Connect with us

Technology

Concerns and Limitation of Cyber Warfare

Published

on

cyberwarfare stuxnet

The discovery of Stuxnet, a malware that targeted a nuclear facility, was somewhat revolutionary and groundbreaking. It targeted ICS which monitor and run industrial facilities. Before that, most of malicious programs were developed to steal information or break-in into financial sector to extort money. Stuxnet went beyond went and targeted high-level facilities. It is not hard to imagine what damage it could have inflicted if the worm were not detected. What is more worrisome, the technology is out. It might not be perfect, but it is definitely a start. Regardless of the intentions behind Stuxnet, a cyber bomb has exploded and everyone knows that cyber capabilities indeed can be developed and mastered.

Therefore, if they can be developed, they will probably be. The final goal of Stuxnet was to affect the physical equipment which was run by specific ICS. It was done in order to manipulate computer programs and make it act as an attacker intended it to act. Such a cyberattack had a particular motivation; sabotage of industrial equipment and destruction could have been one of the goals. So, if they were indeed the goals, it might have been an offensive act, conducted by an interested party, presumably, a state for its political objective. Yet, there are certain limitations when it comes to so-called “cyber weapons” (malware that might be employed for military use or intelligence gathering). 

One of the main concerns of cyber offence is that code may spread uncontrollably to other systems. In terms of another physical weapon, it is like a ballistic missile that anytime can go off-course and inflict damage on unintended targets and/or kill civilians. Cyber offensive technology lacks precision, which is so valued in military. For example, in ICS and SCADA systems one may never know what can backfire because of the complexity of the system.  The lack of precision consequently affects military decisions. When launching a weapon, officers should know its precise capabilities; otherwise, it is too risky and is not worth it. 

In case of Stuxnet, the program started replicating itself and infected computers of many countries. For this moment we do not know if it were planned in that way.  However, provided that that target was Natanz facility, it is unlikely. Symantec Corporation started analyzing the case only with external help; it did not come from Natanz. This exacerbates the case if a country decides to launch an offensive cyberattack.

If the military planning cannot prevent cyber technology to go awry or to go out in the public, it brings more disadvantages than advantages.  Moreover, given a possibility of the code being discovered and broke down to pieces to understand what it does, it may potentially benefit an opposing party (and any other interested party along the way). This is unacceptable in military affairs.

Similarly, when the code is launched and it reaches the target, it can be discovered by an opponent. In comparison to nuclear, when a bomb explodes, it brings damage and destruction, but its technology remains in secret. In case of cyber, it may not be the case, as when a malware/virus is discovered, it can be reverse engineered to patch vulnerability. By studying the code, an enemy would find out the technology/tactics used that could be unfavourable in the long-run for the attacker.

Additionally, it should be said that not every malware is meant to spread by itself. In order to control the spread, vulnerability can be patched, meaning updating the software which had that vulnerability. An anti-malware can also be introduced; this will make the computer system immune to that particular vulnerability. Nonetheless, if the malware spreads uncontrollably, there is nothing much that an attacker can do. It is not possible to seize the attack. In this scenario, an attack may only release information about this certain vulnerability so that someone else can fix it. However, a state is highly unlikely to do so, especially if the damage is extensive. It would not only cost the state diplomatic consequences, but also it might severely impact its reputation.

An AI-enabled cyberattack could perhaps fulfill its potential. That means involvement of artificial intelligence. AI systems could make digital programs more precise, controlling the spread. In contrast, it could also lead to a greater collateral damage, if a system decides to target other facilities that may result in human death. Similar concerns are raised in the area of autonomous weapon systems in regard to the need of leaving decision-making to humans and not to technology. AI technology has a potential to make existing cyberattacks more effective and more efficient (Schaerf, 2018).

Aforementioned concern leads to another and affects the end result. When a certain weapon is employed, it is believed to achieve a certain goal, e.g. to destroy a building. With cyber capabilities, there is no such certainty. In the case of Stuxnet, the malware clearly failed to achieve its end goal, which is to disrupt the activities of the industrial facility.

Alternatively, the true costs of cyberattacks may be uncertain and hard to calculate. If that is so, an attacker faces high level of uncertainty, which may also prevent them from a malicious act (particularly, if nation states are involved). However, the costs and the benefits may always be miscalculated, and an attacker hoping for a better gain may lose much more in the end (e.g. consider Pearl Harbour).

