Network security is important in every field of today‟s world such as military, government and even in our daily lives. Having the knowledge of how the attacks are executed we can better protect ourselves. The architecture of the network can be modified to prevent these attacks, many companies use firewall and various polices to protect themselves. Network security has a very vast field which was developed in stages and as of today, it is still in evolutionary stage. To understand the current research being done, one must understand its background and must have knowledge of the working of the internet, its vulnerabilities and the methods which can be used to initiate attacks on the system. Internet has become more and more widespread, in today's world internet is available everywhere in our house, in our workplace, mobiles, cars everything is
information about cybercrime. In addition, the samples in The Norton Cybercrime Report  and McAfee Inc.’s report  are both gathered from anonymous online adults and thus questions the credibility in stating total high global cost (more than 100 billion dollars) of cybercrime. According to Kaspersky's Global Corporate IT Security Risks Report 2013 , a serious incident can cost a large company on average of $649,000; for small and medium-sized companies the cost is close to $50,000 on average. A successful targeted attack on a large company can cost it $2.4 million in direct financial losses and additional costs. For an SME, a targeted attack can cost about $92,000 on average, which is almost twice as much as an average cost ($50,000 on average as mentioned before). This amount of loss can be substantial for an SME to continue its business.
owners) and defending computer users against them. Dr Shishir Nagaraja is working on research which examines the communication structures and patterns of peer-to-peer botnets and is using this as a basis for developing botnet defence. Securing anti-theft devices is a component of the research the team is involved with. Dr Flavio Garcia has revealed several weaknesses in the design of anti-theft devices within the car immobiliser industry. The flaws that have been illustrated by Dr Garcia include serious attacks which can recover the secret key from a car in less than six minutes using ordinary hardware. The Security and Privacy Group at the University of Birmingham are vigorously researching the impact on national resilience around financial services, electronic voting, personal privacy, mobile phones, passports and the effective development of scalable and secure cloud computing and services. These are all important issues that need to be addressed in a world where technology is advancing. The team are committed to finding long-term solutions to these problems that will ultimately benefit the future Government, industry and society.
This paper builds on and develops some of the points covered during the UK delegation’s visit on 15 th October, 2013 to the Korea Police Cyber Terror Response Centre (CTRC); the National Information Society Agency (NIA); and the Korea Internet & Security Agency (KISA). During these visits, attention was focused on a number of topics including collaboration with law enforcement agencies; the evolving nature of advanced persistent threats (APT): the analysis of cyber crime and the benefits associated with digital forensics; engagement with the public; changing behaviour in society and known and emerging cybersecurity problems; the emerging concept of cyber terror; the possibility that members of the general public could report crimes on-line; the scale and impact of cyber attacks and their ability to disrupt services and do greater damage; the need for intelligence and a wider appreciation of how organizations in the public and privates sectors could cooperate more effectively; the need for society to embrace more fully the role of e-government; the concept of smart government and how the public understand and accept the concept; literacy levels in society; the need for policy makers and their advisors to fully understand the trade offs that have to be made as regards investment in cybersecurity; involving the local population so that a resilient community was established; the role of data centres; the perception associated with social networks; emergency, recovery and support; the national cybersecurity framework; homeland/internal security and the need to monitor domestic websites; and information sharing and the need to foster close working relationships with companies in the private sector.
These are just two kinds of the threats which India is vulnerable to. In addition, it is also equally susceptible to other kinds of major cyber threats faced by other countries. First, the cyber espionage that involves unauthorized intrusions into government and corporate networks to steal sensitive information of strategic or commercial value from organizations like ISRO or DRDO. Second, the cyber- attacks by the state and non-state actors aimed towards causing temporary disruptions of networks and services like Sensex or telecommunication systems. Third, cyber war, which is a systematic, large-scale assault carried out on critical infrastructures to render them dysfunctional, have a debilitating impact on dependent services like power systems in one or multiple metro cities or a large-scale attack on banking systems and ATMs, bringing them to a grinding halt, and leading to widespread panic and chaos. The National CyberSecurity Policy 2013 falls short of what is required to develop an effective cybersecurity capabilities.
