2016-11-10 来源: 51Due教员组 类别: Report范文
This report bases on an ABC documentary on Four Corners, which is about hackers who are working from locations overseas, and targeting key Federal Government departments and major corporations in Australia. According to the reporter Andrew Fowler, and contents showing in the video, the intention of hackers are to steal national security secrets and vital business information, which has already been the greatest threat to Australia’s national security. Around the video, this report aims to identify the vulnerabilities in relation to information security showing in the video, and further describes and maps the timeline of the failures which cause the business problems. Based on the analysis above, information security countermeasures and solutions could be addressed.
1. Introduction 简介
Currently, the concept and scope of information continuously extend, which covers security of information itself, information system and information network, etc. Information security issues have directly influence the country’s politics, economy, technology, culture as well as the level and condition of security. The current society has actually entered into the information age, all the information is undergoing comprehensive digitization, and the network is infiltrating into all aspects of human society at a rapid pace. However, the network is equipped with complicated facilities and protocols, it is especially difficult to ensure that the complex system is free from defects and vulnerabilities. Meanwhile, the geographical distribution of the network makes it difficult to take all the network connections into consideration by means of security management, and the open network service provides opportunities to the hackers. Therefore, network security in reality is subjected to passive threat and active attacks, and the active attacks by hackers have posed the biggest threat to information security.
In the video, a real case in regard to information security and Australia national security was introduced. This case was really happened and was investigated by Australian Security and Intelligence Organization (ASIO). An company which produces and sells electronic equipment was hacked by hackers from overseas location. Some key business information and data were leaked, according to these leaked information, counterfeit was produced, which greatly harmed the reputation and revenue of the company. What’s worse, since the company is also a supplier of military, its secret communication equipment was used by military not only in Australia, but across the globe, the hacked network and stolen information became a big threat to national security. The potential risk is unimaginable, it means the secure communications of Australia allies cannot be guaranteed at all. Information security countermeasures and solutions allow of no delay.
2. Main report content 主要报告内容
Originated from the 1960s to 1970s, network hackers once gathered in the fortress of technological elite, namely Massachusetts Institute of Technology and Stanford University. They worshiped technology and resisted authority. They were of opinions that hacking activities means the intellectual freely exploration to the greatest potential for the computer system, means making the using of computer and the accessibility of information to be free of charge and open as much as possible. They are some of absolute technical staff. However, any irresponsible, disoriented power without restriction is dreadful, the control of the computer system included. With hackers increasingly keeping their eyes on the confidential databases that company secrets and national insider situation involved, the terror of the “hacker” has a new interpretation.
Current “hacker” has a very broad meaning and is also a general word. However, according to its common features, most of the definitions involve the superb programming techniques as well as the strong desire for problem solving and limitation overcoming in. They are the people who deliberately spoil computer and information system security. People also call the hacker as cracker. Today’s hackers unscrupulously do what they want, they tamper with information, replace the web, download or steal sensitive information, inject virus and Trojans into the computer system, attack the host and network, send mail bombs or make the network paralyzed. Therefore, if people are not vigilant and take preventive measures, it would cause serious consequences. It is not hard to imagine that once hackers attack succeed, from the small perspective, they just steal a portion of secrets or fund, paralyze certain network service, but in the big picture, they would cause the paralysis of the entire network and cannot be restored within a short period of time, thus causing huge economic losses, even undermining social stability and endangering national security.
2.1 Vulnerability identification in the context of the video
Vulnerability refers to a weakness of an asset or group of assets that can be exploited by one or more threats. (ISO/IEC 13335-1:2004) The vulnerability of the information system is one of the properties of information system. The malicious subjects (attacker or attack program) can take advantage of this property to get unauthorized access to the resource by authorized means and methods, thus obtaining sensitive information or damaging the system.
As for vulnerability classification, Bishop and Krsul are pioneers and make enterprising efforts. Since 1970s, when the America Research in Secured Operating System (RISOS) and Protection Analysis (PA) planned to study on the classification of vulnerability, securities experts have come up with dozens of schemes related to vulnerability classification. Before taking any action to issues regarding information security, risk assessment is a must. In the video, first we need to identify what the risks really are, and then evaluate the potential damages they may cause; based on the risk analysis and risk evaluation, we can identify the vulnerability.
