DATA SECURITY OF A COMPUTER NETWORK IN THE WAKE OF NEW

TECHNOLOGY

CHAPTER I

INTRODUCTION

1. Information and security have been interlinked since time immemorial. The fact that
one actor seeks information about the intention and action of the intended enemy, called the
intelligence on enemy, while the other seeks to secure those and prevent them from being
known to the opponent, has been part of military operation since ancient times. The operation
covers information as well as information technology (IT). IT used in ancient times was not
radio, telegraph or satellite but the smoke signal, the tower, horse etc. In the 21st century the IT
includes sophisticated electronic technologies, with computers being the main control and
storage components, networked through wire and wireless links like telephone cable, radio,
satellite etc. Today security of computer network and information stored in or processed and
transmitted of it not only falls under military domain but also affects many aspects of the
society including telecommunications, energy, banking, and transportation systems.

2. The data security of computer network covers the security protection of the digital data
and the supporting hardware and software forming computer network and communication links
as a whole called the digital IT or information and communication technology (ICT). The threat
on the computer network could be in the form of physical attack by traditional means or of
electronic attack through IT software application. The electronic attack is also called the cyber-
attack or battle into the realm of cyberspace; the virtual information space created by the dense
interconnection of computer and communication systems. This paper mainly focuses on cyber-
security from electronic threats. The research also covers as a part of cyber-security the
electronic surveillance on the use of digital network by various societal groups for their
operation and sustenance.

1
3. Today the borderless world wired together by the Internet is based on computer network
connections and powerful communications nodes. These are literally redefining the geography
of commerce and communication. Experts view that computer vulnerabilities may translate into
damage to the national economy unless proper measures are not taken. This brings to the fore a
set of questions: are the cyber-threats really great, why are not appropriate measures in place,
why is there a general lack of understanding on cyber-securities, is there anything that can be
done to counter the threat etc? The paper makes an endeavour to answer the questions.

4. Most of the material in the paper has been gleaned from books particularly the book by
Robert Latham (ed.), Bombs and Bandwidths (New York: The New Press, 2003), and a few
articles and websites. There are many books on the technical issues of digital IT and their
security. But the technical aspects have been kept very simple though the topic looks very
technical in nature. The instances of the US activities on the cyber-issues have been mentioned
as the US is considered to be the central force in shaping global IT security. Also mentioned are
a few famous computer worms that created uproar in the computer society.

5. The study first dwells on the growing use of ICT in all aspects of society and
accompanying security concerns. There are numerous definitions and terms on cyber security
issue. These are briefly mentioned along with threat analysis and social network’s networking.
After identifying various security challenges, the paper shows detailed way-forwards in terms
of technical, procedural, legal and strategic measures. As said before this paper is not a
technical paper and hence detailed discussion on the technical solutions have been avoided to
view it from strategic perspective.
CHAPTER II

ICT PREVALENCE AND SECURITY CONCERN

GENERAL

6. Computer usages through standalone and networked systems are widespread in all
echelons of society, be it military or civil. Computer networking using Local Area Network

2
(LAN) technology, and Wide Area Network (WAN) technology using dedicated
communication links (called Intranet) or the Internet backbone is designed to fulfill the
following functions:

(a) Share common data.

(b) Ensure database integrity.
(c) Provide a secure means of gathering information and disseminating orders.
(d) Enable a gateway to the information superhighway -- Internet
(e) Provide a backbone for core infrastructure and network centric warfare.

PRESENT TREND

7. IT Integration and Effect. IT is becoming increasingly pervasive and connected. It is

spreading throughout homes, offices and elsewhere. It is being integrated into everything from
appliances to business processes and control systems featuring automation. The tangled web of
IT network particularly communication system has become a potential launching pad for
attacks, espionage and viruses by actors around the world. It creates more targets to attack and
more attackers.

