49 resultados para cybersecurity
Resumo:
Mestrado em Relações Internacionais.
Resumo:
O Ciberespaço alterou o paradigma da segurança e defesa internacional, obrigou à adoção de novas estratégias, metodologias de ação e capacidade tecnológica. A sua transversalidade aos diversos outros meios dotam-no simultaneamente de características e capacidades próprias que extrapolam o que se poderia imaginar à vinte anos atrás. Desta forma surgiu a necessidade de uma cooperação internacional mais intensa e eficaz, que promovesse uma ação multi ou transnacional conjunta, que fizesse face ao crescendo de ameaças no ciberespaço. No presente trabalho iremos abordar este tema, elaborando também de que forma este novo meio influenciou a balança de poderes internacional e qual a premência de estabelecimento de fronteiras que garantam delimitações físicas e legais idênticas às existentes fora o ciberespaço.
Resumo:
In this order the governor declares that cybersecurity is a top priority for this administration and the State of Iowa should protect its citizens and economy against cyberattacks.
Resumo:
En aquest article definim l'estat de la qüestió en referència a casos de ciberatacs per motius polítics, repassem casos concrets i així posem en valor la tasca dels professionals de la informació.
Resumo:
Since his inauguration, President Barack Obama has emphasized the need for a new cybersecurity policy, pledging to make it a "national security priority". This is a significant change in security discourse after an eight-year war on terror – a term Obama announced to be no longer in use. After several white papers, reports and the release of the so-called 60-day Cybersecurity Review, Obama announced the creation of a "cyber czar" position and a new military cyber command to coordinate American cyber defence and warfare. China, as an alleged cyber rival, has played an important role in the discourse that introduced the need for the new office and the proposals for changes in legislation. Research conducted before this study suggest the dominance of state-centric enemy descriptions paused briefly after 9/11, but returned soon into threat discourse. The focus on China's cyber activities fits this trend. The aim of this study is to analyze the type of modern threat scenarios through a linguistic case study on the reporting on Chinese hackers. The methodology of this threat analysis is based on the systemic functional language theory, and realizes as an analysis of action and being descriptions (verbs) used by the American authorities. The main sources of data include the Cybersecurity Act 2009, Securing Cyberspace for the 44th Presidency, and 2008 Report to Congress of the U.S. - China Economic and Security Review Commission. Contrary to the prevailing and popularized terrorism discourse, the results show the comeback of Cold War rhetoric as well as the establishment of a state-centric threat perception in cyber discourse. Cyber adversaries are referred to with descriptions of capacity, technological superiority and untrustworthiness, whereas the ‘self’ is described as vulnerable and weak. The threat of cyber attacks is compared to physical attacks on critical military and civilian infrastructure. The authorities and the media form a cycle, in which both sides quote each other and foster each other’s distrust and rhetoric. The white papers present China's cyber army as an existential threat. This leads to cyber discourse turning into a school-book example of a securitization process. The need for security demands action descriptions, which makes new rules and regulations acceptable. Cyber discourse has motives and agendas that are separate from real security discourse: the arms race of the 21st century is about unmanned war.
Resumo:
Mobile malwares are increasing with the growing number of Mobile users. Mobile malwares can perform several operations which lead to cybersecurity threats such as, stealing financial or personal information, installing malicious applications, sending premium SMS, creating backdoors, keylogging and crypto-ransomware attacks. Knowing the fact that there are many illegitimate Applications available on the App stores, most of the mobile users remain careless about the security of their Mobile devices and become the potential victim of these threats. Previous studies have shown that not every antivirus is capable of detecting all the threats; due to the fact that Mobile malwares use advance techniques to avoid detection. A Network-based IDS at the operator side will bring an extra layer of security to the subscribers and can detect many advanced threats by analyzing their traffic patterns. Machine Learning(ML) will provide the ability to these systems to detect unknown threats for which signatures are not yet known. This research is focused on the evaluation of Machine Learning classifiers in Network-based Intrusion detection systems for Mobile Networks. In this study, different techniques of Network-based intrusion detection with their advantages, disadvantages and state of the art in Hybrid solutions are discussed. Finally, a ML based NIDS is proposed which will work as a subsystem, to Network-based IDS deployed by Mobile Operators, that can help in detecting unknown threats and reducing false positives. In this research, several ML classifiers were implemented and evaluated. This study is focused on Android-based malwares, as Android is the most popular OS among users, hence most targeted by cyber criminals. Supervised ML algorithms based classifiers were built using the dataset which contained the labeled instances of relevant features. These features were extracted from the traffic generated by samples of several malware families and benign applications. These classifiers were able to detect malicious traffic patterns with the TPR upto 99.6% during Cross-validation test. Also, several experiments were conducted to detect unknown malware traffic and to detect false positives. These classifiers were able to detect unknown threats with the Accuracy of 97.5%. These classifiers could be integrated with current NIDS', which use signatures, statistical or knowledge-based techniques to detect malicious traffic. Technique to integrate the output from ML classifier with traditional NIDS is discussed and proposed for future work.
