Overview: Cyber Threats

Author: Paul Meyer
Senior Fellow, The Simons Foundation Canada | Chair, Canadian Pugwash Group | Senior Advisor, ICT4Peace

Cyberspace, the broad term for the system of networked computer systems for which the Internet is the chief embodiment, is a unique, human-created environment. The potential of information and communication technology to benefit humanity is vast and the growth in its use world-wide has been exponential. Today close to four billion people are connected to the Internet and a community of “netizens” has emerged.

Unfortunately, the growth of cyberspace has not been matched by a similar development of global governance for it. Even more worrisome, is the degree to which cyberspace has become “militarized” with states developing capabilities, not only for the defence of their own systems, but also offensive capabilities that threaten damage and destruction to entities beyond their borders. These trends within national security establishments of leading cyber powers have accelerated and the detrimental impact of cyber operations on civilian interests has grown. A narrative of “cyber war” has been espoused by major states, depicting this remarkable product of human ingenuity as just another “war-fighting domain”.

Read more

Related video talks

65. Hacking the Bomb
https://youtu.be/-q1OqFsJNQQ
• Andrew Futter, Associate Professor of International Politics, University of Leicester
• Hans-Christian Breede, Associate Chair of Public Administration, The Royal Military College of Canada

59. Social Media Risks
https://youtu.be/sacSsgA5YhY
• Lisa Schirch, North American Research Director for the Today Institute.

55. A.I.and You
https://youtu.be/ty7nG9Bt9WU
• Cesar Jaramillo, Director Project Ploughshares
• Branka Marijan, Researcher Project Ploughshares

27. Assessing Risk of Global Threats
https://youtube.com/watch?v=vf4mzBTGBXw
• Mark Sedra, Adjunct Professor, Balsillie School

32. The Cyber Impact
https://youtu.be/VTsVZFu0eq0
• Branka Marijan, program officer, Project Ploughshares
• John Daniele, VP, Cybersecurity (GTA) 

9. Preventing Cyber Threats
https://youtu.be/9qtwkkvYWGg
• Jack Gemmell, Toronto lawyer
• Paul Meyer, Former Canadian Ambassador for Disarmament
• Allison Pytlak, WILPF

Author: Paul Meyer

12 thoughts on “Overview: Cyber Threats

  1. Bruce Blair, OSTI.GOV. U.S. Department of Energy.

    Strategic command and control: Redefining the nuclear threat
    To many defense analysts, C/sup 3/I (command, control, communications and intelligence) is the most vulnerable component of our nuclear deterrent. Bruce Blair, who once served in the Strategic Air Command as a Minuteman launch control officer and is a current Defense Department official, has written an important and valuable analysis of the physical and organizational arrangements which exist to control U.S. strategic forces, tracing their evolution over 25 years. His recommendations call for (a) near-term improvements to assure that the system will not collapse under a Soviet first strike and will provide for prompt retaliation and (b) a long-term goal of delaying a retaliatory strike by at least 24 hours so as to maximize chances for survival.

    https://www.osti.gov/biblio/5734349

  2. Trend Micro shared: Sept 17. 2015
    “FBI Warns Public on Dangers of the Internet of Things”
    In a Public Service announcement issued last week, the law enforcement agency discussed the potential security risks of using interconnected devices such as smart light bulbs, connected cars, smart fridges, wearables, and other home security systems. The PSA included network connected printers as well as fuel monitoring systems.

    ast July, vehicle security researchers Chris Valasek and Charlie Miller demonstrated how a Jeep Cherokee’s brakes and other critical control systems can be remotely controlled by anyone with an internet connection. According to Valasek and Miller, they can easily take control of the vehicle by sending data to its interconnected entertainment system and navigation system via a mobile phone network. In response to this, Chrysler announced the recall of 1.4 million vehicles that may be affected by the security hole.
    “What to Consider When Buying a Smart Device”, here a few more ways to improve the security of your devices against possible IoT threats:
    Enable all security features on all smart devices
    Always update the device firmware
    Use secure passwords
    Close any unused ports on devices and routers
    Utilize encryption for all networks and devices
    https://www.trendmicro.com/vinfo/us/security/news/internet-of-things/fbi-warns-public-on-dangers-of-the-internet-of-things/

  3. Internet Societiy. 15 October 2015
    “The Internet of Things (IoT): An Overview.” Understanding the Issues and Challenges of a More Connected World
    On 15 October 2015 the Internet Society published this 50-page whitepaper providing an overview of the IoT and exploring related issues and challenges. You may download the complete document at the link above. The Executive Summary is included below to provide a preview of the full document.
    More of our coverage and information about the Internet of Things may be found at https://www.internetsociety.org/issues/iot
    This IoT Overview whitepaper is also available in Russian and in Spanish.
    https://www.internetsociety.org/resources/doc/2015/iot-overview/

    1. The internet of things is a giant security risk because of the lack of security protocols built into smaller computerized devices. This makes these devices extremely vulnerable to script kiddies and people who understand some of the most basic gui based hacking or monitoring programs. As the technology and security protocols develop over time such risks will not be as worrisome.

