International Analysing Different Dimensions of Cyber-Warfare - Research Paper Example

INTERNATIONAL SECURITY of the of the Introduction This research study will be centred towards analysing different dimensions of cyber warfare. Cyber space was initially an advantage for all countries or firms but in modern world it is posing serious threat towards international security. Cyber warfare is often regarded as hacking that is politically motivated to conduct espionage and sabotage. This concept is regarded as information warfare and is often stated as analogous in comparison to conventional warfare. Cyber threats are basically asymmetric in nature and its attacks can perpetuate in many regions. Cyber attacks can be stated as anonymous and is launched from various sources across the globe. Impacts might be obvious and immediate, or subtle and dormant, eluding recognition for past many years. Cyber warfare results into high degree of damage ranging from personal systems to destruction of critical infrastructures. The growth of cyber threats is greatly affecting each and every individual. International security is closely knitted with the approach of cyber warfare. The vulnerability aspect is enhanced due to global dependence on technology. Increased connectivity has even facilitated security threats worldwide. Developing a comprehensive and effective national cyber security would help to counter such threats. Internet’s global expansion is considered to be the most powerful revolution in technological field. There are positive aspects related to internet growth which deals with rapid transmission of data. It can be stated that Internet has skyrocketed to 17 billion from 16 million. In modern world every business operations is based on advanced technology. Data transmission is a major aspect in business world but cyber warfare leads to exploitation of data. This study shall highlight different methods related to hacking procedure and its impact on various organizations. The research study would not only outline negative implications of cyber attacks but will also take into consideration different approaches that are used to prevent such attacks. A theoretical background encompassing concept of cyber warfare would reflect upon the motives behind such attacks and incorporation to growth journey of these crimes. Analytical opinions will also be included in this study in order to determine the impact caused on firms or countries due to such attacks and precautionary measures adopted to safeguard themselves from such attacks. The entire study will be based on secondary research since expert’s opinions are essential for this form of analytical study. Research aim, objectives and question The major aim of this study is to analyze implications of cyber warfare on international security. Threat of cyber warfare will be thoroughly analyzed along with motives behind such attacks. This study shall focus on overall damage which is created by cyber warfare on organizations and countries. All the research techniques utilized in this study would be aligned with the common research aim. Research objectives for the study can be classified as: To analyze the threats of cyber warfare To study overall challenges posed by cyber warfare on international security To determine implications of cyber warfare on countries or organizations To identify different procedures of hacking and motives behind it To outline brief history regarding where the concept started and where it is going To evaluate opinions that can be used to prevent such cyber attacks. Research objectives are critical to any researcher since it defines the entire platform for research study. There are wide array of objectives for this study and this is because it not only focuses on cyber warfare. In this research paper diverse set of information would be included regarding journey of cyber attacks and its association with international security. The research question for this study is – “what are the major challenges posed by cyber warfare on international security?”All data collected during this research study would be analyzed on basis of this research question. In overall context multiple research objectives which are framed are inclined towards significant research aim. Literature Review As per Ventre (2011), cyber warfare can be treated as a kind of hacking that is politically motivated. This concept comprises of wide range of threats. National security breaches and espionage is one common threat posed by cyber warfare. Cyber espionage can be considered as an act of acquiring secrets may that be classified, sensitive or proprietary information from rivals, individuals, groups, competitors, enemies and governments. It is even applicable for economic, political or military advantage utilizing various illegal exploitation techniques such as methods on computers, internet, software or networks. Those classified information which are not handled appropriately might be modified or even intercepted from other corners of the world. There are some cyber attacks occurred in United States and they have been given code names such as Moonlight Maze and Titan Rain. Cyber command that has been recently established focuses on determining whether intellectual property theft or commercial espionage is national security breaches or criminal activities. Satellites and computers that bring in coordination amongst other activities are a system’s vulnerable components and can even lead to equipment disruption. Power, transportation, water, communications and fuel infrastructure are highly vulnerable towards disruption (Ventre, 2011). According to Andress and Winterfeld (2011), in present scenario security breaches has succeeded much beyond credit cards number been stolen and potential targets even encompass stock market, electric power grid and trains. Security experts in 2010 had discovered a software program known as Stuxnet that has negatively affected factory computers across the world. It is even regarded as the first attack which resulted on critical industrial infrastructure. Denial of service attack or DoS attacks is another cyber attack threats. DoS in computing are often considered as an attempt to make network resources or machine unavailable to their intended users. DoS attacks perpetrators typically target services or sites hosted on web servers that are of high profile. This majorly comprise of credit card payment gateways, root nameservers and even banks. These attacks are not just limited to different computer