8. Mobile Computing Devices. The proliferation of mobile computing devices has added
new problems. It has extended the computer network perimeter from the workplace to homes,
airports, automobiles, and hotel rooms. Information once confined to office networks can now
be accessed through home PCs, laptops, and handheld devices, which may be less protected.
Besides the wireless networks supporting the mobile devices are installed often without
adequate security measures

9. Increasing Capacity. IT is getting smaller, faster, cheaper, and more powerful.

Processor speeds are doubling approximately every eighteen months and the storage capacity
about every twelve months. The network has the highest growth doubling approximately every
nine months. As a result spies can steal megabytes of information in just a few seconds, and
viruses and worms can spread at record breaking speeds. During the peak of its infection

3
frenzy, the Code Red worm first appeared in July 2001 infected more than 2,000 computers per
minute.

10. Critical Infrastructure. Nations are increasingly becoming dependent upon computer
networks for many essential services including water, electricity, gas, voice and data
communications, rail and aviation. In effect, IT has become the brains and nervous system of
the infrastructure. Nuclear weapons facilities are monitored and administered using IT, as are
power grids and telecommunications networks. The international financial markets are virtually
the data networks through which transactions are executed. Many such systems are controlled
through networks based on the Internet protocols (IP), which are rather more open to attack.
The critical infrastructure is largely owned and operated by the private sector, and most of
government communications including military, for example 95% for the US, are transmitted
via privately owned network. So the private sector has become a key player in the security
dynamics.

11. Network Centric Operations. For many years, transnational corporations have been
organising their operation on multi-firm networks linking their production and marketing
resources worldwide. IT has been central to these networks in that it allows firms to share up-
to-the-minute information as well as knowledge about markets and production. The same
strategy inspired the militaries to organize themselves into networks across and within various
units. In such networks all military resources and units are linked, communicating and sharing
access to data which includes information related to surveillance, fire-control solution,
messages and others. Electronic intrusion can cause these network-centric operations
malfunction potentially incurring heavy losses or risking thousands of lives.

12 Internet.

a. Internet emerged rapidly as a mainstream communication medium in the 1990s.

Internet porn, hacking attacks, and numerous debilitating computer viruses have also
become widespread. But the fact that Internet is international and respects no borders
has made tracking Internet criminals—and prosecuting them—difficult. That means that

4
 the issue of extraterritoriality and inhomogeneity of the different nations' laws
complicates the problem.

b. Internet has been commercialized rapidly in fundamental ways, from software

applications and online commerce to the very provision of the backbone that makes the
Internet possible. The central feature of Internet is a distributed form of communication
without central control. The network is resilient because of its built-in redundancy; the
more nodes are added to the network, the more resilient the network as a whole
becomes. Internet builds strength through dispersion and multiplication of individual
nodes. As a result, censoring Internet communications has become almost impossible.
For Internet communication, data sharing is the main objective, not the security. It is
inherently open and provides a good means of cyber-attack.

13. Technology Mix-up: between Mil and Non-mil. Traditionally the military needs have
prompted massive investments in the development of modern ICTs and their potential military
uses. In fact many modern technologies—from the invention of solid-state electronics to
supercomputing, networking, and branches of applied mathematics such as cryptology—have
emerged largely from research funded for military motives. Since 1990s many important
technologies in the area of networking, simulation, virtual reality, cryptology and artificial
intelligence have moved from military into the commercial sector; and technology has also
flowed freely from the commercial sector into military. Military technology is now believed to
lag behind in some IT fields such as simulation and war-game. So it is not surprising that
intruders armed with latest technology can outsmart the military in cyber warfare.

FUTURE TREND

14. In future the world will almost certainly experience quantum leaps in IT and in other
areas of science and technology. IT will be the major building block for international
commerce and for empowering non-state actors. Most experts agree that the IT revolution in
this information age (from 1971 to onward) represents the most significant global

5
transformation since the industrial revolution beginning in the mid-eighteenth century. The
networked global economy will be driven by rapid and largely unrestricted flows of
information, ideas, cultural values, capital, goods and services, and people: that is,
globalization. In the developing nations, ICT will be integrated more resulting in more
connectivity with the world.

