INVITATION TO CYBERSECURITY 88 Aramco, a huge Saudi Arabian oil company, was hit with a wiperware attack in 2012 that destroyed tens of thousands of machines and hard drives, causing millions of dollars in damage. Logic bomb attacks are a denial attack often perpetrated by disgruntled insiders. In a logic bomb attack, the hacker plants malware and sets it to “detonate” at a later date. This provides the hacker with an opportunity to distance himself from the attack. When the date arrives, the malware may delete data or tamper with systems in another way. Some systems administrators have planted logic bombs on their employer’s network after they learned they were being fired but before they lost their administrative access. 4.2 Cybersecurity Goals “Genius is making complex ideas simple, not making simple ideas complex.” - Albert Einstein Now that we understand the cyber threat, we are in a position to characterize the goals of cybersecurity. Cybersecurity is difficult to simplify because it is massive, messy, and complicated. Knowing the essence of cybersecurity is helpful for prioritizing what to do and why it needs to be done. Cybersecurity’s primary concern is preventing hackers from achieving their objectives. As we have seen, hackers have different skills and motivations and employ different techniques, tactics, and procedures. Hacktivists might gain access to data to expose it (doxxing). Criminal hackers might encrypt their victim’s data so they can extort them (ransomware). Nation state hackers might gain access to spy on their adversaries (espionage). As the previous section shows, all the different types of cyber attacks can be generalized into the three main categories of disclosure, alteration, and denial. If these are the goals of hackers, the opposite of these are the goals of cybersecurity. The goals of cybersecurity are known as the CIA triad. This CIA is not the Central Intelligence Agency, but that is a helpful association. CIA is probably the most well-known acronym in cybersecurity. It stands for confidentiality, integrity, and availability. 4.2.1 Confidentiality Confidentiality means preventing the unauthorized reading of data. “Read” is used here in the technical sense—it means accessing. Reading may mean literally viewing data but oftentimes it involves copying or transmitting it. Cybersecurity entails keeping private data private. Users of the same computer should not be able to see one another’s data, and unauthorized users should not be able to see anyone’s data. If cyber defenders can ensure confidentiality, then they will avoid numerous types of attacks, including data breaches, data theft, spying, and more. In physical space, privacy is of utmost importance, and it is obtained with physical measures such as walls, locked doors, and safes. In cyberspace,
RkJQdWJsaXNoZXIy MTM4ODY=