Cybersecurity Overview: Difference between revisions
No edit summary |
No edit summary |
||
| (3 intermediate revisions by 2 users not shown) | |||
| Line 1: | Line 1: | ||
==Introduction== | ==Introduction== | ||
The term “Cybersecurity” encompasses a range of issues from | The term “Cybersecurity” encompasses a range of issues from [[Cybercrime]] to [[Cyberwar|Cyberwarefare]]. These in turn embrace a diverse set of activities and interests. | ||
Cybercrime, for example, can refer to a lone hacker breaking into a single computer to an organized network of computer criminals collecting thousands or millions of credit card numbers and/or personal information records from multiple sources. Responses to | [[Cybercrime]], for example, can refer to a lone hacker breaking into a single computer to an organized network of computer criminals collecting thousands or millions of credit card numbers and/or personal information records from multiple sources. Responses to [[Cybercrime]] range from offering [[Incentives|incentives]] to individuals, manufacturers and/or corporations to protect against malware and botnet attacks to decisions about [[Insurance|insurance]] and [[Risk Management and Investment|risk management]]. | ||
Cyberwarfare attacks include covert espionage attacks against secure systems to collect sensitive national security information, distributed attacks against the civilian infrastructure to cause widespread failures of energy and/or communication systems or targeted attacks against military targets with the intent to render offensive and defensive systems inoperable or to take control of systems with the ability to deliver kinetic attacks. These attacks all create complicated questions of attribution and law, as the normal laws of war are of questionable value when applied to threats delivered domestically from | Cyberwarfare attacks include covert [[Espionage|espionage]] attacks against secure systems to collect sensitive national security information, distributed attacks against the [[Private Critical Infrastructure|civilian infrastructure]] to cause widespread failures of [[Electricity, Oil and Natural Gas|energy]] and/or [[Communications|communication systems]] or targeted attacks against [[Military Networks (.mil)|military targets]] with the intent to render offensive and defensive systems inoperable or to take control of systems with the ability to deliver kinetic attacks. These attacks all create complicated questions of [[Attribution|attribution]] and [[Regulation/Liability|law]], as the normal laws of war are of questionable value when applied to threats delivered domestically from an anonymous source in a distant location. In addition, [[Deterrence|deterrence]], offensive actions and defensive response often become blurred in the cyber realm, requiring a fresh look at what policies such as “no first strike” mean in cyberspace. | ||
Solutions to these problems will involve addressing questions of economics, incentives, law, legislation, politics, government-private cooperation and international diplomacy. Government, industry, the military and the public must all play a role in deciding how much cybersecurity is needed and who will pay for it. These stakeholders must also address the tradeoffs between privacy and security that often arise in addressing cyber threats. Finally, there needs to be a way to measure the threat and the protections put in place so that the players can make intelligent choices in allocating scare resources. | Solutions to these problems will involve addressing questions of [[Economics of Cybersecurity|economics]], [[Incentives|incentives]], law, [[Regulation/Liability|legislation]], politics, [[Public-Private Cooperation|government-private cooperation]] and [[International Cooperation|international diplomacy]]. Government, industry, the military, and the public must all play a role in deciding how much cybersecurity is needed and who will pay for it. These stakeholders must also address the tradeoffs between privacy and security that often arise in addressing cyber threats. Finally, there needs to be [[Metrics|a way to measure the threat]] and the protections put in place so that the players can make intelligent choices in allocating scare resources. | ||
[[Main_Page | Back to Main Page]]. | |||
Back to | |||
Latest revision as of 15:55, 7 August 2012
Introduction
The term “Cybersecurity” encompasses a range of issues from Cybercrime to Cyberwarefare. These in turn embrace a diverse set of activities and interests.
Cybercrime, for example, can refer to a lone hacker breaking into a single computer to an organized network of computer criminals collecting thousands or millions of credit card numbers and/or personal information records from multiple sources. Responses to Cybercrime range from offering incentives to individuals, manufacturers and/or corporations to protect against malware and botnet attacks to decisions about insurance and risk management.
Cyberwarfare attacks include covert espionage attacks against secure systems to collect sensitive national security information, distributed attacks against the civilian infrastructure to cause widespread failures of energy and/or communication systems or targeted attacks against military targets with the intent to render offensive and defensive systems inoperable or to take control of systems with the ability to deliver kinetic attacks. These attacks all create complicated questions of attribution and law, as the normal laws of war are of questionable value when applied to threats delivered domestically from an anonymous source in a distant location. In addition, deterrence, offensive actions and defensive response often become blurred in the cyber realm, requiring a fresh look at what policies such as “no first strike” mean in cyberspace.
Solutions to these problems will involve addressing questions of economics, incentives, law, legislation, politics, government-private cooperation and international diplomacy. Government, industry, the military, and the public must all play a role in deciding how much cybersecurity is needed and who will pay for it. These stakeholders must also address the tradeoffs between privacy and security that often arise in addressing cyber threats. Finally, there needs to be a way to measure the threat and the protections put in place so that the players can make intelligent choices in allocating scare resources.