Difference between revisions of "Talk:Team 13 Main"
(→Section 3 (Noor/Jeff)) |
(→Section 3 (Noor/Jeff)) |
||
| Line 27: | Line 27: | ||
c. Threatened use of violence, directed against victims selected for symbolic value. | c. Threatened use of violence, directed against victims selected for symbolic value. | ||
| − | + | ||
| − | + | ||
Generally, there is asymmetry in the level of power and resources between the state and the various terrorist groups. Internet can be great leveler. A lot of the web is universally accessible and ready for anonymous access. | Generally, there is asymmetry in the level of power and resources between the state and the various terrorist groups. Internet can be great leveler. A lot of the web is universally accessible and ready for anonymous access. | ||
| − | + | ||
A cyberattack to cripple a nation's information infrastructure or spread fear among the populace achieves many of the terrorist aims. | A cyberattack to cripple a nation's information infrastructure or spread fear among the populace achieves many of the terrorist aims. | ||
| Line 54: | Line 54: | ||
Cyberspace is the new area for the exchange of digital information to conduct commerce, provide entertainment, pursue education, and a wide range of other activities. Information systems, in particular computer software and hardware, now serve | Cyberspace is the new area for the exchange of digital information to conduct commerce, provide entertainment, pursue education, and a wide range of other activities. Information systems, in particular computer software and hardware, now serve | ||
as both weapons and targets of warfare. Disruption of a significant entity in Cyberspace can have ramifications that are similar to terrorism in the physical world. | as both weapons and targets of warfare. Disruption of a significant entity in Cyberspace can have ramifications that are similar to terrorism in the physical world. | ||
| − | + | ||
| − | + | ||
<hr> | <hr> | ||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
=== Section 4 (Joe) === | === Section 4 (Joe) === | ||
Feasibility and cost of defending against such attacks. For each class of target (home, corporate, financial), teams should 1) identify existing financial and non-financial incentives for installing defenses, 2) evaluate the adequacy of these incentives, 3) discuss whether additional protection would be cost-effective, 4) identify the lowest cost provider for upgrading protection (e.g., Microsoft, Norton, AOL, Corporate IT networks, computer owners), and 5) list and evaluate possible policy levers for government intervention (e.g., tax incentives, legal liability, insurance). | Feasibility and cost of defending against such attacks. For each class of target (home, corporate, financial), teams should 1) identify existing financial and non-financial incentives for installing defenses, 2) evaluate the adequacy of these incentives, 3) discuss whether additional protection would be cost-effective, 4) identify the lowest cost provider for upgrading protection (e.g., Microsoft, Norton, AOL, Corporate IT networks, computer owners), and 5) list and evaluate possible policy levers for government intervention (e.g., tax incentives, legal liability, insurance). | ||
Revision as of 07:11, 23 October 2005
Contents
Status/updates
- 10/18/2005 5pm [Jeff Bilger] - Sent email to Alex explaining exploit and information relevant to section 1.
Draft
Section 1 (Alex)
A plain English, no jargon description of attack techniques attempted, vulnerabilities exposed, estimated difficulty, and the estimated cost/feasibility of defending against other, similar attacks in the future. (We encourage the policy members of the team to write this section of the report -- it will ensure that the technical members of the team have helped teach them the technical basics.)
Section 2 (Andrew)
Estimated dollar value of the damage that such an attack could cause 1) to a private home computer, 2) to a corporate computer used for letters and correspondence by Walmart's Corporate VP for Ordering Stuff from China, and 3) to a Charles Schwab computer used to place buy/sell orders on the New York Stock Exchange. Your estimate should consider potential damage to both the computer's owner and third parties.
Section 3 (Noor/Jeff)
Estimated feasibility and strategic value of the attack technique to a terrorist organization. Teams should consider, at a minimum, 1) scalability of techniques, 2) feasibility of acquiring the required technical and financial resources, and 3) potential value of cyberattack as a tool for achieving the various terrorist aims identified in lectures 1, 2, 3, and/or 5.
ngsingh My Section :-> Potential value of cyberattack as a tool for achieving the various terrorist aims identified in lectures 1, 2, 3, and/or 5.
What are the some of the top terrorist aims?
a. Spread their message without hindrances. This is to ensure a more and more recruits for their cause.
b. Be "invisible" while threatening their adversaries.
c. Threatened use of violence, directed against victims selected for symbolic value.
Generally, there is asymmetry in the level of power and resources between the state and the various terrorist groups. Internet can be great leveler. A lot of the web is universally accessible and ready for anonymous access.
A cyberattack to cripple a nation's information infrastructure or spread fear among the populace achieves many of the terrorist aims.
a- Spread their message..
Most of the terrorist groups are using the Internet extensively to spread their message and to communicate and coordinate action. Governments can not shutdown terrorists web sites running from foreign countries. Orchestrating cyber attacks helps them to reach the ever-increasing online world.
Cyber attack would likely garner extensive media coverage, since media and the public alike are fascinated by practically any kind of computer attack.
b- Be "Invisible"….
A Cyberattack can be executed remotely and anonymously. It is easy to hide your tracks and does not require leaving physical evidences. The Internet communication technologies allow people to reach each other while spoofing their identities. Response in kind by the US government against sophisticated Attackers is near impossible due to the difficulty of pinpointing activity in Cyberspace and legal strictures on tracing attackers.
c- Threatened use of violence…
A lot of the critical infrastructure of developed nations is online for all the benefits that the ubiquitous Internet provides. However, it also creates a large number of symbolic targets that can shake the confidence of masses in those technology institutions. Some times an attack on cyber property can also have ramifications with the physical entity associated with it. Cyberterrorists could conduct attacks with the goal of corrupting key information within a system that requires high confidence for its use. Corrupting information about blood types within a hospital data base or strike prices within the stock trade settlement systems would involve much more recovery time and effort than a simple denial of service attack on the same target. Such an attack would inflict direct economic costs from system downtime, checking and correcting data and settling disputes. Successful Cyberterrorists attacks of this sort may also degrade user confidence in provision of services of fundamental importance to society.
Cyberspace is the new area for the exchange of digital information to conduct commerce, provide entertainment, pursue education, and a wide range of other activities. Information systems, in particular computer software and hardware, now serve as both weapons and targets of warfare. Disruption of a significant entity in Cyberspace can have ramifications that are similar to terrorism in the physical world.
Section 4 (Joe)
Feasibility and cost of defending against such attacks. For each class of target (home, corporate, financial), teams should 1) identify existing financial and non-financial incentives for installing defenses, 2) evaluate the adequacy of these incentives, 3) discuss whether additional protection would be cost-effective, 4) identify the lowest cost provider for upgrading protection (e.g., Microsoft, Norton, AOL, Corporate IT networks, computer owners), and 5) list and evaluate possible policy levers for government intervention (e.g., tax incentives, legal liability, insurance).
