There are loads of "groups" collecting mass amounts of data. Think about Google, Facebook, ... Each of these can be seen as a domain. This domain needs to be protected.
Amateurs: At home, with no skill trying to hack systems.
Hackers: This group of criminals breaks into computers or networks to gain access for various reasons.
Organised Hackers: These criminals include organizations of cyber criminals, hacktivists, terrorists, and state-sponsored hackers. Cyber criminals are usually groups of professional criminals focused on control, power, and wealth. The criminals are highly sophisticated and organized, and may even provide cybercrime as a service.
White hat hackers: These are ethical hackers. They have the permission to test the security of a system by trying to hack it. When they found a vulnerability, they repost these to the developers to fix it.
Grey hat hackers: They commit crimes without permission but not to cause damage. Afterwards they may disclose the vulnerability publicly and the affected organisation fixes the problem.
Black hat hackers: They hack systems for their own benefit and malicious reasons.
Script kiddies: Teenagers or inexperienced hackers running existing scripts, tools, ...that could cause harm.
Vulnerability broker: These are usually grey hat hackerswho attempts to discover exploits and report them tovendors, sometimes for prizes or rewards.
Hacktivists: These are gray hat hackerswho rally and protest against different political and social ideas.
Cyber criminals: Black hat hackers.
State-sponsored: Either white- or black hat who steal government secrets, gather intelligence, sabotage networks...
High earning potential
Challenging career
Highly Portable career
Service to the public
Vulnerability database: Collection of known vulnerabilities
Early warning systems: Establishing early warning sensors and alert networks. Due to cost and the impossibility of monitoring every network, organizations monitor high-value targets or create imposters that look like high-value targets. Because these high-value targets are more likely to experience attacks, they warn others of potential attacks.
Share Cyber Intelligence: Sharing cyber intelligence information. Business, government agencies and countries now collaborate to share critical information about serious attacks to critical targets in order to prevent similar attacks in other places. Many countries have established cyber intelligence agencies to collaborate worldwide in combating major cyberattacks.
ISM Standards: Establishing information security management standards among national and international organizations. The ISO 27000 is a good example of these international efforts.
New Laws: Enacting new laws to discourage cyberattacks and data breaches. These laws have severe penalties to punish cyber criminals caught carrying out illegal actions.
Medical Records
Education Records
Employment and Financial Records
There are many essential technical services needed for a network, and ultimately the Internet, to operate. These services include routing, addressing, domain naming, and database management. These services also serve as prime targets for cyber criminals.
Criminals use packet-sniffing tools to capture data streams over a network.
With DNS spoofing (or DNS cache poisoning), the criminal introduces false data into a DNS resolver’s cache. DNS servers redirect traffic for a specific domain to the criminal’s computer, instead of the legitimate owner of the domain.
Packet forgery (or packet injection) interferes with an established network communication by constructing packets to appear as if they are part of a communication. Packet forgery allows a criminal to disrupt or intercept packets. This process enables the criminal to hijack an authorized connection or denies an individual’s ability to use certain network services. Cyber professionals call this a man-in-the-middle attack.
Key industry sectors offer networking infrastructure systems such as manufacturing, energy, communication and transportation. For example, the smart grid is an enhancement to the electrical generation and distribution system. The electrical grid carries power from central generators to a large number of customers. A smart grid uses information to create an automated advanced energy delivery network. World leaders recognize that protecting their infrastructure is critical to protecting their economy.
Over the last decade, cyberattacks like Stuxnet proved that a cyberattack could successfully destroy or interrupt critical infrastructures. Specifically, the Stuxnet attack targeted the Supervisory Control and Data Acquisition (SCADA) system used to control and monitor industrial processes. SCADA can be part of various industrial processes in manufacturing, production, energy and communications systems. Click here to view more information about Stuxnet attack.
A cyberattack could bring down or interrupt industry sectors like telecommunication, transportation or electrical power generation and distribution systems. It could also interrupt the financial services sector. One of the problems with environments that incorporate SCADA is the fact that designers did not connect SCADA to the traditional IT environment and the Internet. Therefore, they did not properly consider cybersecurity during the development phase of these systems. Like other industries, organizations using SCADA systems recognize the value of data collection to improve operations and decrease costs. The resulting trend is to connect SCADA systems to traditional IT systems. However, this increases the vulnerability of industries using SCADA systems.
The advanced threat potential that exists today demands a special breed of cyber security experts.
Cybersecurity is the ongoing effort to protect networked systems and data from unauthorized access. On a personal level, everyone needs to safeguard his or her identity, data, and computing devices. At the corporate level, it is the employees’ responsibility to protect the organization’s reputation, data, and customers. At the state level, national security and the citizens’ safety and well-being are at stake.
Cybersecurity professionals are often involved in working with government agencies in identifying and collecting data.
In the U.S., the National Security Agency (NSA) is responsible for intelligence collection and surveillance activities. The NSA built a new data center just to process the growing volume of information. In 2015, the U.S. Congress passed the USA Freedom Act ending the practice of collecting U.S. Citizens’ phone records in bulk. The program provided metadata that gave the NSA information about communications sent and received.