CHAPTER III

VARIOUS ASPECTS OF CYBER SECURITY

CYBER THREATS-TYPES AND DEFINITION

15. Cyber-threat has many forms. It includes unauthorized access to or use of information
resources. It also includes computer-network attacks that deny, disrupt, degrade, or destroy
information and network resources. There is a spectrum of cyber-threats running from
individuals who simply vandalize web pages to those who conduct denial-of-service (DoS)
attacks. On the low end are young hackers - also called script kiddies. In the middle are
criminals who conduct fraud and industrial espionage online. At the high end, it's potentially
nation-states or terrorist groups who conduct attacks to destroy or stop things from working.
These attacks could be conducted in isolation or in conjunction with a physical attack.

16. Few common terms are used to differentiate cyber-attacks. A network breach executed
by a mischievous teen is considered ‘hacking’, while an identical act perpetrated by a
politically motivated group lacking violent intent may be construed as ‘hacktivism’
Comparable events may be designated as ‘cyber-terrorism’ or ‘cyber-war’ depending upon the
relative involvement of terrorist groups or a nation-state. Occurrences of cyber-aggression are
typically described according to the characteristics of the agents who enact them, rather than
according to the objectives associated with specific incidents. The term cyber-terrorism became
more prominent post 9/11. Cracking is a more recent addition and derives from the more formal
designation ‘criminal hacker’ and refers to criminal activity undertaken using IT. Cyber war is
also called network warfare (Netwar).

6
CYBER WAR VIS-A-VIS INFORMATION WARFARE (IW)

17. Information warfare (IW) is meant to describe the efforts to sever or undermine the
adversary’s communication in a theatre as part of nation’s military strategy. It basically
comprises defensive methods of denying enemy access to own information systems as well as
offensive methods of getting into enemy systems to disrupt their smooth flow of information.
Today the methods for entering the enemy's decision making cycle and gaining insights into his
strategy are powered by IT. It may also refer to efforts to damage or render non-functional an
opponent's civilian or governmental information infrastructure.

18. IW is a broader term but cyber-war under the purview of IW deals with the IT based
information network. In essence, any activity undertaken by an agency or organization that
represents formally the interests of a national government and damages IT components,
obstructs IT operability, or uses IT as a means to conduct a tactical offensive may rightly be
considered an act of cyber war. So cyber-war may be executed by any agency while IW is
considered to be conducted under the domain of military strategy or operation. These two
terms, however, are interchangeably used to denote the same on broader aspects.

TOOLS AND TECHNOLOGY OF NETWORK ATTACK

19. In computer network settings, many tools and technologies are employed for network
breach. Intruders are constantly pursuing new innovations for the attack before proper
protection measures are discovered. One such tool is DoS attack. It employs the decentralized
character of the Internet to organize an overwhelming and disabling flood of information to
attack selected servers. The flood of information requests eventually overwhelms the capacity
of the server to respond, shutting it down.

20. Another form of network attack is the use of viruses, Trojan horses, and worms. These
tools are programs or pieces of code that are loaded onto computers without the users'
knowledge. They can replicate themselves to the point of using all of a computers available

7
memory and resources. They can also transmit themselves across the network affecting
multiple nodes and users and slowing down the network. These malware and spyware can get
access to computer system electronically through network links or directly through human
links.

21. Virus and worm can be extremely disabling, corrupting sensitive data and causing
random damage to data files as well as compromising private or sensitive information. The
ILOVEYOU virus (appeared in May 2000) spread globally within days, causing about $ 1
billion in damage to computers, lost business, and corrupted data. Trojan horse, also a worm
can transmit back sensitive information through backdoors it creates.

22. Direct, unauthorised access to any network by intruders poses great damage. Hackers
look for vulnerabilities to get access. Once accessed, the hacker can delete, corrupt and
download information, and plant malware and spyware for any objectives mentioned above.
Insiders are generally considered to be an organization's biggest threat, accounting for perhaps
80% of all security incidents in many systems. Insiders consist of employees, former
employees, temporaries, contractors, and others with inside access to an organization's
information systems. They are behind many of the most serious attacks, including theft of trade
secrets, financial fraud, and sabotage of data.