based methods like strategic infrastructure physical attacks might be devastating in nature. For instance cutting communication cables undersea would cripple some countries and regions in context of their ability towards information warfare. Massive power outages that are caused by cyber attacks might disrupt the entire economy and result into a national trauma. Most organizations assume that cyber attacks shall never reach them since an attacker may not find it valuable to target them. These firms even possess strong faith on their Internet infrastructure and believe they would never be a victim of Internet. Most attacks that take place on the Internet are stated as opportunistic attacks in comparison to target attacks for a particular entity. An opportunistic attack usually takes place when different parties are targeted by an attacker. There are different techniques utilized to target such parties with believe that any one of them shall be vulnerable to stated attacks. Opportunistic attack is centred towards wide base of victims and it is not focused on a specific victim. There are some specific examples of opportunistic attacks such as Trojans and 419 scams which are mailed to large number of people, scams encompassing some well known services like eBay or PayPal, or mass scanning for services that are vulnerable like SSH, IIS servers, etc (Andress and Winterfeld, 2011). As stated by Brenner (2009), an attacker basically focuses on opportunistic attacks in relation to target ones simply because wider base of sensitive information can be accessed with more chances of success. Internet is highly vulnerable to damage since there is great deal of risk encompassed and it cannot be well protected. Individual firms are considered to be victims of majorly targeted attacks. There can be various motivations behind these target attacks like industrial espionage or personal attacks. A targeted attack is regarded as much more damaging and effective for a victim because actions are performed by some malicious hacker. Targeted attack cannot be stopped efficiently since it is not general in nature in comparison to opportunistic attacks. Email is a platform that can result into both opportunistic as well as targeted attacks. On the other hand, security solutions are able to handle such general attacks quite efficiently because it is usually designed for general public. A solution for email content filtering is able to identify email worms through signatures based on malicious executable code. Content filtering solutions is beneficial for handling opportunistic attacks and this is usually faced by people in real time scenario (Brenner, 2009). Software companies that are highly indulged in providing such solutions do not give much importance towards single mass mailing worm. According to Geers (2011), in context of cyber security, hacker is an individual who exploits or seeks information in a computer network or computer system. There exist multiple reasons which can motivate a hacker like enjoyment, profit, challenge or protest. The subculture which has generated around hackers is at times referred to computer underground and is commonly known as a community. Hackers are computer programmers with vast knowledge about computers but they are wrongly utilized. Hacking has its roots engraved in 1960s when a counterculture movement was started and its details are included in TAP or Technological Assistance Program. It is a phone phreaking newsletter that encompasses techniques for unauthorized telephone network exploration. Many people who belonged to phreaking community plays significant role in hacking community. There are different techniques which are utilized by hackers in order to access or exploit sensitive information. Vulnerability scanner is a well known tool that is used to check computers based on weak network. Hackers are even termed as port scanners. They randomly check which of the ports are available for access and even detect service or program on identified port along with version number. Hackers even aim towards manually finding any kind of vulnerability. A common approach is searching possible vulnerabilities in computer system code. It is even considered to be reverse engineering if appropriate system code is not given. Brute-force attack is another technique that is adopted by hackers. This even known as password guessing and is useful in context of short passwords but for longer passwords there are another technique known as dictionary attacks. Password cracking a hacking technique is a method of recovering passwords from wide set of data that are either transmitted or stored within a computer system. Common approaches are guessing password on a continuous basis, trying different passwords available, generating words from dictionary or accessing text file consisting of many passwords (Geers, 2011). As per Ventre (2012), packet analyzer or packet sniffer is an approach that acquires data packets and this can then be used to capture passwords or data available in network. Phishing or spoofing attack is another form of hacking involving a website, program or system that masquerades through falsifying data and is regarded as a trusted system. It is done to fool programs, users or systems into revealing wide array of confidential information such as passwords and usernames. Rootkit is another program that utilizes hard to detect and low level methods so as to subvert operating system control from its operators. These programs basically obscure its overall installation and prevent their removal on basis of standard system security. Trojan horse is a well known program that appears to be performing one task but it actually does something else. It basically sets up a back door in the system which can be accessed by intruder later. On the other hand, computer virus is a self-replicating program which spreads through inserting copies into executable documents or codes. Like virus computer worm is also a self replicating program. It is transmitted through computer networks without any form of intervention from users. Keystroke logging is a tool framed to record every keystroke and allows gaining access over confidential information that is entered in any affected machine (Ventre, 2012). There are some keyloggers who generally utilize Trojan, rootkit or virus in order to conceal themselves from external world. Research Methodology Research methodology sets a platform for the entire study. There are wide array of techniques that can be included by