Resumo:
Resource and flyer produced for INFO2009 12/13. An animation on public-key encryption related to cybercrime and cybersecurity. Target audience is undergraduates, but the resource does not assume prior knowledge of the topics, or any in-depth knowledge of IT.
Resumo:
Chapter 1 studies how consumers’ switching costs affect the pricing and profits of firms competing in two-sided markets such as Apple and Google in the smartphone market. When two-sided markets are dynamic – rather than merely static – I show that switching costs lower the first-period price if network externalities are strong, which is in contrast to what has been found in one-sided markets. By contrast, switching costs soften price competition in the initial period if network externalities are weak and consumers are more patient than the platforms. Moreover, an increase in switching costs on one side decreases the first-period price on the other side. Chapter 2 examines firms’ incentives to invest in local and flexible resources when demand is uncertain and correlated. I find that market power of the monopolist providing flexible resources distorts investment incentives, while competition mitigates them. The extent of improvement depends critically on demand correlation and the cost of capacity: under social optimum and monopoly, if the flexible resource is cheap, the relationship between investment and correlation is positive, and if it is costly, the relationship becomes negative; under duopoly, the relationship is positive. The analysis also sheds light on some policy discussions in markets such as cloud computing. Chapter 3 develops a theory of sequential investments in cybersecurity. The regulator can use safety standards and liability rules to increase security. I show that the joint use of an optimal standard and a full liability rule leads to underinvestment ex ante and overinvestment ex post. Instead, switching to a partial liability rule can correct the inefficiencies. This suggests that to improve security, the regulator should encourage not only firms, but also consumers to invest in security.
Resumo:
El objetivo principal de este proyecto es estudiar, desde un punto de vista práctico, las posibilidades que ofrece la plataforma de ejercicios de ciberseguridad propuesta por la Universidad de Rhode Island en Estado Unidos, denominada Open Cyber Challenge Platform (OCCP); para ello primero nos ubicaremos dentro del campo de la ciberseguridad, estudiando porqué este área está tomando tanta relevancia, observando datos de estudios reales realizados por instituciones de prestigio, al mismo tiempo estudiaremos la tendencia actual y futura de los ciberataques. Seguidamente, analizaremos el estado del arte de la enseñanza en ciberseguridad y como se está enfocando por parte de las universidades y empresas más importantes en el sector. En esta parte del sector se está imponiendo una novedosa forma para desarrollar el aprendizaje tanto práctico como teórico basada en simular situaciones reales mediante escenarios virtuales. Una vez vistas otras opciones, nos centraremos en OCCP, podremos estudiar el estado de desarrollo de esta plataforma, la situación actual y las principales características. Además detallaremos el primer escenario propuesto por ellos mismos, estudiando los principales componentes, la topología de la red virtual de la empresa virtualizada, los principales ficheros de configuración, e incluso la montaremos y ejecutaremos y podremos observar como el equipo rojo ataca el servidor web de la empresa que lo tiene que proteger el equipo azul y consigue que la web deje de funcionar. También incluiremos una guía de instalación del escenario para que el lector pueda probar con su propio ordenador las posibilidades de esta plataforma. VirtualBox es un programa gratuito de virtualización perteneciente a la empresa Oracle. Más adelante estudiaremos este programa centrándonos en el servicio web ofrecido por VirtualBox ya que es utilizado por la plataforma Open Cyber Challenge Platform como virtualizador o hipervisor. Podremos ver como suelen funcionar los servicios web de este tipo en general y después nos centraremos principalmente en el archivo descriptivo de las interfaces que ofrece esta plataforma. Finalmente, resumiremos los resultados y conclusiones proponiendo un trabajo futuro ya que como hemos dicho esta plataforma está en estado de desarrollo y seguramente al final de la lectura del proyecto incluso el lector se haya podido percatar del potencial tan elevado que tiene una plataforma de este estilo. ABSTRACT. The main objective of this project is to study, from a practical standpoint the possibilities offered by the cybersecurity exercises platform proposed by the University of Rhode Island in United States, called Cyber Challenge Open Platform (OCCP); therefore we will place first in the field of cybersecurity, studying why this area is taking so much relevance, watching real data studies by prestigious institutions and the current and future trend of cyber-attacks. Then, we will discuss the state of the art of teaching cybersecurity and how universities and major companies in the sector are focusing to reach the aims among students or workers. In this part of the sector it is increasing the popularity of a new way to develop both practical and theoretical learning based on simulating real situations through virtual scenarios. Once seen other options, we will focus on OCCP, we can study the state of development of this platform, the current situation and main characteristics. In addition we will detail the first proposed scenario by the very own university, studying the main components, the topology of the virtual network virtualized enterprise, the main configuration files, and even we would mount and execute it. We will see how the red team attacks the web server of the company and get it thrown out. At the same time the blue team will have to protect it. We will also include an installation guide of the scenario so that the reader can test in their own computer the possibilities of this tool. VirtualBox is a free virtualization program belonging to the Oracle enterprise. Later on we will study this program focusing on the web service provided by VirtualBox because it is used by the Open Cyber Challenge Platform like hypervisor. We will see how this kind of web services work and then we will focus mainly on the descriptive file of the interfaces provided by this tool. Finally we summarize the results and conclusions proposing a future work since as we have said this platform is in the development stage and certainly at the end of reading the project even the reader may have realized of such high potential as would have a tool of this kind.