Another concern refers to the code becoming available to the public. If it happens, it can be copied, re-used and/or improved. Similar concerns in regards to proliferation and further collateral damage emerged when Stuxnet code became available online.  An attacker may launch a cyberattack, and if it is discovered, another hacker can reverse engineer the code and use it against another object. Moreover, the code can be copied, improved and specialized to meet the needs of another party. Technology is becoming more complex, and by discovering a malware developed by others, it also takes less time to produce a similar program and/or develop something stronger. (For instance, after Stuxnet, more advanced malwares were discovered – Duqu and Flame).

Furthermore, there are other difficulties with the employment of cyber offensive technology. In order to maximize its result, it should be supported by intelligence. In case of Stuxnet, an offender needed to pinpoint the location of the facility and the potential equipment involved. It has to find zero-days vulnerabilities that are extremely rare and hard to find[1]. Cyber vulnerability is all about data integrity. It should be reliable and accurate. Its security is essential in order to run an industrial infrastructure.

After pinpointing vulnerability, security specialists need to write a specific code, which is capable of bridging through an air-gapped system. In case of Stuxnet, all of abovementioned operations required a certain level of intelligence support and financial capability. These complex tasks involved into development were exactly the reason why Stuxnet was thought to be sponsored and/or initiated by a nation state. If intelligence is lacking, it may not bring a desirable effect. Moreover, if cyber offense is thought to be used in retaliation, malicious programs should be ready to use (as on “high-alert”) in the event of necessity.

Regardless of some advantages of cyber offence (like low costs, anonymity etc), this technology appears to be unlikely for a separate use by military. There is a high level of uncertainty and this stops the army of using technology in offence. Truth is when you have other highly precise weapons, it does not make sense to settle for some unreliable technology that may or may not bring you a wanted result. Yet, other types of cyberattacks like DDoS attacks can give some clear advantages during military operations and give an attacker some good cards in case of a conflict. When such attacks used together with military ground operations, they are much more likely to bring a desired result.


[1] For better understanding, out of twelve million pieces of malware that computer security companies find each year, less than a dozen uses a zero-day exploit.

Use your ← → (arrow) keys to browse

Specialist in global security and nuclear disarmament. Excited about international relations, curious about cognitive, psycho- & neuro-linguistics. A complete traveller.

Continue Reading
Comments

Technology

7 Practical Ways To Keep Your Kids Safe Online

Published

on

The internet has many advantages to offer kids. Used well, it can be an infinite source of knowledge and an excellent communication tool for kids. 

However, the internet can also be a dark and scary place. It has its fair share of bullies and cybercriminals out to take advantage of innocent children. Add to that a plethora of inappropriate content, and it is understandable why many parents would rather not allow their kids to use the internet.

But in this day and age, forbidding your children from accessing the internet is simply impractical. 

So, what is a concerned parent to do about keeping their kids safe in the jungle that is the internet? Here are seven valuable tips to help you in your quest.

Educate Yourself

It may surprise you how far behind most parents are when it comes to tech matters. First, however, the vigilant parent must learn how the internet works to guide their children safely through its murky waters. This requires you to:

  • Know how different social media platforms work
  • Be able to operate the programs your kids use 
  • Have a good grasp of the content your kid’s favorite websites

If you come across as tech-savvy, your kids will view you as an authority on internet matters. This makes them more receptive to any advice you offer regarding safe internet use. 

Consequently, they’re less likely to engage in inappropriate internet conduct.

Preach Accountability

As a parent, the best way to keep your kids safe in any environment is to teach them how to make good decisions. This is the same approach you should take with the internet as well.

Start by making your kids aware of the dangers that lurk online. Discourage them from sharing sensitive information on the internet, and explain the impact of leaving undesirable digital footprints. Help them see that they should use the internet cautiously.

Additionally, it would be best to tell your kids how you expect them to behave online. Set ground rules around internet and tech devices, like limiting their screen time and asking that they don’t use their devices in the bedroom. 

Another clever way to stay informed about what your kids are doing on the internet is to join their social circles. Follow them on Instagram, befriend them on FaceBook, and watch their TikTok videos. 

Granted, they may not be very keen on being your friend on social media sites. But this does not mean that you should give up. If they are resistant at first, make it a precondition to accessing their devices. They will likely comply.

Use Parental Controls

An excellent way to put your mind at ease is to use parental control software on your children’s devices. These include filters that restrict your kids’ access to potentially inappropriate content. 

You could also use software that limits how much time kids can spend on their phones and tablets. If you think that your children are engaging in risky online behavior, you can install the best spying app for iphone on their devices. 

This allows you discreet yet unfettered access to their every activity, enabling you to act promptly on suspicious activity. 

In addition, spyware is highly effective with older kids who know how to erase their search history.

Put Devices in a Public Place

One of the best ways to ensure that you are always aware of your kids using their devices is to have them in a public place. Place the monitor such that you can quickly glance over it and get a general idea of what your children are viewing. 

