Cyber Crime and Cyber Terrorism

Download 5,67 Mb.

Pdf ko'rish

bet	25/283
Sana	19.05.2022
Hajmi	5,67 Mb.
	#604880

1 ... 21 22 23 24 25 26 27 28 ... 283

Bog'liq
Cyber crime and cyber terrorism investigators handbook by Babak

CYBER SECURITY LESSONS NOT LEARNED FROM PREVIOUS ICT INNOVATION CYCLES

21

Cyber security lessons not learned from previous ICT innovation cycles
the Siemens process control systems of the uranium enrichment plant in
Natanz, Iran. Its effect was that it covertly cybotaged the speed control of the
ultracentrifuges resulting in extreme wear and tear (
Falliere et al., 2010
) (for
further reference to this case please see Chapters 9 and 13).
• In 2011, British intelligence agencies replaced a webpage with a recipe for
making bombs by a recipe for making cup cakes (
Huff Post Food, 2011
).
If we neglect the traditional forms of crime and the illegal content type of cyber-
crime, the examples above show cybercrime, hacktivism, and (state) cyber opera-
tions which exploited the ICT-vulnerabilities of technology, of organizations, and of
human behavior.
CYBER SECURITY LESSONS NOT LEARNED FROM PREVIOUS
ICT INNOVATION CYCLES
ICT has gone through a number of innovation cycles since its start in World War II.
New ICT developments are adopted by industry and society in a way which reflects
the technology adaption lifecycle model coined by
Bohlen and Beal (1957)
. Early
adopters take up the innovations. After the breakthrough of an ICT innovation, a fast
uptake by users and organizations can be recognized. Later on, a mainstream phase
occurs in which the negative drawbacks of the new innovations have been overcome.
It was shown by
Venkatesh et al. (2003)
and
Venkatesh and Bala (2008)
that adopt-
ing ICT innovations largely relates to the ease of use and its usefulness to the end-
users and their organizations; in short, user-friendly functionality. The cyber security
aspects of ICT innovations do not play a role according to their findings. After the
many ICT innovation cycles we have gone through, one could expect that cyber se-
curity requirements would have come more to the forefront, but that is obviously not
the case. The main reason is that no cyber security lessons are learned from earlier
ICT innovation cycles and that the same mistakes are repeated over and over again as
the driving forces for ICT innovation come from outside security-aware communities.
In the 1960s, one could walk to a terminal and start typing a username and pass-
word to log-in. If the username was entered wrongly, a new user environment was
created. The usernames and passwords were stored clearly on the system and the
password file often was accessible to all users and system programs. Over time, the
security of computer access was improved and the number of times one could try
passwords for a certain username became limited. The manifold of security prob-
lems posed by buffer overflows and lack of input validation allowing hackers to
elevate their access level to system resources were fixed in the operating systems of
mainframes in the mid-seventies. However, each new operating system version con-
tained the same type of design and coding errors in newly developed functionality
and patching of those holes was required.
In the seventies, existing and new computer companies caused an ICT revolution
by bringing mini computers and midi computers to department levels of organiza-
tions. As these systems were intended to be used in small cooperative environments,

Download 5,67 Mb.

Do'stlaringiz bilan baham:

1 ... 21 22 23 24 25 26 27 28 ... 283