meaning one person can be targeted multiple times even if one device is only targeted once. Data on the number of smartphones sold to end-users per year is used as a rough proxy for the number of devices online. The number is far, far smaller than the actual number of devices connected to the Web at any one time, but it is likely indicative of the growing trend in connected devices. Points of Online Interaction Domains give a good sense of the size of the online ecosystem, as they are a key point of interaction with users. Internet domains include generic top-level domains (such as.com or.net) and country top-level domains (such as.ca and.uk). All domains are registered with the Domain Name System (DNS), which ensures that each domain is globally unique and that when you type in a web address you are taken to the correct website. The number of websites online is again a good measure of the number of points of interaction online and so a good measure of the size of the Internet ecosystem. There is significant overlap between websites and domains, although the number of websites is larger because one website can have multiple subsidiary pages and because not all websites are actually a part of the DNS. Volume of Online Activity The Internet is essentially a hyperefficient way to send and receive data. Statistics on the volume of data that traverses the Internet, therefore, is a useful measure of how busy the Internet ecosystem is year over year. The Internet is composed of a number of privately run networks that interconnect to provide the system with a global reach. Each network maintains its own records, and piecing together exactly how much data flows globally is extremely difficult. As such, any figure for the size of global data flows is only an estimate. Mobile traffic is a smaller, but rapidly growing, subset of all Internet traffic. Mobile traffic gives a rather obvious impression of how much people are using cyberspace via a mobile device. Mobile operating systems and security systems are distinct from traditional desktop-style systems, with their own weaknesses and vulnerabilities. The volume of mobile traffic shows how much mobile devices are used to access the Internet and, correspondingly, how likely they are to be the subject of a cybercrime. 153 The Internet is also, as it is colloquially known, an “information LIVING IN THE IT ERA superhighway.” Another measure of the activity that occurs on the Internet, therefore, is the number of search engine queries per year. Data on the annual number of Google searches was used as a measure for Internet search queries. Globally, Google Chrome is also the largest web browser in every region of the world. These trends KEY WORD suggest that Google searches are a good proxy for the occurrence Vulnerability is a of Internet-based searches more generally. weakness which allows The Internet is becoming increasingly integrated into every aspect an attacker to reduce of society. One of the most meaningful (or at least most measureable) a system’s information assurance. effects of this growing integration and importance is the Internet’s share of global GDP. Currently, no comprehensive time series data exists for this measure. To operationalize the Internet’s contribution to global GDP, two separate estimates on the Internet’s contribution to various nations’ GDP are used here. First is a McKinsey & Company estimate on the contribution of the Internet to the economy of 13 large nations in 2009. Together, these 13 nations make up some 70 percent of the world’s GDP. Although the Internet’s contribution to global GDP is likely larger than outlined in the McKinsey & Company study, the findings are fairly indicative of the Internet’s general effect on global GDP. The second measure for the size of the global Internet economy is from a Boston Consulting Group study that looks at the Internet’s contribution to GDP in Group of Twenty (G20) nations in the year 2010. Together, the G20 makes up around 70 percent of the world’s population and close to 90 percent of Global GDP. Again, the Boston Consulting Group’s study provides a partial, but still strongly indicative, picture of the Internet’s contribution to global GDP. On average, and this is important to note for the later analysis, the Boston Consulting Group’s 2010 estimates of the Internet’s contribution to the global economy are, as one would expect, larger than the McKinsey & Company’s estimates for the size of the Internet’s contribution in 2009. This is in line with the rather intuitive idea that the Internet’s contribution to the global economy is becoming proportionately more important over time. The Boston Consulting Group’s figures are also more representative of the global contribution of the Internet because they include more countries. As such, even though the McKinsey & Company and the Boston Consulting Group estimates point to similar patterns vis-à-vis the absolute numbers, this relies on the more inclusive estimates of the latter in the analysis below. 154 One additional assumption involving the GDP numbers needs CYBERSPACE PRIVACY AND SECURITY to be laid bare. Both studies provide only a static snapshot of the Internet’s contribution to global GDP, one in 2009 and one in 2010. In using these data in the comparisons below, it is assumed that the Internet’s proportional contribution to each country’s GDP remains constant, so if, as in the case of Sweden in the McKinsey & Company study, the Internet contributed 6.3 percent to the country’s GDP in 2009, it is assumed that it also contributed 6.3 percent in 2008 and will only contribute that amount moving forward from 2009 into 2013. Since the Internet and Internet-enabled platforms are becoming increasingly common in business, industry and commerce, this assumption likely works against the real world trend of the Internet expanding in its importance to the economy year over year. The assumption is necessary, however, to get enough data in normalized cybercrime trends against an indicator of the economic size and importance of the Internet. This assumption will effectively under-represent the growing size of the Internet economy and thus shrink the denominator in the normalization of cybercrime statistics below. The assumption (although needed) will paint a picture of the security of cyberspace that is likely worse than what actually exists. THE SECURITY OF CYBERSPACE: VECTORS, OCCURRENCE AND DAMAGE The security of cyberspace can be conceptualized best from LEARNING OBJECTIVE a user’s perspective, broadly defined. A secure cyberspace is Identify the security one in which a user can make use of the Internet without an of cyberspace: unreasonable fear of suffering a high cost, with cost being defined vectors, occurrence and damage in some combination of reputational, monetary and rights violations terms. An insecure cyberspace environment is the opposite, or basically one in which using the Internet is likely to impose a large cost upon the user. This section outlines how to operationalize the level of security in cyberspace by looking at the available vectors for attack, the occurrence of online cyber attacks and the costs of successful attacks. Together, these three categories give a sense of how insecure cyberspace is for an individual user. 155