qualitative data extracted from secondary sources. The research applies case study research to derive with new design principles for assessing the economic impact of IoT cyber risks. We will work with five I4.0 cyber trends (IIC, DCMS, IVI, Industrie 4.0., NTI,), seven cyber risk frameworks (FAIR, CMMI, CVSS, ISO, NIST, Octave and TARA) and two cyber risk models (RiskLense and Cyber VaR). This promotes the adaptation of existing models and methodologies by presenting the strengths and weaknesses of the frameworks and models. Secondly, we conduct a comprehensive literature review, focused on the way an increase in cybersecurity in IoT systems can minimise safety and security concerns and increase reliability, ethical acceptability and trust in this space. The documented process represents the design principles for mapping and optimising IoT cybersecurity and assessing its associated economic impact.
The summary of the interview responses revealed that key factors that shape trust in the Cloud are: reliability, ease of use, data security and privacy, this agrees with TAM theory and the findings of Huang and Nicol (2013). Interestingly, the respondents indicated that interruption in service delivery would be a lot more harmful, than the potential breach of confidentiality – not something found in the literature. The interviewees confirmed that transparency about data handling and ability to elicit detailed information about the internal workings of the Cloud provider, play a significant role in shaping trust judgments and adoption decisions, this is aided by information from online communities, and word of mouth, as mentioned by Lippert and Forman (2005). What is peculiar, is that none of the interviewees mentioned the use of any of the Cloud adoption frameworks, as outlined by Greenwood et al., (2010, p.456) or Marks and Lozano (2010, p.113), despite the fact that three of the respondents occupied a senior IT role in a highly skilled SME, one of which was an IT consultancy. This raises serious questions about the practical usefulness of such adoption models. Certification is seen by interviewees predominantly as an indicator of whether the Cloud provider is worth dealing with, nonetheless, certification was not found to create a directly strong impact on trust on its own, largely due to a lack of understanding of the technicalities of the scheme. Certifications were compared with professional qualifications when hiring new staff, it gives a point of reference as to what the candidate is professionally capable of, but managers always prefer to interview the contender to find evidence of expected skills. Reputation was said to have more value, than attestation, besides, in case of reputational damage, certification may become a powerful instrument to rebuild trust. At the same time, interviewees unanimously agreed, that loss of the certification by a Cloud provider would affect a SME’s trust. Such a scenario instantly raises questions about trust to the supplier, regardless of the fact of whether it was a conscious decision to drop certification, or it was a result of a security breach or due to financial constraints. This can be explained by the theory of trust constructs where in the case of certification withdrawal, ‘structural assurance’ will be broken (McKnight and Chervany, 2001, p.44).
Airports typically rely on SCADA-type industrial control systems for HVAC, utilities, baggage systems, and business processes such as facility management. Due to their limited or lack of internet access, SCADA-type systems may appear to be more secure, but they too are vulnerable to cyber threats. While cyber vulnerability assessments have become a standardized process in IT, they have only recently gained importance in SCADA environments. Demand from the IT side has driven the development of evaluation tools, test methodologies, impact scoring and reporting procedures to assist with the reliability and efficiency of the assessment process. The similarities between traditional IT and SCADA systems should ensure a portion of IT assessment methods have some applicability to SCADA environments. The airport SCADA-type industrial control systems function very similar to SCADA systems used in the power infrastructure systems or any other industry. The evaluation of cyber vulnerabilities in industry control systems and critical infrastructure systems have been a popular area of recent research.
With the increasing sophistication and integration of city systems and the need to protect their growing populations, there is a need for city planners to con- sider risk, resilience and cybersecurity in a holistic manner. The two examples below illustrate how critical CPS and poor planning may disable generators and transport systems. The example from Hurricane Sandy of cross-sector depen- dencies was the impact of the storm on energy supplies. A post storm study  exposed risks that were not understood by dependent critical sectors and gov- ernment officials, due in part to their limited understanding of sector operations and distribution. The study highlights that:
In 2000’s Rapidly the cyber –attacks became more targeted, most of us are targeted on the credit cards numbers nearly in between 2005 to 2007, Albert Gonzalez masterminded and stole information from cards of US retailer. This was the massive impact of security it losses the company from some million dollars, is the thing became more serious.