SOCIAL NETWORKS ON ELECTRONIC NETWORK

23. Social networks are web-like structures without central command. Using electronic
communication particularly Internet, social networks of every profession like business, civil
networks, scientists, physician etc have multiplied in the last decade. For example, a kind of
informal network exists among so-called anti-globalization activists. Linked through thousands
of websites, e-mail lists, and Internet relay chats, citizen activists from around the world have
been able to coordinate mass protests at major international events without a hierarchical mode
of organization. The same tools of internet as a mass media may be utilised by the state or non-
state actors for propaganda warfare.

8
24. Non-state terrorist actors also can be labelled as social network without having
hierarchical mode of organisation. Without global markets and communications, the
widespread mobility and multicultural society these networks of terror could not survive.
Though cyber-attack by them is not unlikely, but to bring down catastrophe through such attack
is indeed difficult for them. But they can mobilise issues and actions of common concern in
political domain through the technical network. These groups with little investment can use
ICT facilities of the established society as links between distant elements as well as a broadcast
media with extended reach.

ELECTRONIC ‘PEARL HARBOUR’ – A FICTION OR REALITY?

25. Cyber-war is cheap, clueless and not risky though it undermines the political
sovereignty of any state. Cyber-war seeks to disable or disrupt the opponent's critical
information Systems, effectively rendering them deaf, blind, mute, or unreliable. At its most
extreme the image is of an electronic ‘Pearl Harbour’, which was coined post 9/11 by the US
proponents who linked it to the historic trauma of US warfare at Pearl Harbour. In this image
the critical systems - from the electrical grid to stock markets and air-traffic control—are taken
over by legions of unknown intruders without warning, thereby crippling the national economy
and severely degrading the ability of the military to conduct war operations. The question is: is
the fear a science fiction or reality? The doubt is strengthened due to the fact that no incident of
such intensity occurred in reality to date.

26. The US naval war college during August 2002 conducted as exercise called ‘Digital
Pearl harbour’ bringing together experts to assess the vulnerabilities and threats related to
critical infrastructures. The outcome was in stark contrast to the anticipated fears. On the other
hand ‘Red Team’ exercises, allegedly carried out by national security agency (NSA) of the US
against U.S. military and civilian targets demonstrate that considerable damage could be caused
through electronic intrusion.

27. The US initiative in 2008 and 2009 on cyber security measures reinforces the
hypothesis that the cyber threat on grand scale is real. The US already formed strategic cyber

9
command and is presently investing huge resources for cyber-war capability. The US has the
capability of and presently conducting the global spying on foreign states and societies as part
of cyber-warfare. Currently Russia, Britain, France, Israel and China other than the US have
offensive cyber-warfare capability. Nations around the world, including those mentioned
above, are allegedly currently training their military and intelligence personnel to carry out
cyber attacks against other nations to quickly and efficiently cripple their daily operations. In
times of crises and conflicts, they would carry out the attack against the perceived enemy state
crippling their infrastructure.

28. With the many advances in IT, critical infrastructures are increasingly linked to one
another and face increased vulnerability to cyber threats. Computer networks can provide
pathways among systems to gain unauthorized access to data and operations from outside
locations if they are not carefully monitored and protected. The interconnectivity increases the
risk that problems affecting one system will also affect other connected systems. As a result,
even hacking can bring down heavy losses disrupting essential services, social order and
security.

CHAPTER IV

SECURITY CHALLENGES AND MEASURES

GENERAL

29. The challenge in cyberspace is to prevent three basic bad events: damage to the proper
functioning of the computer system, corruption or destruction of contained information, and
leakage of sensitive information. Generally over two-thirds of all hacker attacks come from
insiders. While best practices and management can counter inside threat, the main effort should
be needed against outside threat in the form of firewalls, virus detectors and intrusion detectors
to counter state or non-state actors.

CYBER SECURITY VIS-A-VIS NATIONAL STRATEGY.

