Philosophy of cybersecurity / Lukasz Olejnik and Artur Kurasiński.

Format:

Book

Author/Creator:

Olejnik, Lukasz, author.

Kurasinski, Artur, author.

Language:

English

Subjects (All):

Computer security--Social aspects.

Computer security.

Computer security--Political aspects.

Physical Description:

1 online resource (225 pages)

Edition:

First edition.

Place of Publication:

Boca Raton, FL : CRC Press, [2024]

Summary:

This is a book for everyone - a wide audience. Experts, academic lecturers, as well as students of technical fields such as computer science and social sciences will find the content interesting.

Contents:

Cover

Half Title

Endorsement Page

Title Page

Copyright Page

Table of Contents

Preface

Authors

Chapter 1: Introduction to the philosophy of cybersecurity

1.1 A few words about history

1.1.1 The history of viruses and malware

1.1.2 Interest groups and hacker groups

1.1.3 Why cybersecurity has become important

1.2 The gradual increase in the role and importance of cybersecurity

1.2.1 The problem of scale

1.3 The international and military dimension

1.4 What is the philosophy of cybersecurity - how do we understand it?

1.5 Is cybersecurity achievable?

1.5.1 Confidentiality, integrity, and availability

1.5.2 For an ordinary user

1.5.3 Business use

1.5.4 State

1.5.5 The global problem

1.5.5.1 The problem of international stability

1.6 Important questions and a myth

1.6.1 The question of physical destruction

1.7 Is cybersecurity even achievable?

Notes

Chapter 2: Cyber threats and the necessary clarifications

2.1 Risk

2.2 Different types of risk

2.2.1 Artificial Intelligence and risk

2.2.2 Human rights

2.3 Briefly about cyberattacks

2.4 Kill chain - a useful thought model

2.4.1 Reconnaissance

2.4.2 Weaponization

2.4.3 Delivery

2.4.4 Exploitation

2.4.5 Installation

2.4.6 Command and control

2.4.7 Achieving goals

2.4.8 Kill chain - summary

2.5 The MITRE model

2.6 Social engineering and phishing

2.6.1 Masquerade in France using the "minister" method

2.7 Threat groups

2.7.1 Hacktivists

2.7.2 Cybercriminals

2.7.3 State groups, APT

2.7.4 Groups - synthesis

2.8 Cyber tools or cyberweapons?

2.8.1 Types of tools - a question of aims

2.8.1.1 Estonia (2007)

2.8.2 Exploit

2.9 CVE and security bug branding

2.9.1 20-year-old security vulnerabilities?