The efforts to protect people’s way of life often conflicts with their right to privacy. It will be interesting to see what happens to the balance between these rights and the safety of Internet users.
Attacks can originate from within an organization or from outside of the organization, as shown in the figure. An internal user, such as an employee or contract partner, can accidently or intentionally:
Mishandle confidential data
Threaten the operations of internal servers or network infrastructure devices
Facilitate outside attacks by connecting infected USB media into the corporate computer system
Accidentally invite malware onto the network through malicious email or websites
Internal threats have the potential to cause greater damage than external threats because internal users have direct access to the building and its infrastructure devices. Internal attackers typically have knowledge of the corporate network, its resources, and its confidential data. They may also have knowledge of security countermeasures, policies and higher levels of administrative privileges.
External threats from amateurs or skilled attackers can exploit vulnerabilities in networked devices, or can use social engineering, such as trickery, to gain access. External attacks exploit weaknesses or vulnerabilities to gain access to internal resources.
Corporate data includes personnel information, intellectual property, and financial data. Personnel information includes application materials, payroll, offer letters, employee agreements, and any information used in making employment decisions. Intellectual property, such as patents, trademarks and new product plans, allows a business to gain economic advantage over its competitors. Consider this intellectual property as a trade secret; losing this information can be disastrous for the future of the company. Financial data, such as income statements, balance sheets, and cash flow statements, gives insight into the health of the company.
In the past, employees typically used company-issued computers connected to a corporate LAN. Administrators continuously monitor and update these computers to meet security requirements. Today, mobile devices such as iPhones, smartphones, tablets, and thousands of other devices, are becoming powerful substitutes for, or additions to, the traditional PC. More and more people are using these devices to access enterprise information. Bring Your Own Device (BYOD) is a growing trend. The inability to centrally manage and update mobile devices poses a growing threat to organizations that allow employee mobile devices on their networks.
With the emergence of IoT, there is much more data to be managed and secured. All of these connections, plus the expanded storage capacity and storage services offered through the Cloud and virtualization, has led to the exponential growth of data. This data expansion created a new area of interest in technology and business called “Big Data".
There are numerous examples of big corporate hacks in the news. Companies like Target, Home Depot and PayPal are subjects of highly publicized attacks. As a result, enterprise systems require dramatic changes in security product designs and substantial upgrades to technologies and practices. Additionally, governments and industries are introducing more regulations and mandates that require better data protection and security controls to help guard big data.
Software vulnerabilities today rely on programming mistakes, protocol vulnerabilities, or system misconfigurations. The cyber criminal merely has to exploit one of these. For example, a common attack involved constructing an input to a program in order to sabotage the program, making it malfunction. This malfunction provided a doorway into the program or caused it to leak information.
There is a growing sophistication seen in cyberattacks today. An advanced persistent threat (APT) is a continuous computer hack that occurs under the radar against a specific object. Criminals usually choose an APT for business or political motives. An APT occurs over a long period with a high degree of secrecy using sophisticated malware.
Algorithm attacks can track system self-reporting data, like how much energy a computer is using, and use that information to select targets or trigger false alerts. Algorithmic attacks can also disable a computer by forcing it to use memory or by overworking its central processing unit. Algorithmic attacks are more devious because they exploit designs used to improve energy savings, decrease system failures, and improve efficiencies.
Finally, the new generation of attacks involves intelligent selection of victims. In the past, attacks would select the low hanging fruit or most vulnerable victims. However, with greater attention to detection and isolation of cyberattacks, cyber criminals must be more careful. They cannot risk early detection or the cybersecurity specialists will close the gates of the castle. As a result, many of the more sophisticated attacks will only launch if the attacker can match the object signature targeted.
Federated identity management refers to multiple enterprises that let their users use the same identification credentials gaining access to the networks of all enterprises in the group. This broadens the scope and increases the probability of a cascading effect should an attack occur.
A federated identity links a subject’s electronic identity across separate identity management systems. For example, a subject may be able to log onto Yahoo! with Google or Facebook credentials. This is an example of social login.
The goal of federated identity management is to share identity information automatically across castle boundaries. From the individual user’s perspective, this means a single sign-on to the web.
It is imperative that organizations scrutinize the identifying information shared with partners. Social security numbers, names, and addresses may allow identity thieves the opportunity to steal this information from a partner to perpetrate fraud. The most common way to protect federated identity is to tie login ability to an authorized device.
Emergency call centers in the U.S. are vulnerable to cyberattacks that could shut down 911 networks, jeopardizing public safety. A telephone denial of service (TDoS) attack uses phone calls against a target telephone network tying up the system and preventing legitimate calls from getting through. Next generation 911 call centers are vulnerable because they use Voice-over-IP (VoIP) systems rather than traditional landlines. In addition to TDoS attacks, these call centers can also be at risk of distributed-denial-of-service (DDoS) attacks that use many systems to flood the resources of the target making the target unavailable to legitimate users. There are many ways nowadays to request 911 help, from using an app on a smartphone to using a home security system.