Resumo:
La cybersécurité représente un enjeu important pour les services en charge de la sécurité canadienne à l’ère de l’expansion des Menaces Persistantes Avancées (MSP ou cybercrimes de type 1). Ces crimes se déroulent essentiellement dans le cyberespace, ce qui implique l’adoption de mesures spécifiques adéquates à l’environnement numérique, notamment à l’épreuve de son ubiquité. Le gouvernement canadien a pour sa part publié certaines mesures de défense passive et active dont la plus connue est la stratégie canadienne de cybersécurité. Puisque le cyberespace n’est pas limité territorialement, l’autorité canadienne a conclu plusieurs partenariats internationaux d’où ressortent des mesures bilatérales et multilatérales de protection et de renforcement de la cybersécurité. Toutefois, ces diverses mesures nationales et internationales ne tracent pas de cadre légal précisant la nature et le régime juridique des MSP; précisions sans lesquelles l’adoption de règles au plan national serait improductive. Considérant que l’espace numérique est international, il appelle la mise en place de mesures applicables à l’échelle universelle. Or, au plan international, il n’existe aucun texte à valeur légale spécifique à l’espèce. Ainsi, à la question de savoir, quels textes légaux pourraient s’appliquer, il s’est avéré que le jus ad bellum et la Convention européenne contre le cybercrime (Convention de Budapest) apportaient d’incontournables éléments de réponse. D’une part, le jus ad bellum permet de définir la catégorie d’acte dans laquelle peuvent être rangées les MSP, et d’autre part, la Convention de Budapest permet de définir les infractions informatiques commises par les différents acteurs en cause, les procédures d’investigation appropriées et les mécanismes utiles à la coopération internationale. Bien que les éléments ressortis de ces ententes internationales soient utiles à l’adoption d’un corps de règles internationales uniformes, les intérêts étatiques divergents constituent des obstacles de taille.
Resumo:
La cybersécurité représente un enjeu important pour les services en charge de la sécurité canadienne à l’ère de l’expansion des Menaces Persistantes Avancées (MSP ou cybercrimes de type 1). Ces crimes se déroulent essentiellement dans le cyberespace, ce qui implique l’adoption de mesures spécifiques adéquates à l’environnement numérique, notamment à l’épreuve de son ubiquité. Le gouvernement canadien a pour sa part publié certaines mesures de défense passive et active dont la plus connue est la stratégie canadienne de cybersécurité. Puisque le cyberespace n’est pas limité territorialement, l’autorité canadienne a conclu plusieurs partenariats internationaux d’où ressortent des mesures bilatérales et multilatérales de protection et de renforcement de la cybersécurité. Toutefois, ces diverses mesures nationales et internationales ne tracent pas de cadre légal précisant la nature et le régime juridique des MSP; précisions sans lesquelles l’adoption de règles au plan national serait improductive. Considérant que l’espace numérique est international, il appelle la mise en place de mesures applicables à l’échelle universelle. Or, au plan international, il n’existe aucun texte à valeur légale spécifique à l’espèce. Ainsi, à la question de savoir, quels textes légaux pourraient s’appliquer, il s’est avéré que le jus ad bellum et la Convention européenne contre le cybercrime (Convention de Budapest) apportaient d’incontournables éléments de réponse. D’une part, le jus ad bellum permet de définir la catégorie d’acte dans laquelle peuvent être rangées les MSP, et d’autre part, la Convention de Budapest permet de définir les infractions informatiques commises par les différents acteurs en cause, les procédures d’investigation appropriées et les mécanismes utiles à la coopération internationale. Bien que les éléments ressortis de ces ententes internationales soient utiles à l’adoption d’un corps de règles internationales uniformes, les intérêts étatiques divergents constituent des obstacles de taille.
Resumo:
Este artigo é parte do relatório Cybersecurity Are We Ready in Latin America and the Caribbean?
Resumo:
Created as part of the 2016 Jackson School for International Studies SIS 495: Task Force.
Resumo:
Report published in the Proceedings of the National Conference on "Education and Research in the Information Society", Plovdiv, May, 2016
Resumo:
El ciberespacio es un escenario de conflicto altamente complejo al estar en constante evolución. Ni la Unión Europea ni ningún otro actor del sistema internacional se encuentra a salvo de las amenazas procedentes del ciberespacio. Pero los pasos dados desde la UE en el mundo de la ciberseguridad no son en absoluto suficientes. Europa necesita que su Estrategia de ciberseguridad sea realmente capaz de integrar a las diferentes Estrategias nacionales. Es urgente una mayor determinación, unos mayores recursos y unos mejores instrumentos que permitan a la Unión implementar una gestión de crisis y una prevención de ciberconflictos verdaderamente eficaz.