You can also have a rule prohibiting screens in the bedroom where it is difficult to supervise your kids. 

However, this is not to say that you should be a helicopter parent. You don’t want your kids to view you as overbearing and controlling. Instead, you want them to know that you can see what they are generally doing but are happy to allow their independent internet exploration.

Use Tech With Your Kids

As a parent, embracing technology can open communication channels, you never imagined. Kids are generally more comfortable texting than speaking face to face. So take advantage of this fact and get to learn more about your kids.

Text them often to find out how they are doing. Send your kids images and videos that you find funny. If they consider you their friend, they will be forthcoming and will trust your guidance more.

Teach Your Kids What Not To Share

Be sure to teach your children never to share sensitive information online. This includes details of your home address, the school they attend, and your workplace. 

Sharing this information can seriously compromise your family’s security, and this is a risk your kids should know. 

Additionally, enlighten your children about the danger of sharing overly revealing photos online. If they are unsure about a specific picture, have them run the problem by you or an older sibling. 

This will prevent young kids from falling into the trap of shady internet users. 

Lead by Example

Finally, it would be best if you practiced what you preach. If you require your kids to adhere to any screen time guidelines, be sure to limit your use of screens as well. If you want them to be cautious in their online interactions, show them that you are careful as well. 

Parents who don’t lead by example find it much harder to get their kids to comply with their safe internet use guidelines. If you are irresponsible online, you won’t motivate your children to practice responsible online behavior. 

What’s worse, they might copy your actions and potentially expose themselves to danger.  

Keeping kids safe online requires a lot of parental involvement. You can start by befriending your kids, asking them to communicate often with you, and regularly checking to see that they are using the internet responsibly. 

Additionally, you can use parental control software to ensure that your kids are safe online. If you follow these tips, you will find it much easier to protect your kids from the dangers of the internet.

Prev postNext post
Use your ← → (arrow) keys to browse

Continue Reading

Technology

Improving the User Experience of Your Business Website

Published

on

The user experience of your site can make or break its success. If it offers a poor user experience, it can immediately turn off your users, causing them to look elsewhere for the products or services that they need. User experience is all about how your users use your site and whether they’re satisfied with the experience it offers them. You might ask things such as whether the site is easy to navigate or whether it provides the information that your users are looking for. Improving the user experience (UX) of your site can help you to get more visitors, improve SEO, and boost your conversions too.

Know Your User

Before you can get your user experience right, you have to understand your user. You need to get to know them so you know what they’re looking for and how to make them happy. You can carry out market research to get to know your users, drawing from secondary sources and surveying people directly to find out what your audience wants from your website. Once you have that essential data, you can use it to make important decisions about the design of your website. It’s much better than designing a site without any knowledge of who it’s for.

Use Clear Calls to Action

Your website is an advertisement for your business. It might also be where people directly purchase and pay for your products or services. Its goal is to get users to follow a journey to becoming your customer. It needs to tell them what to do next and guide them through how to get what they want. One of the most important things to use on each page is a clear call to action. A call to action tells your visitor which action to take, whether it’s signing up for your newsletter, requesting a quote, or adding a product to their cart.

Make Your Site Accessible

Your website should be accessible for everyone, which includes making it usable for disabled people. You should think about the different needs that people may have, including how they can view and navigate your site. Some of the issues to consider might include color contrast, font size, keyboard navigation, subtitles for videos, transcripts for audio media, and how screen readers will view your site. You can find a few different tools that help you to determine how accessible your site is and what you can do to improve it.

Focus on Speed

Site speed is a major factor in user experience, and it’s also very important for SEO. If your site is slow, it won’t perform well in search engines and your users could leave much more quickly than you would like them to. Many things could slow down your site, leaving your visitors frustrated. You might have too many things on the page or perhaps you don’t have adequate hosting to support your site and its users. You can use online tools to test the speed of your site and each of the pages, and many will give you tips on how to improve the speed.

Test Your Design

Whatever your website design looks like, it’s always smart to test it and find out how it’s performing. You can test how people use your site, where they tend to click, and where their focus is. Using a tool like Userzoom’s click testing software, this sort of testing is easy. You get to see heatmaps, darkmaps, and click clusters so that you can see how people use your site. Using this information, you can make changes to your site to ensure you lead your users in the right direction.

Check Mobile Usability

More people than ever are using mobile devices. If you’re designing a website for your business, it’s vital that it’s usable for mobile users. They need to be able to use your site and have the same great experience as anyone using a desktop computer has. Your design should be responsive so that it adapts to different screen sizes and browsers, and can be used with both a touch screen and a keyboard and mouse. Mobile usability isn’t just important for UX but is also a factor that affects SEO.

