Cyber ​​defense

from Wikipedia, the free encyclopedia

Cyber ​​defense or cyber defense are defensive measures to protect against cyber attacks and increase cyber security . The term proactive cyber defense emphasizes the active implementation of protective measures that are taken in anticipation of cyber attacks.

activities

The resilience of IT systems and infrastructures can be increased, for example through decentralization, in order to mitigate or make cyber attacks more difficult. Using strong encryption can prevent data leakage . The detection and elimination of vulnerabilities can make IT systems more secure. Laws can prescribe elementary security measures such as the encrypted, protected storage of passwords by providers, the omission of insecure standard passwords in devices, the reporting of data breaches or the Internet isolation of medical devices. Citizens can be involved in the defense through bonuses and competitions ( bug bounty programs , Pwn2Own ). In addition, counter-attacks, deception technology, honeypots , attack detection software and exposure can prevent, end or mitigate attacks. In addition, facilities and processes for reporting, analyzing and actively researching incidents and for developing security software can be established or promoted. In addition, education and information campaigns can lead to increased computer security literacy and the adoption of safe practices.

Missing IT specialists can be trained by changes in the education system, for example by introducing basic computer courses in elementary schools, creating their own websites in secondary schools, or school courses on cybersecurity and Internet use.

According to a report by the Federal Ministry of the Interior, Building and Home Affairs, it is important to involve Internet service providers and national IT security service providers in the detection and defense against cyber attacks.

Global

Since software and most Internet services can be used across national borders, the development of cybersecurity software or relevant improvements to globally used networks, services and software means a global improvement in cybersecurity.

Project Zero is a team of security experts from Google tasked with tracking down zero days . The project was announced on July 15, 2014, after a security expert from Google had located the Heartbleed bug in April .

Supernational

The NATO sees the cyber defense as a main task of their collective defense. In February 2016, NATO and the EU signed a "Technical Arrangement" for cooperation on cyber defense. In July 2016, the member states of NATO announced the Cyber ​​Defense Pledge to strengthen their respective cyber defense.

In Germany

According to a report from November 2015 by the Federal Audit Office , the organization and performance of tasks in central organizational units for cybersecurity must be significantly improved for an effective defense in this area.

On April 5, 2017, the was cyber command and information space of the Bundeswehr by Defense Minister Ursula von der Leyen put into service. On July 1, 2017, the unit was subordinate to about 13,000 members, with about 260 belonging to the command.

In the United States of America

The US is recognized as a leader in offensive cyberattack capabilities.

There, the Information Assurance Directorate (IAD) worked with private and government companies to close security loopholes before they could be exploited in cyberattacks. In 2016 it was merged with its offensive equivalent, the Signals Intelligence Directorate.

In 2013, a presidential recommendation committee recommended that the US government increase its use of encryption to better protect its data and encourage companies to do the same.

In 2016, senior Department of Defense (DoD) officials said the DoD advocates strong encryption to protect military capabilities, as well as American economic security and competitiveness.

The NSA has often been criticized for buying up, hoarding and keeping zero-days secret and for developing primarily offensive skills rather than taking defensive measures and helping to close security loopholes.

In a March 9, 2017 press release on the Vault 7 documents, which WikiLeaks released two days earlier, Julian Assange announced that large parts of the remaining documents contain unresolved vulnerabilities and that WikiLeaks is working with companies like Microsoft and Google to close them . Assange said no information would be released about vulnerabilities that have not yet been fixed.

In business

In 2014 the NATO Industry Cyber ​​Partnership (NICP) was decided. According to a report by the Federal Ministry of the Interior, the state and business must work closely together on all levels for cyber defense and establish a trusting exchange of information.

Personal protection

Citizens can also protect themselves by, for example, performing backups on external data storage media and storing them securely , using special and free software (such as HTTPS Everywhere, hard disk encryption software and GNU / Linux ) and uninstalling unsafe (such as Adobe Flash ), making certain settings, and incidents report, use encrypted communication channels ( end-to-end encryption ), use anti-virus software (AVs) and firewalls on all devices, use good and varying passwords, use two-factor authentication , your software (including AVs, operating systems and application software) constantly Keep up to date, do not open any unexpected or suspicious email attachments or links, generally behave cautiously on the Internet, develop emergency plans or options and reduce your dependence on IT systems.

See also

Individual evidence

  1. Deception Technology , ITWissen.info
  2. a b c Cyber ​​security strategy for Germany
  3. Bundeswehr prepares for cyber war
  4. Where the missing IT specialists should come from
  5. Chris Evans: Announcing Project Zero . Google Online Security Blog. July 15, 2014. Retrieved January 4, 2015.
  6. ^ NATO: Cyber ​​Defense
  7. German defense against cyber attacks is ineffective , Die Welt
  8. ^ City of Bonn: The new Cyber ​​Command: A chance for Bonn? , FOCUS Online
  9. CyberCrime: Crime and War in the Digital Age , Misha Glenny
  10. Danny Yadron: NSA merging anti-hacker team did fixes security holes with one did uses them . The Guardian. February 3, 2016. Retrieved January 6, 2017.
  11. NSA should stop undermining encryption standards, Obama panel says . Ars Technica. Retrieved January 6, 2017.
  12. Senior Officials: DoD Supports Strong Encryption for Defense, Commerci . US DEPARTMENT OF DEFENSE. Retrieved January 6, 2017.
  13. Bruce Schneier: New leaks prove it: the NSA is putting us all at risk to be hacked . Vox. August 24, 2016. Retrieved January 5, 2017.
  14. Cisco confirms NSA-linked zeroday targeted its firewalls for years . Ars Technica. Retrieved January 5, 2017.
  15. ^ Andy Greenberg: The Shadow Brokers Mess Is What Happens When the NSA Hoards Zero-Days . WIRED. Retrieved January 5, 2017.
  16. ^ Trump Likely to Retain Hacking Vulnerability Program . Bloomberg BNA. Retrieved January 5, 2017.
  17. ^ Wikileaks Vault March 7th 9th Press Conference [Full Transcript - Steemit] . March 10, 2017.
  18. ^ NATO Industry Cyber ​​Partnership
  19. a b c d Cyberwar - Basic method examples