Cybersecurity and Cyberwar (54 page)

cloud computing:
A shift in control of computing resources from the individual or organization to a shared resource run by a third party. By pooling network-enabled resources, cloud computing enables mobility, scalability, flexibility, and efficiency, but increases the dependency on the cloud provider.

computer emergency response team (CERT):
Organizations located around the world that serve as hubs of cybersecurity technical expertise, collaboration, and security information dissemination. Many governments have their own national CERTs, as do an increasing number of industrial sectors and large organizations.

computer network operations (CNO):
The military concept of utilizing computers to “destroy, deny, degrade, disrupt, [and] deceive,” as the US Air Force puts it, while at the same time, preparing and defending against the enemy's attempts to do the same.

Conficker:
A computer worm first discovered in 2008 that targeted Windows operating systems. It is noteworthy for the size and spread of the botnet made from computers compromised by the malware, and the international cooperation required to counter it.

critical infrastructure:
The underlying components of the economy that run our modern-day civilization, ranging from power and water, to banking, healthcare, and transportation. Many countries have special policies and regulations for critical infrastructure protection.

Cyber Command (CYBERCOM):
The US military organization that brings together the various parts of the US military that work on cyber issues. Its headquarters is at Fort Meade in Maryland, colocated with the National Security Agency.

cyberterrorism:
As defined by the FBI, a “premeditated, politically motivated attack against information, computer systems, computer programs, and data which results in violence against non-combatant targets by sub-national groups or clandestine agents.” Like Shark Week, it is far more exciting than the data would bear out.

DARPA:
ARPA with a D.

Department of Homeland Security (DHS):
Created in response to 9/11, the US government agency designated to prepare for, prevent, and respond to domestic emergencies, particularly terrorism. Its National Cyber Security Division (NCSD) is responsible for various public cybersecurity roles and missions in the United States, including being the home of US-CERT.

device driver:
A software tool that allows hardware devices to interact with an operating system. Because so many are built into modern operating systems, device drivers are a frequent vector for attacks.

digital currency:
Alternate currency (i.e., not accepted or endorsed by national banks) also known as “electronic money.” It requires mechanisms to prevent infinite replication and can be used just like other forms of money, provided that you can find someone in the online world to accept it as payment.

digital native:
A person who has grown up in a world where networked computers have always existed and seem a natural aspect of the world. This might make those who predate the Web “digital immigrants.”

distributed denial of service (DDoS):
An attack that seeks to inundate a targeted system's functions or connection to the Internet. Attackers distribute the overwhelming traffic across multiple sources, often using botnets of thousands or even millions of machines.

Domain Name System (DNS):
The hierarchal, distributed naming system that translates humanly memorable names (like Brookings.edu) into numeric IP addresses (192.245.194.172). The DNS is global and decentralized, with an architecture that can be thought of as a tree.

doxing:
Revealing personal documents publicly, as part of a protest, prank, or vigilante action. Often doxing requires minimal network penetration, relying more on careful research to link hidden personal or embarrassing data to the victim.

Federal Risk and Authorization Management Program (FedRAMP):
A certification program launched in 2012 that allowed, for the first time, a government contractor to be cleared just once to provide services for the entire civilian US government.

firewall:
A filter that rejects data traffic from entering a specific network or machine following specific rules. The name was taken from the concept of barriers built into cars or buildings to prevent fires from spreading further.

GhostNet:
A network of 1,295 infected computers in 103 countries discovered by researchers in 2009. It targeted foreign affairs ministries, embassies, and multilateral organizations in places from Iran and Germany to the Tibetan government in exile. While the origin of the operation was never confirmed, the servers utilized were all located on Hainan Island in China.

grafting:
A strategy of international cooperation building. Akin to the horticulture technique of adding a new plant to the roots of an older plant, the idea is to build new initiatives on established frameworks and interests to increase the chances of success.

hacker:
Originally a passionate technical expert who ignored rules, the term has evolved to focus on those who discover and exploit vulnerabilities in a computer system or network. It does not always denote malicious intent. For example, a “white hat” hacker is someone who tries to find (and close) weaknesses before a “black hat” criminal can.

hacktivism:
Combining hacking and activism, the use of computer means of protest and attack to aid the cause of civil disobedience.

hash:
A cryptographic function that takes any piece of data and maps it to a smaller, set-length output, with two specific properties. First, the function is one-way, which makes it very difficult to determine the original data from the output. Second, and even more important, it is incredibly hard to find two input pieces of data that generate the same output hash. This lets the hash function “fingerprint” a document, e-mail, or cryptographic key to verify the integrity of that data.

honeypot (or honeynet):
A tactic used by security researchers in which computers, networks, or virtual machines are intentionally exposed to attacks. By observing how different types of malware behave, researchers can identify new types of attacks and devise defenses.

HyperText Transfer Protocol (HTTP):
The technical protocol that defines how applications ask for and deliver content on the World Wide Web.

industrial control system (ICS):
A computer system that monitors and runs large-scale industrial processes, for everything from factories to pipelines. The hardware controlled is very different, but computers have enabled simplified management and operation.

information security:
Safeguarding the flow and access of reliable digital information. Defined by some to include the suppression of harmful information of a political nature, which spurred the rise to the alternative but not identical term “cybersecurity.”