2.9.2 The economy of security bugs and exploits.

2.9.3 Frameworks and other tools

2.10 Ransomware

2.10.1 Data loss and ransom

2.10.2 Business model - money is the target

2.10.3 How to protect yourself - Rule 3-2-1

2.10.4 Geopolitical and legal problem - Corsairs of the twenty-first century ?

Chapter 3: Cybersecurity from the user's point of view

3.1 Cybersecurity as a problem of ordinary people

3.1.1 Digitization is progressing and what comes of it

3.1.2 Do we build dependencies ourselves?

3.1.3 Data center on fire - talking about hard luck!

3.2 You have to protect yourself - is it possible? HOW DO YOU DO IT?

3.2.1 Problems also for experts

3.2.2 Security is the increase in costs for attackers

3.2.3 Pay attention to what matters

3.2.3.1 The question of resources and scale

3.2.4 Risk modeling

3.2.5 What are the actual threats to us?

3.3 The Iron rules

3.3.1 Technology is for people

3.3.2 Vendors should take care of basic security - the importance of ecosystems

3.3.3 The risk surface

3.3.3.1 Mapping the ways of use

3.3.3.2 Identification of risk points and a selection of solutions

3.3.3.3 Legal requirements to the rescue?

3.3.4 Up-to-date software

3.3.5 The principle of limited trust in what appears on the screen

3.3.6 Verifying communication

3.3.7 Passwords

3.3.7.1 Good passwords

3.3.7.2 Breaking passwords is not that easy!

3.3.7.3 We don't change good passwords (unless there are good reasons for it)

3.3.7.4 Good passwords are long passwords

3.3.7.5 Passphrases - Diceware

3.3.8 Storing passwords

3.3.9 Two- or multi-factor authentication

3.3.9.1 Toward passwordless systems

3.3.10 Paranoia

3.3.11 Up-to-date knowledge

3.3.12 Web browser

3.3.12.1 Use different browsers

3.3.13 Different risks to different "drawers" (or "pigeon holes")

3.3.14 Safe e-mail.

3.3.14.1 Webmail

3.3.14.2 Is big safer?

3.3.15 Instant messaging

3.3.15.1 Encryption

3.3.16 Social media

3.3.17 Do we need a VPN? Probably not

3.3.17.1 Tor

3.3.18 Remember that the threat model depends on who you are and what you do

3.4 Are we always in danger and does someone always want to hack us?

3.4.1 Not all threats are technical

3.4.2 We may not have any influence on some problems

3.5 Antivirus software

3.6 User privacy - a broad topic

3.6.1 Settings

3.6.2 Not only bad people have something to hide

3.6.3 Smartphone - the center of life

3.6.4 What do they know about us?

3.6.5 Privacy as a product feature and business advantage

3.6.6 Privacy versus technologies and standards

Chapter 4: Cybersecurity of healthcare infrastructure

4.1 The digitalization of healthcare is progressing

4.1.1 Digitalization and its issues

4.1.2 COVID-19 as a digital accelerator

4.2 Digitalization and cybersecurity risks

4.3 Risks and threats

4.3.1 Cyberattacks on hospitals

4.3.2 WannaCry ransomware as a driver of cybersecurity funding?

4.3.3 Cyberattacks on healthcare in Ireland in 2021

4.3.4 Other cyberattacks on healthcare centers

4.3.5 Will the insurer cover the losses?

4.3.6 Does cyber insurance make sense ?

4.3.7 Hospitals are not treating cybersecurity as a priority - and that is reasonable?

4.4 Digitalization of diagnostics and new vulnerabilities

4.4.1 Risks of implants

4.4.2 Data leaks or modification of diagnostics

4.4.3 Cyberattacks on the supply chain

4.5 Cybersecurity of medical devices

4.5.1 Targeted attack on a patient using an insulin pump

4.5.2 Targeted attack - battery drain

4.5.3 Attacks on medical devices - summary

4.6 How to secure a hospital

4.6.1 Hardware, software, licenses, updates….

4.6.2 What happens in the event of a large-scale cyberattack? Scenario of a systemic cyberattack

4.6.2.1 Segmentation, segregation, and isolation

4.7 Lethal effects

4.7.1 Bad design - Therac-25 system

4.7.2 Chasing sensation?

4.7.3 Careful with reports?

4.7.4 Why kill with a cyberattack ?

4.7.4.1 Is it easy to detect death due to a cyberattack?

4.8 Okay, but can a cyberattack kill?

4.8.1 Cyberattack scenario with lethal consequences - can such a logic bomb be detected?

4.8.2 Coordinated battery drain of a medical implant? A scenario

Chapter 5: Cybersecurity of critical infrastructure

5.1 Vulnerable part of the State

5.1.1 A different classification of cyberattacks

5.2 Examples of cyberattacks against critical infrastructure

5.2.1 Energy

5.2.1.1 Nuclear power plants

5.2.1.2 Cyberattacks on energy distribution in Ukraine

5.2.1.3 What happens when the power is switched off

5.2.1.4 An attempt to turn off the power under wartime conditions?

5.2.1.5 How to protect the system

5.2.1.6 Blackout as a result of a cyberattack? Scenarios

5.2.2 Scenario: Physical destruction of the transformer

5.2.2.1 Practical demonstration of physical damage

5.2.2.2 Skepticism about reports is recommended

5.2.3 Water treatment/sanitation systems

5.2.4 Gas and oil

5.2.4.1 Siberian pipeline - give it no credence

5.3 Securing critical infrastructure

5.4 Hacking physical elements

5.4.1 Ransomware for industrial systems and PLC worm

5.5 Physical effects

5.5.1 Stuxnet

5.5.2 German steel mill

5.6 Transportation systems

5.7 What do the States do about it?

5.7.1 Europe, USA

5.8 The key civilizational issue

Chapter 6: Cybersecurity of a State

6.1 What is the cybersecurity of a State?

6.1.1 Cybersecurity of citizens, or described more broadly.

6.2 Countries have already been hacked

6.2.1 Cyber operations against the U.S. political system (2016)

6.2.2 Elections, intelligence, and human nature

6.2.3 Intentional leaks and their effects

6.2.4 Cyber operations against the political system in France (2017)

6.2.5 Cyber-enabled information operations aimed at the electoral process

6.2.6 Hacking social media accounts - a preface to an information operation?

6.2.7 Professional cyber operations

6.2.8 Cyber operations and the situation at the Polish-Belarusian border in 2021

6.2.9 The case of Taiwan: Outreach and the man from nowhere

6.2.10 Attacks elsewhere

6.3 Electronic voting as a systemic vulnerability of a State

6.3.1 Transparency issues

6.3.2 Tread carefully with digitization

6.4 A general scenario - cyber-enabled information operation

6.5 How countries protect or defend themselves

6.5.1 EU GDPR, NIS - when it is worthwhile or necessary to act

6.5.2 CERTs and other institutions

6.6 Is it possible to secure the State?

6.6.1 Elections

6.6.2 Political parties

6.6.3 Cybersecurity of the electoral staff - a challenge

6.6.3.1 Personal issue

6.6.3.2 Headquarters/staff cybersecurity strategy

6.6.3.3 More about the human factor

6.6.3.4 Technical, cloud measures

6.6.3.5 Routine deletion of data

6.6.4 Cybersecurity as a PR problem

6.7 The necessity of a State cybersecurity strategy

6.8 Or maybe disconnect from the Internet?

Chapter 7: Cyberconflict and cyberwar

7.1 Rivalry and competition between the States

7.2 Cyberintelligence, cyberespionage…

7.3 Cyber police

7.4 Cyber army

7.4.1 Standard tools

7.4.2 Cyberattack is not an attack

7.4.3 Cyber operations

7.4.3.1 Defensive cyber operations

7.4.3.2 ISR operations

7.4.3.3 Offensive operations.

7.4.4 Proportions of different operations.

Notes:

Description based on print version record.

ISBN:

1-00-340826-5

1-003-40826-5

1-000-95600-8

1-000-95598-2

9781003408260

OCLC:

1407232223