Cyber Attacks could have a potentially devastating impact on the nation’s computer systems and networks, disrupting the operations of government & businesses on one hand and the lives of private individuals on the other. Increasingly sophisticated Cyber Threats have underscored the need to manage and bolster the CyberSecurity of key government systems as well as the nation’s Critical Information Infrastructure (CII). With greater dependence on networked systems and reliance on the integrated networking today, our defence systems are faced with ever increasing threat and thereby securing them is a great challenge. The recent breaches in the various Information Infrastructure worldwide from operations like Stuxnet, Red October, APT1, Flame and very recently Sony hack have forced the Industry as well as Defence to have a relook at CyberSecurity aspects associated with protection of their Information Infrastructure. The day is not far when our Supervisory Control And Data Acquisition (SCADA) systems and Industrial Control (IC) systems which are presently working in silos & insulated environment will migrate to Internet and expose themselves to cyber-attacks. The problem will only become much grave with adoption of Internet of Things (IoT) and Smart Cities.
In thesis mainly focused on denial-of-service (DoS) attacks, based on the observation that these attacks cannot be mitigated using available cryptographic solutions. Using the Raven II, we experimentally investigated the impact of DoS attacks of varying severity. Our experimental results indicate there exists a learning effect across the given sequence of experimental trials, implying that human operators are capable of adapting to unfavorable network conditions. This observation, while positive for system defenders, does not imply that DoS attacks are not a problem for teleoperated robotic systems. On the contrary, it urges us to quickly develop efficient DoS mitigation methods, while indicating that in disastrous scenarios, where communication networks may inadvertently be clogged or even Dosed, teleoperatedrobotic systems will remain functional and capable of providing the necessary services. Next steps in preventing and mitigating DoS attacks on teleoperated robotic systems include investigating the feasibility of the established DoS mitigation methods, including black holing and sinkholing, as well as pipe cleaning, and assessing their impact on teleoperated procedures. Paper caution, however, that there exist tensions between cybersecurity, safety and usability requirements of teleoperated robotic systems which may render some these solutions infeasible. The feasibility of using a monitoring system to prevent DoS attacks against teleoperated security risk control systems.
identifies the various web application security weakness, attacks, threat agent, attack vectors, and impacts on organizations . An integrated cybersecurity risk management approach considering all aspects of critical infrastructure including vulnerabilities and attack scenarios is proposed by . The Diamond model is an intrusion analyses model that describes how an adversary attacks a victim based on two key motivations. The model consists of four components, namely: adversary, infrastructure, capability, and victim. It has associated features, such as timestamp, phases, results, directions, methodology, and resources. In the event of an attack, the model uses the timestamp to identify the phases . Gai et al. (2017) proposed a maximum attack strategy method of spoofing and jamming on the cognitive radio network, using optimal power distribution in wireless smart grid networks. The method was effective for causing the DoS attack on radio frequencies . The authors further proposed a novel homomorphism encryption approach to tackle both insider and outsider threats that can fully support blended arithmetic operations over cipher texts . A dynamic privacy protection model was proposed by  to address threats relating to wireless communication. The aim of the model was to ensure data privacy within a scale of communication without using conventional encryption methods. The Attack graph—or graph tree—are conceptual diagrams used to analyze how a target can be attacked. The tree-like structure has multilevel children with a single root used to detect vulnerabilities in the network for analyzing an effective defense .
for a comprehensive risk management method which covers all stages of the risk management process, our work focuses on this to improve the cyber-security of the CPS. The authors of a previous paper Ref.  proposed a quantitative method for mitigating cyber-security risk in information systems, our work quantified risk by identifying critical assets first, then assessing vulnerabilities. Likelihood of cyber-attack scenarios were generated to further identify the risk level and apply proper controls. The authors of a previous paper Ref. , in their risk assessment process, identified some risks such as unsuspicious use of infected information media, giving away of sensitive information, and lack of awareness. Our work identified all these risks, including human errors, loss of power supply, unavailability of power supply, loss of revenue to the power grid, and breach of security goals. The authors of a previous paper Ref.  proposed a layered approach that evaluates risks based on security, our work evaluated risks based on cyber-attacks as well as physical attacks and evaluates risk level and proper controls. The authors of a previous paper Ref.  discussed a mechanism for preventing, detecting, and recovering attacks for securing CPS, our work provided a mechanism for identifying critical assets, assessing cascading vulnerabilities, generating cyber-attack scenarios, impact of the attack occurring, and provided mitigation controls to properly secure the CPS.
