Cybersecurity: Issues in Defending Networks and Systems from Cyberattack and Cyberespionage

Last week the International Monetary Fund (IMF) reported that it was a target of a cyber break-in, an attack designed to infiltrate the IMF in order to gain sensitive insider privileged information. Intrusions into secure networks of organizations such as the IMF focus the public’s attention on the subject of cybersecurity. We asked Herb Lin, Chief Scientist at NRC’s Computer Science and Telecommunications Board, for his perspective.

“The IMF incident is troubling in the same way that many other break-ins are troubling—they point to weaknesses in the cybersecurity of organizations important to national and international economies, national security, and economic prosperity. Cyberattacks destroy or damage computer systems or the information in them; cyber exploitations (or cyber espionage) obtain from computers information that should be kept confidential. These kinds of operations are the threats against which effective cybersecurity measures need to be taken by everyone, but especially by organizations that play key roles in society.”

Toward a Safer and More Secure Cyberspace discusses cybersecurity from a defensive perspective. It explores the nature of online threats and examines security vulnerabilities of the Internet and in computer systems and networks. In addition, it considers why organizations have failed to adopt measures that could make them more secure against cyberthreats.

Technology, Policy, Law, and Ethics Regarding U.S. Acquisition and Use of Cyberattack Capabilities focuses on the policy and operational dimensions of cyberattack and cyberexploitation and distinguishes between the two. This book also discusses policy and legal frameworks for the use of cyberattack as an instrument of national policy. It describes the current international and domestic legal structure as it might apply to cyberattack, and considers analogies to other domains of conflict to develop relevant insights.

Proceedings of a Workshop on Deterring Cyberattacks: Informing Strategies and Developing Options for U.S. Policy is a collection of papers by experts in the field about various aspects of cyberattack. This book is phase two of a project aimed to foster a broad, multidisciplinary examination of strategies for deterring cyberattacks on the United States and of the possible utility of these strategies for the U.S. government.

These books can inform debate and contribute to decision-making. PDFs of these and others titles from the Computer Science and Telecommunications Board are free to download.

Toward a Safer and More Secure Cyberspace
Toward a Safer and More Secure Cyberspace

Given the growing importance of cyberspace to nearly all aspects of national life, a secure cyberspace is vitally important to the nation, but cyberspace is far from secure today. The United States faces the real risk that adversaries will exploit…
Details

Technology, Policy, Law, and Ethics Regarding U.S. Acquisition and Use of Cyberattack Capabilities
Technology, Policy, Law, and Ethics Regarding U.S. Acquisition and Use of Cyberattack Capabilities

The United States is increasingly dependent on information and information technology for both civilian and military purposes, as are many other nations.  Although there is a substantial literature on the potential impact of a cyberattack on the societal…
Details

Proceedings of a Workshop on Deterring CyberAttacks
Proceedings of a Workshop on Deterring CyberAttacks: Informing Strategies and Developing Options for U.S. Policy

In a world of increasing dependence on information technology, the prevention of cyberattacks on a nation’s important computer and communications systems and networks is a problem that looms large. Given the demonstrated limitations of passive cybersecurity…
Details