Advanced Computing Integration in Almost Every Industry - Research Paper Example

Full Paper Introduction The world is becoming modernized with advanced computing integration in almost every industry. In thedeveloped countries, integration of advance computing infrastructure is installed for operating services related to E commerce, industrial and financial sector. New innovative integration of system control and data acquisition (SCADA), military defense systems, and financial systems operate on the Internet. The critical infrastructure of any country consists of extremely composite, self-governing and cyber based resources which is vital for the nation’s financial system and supervision. It is concerned with communications, transportation, water supply, energy, emergency services, and banking and finance. Information Technology has been evolved with new research and reinventions facilitating the critical infrastructure computerized. On the other side, vulnerabilities also emerged causing disruption to the critical infrastructure impacting in several ways. Although there are many vulnerabilities, cyber attacks are the most prominent one. Cyber attacks approach the target in a non traditional way. Due to inequity in the military strengths, hackers attack this critical infrastructure affecting both the economy as well as the military sector of the country (SANS: Critical infrastructure protection). It could be operated by the government or the private sector, both Networks provide opportunities for hackers to intrude the destination remotely and take control of the capabilities and resources these devices has. The impact of hacking in these systems is devastating. For example, hackers may gain access to the military radar systems, credit card data stolen, data stolen from the Federal Bureau of Investigation (FBI) has revealed secret agents and now their life is at risk etc. The capacity of these attacks impact on the country’s economy, security and financial stability. They breach government networks which are directly related to national services. Thousands of new cyber attacks categorized with ‘Major’ and ‘Minor’ are penetrated on the Internet daily. The focus is the power sector of the United States including websites of Poland, South Korea and United Kingdom. They all have witnessed cyber attacks in past few months. Different schools in various sates of America have lost millions of fraudulent wire transfers (Shackelford, 2010). Cyber attacks are intelligent as well as organized. Once the network is hacked, they install small lop holes or software intruders for giving hackers access whenever they want to access the network again. In simple words one can say that, it is a computer to computer attack to steal the confidential information, integrity or the data presently available on the network. The attack adopts a calculated approach to modify action against data, software and hardware in both computers and networks (Denning & Denning, 2010). It is essential to define a solid network defense for handling cyber attacks. 2 ‘Stuxnet’ Virus ‘Stuxnet’ is a software program that infects the industrial control systems. The complexity of the virus indicates that it has been developed by the group of expert hackers funded by a national government. The software does not indicate that it has been developed by hacker or cyber criminals (The meaning of stuxnet2010). The security experts break the cryptographic code of the virus to peek in and identify the objective and working methodology. After analyzing the behavior of the virus, Initial thought of the experts were that the virus is tailored for stealing industrial secrets and factory formulas. The formulas can be used to build counterfeit products. This conclusion went wrong when Ralph Langner, who is an expert of the industrial system security revealed that the virus targets siemens software systems. He also published that the virus may have been used to sabotage Iran’s nuclear reactor. Langner simulated siemens industrial network to test the activity of the virus (Stuxnet virus may be aimed at Iran nuclear reactor - ComputerworldUK.com ). This proved to be right as an article was published on ‘www.computerworld’ regarding “Officials in Iran have confirmed that the Stuxnet worm infected at least 30,000 Windows PCs in the country, multiple Iranian news services reported on Saturday.” Langner (Stuxnet virus may be aimed at Iran nuclear reactor - ComputerworldUK.com) reveals that when the virus achieve its target at the last level, it modifies itself to a Siemens code named as “Organization Block 35”. The default functionality of this Siemens component monitors the vital factory operations within 100 milliseconds by modifying itself to a Siemens critical component. The ‘Stuxnet’ virus can cause a refinery centrifuge to malfunction. This is not the end as it can attack other targets too . 3 Energy Sector Vulnerabilities For providing electric power from the power producers, the data related to transmission and distribution needs to be shared between them. In order to communicate, a network with different protocols containing the Quality of Service (QoS) is implemented. The infrastructure of the oil and electrical industry is build to provide performance rather than security. The software on which these equipments operate follows a proprietary standard emphasizing on functionality rather than security. The power grid development and installation is going on a rapid pace for meeting the demands. The automation systems in the oil and power industry is tailored from legacy and new modules. There is no room for added network functionality features the systems may support. The network security features are designed for the Information systems, and does not require performance requirements (Wei et al., ). 4 Financial Sector Vulnerabilities Internet vulnerabilities are known to everyone. Denial of service, threats, viruses, Trojans, backdoors, spam, mal ware, root kits etc. are all associated to the Information technology. The integration of business on the Internet knows as “E commerce” has facilitated the business to a great extent. On the other hand it has also invited vulnerabilities to disrupt services by hacking, un authorized access etc. As the cyber attacks become more dominant and aggressive, they can severely harm critical databases, Interrupt services running on a background and portray catastrophic financial damage (Financial sector « core security technologies). 