Create a Scannable Site

Most people who visit your site aren’t going to read everything on it. They will take everything in by scanning each page, stopping on the bits that they feel are the most important. So it’s smart to think about how people might scan your site and how to make the information on the page easy to digest. Breaking text into small chunks helps to make it easier to scan. Similarly, using different font sizes for headings and paragraphs allows you to identify the main subject of each piece of copy. It’s also good for SEO if you use the right heading tags.

Keep It Simple

Some websites might need some complicated coding behind the scenes to make them work. However, when it comes to what your users see, you usually don’t want to make it too complicated. People want to be able to navigate around your site with ease and find what they’re looking for. Too many elements or complicated navigation will make it more difficult for people to get around your website. Keeping it simple is the best strategy if you want to satisfy your users.

Provide Engaging Content

When your website users are looking for valuable information, you can provide it through engaging content. Your content might include blog posts, videos, or even a podcast that covers topics that are relevant to your users. Publishing regular, fresh content keeps people engaged and it can be great for search engine optimization too. Your content can be both informative and entertaining, providing your users with interesting material that helps to move them along in their buying journey. It’s useful for securing new customers and keeping existing customers engaged too.

Improve the user experience for your business website and you could start to see more conversions and sales.

Use your ← → (arrow) keys to browse

Continue Reading

Technology

The Key Approaches To Strengthen Your Business’s Data Security

Published

on

Data security threats have become a topic of much concern as of late. We’ve all seen news of breaches both severe enough and frequently enough to reconsider how we protect our business. If you’re concerned that your business doesn’t have the provisions to protect itself from such a threat, then here are some of the approaches that you might want to take a closer look at.

Understanding cyber attacks

First of all, it’s important to understand the nature of cyberattacks. They are any form of attack that’s designed to access and exploit your system and network. The goals can include deletion of data, erasure of it, as well as denying your own access to it. However, cyberattacks come in many forms, meaning that you need to ensure that you have a scope that’s defended in various ways. Look at some of the most common cyberattacks lately. They include not only hacking through security flaws but also making use of scams to trick your team and the proliferation of malware that can steal data for them. As such, there are four main approaches to preventing the threat of a cyberattack.

Install the right tools

Hackers and cybercriminals have a lot more options at their disposal, the more open that your system is. As such, you should take a look at the various kinds of cybersecurity software that you can install on your systems. Antimalware is all about finding and eliminating things like viruses and spyware that can change or steal your data. Firewalls prevent unauthorized access to your networks. Virtual private networks usually hide your connection to networks while also encrypting any of the data sent to or from your systems so that if someone were able to “eavesdrop” on your connection, they would be unable to make sense of the data being sent. Depending on the type of network you work with, all of these tools might be necessary.

Have a strong IT staff

As a business grows and it becomes more reliant on sensitive data that, if stolen or erased, could be a huge cost to the business, it becomes more important to make sure that the IT team you have is able to responsibly keep that data safe. As such, beyond your basic IT support, you need those who specialize in security. You can outsource to expand the team or hire more members, but you can also look at providing training such as a masters in cyber security online, which may be more cost-effective in the long run. What matters most is that you make sure you have someone with the right skills and understanding of cybersecurity on your team in the end.

Training a smarter team

The team that protects your business from cybersecurity threats isn’t just the IT specialists that should know better. Any individual who uses any of the endpoints, including apps, devices, and software that connects to your sensitive data should be well aware of their responsibility. Basic IT security training for all of your team should include things such as the following: recognizing scams that they should avoid, making sure they don’t leave their terminals alone while they are logged in, and the appropriate ways to report any evidence of a perceived breach. A large number of successful data breaches are caused by employees who did not perceive a potential threat, such as phishing scams or dodgy links that then lead to someone getting hold of their access data.

Adapting to new endpoints

As your business grows and its IT scope grows, you’re likely to start adding new hardware (such as PCs, tablets, and the like) to devices that can access the data you want to keep secure. Similarly, new software might make use of that data as well. It’s important that you and your IT team consider the security of each endpoint, making sure that it doesn’t open up any new breaches in the network that can’t easily be covered again. This is especially important in the age of remote working. You need to make sure that any devices that your employees use have the right tools on them to protect them from outside interference. This can mean, for instance, having the policy to provide VPNs and anti-malware for each employee that remote works and making sure they’re installed.

The pointers above are just the start. You need to take a more detailed look at each and every one of these considerations to make sure that you’re taking a comprehensive approach to preventing breaches and the massive reputational and financial damage that they can do to a business.

Use your ← → (arrow) keys to browse

Continue Reading

Trending