Why Cyber ?
In this fast-paced industry, digitization and staying connected are playing a vital role. This is further coupled with the proliferation of cloud-based and mobile technologies.
“Why focus on security?” is a question that has moved from mere security team discussions to board room discussions, and it doesn’t stop there either. This, now, is the talk of the industry today.
Everyone we know around us, in our work places or otherwise, is talking about security, one way or the other. Security is no longer just a requirement of an IT administrator, or security administrators in an IT organization. It is now the requirement of all those entities who are connected in one way or the other with any type of data.
The importance of cybersecurity, as the name suggests, will be the crux of the discussion in this chapter, and we will closely look into the following:
- The history of breaches
- The importance of securing networks and applications
- The threat landscape
- How security helps
The history of data breaches
The general notion encircling hacking is that it started a few decades ago. However, in reality, hacking was in practice even before that. it goes as far back as 1834, yes almost two centuries back. Historically, it came to light in the year 1836 when two persons involved in the act were caught. During the last decade of 1700, France implemented its national data network to transfer data between Paris and Bordeaux, which was one of its kind at the time. It was built on top of a mechanical telegraph system, which was a network of physical towers. Each tower was equipped with a unique system of movable arms on the tower top.The tower operators would use different combinations of these arms to form numbers and characters that could be read from a similar distant tower using a telescope. This combination of numbers and characters was relayed from tower to tower until it reached the far end. As a result, the government achieved a much more efficient mechanism of data transfer, which resulted in greater time saving. Interestingly, all this happened in the open. Even though the combinations were encrypted, and would’ve required an experienced telegraph operator to decode the message at the far end to bring up the original message, the risks were just around the corner. The following image is one such tower:
This operation was observed by two bankers, Francois and Joseph Blanc. They used to trade government bonds at the exchange in Bordeaux, and it was they who figured out a hack to poison the data transfer in between, and include an indicator of current market status, by bribing a couple of telegraph operators.
Usually it took several days before the information related to Bond performance reached Bordeaux by normal mail, now, due to this hack, they had an advantage to get that same information well before the exchange in Bordeaux received it. In a normal transmission, the operator included a Backspace symbol to indicate to the other operator that he needed to avoid the previous character and consider it as mistake.
The bankers paid one of the operators to include a deliberate mistake with a predefined character, to indicate the previous day’s exchange performance, so that they could assume the market movement and plan to buy or sell bonds. This additional character did not affect the original message sent by the government, because it was meant to be ignored by the far end telegraph operator. But this extra character would be observed by another former telegraph operator who was paid by the bankers to decode it by observing through a telescope.
Also, the Blanc brothers did not care about the entire message either; all they needed was the information related to market movement, which was well achieved through this extra piece of inert information. The Blanc brothers had an advantage over the market movement and continued to do this for another two years, until their hack was discovered and they were caught in 1836. You can read more about such attacks at https://www.thevintagenews.com/2018/08/26/cyberattacks-in-the-1830s/.
The modern equivalent of this attack would perhaps be data poisoning, man-in-the middle attack, misuse of the network, attacking, or social engineering. However, the striking similarity is that these attacks often go unnoticed for days or years before they get caught. This was true then, and it’s true today. Unfortunately, the Blanc brothers could not be convicted as there were no laws under which they could be prosecuted at that time.
Maybe the Blanc brothers’ hack was not so innovative compared to today’s cyber attacks, but it did indicate that data was always at risk. And, with the digitization of data in all shapes and forms, operations, and transport mechanisms (networks), the attack surface is huge now. It is now the responsibility of the organization and the individuals to keep the data, network, and computer infrastructure safe.
Let’s fast forward another 150 years, to the late 1980s. This is when the world witnessed the first ever computer virus—Morris worm. Even though the creator of the worm, Robert Tappan Morris, denied the allegation that it was intended to cause harm to computers, it did, indeed, affect millions of them. With an intention to measure the vastness of the cyber world, Tappan wrote an experimental program that was self-replicating and hopped from one computer to another on its own.
This was injected to the internet by Morris, but, to his surprise, this so-called worm spread at a much faster rate than he would have imagined. Soon, within the next 24 hours, at least 10% of the internet connected machines were affected. This was then targeted to ARPANET, and some reports suggested that the of connected computers at the time was around 60,000.