4.1 HOW TROJANS AFFECT THE FINANCIAL INSTUTIONS In the network dictionary, Trojan is defined as it “is similar to a virus, except that it does not replicate itself. It stays in the computer doing its damage or allowing somebody from a remote site to take control of the computer”. Financials institutions are affected by Trojans more than any other sector. The priorities for selecting financial institutions are the transactions which are conducted online. The objectives of hackers are to steal the credentials of the online shopper. That is why the financial institutions received the most Trojan attacks in 2005, 40% among the other fifteen sectors (Financial institutions receive most trojan attacks.2006). 4.2 HOW PHISHING AFFECTS FIANCIAL INSTUTIONS A simple definition is available on network dictionary which states that ” it is a scam to steal valuable information such as credit card and social security numbers, user IDs and passwords”. The data is the blood life of every organization; precisely financial institutes conduct their business online. ‘Phishing’ shows the fake identity of the website and collect the credentials from users online. This is a business loss as well as the negative impact of the customer regarding the organization’s trust. 33 people were caught in “Operation Phish Phry”. Two million dollars were stolen from the bank accounts within 2 years time. The website of “bank of America” was represented as a fake replica and the users were prompted to enter classified credentials to steal money from there account online (Feigelson & Calman, 2010). 5 Impact on the Economic Sector The economic impact of cyber threats would be the physical damage to the critical structure in terms of breaching security and taking control of the devices and equipments on the network. The impact would be to blow the power generators, oil refinery, chemical distribution pipes chemical leakage in to clean drinking water, disrupting the tunnel train by changing their routes, and killing people is also part of this process. 6 Impact on the Financial Sector Financial impact involves the theft of organizations critical data which is also called business information. This is a critical threat because the organizations bear more cost for the missing data as compared to the online fraud of credit cards. The business theft portrays a severe damage to the organizations, they lose their business, they lose their customers, and their presence in the global economy. 7 Conclusion The countries with the stable economy are implanting computerized solutions to their critical infrastructure. People will be beneficial via this transformation. The power grids, oil refineries, factories, liquid waste management, tunnel train navigations, power generators and military defense systems all are controlled by the computing devices inter connected on the network. If the critical infrastructure is compromised with lack of security ,the impact will fall directly on the people, because they are the one to consume output coming from the public services. Financial services are conducted online. People shop online, do trading online and vise versa. The Organizations spend an enormous amount of money to protect their critical assets, still Trojans and ‘Phishing’ intrude in the security systems which needs to be protected, if the financial institutions has to survive in this evolving digital economy. 8 Research and Recommendations Lot of research is in progress for improving the security. A research is conducted on “Risk Assessment Model”. The information systems of the organization are tested by recent cyber threats to check the integrity of the network and defense system. The model will also show the probability of revenue loss functions due to the attacks (Patel & Zaveri, 2010). For improving network security and defense, United states of America is developing a national cyber test bed for eliminating cyber crimes as USA has faced enormous breaches in their power grid architecture (AGENCY, ). References Denning, P. J., & Denning, D. E. (2010). The profession of IT discussing cyber attack. Communications of the ACM, 53(9), 29-31. doi:10.1145/1810891.1810904 Shackelford, S. J. (2010). Estonia three years later: A progress report on combating cyber attacks. Journal of Internet Law, 13(8), 22-29. SANS: Critical infrastructure protection Retrieved 11/20/2010, 2010, from http://www.sans.org/security-training/critical-infrastructure-protection-12-mid The meaning of stuxnet (2010). Economist Newspaper Limited. Stuxnet virus may be aimed at iran nuclear reactor - ComputerworldUK.com Retrieved 11/20/2010, 2010, from http://www.computerworlduk.com/news/security/3240458/stuxnet-virus-may-be-aimed-at-iran-nuclear-reactor/ Iran confirms massive stuxnet infection of industrial systems - computerworld Retrieved 11/20/2010, 2010, from http://www.computerworld.com/s/article/9188018/Iran_confirms_massive_Stuxnet_infection_of_industrial_systems Wei, D., Lu, Y., Skare, P., Jafari, M., Rohde, K., & Muller, M.Power infrastructure security: Fundamental insights of potential cyber attacks and their impacts on the power grid† 1 Financial sector « core security technologies Retrieved 11/20/2010, 2010, from http://coresecurity.com/tag/financial-sector/ Feigelson, J., & Calman, C. (2010). Liability for the costs of phishing and information theft. Journal of Internet Law, 13(10), 1-26. Phishing. (2010). Computer Desktop Encyclopedia, , 1. Trojan. (2010). Computer Desktop Encyclopedia, , 1. Financial institutions receive most trojan attacks. (2006). Point for Credit Union Research & Advice, , 3-3 Patel, S., & Zaveri, J. (2010). A risk-assessment model for cyber attacks on information systems. Journal of Computers, 5(3), 352-359. doi:10.4304/jcp.5.3.352-359 AGENCY, G. 0.Defense department to develop national cyber testbed. FDCH Regulatory Intelligence Database, Read More