The defenses against cyberattacks at the start of the cyber era were low. A smart high school student or script kiddie could gain access to systems. Countries across the world have become more aware of the threat of cyberattacks. The threat posed by cyberattacks now head the list of greatest threats to national and economic security in most countries.
In the U.S., the National Institute of Standards and Technologies (NIST) created a framework for companies and organizations in need of cybersecurity professionals. The framework enables companies to identify the major types of responsibilities, job titles, and workforce skills needed. The National Cybersecurity Workforce Framework categorizes and describes cybersecurity work. It provides a common language that defines cybersecurity work along with a common set of tasks and skills required to become a cybersecurity specialist. The framework helps to define professional requirements in cybersecurity.
Operate and Maintain includes providing the support, administration, and maintenance required to ensure IT system performance and security.
Protect and Defend includes the identification, analysis, and mitigation of threats to internal systems and networks.
Investigate includes the investigation of cyber events and/or cyber crimes involving IT resources.
Collect and Operate includes specialized denial and deception operations and the collection of cybersecurity information.
Analyze includes highly specialized review and evaluation of incoming cybersecurity information to determine if it is useful for intelligence.
Oversight and Development provides for leadership, management, and direction to conduct cybersecurity work effectively.
Securely Provision includes conceptualizing, designing, and building secure IT systems.
Within each category, there are several specialty areas. The specialty areas then define common types of cybersecurity work.
Cybersecurity specialists must collaborate with professional colleagues frequently. International technology organizations often sponsor workshops and conferences. These organizations often keep cybersecurity professionals inspired and motivated.
Cybersecurity specialists must have the same skills as hackers, especially black hat hackers, in order to protect against attacks. How can an individual build and practice the skills necessary to become a cybersecurity specialist? Student skills competitions are a great way to build cybersecurity knowledge skills and abilities. There are many national cybersecurity skills competitions available to cybersecurity students.
In a world of cybersecurity threats, there is a great need for skilled and knowledgeable information security professionals. The IT industry established standards for cybersecurity specialists to obtain professional certifications that provide proof of skills, and knowledge level.
Security+ is a CompTIA-sponsored testing program that certifies the competency of IT administrators in information assurance. The Security+ test covers the most important principles for securing a network and managing risk, including concerns associated with cloud computing.
This intermediate-level certification asserts that cybersecurity specialists holding this credential possess the skills and knowledge for various hacking practices. These cybersecurity specialists use the same skills and techniques used by the cyber criminals to identify system vulnerabilities and access points into systems.
The GSEC certification is a good choice for an entry-level credential for cybersecurity specialists who can demonstrate that they understand security terminology and concepts and have the skills and expertise required for “hands-on” security roles. The SANS GIAC program offers a number of additional certifications in the fields of security administration, forensics, and auditing.
The CISSP certification is a vendor-neutral certification for those cybersecurity specialists with a great deal of technical and managerial experience. It is also formally approved by the U.S. Department of Defense (DoD) and is a globally recognized industry certification in the security field.
Cyber heroes responsible for managing, developing and overseeing information security systems at the enterprise level or for those developing best security practices can qualify for CISM. Credential holders possess advanced skills in security risk management.
Another important credential for cybersecurity specialists are company-sponsored certifications. These certifications measure knowledge and competency in installing, configuring, and maintaining vendor products. Cisco and Microsoft are examples of companies with certifications that test knowledge of their products. Click here to explore the matrix of the Cisco certifications shown in the figure.
Cisco Certified Network Associate Security (CCNA Security)
The CCNA Security certification validates that a cybersecurity specialist has the knowledge and skills required to secure Cisco networks.
To become a successful cybersecurity specialist, the potential candidate should look at some of the unique requirements. Heroes must be able to respond to threats as soon as they occur. This means that the working hours can be somewhat unconventional.
Cyber heroes also analyze policy, trends, and intelligence to understand how cyber criminals think. Many times, this may involve a large amount of detective work.
The following recommendations will help aspiring cybersecurity specialists to achieve their goals:
Study: Learn the basics by completing courses in IT. Be a life-long learner. Cybersecurity is an ever-changing field, and cybersecurity specialists must keep up.
Pursue Certifications: Industry and company sponsored certifications from organizations such as Microsoft and Cisco prove that one possesses the knowledge needed to seek employment as a cybersecurity specialist.
Pursue Internships: Seeking out a security internship as a student can lead to opportunities down the road.
Join Professional Organizations: Join computer security organizations, attend meetings and conferences, and join forums and blogs to gain knowledge from the experts.
This chapter explained the structure of the cybersecurity world and the reasons it continues to grow with data and information as the prized currency.
This chapter also discussed the role of cyber criminals by examining what motivates them. It introduced the spread of threats due to the ever-expanding technical transformations taking place throughout the world.
Finally, the chapter explained how to become a cybersecurity specialist to help defeat the cyber criminals who develop the threats. It also discussed the resources available to help create more experts. While you must stay on the right side of the law, cyber security experts must have the same skills as cyber criminals.
If you would like to further explore the concepts in this chapter, please check out the Additional Resources and Activities page in Student Resources.