The National Academies Press

Currently Skimming:

Computer Terrorism and Internet Security Issues
Pages 181-197

The Chapter Skim interface presents what we've algorithmically identified as the most significant single chunk of text within every page in the chapter.
Select key terms on the right to highlight them within pages of the chapter.

From page 183... ... Without going into the use of various mechanisms, means, and methods including computers to carry out terrorist acts, let us examine those that actively affect computer systems and networks. Read the entire page →
From page 184... ... Criminals might use the following potential strategies of action to achieve the aforementioned objectives separately or in various combinations: the physical seizure of a network control center, penetration of it by accessing control systems, the traditional use of computer software inserts and viruses by malicious individuals, the usurpation of superuser rights, et cetera. The material damages from malicious individuals' actions in each of these cases may involve the cost of restoring network control or repairing damage stemming from destructive acts during the violation, or damages involving possible losses from unauthorized use of information that is highly secret or from distortion of information. Read the entire page →
From page 185... ... In the early 1970s, when the Internet's protocol base was taking shape, it was hard to imagine that eventually this "Network of Networks" would extend across more than 170 countries around the world and link approximately 100 million computers, all the while continuing to expand rapidly.2 Many of today's needs were not envisioned in the traditional stack of Internet protocols. For these reasons today's agenda contains urgent issues relating to the exhaustion of available addresses, address mobility, and the ability of routers to prevent congestion in trunk channels and also provide the necessary speed of network packet processing. Read the entire page →
From page 186... ... . Unfortunately, this list represents only a small selection from the many examples that illustrate the potential threat from illegal terrorist acts utilizing modern network technologies. Read the entire page →
From page 187... ... Potential targets of such acts with major consequences could be facilities of strategic importance in the country's defense system, as well as economic complexes at the national scale, for example, transportation systems or electric power grids. The facts indicate that the number of illegal acts directed against facilities inside Russia and from Russia against facilities outside its borders is increasing in proportion to the growth and development of the Russian segment of the Internet. Read the entire page →
From page 188... ... To sum up the above, one may conclude that the difference between approaches to prevention of and response to actions of a terrorist nature and other illegal and unauthorized actions on the Internet rests largely in the higher level of demands and losses from this type of malicious action. Let us term actions intended to prevent and effectively interdict terrorist acts using network technologies "ATIS," for antiterrorist information security, in order to differentiate it from traditional IS (information security) Read the entire page →
From page 189... ... , with coordinated actions in each of them capable of supporting a comprehensive solution. These include the legislative, administrative, operational, and programming and hardware levels.4 LEGISLATIVE, ADMINISTRATIVE, AND OPERATIONAL LEVELS The legislative level is fundamental to the creation of a well-designed system of measures to ensure IS at all the other levels, because it determines the following: . Read the entire page →
From page 190... ... and the Russian Federation Presidential State Committee on Technology) and ministry and agency regulations (guidelines from the State Committee on Technology regarding protection classes for computer hardware and automated systems, regarding internetwork firewalls, et cetera) Read the entire page →
From page 191... ... The administrative level, or the level at which security policy is developed and monitored, is very important. Coordination of efforts on that level makes it possible to unify approaches and actions by specific implementers to prevent, detect, and interdict in a timely manner violations of IS in general and ATIS in particular and to reduce (minimize) Read the entire page →
From page 192... ... Maintenance of functionality and restoration of the system following failures remains a trouble spot even for major Russian ISPs because of a lack of clarity in the way interaction with channel operators is set up, short staffing, the lack of midlevel specialists with appropriate qualifications, and a host of other problems. Response to violations of the security regime causes difficulties, usually due to a lack of any rules governing interaction not only with government ministries and agencies involved with information security (the FAPSI, the State Committee on Technology, the Internal Affairs Administration, et cetera) Read the entire page →
From page 193... ... its own security policy and, based upon it, apply its own operational regulators and use the programs and hardware needed for that purpose. Of crucial importance in this hierarchy of network infrastructures are the major governmental and corporate networks. Read the entire page →
From page 194... ... Even if a malicious individual penetrates the lower levels, he cannot do serious damage. Cryptography. Read the entire page →
From page 195... ... Recently, devices have been created that are specifically designed to destroy computer systems.6 The basic principle by which these devices operate is to cause a sharp voltage spike in power supply systems, communications, or other signals, with an amplitude, duration, and energy in the spike capable of shutting equipment down or degrading it completely. The ability to conceal this type of attack is greatly enhanced by the fact that an analysis of the damaged or destroyed equipment will not clearly identify the cause of the damage, since the cause could be either an intentional destructive power effect (an attack) Read the entire page →
From page 196... ... Among these threats is terrorism employing modern network technologies. This highlights the obvious need for international legal regulation of the processes of international interaction among all subjects involved in the maintenance and development of network infrastructure and information resources. Read the entire page →
From page 197... ... 2000. Zashchita kompyuternykh sistem ot silovykh destruktivnykh vozdeystviy [Protecting computer systems from destructive power effects] Read the entire page →

From page 183...

... Without going into the use of various mechanisms, means, and methods including computers to carry out terrorist acts, let us examine those that actively affect computer systems and networks.

Computer Terrorism and Internet Security Issues Pages 181-197

Computer Terrorism and Internet Security Issues
Pages 181-197