10
30. Information is an asset, generated and protected to individuals and organizations. The
integrity of proprietary and sensitive information constitutes its primary value and sustains the
competitiveness of the private sector organization and influences the economic security of the
states. Insulation of governmental and military intelligence and operational data from the
adversarial institutions is also very critical to security efforts. IT has therefore evolved into a
core pillar of national security. Despite the persistence of geographical defined jurisdictions, IT
unmistakably mitigates the primary and impermeability of national borders. As data flow is not
limited by national boundary, IT is contributing to political, social or economic developments
that undermine the sovereignty and significance of the nation-state.

31. IT infrastructures and nodes are generally not government-owned but private owned.
They systems can’t be insulated from foreign IT infrastructure in either physical or operational
terms. Sometimes the foreign and domestic components are interspersed. System of one nation
may not follow the regulations, practices and standard applied in foreign system. So the
international collaboration is needed to address the problem on a collective front. The cyber
security issue therefore should be addressed under the realm of national strategy not as a subset
of military strategy.

VULNERABILITY AND LIMITATIONS OF IT-BASED SYSTEM

32. Because of lack of proper security regime in place, many insecure or vulnerable
networks are growing. The growing connectivity among secure and insecure networks creates
new opportunities for unauthorized intrusions into sensitive or proprietary computer systems,
such as the nation's telephone system or even military system. Overall the complexity of
computer networks is growing faster than the protection measures being taken on global scale,
and the ability to understand them. Institutions are dedicating growing resources to the defense
of critical infrastructures against cyber attack but they are still insufficient.

33. Mainstream commercial software is replacing relatively secure proprietary network

systems. Most of the commercial software and hardware items are of imported products or
vendor supplied that provide opportunities for foreign implantation of exploitation or attack

11
tools. The government and defense networks similarly are increasing their reliance on these
commercial computers.

34. Most outsider attacks exploit known vulnerabilities that could have been avoided by
administrators and users. Humans are often the weak link. They make mistakes, pick weak
passwords, and are vulnerable to social engineering. Personnel involved in should be made
educated and aware of cyber security aspects.

LACK OF UNDERSTANDING

35. So the question is: why haven't nations taken the necessary steps to address the cyber
threat? The issue is technically complex and hard to understand and that makes it hard for
policy makers to engage. Again investment of resources for protection of cyber-space without
tangible effects is not well realized and thought. People have tendencies to treating this as a
tactical, not a strategic problem. The common perception is that it is a military problem though
the civil sector is most likely to suffer.

LACK OF SECURITY INFRASTRUCTURE

36. When any sensitive computer network system is breached creating wide-spread
disruption and stoppage of operation/services, then question arises who should be held
responsible: the attacker, the system designer or the system management. Each is to share
responsibilities as each contributes to the breach. While the attacker can be deterred by laws
and regulations, the problem comes when the attack originates from areas outside national
jurisdiction or when the attacker is of under-age. The system designer works on commercial
ground and is not much concerned for the safety aspects unless required investment is made on
security. The system management has to take the major share of responsibilities for creating or
opening vulnerabilities or not installing proper security infrastructure.

37. As per the opinion of reputed hackers, the government installations are soft targets.
Many private sectors are definitely ahead of government including military controlled sectors

12
in placing security infrastructure for network security. While the famous Red worm could not
penetrate much into private sector and the behavior of the worm was quickly known by them,
the government sector had come to know the existence of such warm after having been
attacked and subject to disruption. There is a need to maintain private-public relationship for
information share and devising common method to deal with the problem.

CHAPTER IV

WAY FORWARD

SECURITY INFRASTRUCTURE

38. First and foremost initiative is to enforce security infrastructure regime nation-wide.
The security infrastructure is a combination of technology, procedures and practices, laws and
regulations, and personnel involved. It serves to protect against cyber threats and ensure the
confidentiality, authenticity, integrity, and availability of data.

