A Primer on Cyber Security

Oil pipelines, smartphones, international banks, Iranian nuclear weapons programs, your mom’s Facebook account.

Cyber.

What is “cyber” and why have we all been hearing about it so much recently?

Broadly speaking, “cyber warfare” refers to actions taken in the digital domain by nation-states or other international organizations to attack or cause harm to another nation’s or organization’s computers or information systems. Similarly, “cyber security” refers to efforts to stop such attacks and to maintain control over the confidentiality, integrity, and availability of data.

Cyber is the newest element of security and military operations in the modern era, and is considered so fundamental to modern warfare that the military has adopted it as the fifth domain of conflict. This addition positions cyberspace alongside the other more traditional domains of land, air, sea, and space.

So what does this domain look like exactly? The internet is made up of billions of devices connected to a global network. These devices have various configurations of hardware, operating systems, software, or applications, and all of these have security weaknesses. An attacker in this domain is looking for every opportunity to discover vulnerabilities in their target’s systems and to exploit them to perform various objectives such as stealing or manipulating data, or disrupting, disabling, destroying, or maliciously controlling computing infrastructure. Defenders, with much effort, are trying to stop them.

The concept is simple enough, while the application is far ranging and extremely technical. The cyber domain’s real world effects make it hard to deny as an all-encompassing factor in almost every walk of modern life. Networked information systems run our financial markets, host and control military technology and top secret intelligence, and every type of critical infrastructure, while also impacting almost all aspects of our personal lives. Internet of Things, or IoT, devices are increasingly a part of our new reality. These devices, such as smart homes and vehicles, are now under attack daily, and they most assuredly will continue to be in the future.

Cyber warfare is often used as a misnomer for information operations in the digital realm, also known as “information warfare.” While cyber can be a part of how these operations are carried out, information warfare is about the dissemination or control of information or ideas for specific effect. While a cyber operation may be used to enact a computer network attack like destroying centrifuges in a nuclear facility, information operations are about targeting humans with information to influence their thought patterns or beliefs on a certain subject.

You may be asking –
“Well that’s all well and good, but how can I protect myself from these kinds of threats?”

Here’s a primer of what the average individual can do to help protect themselves from the nefarious actors of the internet while they go about their daily lives:

• Password hygiene. Use unique passwords for each account you have. It’s recommended that these passwords be at least 12 characters long and not something that is easy to guess if someone knew a thing or two about you. At 12 characters, you get a little over three sextillion possible combinations (that’s a three with 21 zeros in front of it). Password crackers use code to try to brute force or guess passwords, the longer the password, the longer it takes to get success with a password cracker. Look into getting a password manager application for your phone and laptop to help you manage and store all your new long, unique passwords. You can check haveibeenpwned.com to see if any of your accounts have been breached.

• Use a VPN. Virtual Private Networks are tools used to send the traffic from your device to the internet via an encrypted tunnel. This has many advantages, including helping you hide your IP address and location and helping keep your data secure from prying eyes trying to steal information or view your network traffic. These are especially crucial on open guest networks you may be using, such as a public cafe where a criminal may be lurking on the local network waiting for victims. VPN companies can be subpoenaed by the government for logs of your traffic, so if you don’t want the government snooping on your logs, getting a VPN with a “no logs” policy is important. Do your research as there are many options.

• Be careful what you post online. Open Source Intelligence, or OSINT, is widely utilized by bad actors in the cyber domain to gather information on their targets before performing an attack. Targeted cyber attackers may use information such as places you visit, domains you frequent online, and other personal information about you to develop and carry out their attacks. Most people post massive amounts of personal information online that can be useful in identity theft, fraud, password guessing, or targeted phishing attacks. The more you limit your social media and internet footprint, the less bad-guys have to utilize.

• Update your devices. Security flaws are found in various systems every day, and security patches are issued in the updates your device is requesting. The longer you wait to update a device, the longer a potential attacker has to exploit a known vulnerability in your system that has already been broadcast out to the world. Talk about an easy target.