In the video context, an Australian company was attacked by hackers located overseas. In order to know the vulnerabilities of the company, we first need to identify assets of the company. From the video, we can find the main assets of company attracting interests of overseas hackers are their business secrets. The company produce electronic communicating equipment, and some of their products are used in military. If the business assets are stolen and counterfeited, not only the company’s revenue and reputations would be harmed, because of the military context, it will further threat the national security. Business secrets are stored in computers and other electronic devices as data, data flows are the main target of external hackers. The main threats the company in the video faced are not physical damage, actually nowadays, physical damages seldom happens. The main threats of the company are information compromised and unauthorised actions. As known to all, hackers are normally computer and network experts, and technological elites, and there’s no absolutely secure network in the word. Therefore, the software and hardware vulnerabilities always exist. However, if paying more attention to organisational security system, and emphasize on the authorised action, can avoid the information compromise at the greatest extent. Unauthorised action is also a major vulnerabilities of the company mentioned in the video. For example, one of the employees emailed sensitive data to his personal email address and open it when he was at home. Such an action is identified as process vulnerabilities, which should be strictly prohibited. Because the hardware, software such as Firewall of home use cannot be as safe as that in the company, so the employees’ personal emails address and their home computers are easily became the target of hackers.
Information security is one of the profiles indicating international political change in the informational era, the highlights and attention to information security is not only an outcome of science, technology and economic development, but also an important dimensions of the change of global strategy. Information security has become the vital area relevant to international strategy and national security. The vulnerability of information system constitutes the great threat to information security.
Information security is one of the world into the information era of international political change a profile, it highlights and attention is not only the product of science and technology, economic and social development, but also change the important dimensions of the big global strategy, thus become the forefront of international strategy and national security is vital areas.The vulnerability information system constitutes the great threat to information security.
2.2 Timeline of the failures in the context of the video
A successful information security strategy has three plans to cope with external or internal attack. They are including incident response plans (IRPs), disaster recovery plans (DRPs), and business continuity plans (BCPs). IRP means immediate response to attack; once attack is detected, IRPs are stated at once. If the attack is escalated or proved disastrous, plan changes from IRPs to DRPs or BCPs. DRPs happen after the disasters occur, the aim of DRPs is to restore system and reduce the losses. BCPs normally happen with DRPs, especially when the attack causes huge damage or the term will last for a long time, simple restoration pf information and information resources are not adequate, then it is a must to activate BCPs.
In the video, an Australian company found their sales volume decreased and after investigation they found a product produced overseas looks quite similar to them and their business suffered. After the ASIO involved, the company realised they have been hacked. Their business secrets such as the product design and other key information were stolen by hackers overseas. The company took some measures immediately to protect their computer system, as well as cyber network. What makes the problem more serious is that, the company sold thousands of electronic equipment to military and intelligence organisations, the compromise to business secrets may affect the national security.
From the incident, we can draw a timeline of the company’s failures in response to the external attack. At the day they are told they’ve been attacked by hackers, they’ve already known that there are some counterfeit appeared in the market. The knew the problem, but didn’t realise it was related to a cyber attack, nor took any actions. When ASIO involved, and the attack was characterized as a disaster, they began to pay attentions on their computer network, DRPs was started. When attack was happened, the company didn’t detect the attack, and after two years they were aware of the attack. It was too late to take any effective measures at that time, and that’s a big failure of the company in this regard.
2.3 Countermeasures and solutions to protect information security
Presently, the properties of the information securities that aroused people’s general interest are consist of confidentiality, integrity and availability. No matter what machinations the information intruder harbor or what means being adopted, they would achieve their goals by attacking the security attribute of the information. Technologically, the so-called “information” means to objectively eradicate the security threat to the information security attributes, thus, the owner of the information would be subjectively assured of the derivation of information.
Confidentiality refers to the attribute that the information cannot disclose to the unauthorized individuals and entities, or provide for other use. The security of military information focuses on the confidentiality of the information. In contrast, the commercial information pay more attention to the integrity of the information. The administrative measures of information security attach much importance to establishing a unified information security management mechanism, adopting administrative measures to supervise the network and other information exchange activities, thus ensuring the information security. Many countries have established the information security management agencies. The United States National Security Council has established the State Security Policy Committee and the Information System Security Committee. The former is responsible for enacting military security confidential policy while the latter shoulder the responsibility to keep security of the confidential and sensitive information of military information network. The countries like Britain, France etc. also established National Information Security Committee. German established the National Information Security Agency. Due to the particularity of information security management, it is necessary to set up special agencies and special court to notarize, supervise and enforce the network activities.
Integrity refers to the attribute that the information remains not to be modified, destroyed, inserted, delayed and lost, out-of-order as well in the process of storage and transmission. When it comes to military information, the destruction of integrity possibly means delaying the opportunity for combat, internecine fighting or leaving fighting capacity unused. To destroy the integrity of the information is the ultimate aim to attack information security.