  4. Code of Ethics
    IEEE-CS/ACM Joint Task Force on Software Engineering Ethics and Professional Practices
    Short version:
    1. PUBLIC – Software engineers shall act consistently with the public interest.
    2. CLIENT AND EMPLOYER – Software engineers shall act in a manner that is in the best interests of their client and employer consistent with the public interest.
    3. PRODUCT – Software engineers shall ensure that their products and related modifications meet the highest professional standards possible.
    4. JUDGMENT – Software engineers shall maintain integrity and independence in their professional judgment.
    5. MANAGEMENT – Software engineering managers and leaders shall subscribe to and promote an ethical approach to the management of software development and maintenance.
    6. PROFESSION – Software engineers shall advance the integrity and reputation of the profession consistent with the public interest.
    7. COLLEAGUES – Software engineers shall be fair to and supportive of their colleagues.
    8. SELF – Software engineers shall participate in lifelong learning regarding the practice of their profession and shall promote an ethical approach to the practice of the profession.

    https://www.computer.org/education/code-of-ethics

  5. Samrat Bhadra shared a post:
    “Brute Force Attack Against FACEBOOK – How to Keep Your Facebook Account Safe”

    Brute Force is a mechanism used to identify password of an online account (or a correct combination of user id and password in case of a application specific attack) by automatically generating possible passwords and attempting it on the target web application. The success probability of a brute force system is largely dependent on its intelligence of generating passwords in most effective sequence so the correct password can be identified with least number of trials.
    Only less than 1% of all passwords are more than ten characters long. That’s what makes brute force a commercially viable solution. A strong password is what can keep your Facebook account safe from hackers.

    http://blog.lamanguste.com/2017/12/12/brute-force-attack-against-facebook-how-to-keep-your-facebook-account-safe/

  6. Samrat Bhadra shared a post.
    “Critical Vulnerabilities in Microsoft Products is on the Rise”

    The number of vulnerabilities in Microsoft products reported to be more than doubled from 325 in 2013 to 685 in 2017 as reported by Avecto in Microsoft Vulnerabilities Report 2017 . Moreover there has been a record 232 new windows vulnerabilities reported in this year,
    Key Findings:
    Removing admin rights would mitigate 80% of all Critical Microsoft vulnerabilities in 2017.
    The number of reported vulnerabilities has risen 111% over five years (2013-2017).
    There has been a 54% increase in Critical Microsoft vulnerabilities since 2016 and 60% in five years (2013-2017).
    95% of Critical vulnerabilities in Microsoft browsers can be mitigated by removing administrator rights.
    There has been an 89% increase in Microsoft Office vulnerabilities in the past five years.
    Almost two thirds of all Critical vulnerabilities in Microsoft Office products are mitigated by removing admin rights.
    Despite being widely regarded as the most secure Windows OS ever, Windows 10 vulnerabilities rose by 64% in 2017.
    Removing admin rights would mitigate almost 80% of Critical vulnerabilities in Windows 10 in 2017.
    Critical vulnerabilities in Microsoft Browsers are up 46% since 2013.
    88% of all Critical vulnerabilities reported by Microsoft over the last five years would have been mitigated by removing admin rights.

    http://blog.lamanguste.com/2018/02/19/critical-vulnerabilities-in-microsoft-products-is-on-the-rise/?

  7. Jon Fingas, @jonfingas
    06.22.19 engadget

    “US cyberattack reportedly knocked out Iran missile control systems”
    The President reportedly signed off on the digital strike. Washington Post sources say the President greenlit a long-in-the-making cyberattack that took down Iranian missile control computers on the night of June 20th. The exact impact of the Cyber Command operation isn’t clear, but it was described as “crippling” — Iran couldn’t easily recover, one tipster said.
    Source: Washington Post

    https://www.engadget.com/2019/06/22/us-cyberattack-reportedly-knocked-out-iran-missile-control-syste/

  8. Tyler Durden
    Fri, 06/28/2019 –
    “Florida City Pays $462,000 In Ransom After Second Cyberattack Cripples City’s Infrastructure”
    Lake City’s council approved the measure during an emergency meeting Monday night and will be paying about $462,000 via Bitcoin, by way of the city’s insurer. This payment follows a similar incident in Riviera Beach, a city of 34,000 near West Palm Beach, where the city’s council authorized a similar $600,000 ransom payment.
    Emergency services weren’t affected. But Lake City authorities worried they wouldn’t be able to access encrypted files such as ordinances, public-record requests and utility information.

    The FBI advises against paying hackers, saying there’s no guarantee they will release data and that it could make victims susceptible to future attacks. But some victims don’t have a choice: for instance, in March, Jackson County, Georgia paid $400,000 after realizing a cyber attack had compromised its backups.

Leave a Reply

Your email address will not be published. Required fields are marked *