The worm was using a flaw in the Unix email program, sendmail, which typically waits for other systems to connect to the mail program and deliver the email, and a bug in the fingerd daemon. This worm infected many sites, which included universities, military, and other research facilities. It took a team of programmers from various US universities to work non-stop for hours to get to a fix. It took a few more days to get back to a normal state. A few years later, in 1990, Morris was convicted by the court, for violating the Computer Fraud and Abuse Act; unlike at the time of Blanc brothers when there was no law to prosecute, this time there was.
Fast forward another two decades to 2010, and the world saw what it never imagined could happen: an extremely coordinated effort to create a specifically crafted piece of software, Yes Software, which was purpose-built to target the Iranian nuclear facility. It was targeting Industrial Control Systems, otherwise known as ICS. This was designed only to target a specific brand and make of ICS by Siemens, which controls centrifuges in a nuclear facility to manage their speed. It is presumed that it was designed to deliver onsite, as per some reports, because the Iranian facility that it was targeting was air-gapped.
This was one of its kind industrial cyber espionage.The malware was purpose-built so that it would never leave the facility of the nuclear plant. However, somehow, it still made its way out to the internet, and there is still speculation as to how. It took researchers many months after its discovery to figure out the working principle of the malware. It’s speculated that it took at least a few years to develop to a fully functional working model. After the Stuxnet, we have witnessed many similar attack patterns in forms of Duqu, and Flame, and it’s believed by some experts in this field, that malware similar to these are apparently still active.
Currently, we are seeing extremely new variants of attack with new modus operandi. This is to earn money by using ransomware, or to steal data and then try to sell it or destroy it. Alternatively, they use victim infrastructure to run crypto miner malwares to mine cryptocurrencies. Today, security has taken center stage, not only because the attack surface has increased for each entity, or the number of successful high profile and mass attacks are a norm, but because of the fact that each one of us now knows that the need for securing data is paramount, irrespective of whether you are a target or not.
Scenarios for security
To make it more intuitive and simpler, let’s look into a few scenarios as we proceed further with this chapter to discuss the need for security:
- Scenario (organizations in general): Try to visualize an organization with standard digital and IT functions that caters to their business needs. As an organization, it is important that the digital and IT infrastructure that you use is always up and running. Also, the organization has the responsibility to secure the identity, data, network, equipment, and products that you deal with. Digitization is the norm today for all businesses and organizations. Digitization brings in connectivity and a mixture of all the various different technologies working together to achieve the set business goals for the organization. With the increase in digitization, the level of connectivity also increases, within the boundary and outside the boundary of the organization. This connectivity also poses a risk to the security of the organization (we will discuss this further in the following chapters).
Digitization and connectivity largely fits into three macro aspects, namely: identity (by which we allow the users to interact), data (individual, business, personal, or system), and network (the connection part). Furthermore, we should not forget the factors that bring them all together, namely: equipment, solutions, and various business processes and applications. Any organization today controls the level of access needed to view, modify or process data, or access a business application/system through identity. It is the de-facto requirement for the organization to secure these identities.
You also need proper measures to secure the data you are handling, be it at rest, motion, or during compute. And it is an obvious fact that the network perimeter, be it physical or in the cloud, has to be secured with proper measures and controls. This scenario is to set the context; we will talk more about these aspects in the following chapters.
- Scenario (everything is moving to cloud): are moving to cloud at a rapid speed, the need for higher processing capability and reduced operating cost benefit is increasing. Cloud, as a technology, provides more scalability for businesses when it is required. Also, as the global footprint of each business is now increasing, the need for collaboration is important and cloud makes it possible. Employees nowadays prefer working remotely, thereby eliminating the need for office infrastructure. The other important benefit of cloud computing is that it takes away the burden from IT about constantly keeping track of new updates and upgrades of software and hardware components.
But, as it is true that technological advancements bring in more control, speed, power, accuracy, resiliency, and availability, they also bring in security concerns and risks. Cloud is no different when it comes to security concerns and the risks that are exposed if it is not properly implemented or used. The biggest boon of cloud is that the organizations are reaping the benefit of not owning any infrastructure or operations of their own.
This boon also brings in security risks and concerns, such as who has access to the data that is positioned in the cloud, how do you maintain and manage security regulatory requirements, and how do you keep up with compliance mandates such as GDPR and others? Cloud computing also complicates the disaster recovery (DR) scenario for each organization because it depends on the service provider’s terms and conditions and their business model around data recovery. Moreover, organizations have no control where the cloud provider will bring up their data center and operate from, which raises concerns around data sovereignty. There are many other challenges and risks around operating from cloud, which will be discussed in relevant portions of this book.