a researcher to carry forward a research study. On a broader context there are two forms of research methods such as qualitative and quantitative research procedures. These two approaches are highly distinguishable and can be implemented based on nature of the study. Qualitative research method is totally based on opinions of experts. This method is usually implemented when market related information is not required and focus is on gathering available information. To be more precise in this method there is no scope for statistically analyzing data. This is because there are no such statistical techniques utilized in qualitative research method. It can be stated that researcher’s interpretation skills play a major role in this form of research technique. Information is generally obtained from websites, internet, books, journals, articles, or even through any group discussion. On the contrary, quantitative research method majorly deals in market based information. There are even some statistical tools incorporated so as to evaluate viability of collected data. These tools even ensure that opinions drawn on basis of collected data are appropriate for the study. A structured mechanism is followed by researchers using quantitative research technique. The most common procedures in context of quantitative research are questionnaire survey, structured interviews, etc. For this study qualitative research method would be utilized since the research demands opinion of experts in technical field. Cyber warfare related information would be majorly available in previous research studies or articles. On the other hand, organizations that are greatly affected by such threats can be obtained through accessing different websites. Researcher’s interpretation skills would outline motives behind cyber attacks and its impact on international security. There are two forms of data collection methods such as primary and secondary techniques. Primary data collection procedure is related to conducting questionnaire survey, structured interviews, focus group study, etc. This information is often regarded as raw market data and is beneficial while conducting thorough analysis. Secondary data collection is all about acquiring information from journals, articles, websites, magazines, books, etc. There are expert’s opinions present in these secondary sources that can be later analyzed or interpreted by researcher. Secondary data collection techniques will be incorporated in this particular study. The most suitable secondary sources for this study are journals, books and articles. Cyber warfare related information can be obtained from technology based magazines or articles. Internet shall be considered as the most credible source for this study. There are wide array of information available on the Internet regarding chosen research topic. This study does not need any form of market related information since the research is all about cyber warfare and its relation with international security. Secondary data collection technique also provides flexibility to researcher since data can be efficiently interpreted. It is a convenient procedure when wide base of information is required in order to meet set research objectives. Previous research materials can also be accessed while obtaining information for the research study. Data Analysis and Findings Cyber warfare has gained its significance from past many years and in present scenario has strengthened its position. There are different approaches which are adopted by firms or countries in order to prevent any form of cyber attacks. Minimizing exposure is a common approach that can be used as a solution. Complex security is less beneficial in comparison to simple security. Complex system tends to be costly and may not be easily implemented or financed. A simple system will comprise of less number of flaws and hence it shall be less vulnerable towards cyber attacks. Firewall is often considered to be a traditional security measure. It is an appropriate security solution in order to cover up wide array of vulnerable services that should not be exposed to Internet, which is termed as aggressive network. This kind of security solution is beneficial for opportunistic attacks (Clifford, 2011). A well formulated firewall reduces overall exposure and enables administrator to focus on vulnerable or sensitive parts of network. Content filtering plays a vital role in safeguarding ISP customers and organizations against targeted attacks. This solution for emails is much beyond scanning email attachments through anti-virus and enables administrators to block or detect any attack from rivals. Content filtering solutions is capable of identifying those functions that exhibit malicious behaviour. It eventually offers an extra layer of protection that cannot be provided by any anti-virus. Intrusion prevention systems which are generally implemented allow administrators to block and detect attacks. These systems are responsible to stop attacks from exploiting vulnerabilities. Prevention systems even results into false positives and this blocks legitimate activity. Patch management systems is implemented in real world firms so as to protect IT infrastructure from any cyber attacks (Moore, 2006). Patch distribution is an essential component both at individual home as well as corporate environment. It is important that security planner takes into consideration software that is aligned with patch management. Penetration testing is an effective mechanism to simulate a targeted attack. Those software’s utilized by attackers can be identified through this form of testing. Penetration testing is a mechanism that allows personnel to view a system from attacker’s perspective. This supports a firm or a country to prevent cyber warfare since a single vulnerability within a critical system leads to illegal access of sensitive information. All security weaknesses cannot be identified through this approach but security audit can efficiently determine practical or theoretical weaknesses related to cyber security. A security audit analyzes organization’s security policy (Andress and Cox, 2005). Good security policies are essential when there is occurrence of any security incident. This technique encompasses auditing source code, auditing network design and structure and review of secure storage systems. However many countries are affected by cyber warfare and this disrupts international security. In 2008 it was observed that China was actively involved in high