39. Security Technologies. Security technologies serve to protect cyberspace from attack
through prevention, detection and investigation, and recovery. Prevention technologies include
authentication systems (e.g., passwords, biometrics, and smart cards), encryption systems (for
scrambling data and network communications), access controls, firewalls, vulnerability
scanners, and security-management systems. Detection and investigation technologies include
auditing and intrusion/misuse detection systems, antiviral tools, honey pots for trapping and
studying intruders, trace-back mechanisms for determining the origin of an attack, and
computer and network forensic tools for handling and processing evidence. Technologies for
recovery include backup systems. Further, some security technologies are also employed as
attack technologies. Password crackers and software tools that scan networks for vulnerabilities
are good examples. They all have their limits. Security is possible only through a combination
of controls coupled with measures like good practices, effective law enforcement etc. Even
then, security is never foolproof. There is always a balance of security measures and
vulnerability.

13
40. Procedures and Practices. The second step relates to the management of security and
IT. They include best practices for developing, installing, and operating computers and
networks so as to minimize security vulnerabilities and risks. Best practices have been
developed in areas such as selecting and managing passwords, deploying firewalls, configuring
and upgrading systems, and planning for and responding to security incidents. Organisations
dealing with sensitive information and critical network should invest on research and
development for dealing with new technology and innovations countering new attack methods
and technology.

41. Laws and Regulations. One set of laws and regulations should govern cyber-crime and
perpetrators including the investigation thereof. In case any security issue beyond national
jurisdiction, it should be dealt with international cooperation. Another class of laws and
regulations should mandate security for certain critical systems. Competent authorities should
conduct security audits and certifications of systems that process sensitive information or
perform critical support systems. Private sectors who maintain critical infrastructure and
services should come under some security certifications and internal security policies. Laws
should govern how all the sectors that deal with information on general public database should
maintain data records, and also furnish them to the competent government agencies on being
asked for.

42. Denial of Opportunity. System can be protected if opportunities are denied to the
intruders. If threats to critical infrastructures are real, critical systems should be decoupled
from Internet. Even if the system can not be physically separated from the internet backbone,
then data flow inside that part of the backbone must be subject to strong encryption regime, and
at the system end firewall should be installed to reduce vulnerabilities and prevent any software
link with the Internet.

43. Developing Education and Awareness. The people and organizations as a part of the
security infrastructure perform a variety of different functions. These include education and

14
training, research, publication, product development and marketing, network security
administration, security support services, policy and standards making, law enforcement, and
research funding. Both formal and informal organizations should participate in regular
meeting. These include government agencies, corporations, educational institutions,
professional societies, non-profit organizations, research communities, standards committees,
international bodies, and consortia. Experts and non-experts should participate in a security-
related seminar, workshop, or meeting to share knowledge and educate broader audience.

DISTRIBUTED OR DECENTRALISED CONTROL

44. Though government can exercise direct control over state-controlled entities, the private
sectors are not responsible to the government for their security measures. Government can
however regulate their activities through promulgating laws. Without interfering with their
normal activities the government should encourage public/private partnerships in sharing
information and experience. Participants in the security infrastructure including state-controlled
entities should constitute a loosely structured network. When a major security incident
affecting multiple organizations occurs, participants in the security network should report and
respond simultaneously to the attack, issuing alerts, releasing software tools and upgrades,
reconfiguring systems, and hunting down the attacker at their individual level. Even various
government organisations including military should not come under one central command.
Each should pursue own security measures according to the guidelines and policy set by the
government.

ADOPTING CYBER SECURITY STRATEGY

45. There is a need to take proactive measures to detect, interrupt and retaliate against cyber
intrusions or social networks abusing electronic networks side by side with the
institutionalization of security infrastructures. The cyber-security strategy should focus on
proactive strategic imperatives through education and awareness programme, adequate research
funding, enforcement of security infrastructure, international collaboration on collective
security, advanced surveillance on public communication media etc. A cyber command at

15
strategic level should be set-up to coordinate all the measures. A system of pool of IT and
computer professional/experts should always be maintained to employ them on cyber-security
related operations.

CHAPTER V

CONCLUSION

16