Cyber Attacks – New Security Threats Part I
In the last two decades, we have seen a virtual revolution – a sharp increase in the use of ICT tools (ICT: information and communication technology). The benefits of using this technology are many and obvious. However, the increased use of and dependence on these tools also implies an increased vulnerability of modern societies. New challenges have been created – not least on the security side. In 2010, NATO addressed the threat of cyberattacks as part of its security strategy. In the same year, Iran’s nuclear program was subjected to a targeted cyber attack – most likely from a state.
- What threats exist in cyberspace?
- What do hostile actors in cyberspace want?
- How do we prepare for cyberspace warfare?
- Who should protect Norway in cyberspace?
2: What is cyberspace?
With the rise of the internet and mobile phones, cyberspace has become a widely known concept. We do not yet fully know what this revolution will mean for society. This uncertainty is due to the fact that our understanding of cyberspace is insufficient. For what exactly is cyberspace? Some refer to cyberspace as a “place” – a domain – on a par with physical quantities such as sea, air, land and space. It’s not that simple. It is both something tangible (for example, your PC and the fiber lines that connect networks) and something abstract (non-physical, virtual communication and interaction).
Most people associate cyberspace with the internet, but there is much more to it than that. It also includes radio waves, telecommunications networks and other types of computer networks that process information. Perhaps the most important feature of cyberspace is that it crosses national borders and seamlessly connects people from all corners of the world.
The uprisings in the Middle East have illustrated some of the positive potential of cyberspace. According to top-mba-universities.com, activists in Egypt organized large demonstrations through Facebook and told the whole world about the struggle for freedom and democracy through Twitter. When the Egyptian authorities turned off Internet access in the country, the activists instead spread their message through landline and fax lines. In this way, the whole world could follow the demonstrations at Tahrir Square in Cairo minute by minute. The ensuing international pressure helped protesters overthrow President Hosni Mubarak.
Cyberspace and computer networks undoubtedly have many positive aspects , but in recent years we have also seen that new dangers threaten in this new domain. Criminals have long used the internet to swindle money and sensitive information from individuals and companies. This business requires a lot of resources from the police and is very unfortunate for those affected.
These “simple” forms of cybercrime are nevertheless a threat of a limited nature. . It usually affects only a few people and does not aim to create major societal problems. Money is most often the motive – not destruction and conflict. In recent years, however, we have seen the contours of new threats that can affect society to a much greater extent.
3: Methods and actors
As we have become more dependent on ICT and cyberspace, we have become more vulnerable to attacks on computer networks. Oslo Børs is today completely online. Important infrastructure such as the power grid is controlled by computer networks, and the Armed Forces is increasingly relying on so-called network – based defense . In other words, central social institutions have in recent years become considerably more vulnerable to intruders who do not want them well. The fear is that hostile actors will exploit this vulnerability to harm society. This can be done in different ways, and the most common forms of cyber attacks and intrusions are:
- Denial of Service (DoS): The attacker sends a large number of requests or exploits the vulnerabilities of a network by overpowering the network’s capacity and thus preventing others from accessing the network.
- Distributed Denial of Service (DDoS): A variant of DoS attack where the attacker uses a large number of slave computers (over which the attacker has taken virtual control) to send a coordinated attack against a network.
- Malware: Collective term for worms, viruses, Trojan horses and the like that contain malicious code. The malware can be injected into a network through email attachments, USB memory sticks or hacking. The malware can then collect sensitive information, shut down networks, or cause a computer system to perform destructive actions (logical bombs).
Perhaps just as important as how these actions are performed is who performs them. There are a number of actors in cyberspace who use these methods to achieve their economic, political or military goals. They can be roughly divided as follows:
- Criminals: Uses phishing (also called phishing) and other methods to steal information from individuals and companies to swindle money
- Hacker activists: Hack and vandalize websites to create political awareness around an issue, or for “fun”
- Terrorists: Want to paralyze important parts of cyberspace to create fear and panic in the population and force through political change
- States: Uses cyberspace mainly for espionage and to find possible vulnerabilities in computer networks should a major conflict flare up. These weaknesses can then be exploited through cyber attacks to give a state an advantage on the battlefield.
The threat picture in cyberspace is complex . It is therefore not always as easy to distinguish between different actors. In cyberspace, it is easy to hide their tracks, and therefore it is difficult to know who is carrying out attacks or breaking into computer systems.
A good example of this is the cyber incident that hit Google in January 2010. Chinese hackers broke into the computer systems of the search giant and a number of other international companies. There , they stole sensitive information , including information about Chinese dissidents who used Google Mail. It is still unclear exactly who broke into the systems, but according to a US report, a group of private individuals and government employees in China collaborated to obtain important information.