profile espionage cases. China is held responsible for cyber attacks taking place on private and public institutions in Russia, United States, France, India, Russia and Canada. The Chinese government has denied any kind of involvement in campaigns related to cyber spying. Administration specifies that China is a victim of growing number of cyber attacks rather than a threat for the world. China has expanded on its cyber capabilities by acquiring foreign military technology. This country’s technological capabilities have strongly initiated a new kind of cyber cold war. Germany in 2013 has revealed their computer network operation of 60-person. The intelligence agency of the country was hiring 130 hackers for the new cyber defence station. They even had witnessed five attacks simultaneously on the same day of government authorities though it was stated that attacks originated from China. The attackers had been able to access data which could have been used in future years against arm manufacturers, military or government agencies and telecommunication companies (Jordan and Taylor, 2004). Cyber warfare has always been confused with e-mail accounts cracking and websites defacements in India. This country has always been backward in terms of analyzing the need for robust cyber security. The national policy for cyber security was declared in India in 2013 and it is still not been implemented. A high profile cyber attack was witnessed in India during July 2012 where email accounts of 12000 people were breached. This mostly encompassed officials from Ministry of Home Affairs, Ministry of External Affairs, Indo-Tibetan Border Police and Defence Research and Development Organization. MI6 infiltrated Al Qaeda website and replaced pipe bomb recipe with that of cup cakes. Financial organizations located in London organized cyber war games so as to prevent massive internet based attacks in any form of financial organizations. United States has also been a victim of cyber warfare (Russell, 2004). This country considers cyber attacks to be more dangerous than terrorism. Supply chains of this country is also subjected to cyber attacks and proper measures are been taken to avoid implications of these attacks. Research Limitations There are certain limitations for this research study. Firstly, the entire study is based on secondary research. This might not deliver desirable outcomes for the research study. On the other hand, researcher’s interpretation to some extent is not aligned with research objectives. It is often not possible to obtain information directly from those firms that are affected by cyber warfare. This forms another limitation of this research study and researcher needs to rely completely upon data available in journals, articles, books, etc. This entire study is conducted more in general context but it would have been better if a particular organization is focused on during analyzing threats of cyber warfare. Another limitation for the study is absence of statistical tools which would have determined relevancy of collected data. Negative data interpretation will deliver inappropriate results since it cannot be statistically measured. Implementing a particular research method bounds researcher in terms of exploring wide set of data. Conclusion This research study clearly states that cyber warfare is a critical issue in the modern world. It has its origin from past many years and with growth of technology cyber attacks has become more prominent. Internet has provided a platform through which organizations or countries can transmit data as well as store sensitive information. With the evolution of Internet firms are able to gain competitive advantage and develop productive strategies. Technology has emerged as an instrument of power in recent times. This instrument is utilized efficiently by some organizations but in certain scenario they are even misused to a great extent. Technology if misused can affect lives of many individuals. On broader context there are two forms of attacks such as targeted and opportunistic attacks. Targeted attacks can be referred to those when a specific victim is to be targeted. This form of attack comprise of some specific software which is designed to target such victims. It is often difficult to develop security solutions for targeted attacks since it is not in general context. On the contrary, opportunistic attacks are basically for large number of victims. This is common in real world scenario where some malicious software damages wide base of information. There are agencies in many countries that work towards developing a measure that can prevent such cyber attacks. Hacking is a well known form of cyber attack and is associated with accessing sensitive information. Hackers are also referred to as computer programmers since they have a wide base of knowledge regarding computer and technology. They mostly utilize their knowledge to either destroy a system or explore certain sensitive information that can be beneficial to other firms. There are various forms of hacking techniques and each of them can be counteracted by developing proper preventive measures. This study has outlined cyber warfare in different countries such as China, India, UK, USA, Germany, etc. Some of these countries are framing policies so as to prevent confidential information from being attacked. It can be stated that cyber security is gaining importance in present scenario and new technology are developed to reduce negative impacts of cyber space on international security. References Andress, J., and Winterfeld, S. (2011). Cyber warfare: techniques, tactics and tools for security practitioners. London: Syngress. Andress, M., and Cox, P. (2005). CIW security professional. New York: Wiley. Brenner, S. (2009). Cyber threats: the emerging fault lines of the nation state. Oxford: Oxford University Press. Clifford, D. (2011). Cybercrime: the investigation, prosecution and defence of a computer-related crime. North Carolina: Carolina Academic Press. Geers, K. (2011). Strategic cyber security. Estonia: NATO Cyber Centre. Jordan, T., and Taylor, P. (2004). Hacktivism and cyberwars. USA: Routledge. Moore, R. (2006). Cybercrime: investigating high-technology computer crime. Ohio: Anderson Publishing. Russell, R. (2004). Stealing the network: how to own a continent. Rockland: Syngress. Media. Ventre, D. (2011). Cyberwar and information warfare. New Jersey: Wiley. Ventre, D. (2012). Cyber conflict competing national perspectives. New Jersey: Wiley. Read More