Information Security Threats and Policies in Europe
The IT sector is one of the key drivers of the European economy. It has been estimated that 60 percent of Europeans use the Internet regularly. Additionally, 87 percent own or have access to mobile phones. In 2009, the European broadband market was the largest in the world. These facts demonstrate the importance of ensuring the security and safe operation of the Internet for the well-being of the European economy. The safety and security of the Internet have been threatened in recent years, as Internet-based cyber attacks have become increasingly sophisticated. In 2007, Estonia suffered a massive cyber attack that affected the government, the banking system, media, and other services. The attack was performed using a variety of techniques, ranging from simple individual ping commands and message flooding to more sophisticated distributed denial of service (DDoS) attacks. Hackers coordinated the attack by using a large number of compromised servers organized in a botnet distributed around the world. A botnet is a network of autonomous malicious software agents that are under the control of a bot commander. The network is created by installing malware that exploits the vulnerabilities of Web servers, operating systems, or applications to take control of the infected computers. Once a computer is infected it becomes part of a network of thousands of "zombies," machines that are commanded to carry out the attack. The cyber attack on Estonia started in late April 2007 and lasted for almost 3 weeks. During this period, vital parts of the Estonian Internet network had to be closed from access from outside the country, causing millions of dollars in economic losses. At around the same time, Arsys, an important Spanish domain registration company, was also targeted by international hackers. Arsys reported that hackers had stolen codes that were then used to insert links to external servers containing malicious codes in the Web pages of some of its clients. In 2009, an estimated 10 million computers were infected with the Conflicker worm worldwide. France, the UK, and Germany were among the European countries that suffered the most infections. The French navy had to ground all military planes when it was discovered that its computer network was infected. In the UK, the worm infected computers in the Ministry of Defense, the city of Manchester's city council and police IT network, some hospitals in the city of Sheffield, and other government offices across the country. Computers in the network of the German army were also reported as infected. Once installed on a computer, Conflicker is able to download and install other malware from controlled Web sites, thus infected computers could be under full control of the hackers. More recently, a sophisticated malware threat targeting industrial systems was detected in Germany, Norway, China, Iran, India, Indonesia, and other countries. The malware, known as Stuxnet, infected Windows PCs running the Supervisory Control and Data Acquisition (SCADA) control system from the German company Siemens. Stuxnet was propagated via USB devices. Experts estimated that up to 1,000 machines were infected on a daily basis at the peak of the infection. The malware, hidden in shortcuts to executable programs (files with extension .lnk), was executed automatically when the content of an infected USB drive was displayed. Employing this same technique, the worm was capable of installing other malware. Initially, security experts disclosed that Stuxnet was designed to steal industrial secrets from SIMATIC WinCC, a visualization and control software system from Siemens. However, data gathered later by other experts indicates that the worm was actually looking for some specific Programmable Logic Controllers (PLC) devices used in a specific industrial plant, a fact that points to the possibility that the malware was part of a well-planned act of sabotage. Even though none of the sites infected with Stuxnet suffered physical damage, the significance that such a sophisticated threat represents to the industrial resources in Europe and other parts of the world cannot be underestimated. As of 2001, EU member states had independent groups of experts that were responsible for responding to incidents in information security. These groups lacked coordination and did not exchange much information. To overcome this, in 2004 the European Commission established the European Network and Information Security Agency (ENISA) with the goal of coordinating efforts to prevent and respond more effectively to potentially more harmful security threats. ENISA's main objectives are to secure Europe's information infrastructure, promote security standards, and educate the general public about security issues. ENISA organized the first pan-European Critical Information Infrastructure Protection (CIIP) exercise, which took place in November 2010. This exercise tested the efficiency of procedures and communication links between member states in case an incident were to occur that would affect the normal operation of the Internet. ENISA acts as a facilitator and information broker for the Computer Emergency Response Teams (CERT), working with the public and private sectors of most EU member states. The European Commission has recently launched the Digital Agenda for Europe. The goal of this initiative is to define the key role that information and communication technologies will play in 2020. The initiative calls for a single, open European digital market. Another goal is that broadband speeds of 30Mbps be available to all European citizens by 2020. In terms of security, the initiative is considering the implementation of measures to protect privacy and the establishment of a well-functioning network of CERT to prevent cybercrime and respond effectively to cyber attacks.
CASE STUDY QUESTIONS
1. What is a botnet?
2. Describe some of the main points of the Digital Agenda for Europe.
3. Explain how a cyber attack can be carried out.
4. Describe some of the weaknesses exploited by malware.