Informacijska ili kibernetska sigurnost

Kriminalitet u kibernetskom prostoru
Suvremene oblike
Igor Bernik, Univerza v Mariboru, Fakulteta za varnostne vede
Informacijska ili kibernetska sigurnost
evolucija ili revolucija
 Revolucija infrastrukture
 Eksplozija podataka
 Stalno uključen, stalno priključen u kibernetski prostor
 Buduče financije - cash ili e-payment, substituti?
 Nove, strože regulacije i standardi
 Više interneta – zemlja nije jedna, zemlja je više?
 Novi modeli identitete i poverenja? (new identity and
trust models)
Kibernetski kriminalitet
u modernom svjetu
 Institucije i zakonodaja, medžunarodna usaglašenost
 Izvršioci kibernetskog kriminala, motivi, klasifikacija
 Kibernetička infrastruktura za vršenje različitih krivičnih
 Zaštita sistema od napada
 Novi pojavni oblici kibernetskog kriminaliteta
 Strah pred kibernetskim kriminalitetom
 Istraživanje kibernetskog kriminaliteta
Introduction of topic
 What do we understand as cybercrime
 What is particularly ‘cyber’ about it?
 We belive: Criminal acts is punishable by law.
 For most of criminal acts conducted in cyberspace
we use ’classic legislation’ (theft, abuse, child
pornograpy, etc.).
Cybercrime is the use of information technology
to carry criminal acts.
To ensure protection against cyber criminals, to
reduce endangerment and avoid possible
consequences, it is important to adhere to the
following basic guidelines:
 Be careful when opening links received by e-mail
(Trojan horse malware, phishing etc.).
 Be aware that your personal data can be used to
profile your activities, thus making you vulnerable to
manipulation and/or identity theft.
 Try to check the identity of anyone who wishes to
acquire your personal data.
 Be careful which data and software application you
load onto your computer or mobile device. Some
applications enable theft of personal or business
Guidelines, cont.
 Make sure that your anti-virus program is regularly
updated and that a firewall is installed.
 Protect your passwords, and take notice of anyone who
is shoulder surfing while you type them in.
 Periodically change your passwords, choose “strong”
 Most importantly: use your common sense.
Informing and educating about the dangers of cyber
crime must become widespread, common and
continuous at all level of society.
Users will know how to use this technology rationally
and responsible, and will not be afraid of it.
 Users are relatively well informed about the
various types of cybercrime, but the public is more
aware of threats exposed by the news media, than
of those from which they should truly protect
 Better security and thus greater safety can only be
ensured, if users conduct themselves responsibly
in cyberspace.
Lack of understanding translates into
inadequate security.
Informacijska i(li) kibernetska borba
poznato ili novo dogadganje
Informacije i kibernetski prostor, snaga informacija i informacijski
Tehnike, izvršioci i žrtve informacijske borbe
Državno izvajanje informacijske borbe, špijunaža, aktivna borba,
asimetrična, borba, informacijske operacije, propaganda
Uloga organizacija i industrijska špijunaža
Uloga država v informacijskem bojevanju; SAD, Kineska, Rusija,
Izrael, ... položaj malih zemalja
Medžunarodna zakonodavstvo, odbrana
Političko i ideološko motivirane grupe
ICT and Internet
Crucial operations
Daily work
Economic loss,
physical impact
Cyber crime
Information warfare
Information warfare
Information warfare = warfare for information power.
Right information are basic capital of arganization!?
Military, state, organizational and NGOs.
Asimetric warfare.
Nature of information warfare
Espionage (Echelon)
Kinetic war (NCW, GIG)
Information operations
Industrial espionage
Cyber terrorism
Animal, environment
rights group
Recommendations for counterfeiting
1. Information security politics should consider ISO standards.
2. Implementation of latest technology.
3. National strategy of information (cyber) security.
4. Mandatory information security standards for all organizations.
5. Safety classifications of valuable information.
6. International cooperation.
What needs to be done for improvement?
National level
1. Universal definition.
2. Definition of acceptable usage of ICT.
3. International harmonization.
4. Abolish legal constraints.
5. Trained law agencies.
Organizational level:
1. Business ethics.
2. Security awareness.
3. Data classification and personal limitation.
4. Risk management and uninterrupted business.
Further research: understanding, protection.
Kibernetski terorizam
šta je kibernetskog u terorizmu
 Kibernetksi terorizam ili klasički kibenetksi kriminalitet
 Nivoi kibernetskog terorizma, kibernetski prostor i
terorističke akcije
 Izvršioci klasičkog kibernetskog kriminaliteta i teroristi
 »Risk management« na področju kibernetskog terorizma
 Posljedice kibernetskog terorizma, preventivne mjere
 Mjere protiv kibernetskim terorističkim napadima
 Aktivnosti na ravni organizacija, država, EU, NATO, globalno
Cyber Terrorism - facts
 IS are a basic support element of every organizational
structure - organizations cannot achieve their visions
without them
 Companies feels necessity of securing IS
 Protection; risk management system - allows us to know
our enemy
 Threats to IS are multiple and constant. Reason for
protecting our IS is to defend it from external malware one of those vicious attacks is also CT.
Cyber Terrorism – sum
 Definition: Cyber Terrorism is carefully planned,
politically motivated attack on information,
computer system, programs and data.
Cyber Terrorism causing fear, damage or even
death using attack with the enterprise IS
influencing the (global) society and media
Computers as weapon
Can not cause death or injury - indirect risks.
Consequences and acts are therefore indirect.
Computers control critical infrastructure: storage of vital
information-damage or loss can lead to loss of lives (ex:
medical environment).
Difference with classic form of terrorism:
• High level of computer knowledge
• High level of motivation (possibility of recruiting hackers
for terrorist needs)
Difference is also seen in the usage of computers - at the
moment computers are used as a support for planning and
executing classical terrorist attacks- that will change in the
Cyber Terrorism – consequences
 Psychological
 Physical
 Economic
The most exposed critical areas: information and
communications, electrical network, gas and oil
(storage, transport, extraction), banking and
finances, transport, water supply systems,
government services. We must physical separate
critical IS from internet.
 Countries and organizations must take proactive
measuraments for protecting IS and critical
infrastructure from CT
 Risk management system is unavoidable (similar as
classic system - consequences are the most
important factor)
 Decision regarding the form of protection is
dependent on every organization by itself
Cyber terrorism is (still) misunderstood.
Terrorist actions in cyber world can become more often. New generations of terrorists
are born in information society. They will posses knowledge of ICT and combine it with
high level of motivation.
Damage caused by these attacks can be bigger.
High level of safety culture in organizations shows us that they are well prepared.
Cybercrime and terrorism are unavoidable threats. What can we do?
Prepare better process of recovery in case of incident.
Preventive actions, education and raising safety culture will leads to improving
information security.
Risk management process - we must know our threats to fight them.
Following trends of security and threat development is necessary.

similar documents