Bressler (2009) examined the relationship between economic business cycles and crime, a pattern that was said to have been studied by sociologists for over a century. Bressler examined the possible increase in property crime that may result from the current economic recession being experienced. It was stated that prevention is the most cost effective method of reducing the impact of crime on businesses. It was stated that crime committed against a business could be grouped into two main categories: those committed by employees and those committed by others. It was noted in the research that three conditions were required in order for employees to commit fraud. The first is that there must be some incentive in place. Usually such incentive occurs when the employee is under financial pressure and needs additional money. The opportunity arises due to employers failing to develop sufficient safeguards and rationalization frequently takes the form of people justifying the theft by reasoning that the company owes them. Bressler noted that steps could be taken by employers to reduce the ability of these conditions to arise.
Information terrorism is displayed as the dark side of the information revolution. Terrorism is a potential danger, but some terrorist organizations have done more acts of vandalism than bombings and explosives. Cyber terrorism risk is an expanding phenomenon, and part of it is the beginning of the war in communications. Terrorism today uses new teaching and different forms of organization, which affect the information revolution, resulting in consequences and damage to information technology system. (Arquilla, et al., 2000, pg. 179).
As technology is rapidly evolving, it brings along new risks and challenges. Trying to support businesses and individuals, from the use of information systems in companies’ IT- dependent processes to real-time mobile reporting and increasing dependency on IoT devices, technology has never before been so crucial for the daily routines and activities. However, as the importance of IT in our personal and professional lives increases, so does the impact that a potential incident might have. Therefore, just as the role of technology itself, the problem of security has never weighed so much in terms of current priorities.
The paper”Cyber-security as an attribute of active safety systems and their migration towards vehicle automation” by Dr I Ibarra*, Dr D D Ward has a brief introduction of the problem, the solutions and proper risk management approach. A brief about Active Safety Systems is given. Various systems like ABS and ESP are explained. Their uses are explained. In this paper also, OBD ports are explained. A car is no longer only used for transportation but also for infotainment industry. An overview of In-vehicle systems and cyber-security implications are given. The paper” Approaches for Vehicle CyberSecurity” by Hiro Onishi had explanatory diagrams. Two different ways of hacking were shown and explained thoroughly. This paper focuses on vehicle and smart phone connectivity. The vulnerabilities caused by smart phone is explained. The various softwares of different automobile companies are mentioned. The paper has mentioned guidelines such as-
Infected computer systems may be affected and damaged in a variety of ways, sometimes without a user even noticing. Some hackers are ―playing a prank,‖ while others may be attempting to steal personal information such as credit card numbers, Social Security numbers, or other personal information. Even worse, hackers can take control of an infected computer and use it to launch an attack on a larger system. Even if your computer has no stored sensitive data, it can still be used to infect other computers without your knowledge! This practice is so prevalent that access to vulnerable or infected computers is bought and sold among hackers.
According to the latest report by National Crime Records Bureau (NCRB) for the previous year - 2013, 681 cyber crime related cases have been registered in Maharashtra, which has seen a 44.6 per cent rise in cyber crimes when compared to 2012. Andhra Pradesh with 635 cases registered in 2013 has also seen a 48 per cent rise when compared to 2012. Karnataka with 513 cases registered in 2013 has seen a 24.5 per cent rise when compared to 2012. Uttar Pradesh with 372 cases registered in 2013 is in the fourth place. It has seen a huge rise of 81.5 per cent in just one year. Kerala is in the 5th place with 349 cases registered in 2013. Among the bigger states Tamil Nadu and Bihar have very few cyber crime related cases. Just 54 cases have been registered in Tamil Nadu and just 23 cases have been registered in Bihar in 2013. Gujarat and Odisha have also registered just 61 and 63 cases respectively in 2013. In a positive development, the Northeastern states of Mizoram, Nagaland and Sikkim have not seen a single cyber crime related cases in 2013. Among the Union Territories, the national capital Delhi has registered 131 cyber crime related cases. It has seen a rise of 72.4 per cent when compared to 2012.