Availability refers to the attribute that the information can be accessed by legitimate users and can be used according to the required sequence, that is to say, the required information can be accessed when it is needed. The purpose of attack to the availability is to interdict the availability of the information. For example, the destruction of the normal operation of the network and relevant system belongs to this type of attack. In terms of the information security management methods and ways, the following measures should be adopted to strengthen institutionalized management. First and foremost, it is practical to establish and carry out network access system to check the identification of network users. Secondly, the system of networking registration and networking computer management should be improved, and strengthen the management of the network users and network computers. Thirdly, establish the network information standardization management system, and carry out the unified regulations to the upload information. What’s more, the corresponding administrative sanction should be imposed on those delinquents who damage information security and information management.
2.4 Other measures to protect information security
Other measures to protect information security mainly consist of policy measures, administrative management measures, legal measures and ethical measures.
As the means of national macro guidance and management of socio-economic activities, policy can determine the direction for the socio-economic development, effectively regulate various relations and contradictions. To formulate and implement information security policy is the key to safeguarding information security. Information security policy is the sum of a series of administrative norms that a country or an organization in a certain period of time sets to deal with the conflicts between the free transmission of information and limited using. Due to the macroscopic and guiding characteristics of the information, the scientific and reasonable information security policy can guide the administrative management concerning information security, direct the legislation and judicature of information security, and also foster the formulation and implementation of the technological and ethical measures of information security. The perfection of system of information security policy can start from three aspects. Firstly, the contents of information policy can be added to the relevant information policies, which can be considered as an emergency measure before formulating the specific information security policies. Even though the specific information security policies are enacted, it can help to expand the publicity and spreading of the information security policies. Secondly, the enactment of the special national security policies is conducive to making corresponding regulations concerning the fully development and sharing of information resources, the building and management of information network, the control of information pollution, the protection of information property, the safeguarding of information sovereignty, cracking down on information crime as well as the secrecy of confidential information. Thirdly, the enforcement regulations information security policy and other specific information securities are controlled under the guidance of national information security policies. After issuing the information securities, the feasible measures should be adopted to carry out the policies.
Complete information security laws and regulations are the important measures to effectively guarantee information security. To date, many countries have enacted the intellectual property rights law and privacy law, and more than thirty counties have successively formulated laws and regulations of computer security and information security from different aspects. In August of 1978, Florida passed the Florida Computer Crime Act, afterwards, 47 US states sequentially enacted computer crime act. In 1973, Sweden enacted data law which touched upon the computer crime problems. Then, the western European countries have also enacted Data Law. In December 1985, Japan established computer security standards and issued the corresponding guidelines.
It is difficult to ensure the information security in modern information technology environment only depending on policy regulations and technologies, it is also inevitable to take corresponding measures from network ethics. Simply speaking, network ethics is the moral relationship when people conducted social interactions through electronic information network. The construction of information network as well as the social and moral issues in the process of network using has aroused increasingly attention from people in all walks of life. Some foreign computer and network organizations have formulated a series of regulations which covers all aspects of network behaviors. For example, the American Association of Computer Ethics Institute has regulated 10 standards of behavior that the users should obey in using the computer network system: Do not harm others by using computers; Do not interfere with other people’s computer work; Do not be prying others files; Do not steal by using computers; Do not give perjury by using computers; Do not use or copy the software that you didn’t pay for it; Do not use others computer resources without permission; Do not steal others intellectual achievements; Do consider the social consequences that the program by you would bring; Do use the computer with the deliberate and cautious ways. What’s more, University of California has also regulated other six kinds of network behaviors that should not occur: Do not deliberately cause traffic disturbance or arbitrarily intrude into other system connected to the network; Do not use the university information resources with commercial purposes or with fraudulence; Do not steal informational materials, equipment or other intellectual achievements from the network; Do not visit others file without permission; Do not make actions that will cause chaos or destruction in public places; Do not forge e-mail. However, so far, a global network ethics norm hasn’t formed. We can draw the common and universally-acknowledged provisions from the existing different standards and make them to be the globally-applicable network moral norms.
3. Conclusion 结论
The development of modern information technology makes the information security problem is more outstanding than before. Information security problems including information pollution, information disclosure, information destruction, information infringement, information aggression, and so on. Information security measures mainly include the policies measures, administrative measures, legal measures, technical measures and ethical measures.
Information security is a whole concept, now a single measure cannot be effective to secure the sensitive information, information security needs to combine all products and work together. Single network security products cannot guarantee the security of the network, simple stack of security products cannot bring protection quality of network security. Only based on security policy, combining security products and forming a security protection system to ensure the implementation of the security system, the security performance of network can be improved effectively.