Information Sharing and Analysis Center (ISAC):
Independent organizations for coordinating security for critical infrastructure sectors of the economy, such as financial services or healthcare, with each sector determining its organizational form and function. ISACs vary in their activity level and relevance, from passive collections of resources to active collaboration of sector risk management.

informatization:
A hallmark in the Chinese military's approach to cyber operation, focusing on defending PLA networks and, in turn, targeting the adversary's key nodes of communication, command, and coordination.

integrity attack:
Entering a computer network or system with the intent not to extract information but to change it, such that the information on the system can no longer be considered reliable.

International Telecommunications Union (ITU):
Formed in 1865 to regulate cross-border telegraph communications, a United Nations agency that coordinates international communication policies and interconnections.

Internet Corporation for Assigned Names and Numbers (ICANN).
The private nonprofit created in 1998 to run the various Internet administration and operations tasks that had previously been performed by US government organizations.

Internet Engineering Task Force (IETF):
An international, voluntary organization that develops Internet standards and protocols and modifies existing ones for better performance. Part of ISOC.

Internet freedom:
The idea of online free expression and the right to access the Internet as a means of connecting to others around the world, and the commitment to work against state censorship and repression.

Internet of things:
Superimposing an information environment on top of the real world. As more objects have digital sensors and unique identifiers, the communication and processing powers of cyberspace can be embedded in the real world.

Internet Protocol (IP):
The primary principal communications protocol that enables Internet working. It defines addressing methods and how to deliver packets from one point to another solely based on their IP address.

Internet Protocol (IP) address:
A numerical label that is assigned to an addressable connection to the Internet; an endpoint.

Internet service provider (ISP):
An organization that provides access to the Internet, as well as other services such as web hosting or e-mail. It is a primary control point, since all traffic from an individual or organization flows through its ISP.

Internet Society (ISOC):
An international nonprofit organization formed in 1992 that oversees much of the technical Internet standards process, including the IETF. ISOC also serves as a forum for public participation and discussion around Internet governance questions.

intrusion detection systems:
A set of sensors that look for invalid behavior, detecting the signatures of known or likely attacks as well as identifying anomalous behavior.

key:
In cryptography, a string of data used to encrypt text or to decrypt encrypted text. Longer keys are harder to guess by trial and error, so key length is often correlated with greater security.

malware:
Malicious or malevolent software, including viruses, worms, and Trojans, that is preprogrammed to attack, disrupt, and/or compromise other computers and networks. A packaged exploitation of vulnerability, there is often a “payload” of instructions detailing what the system should do after it has been compromised.

metadata:
Data about data itself. Information about digital files or actions, such as dates, times, entities involved and other descriptive characteristics, metadata is used to organize and manage data. It became controversial in 2013, when the NSA's large scale metadata collection was disclosed by Edward Snowden.

money mules:
Individuals or networks who act as intermediate steps in the transfer of money or goods, undermining detection efforts and reducing risk to the criminals.

multifactor authentication:
A layered approach to security uses two or more mechanisms to authenticate identity, such as something the user knows, like a password, something the user has (like a smart card), where the user is, and/or something the user is physically, such as a biometric characteristic like the fingerprint.

mutually assured destruction (MAD):
The military strategy of a “balance of terror” that held during the Cold War. The great powers shied away from direct conflict by MAD guaranteeing that the initiator of any hostilities would also be destroyed.

National Institute of Standards and Technology (NIST):
Located in the US Department of Commerce, NIST is the federal agency that works to develop and apply new standards and frameworks, especially for areas where industry has no clear consensus.

National Security Agency (NSA):
The US Defense Department intelligence agency that focuses on signals and information intelligence and protection. It is seen as having some of the most advanced cybersecurity capabilities in the world, and works in close partnership with the US military's Cyber Command.

network-centric:
A US military concept of utilizing computers bound together in a “system of systems” to coordinate forces across great distances with digital speed.

Operation Orchard:
The Israeli strike on the nuclear research facility in al Kibar, Syria, on September 6, 2007, that utilized cyber means both to discover the plans and disable Syrian air defenses.

Operation Shady RAT:
A series of cyberattacks that began around 2006, ultimately compromising data confidentiality of at least seventy-two organizations, ranging from defense and oil firms to the United Nations and International Olympic Committee. The name derives from the attacker's use of remote administration tools, enabling full use of system tools such as cameras and microphones.

packet:
Digital envelope of data. By breaking up flows of data into smaller components, packets can each be delivered in an independent and decentralized fashion, then reassembled at the endpoint. When conversations are broken into smaller
parts, packets from multiple different conversations can share the same network links, without a controlled path or dedicated circuits.

patch:
A software code update. Vendors use security patches to mitigate or fix security vulnerabilities.

patriotic hacking:
Citizens or groups within a state joining together to carry out cyberattacks on perceived enemies of that state, without explicit, official state encouragement or support.