Cyber Security

The subject Cyber Security is very important in this digital era due to dependency on online
operations, social media practices, upcoming technologies like IoT, digitization and
pervasive nature of mobile devices. Secure online operations and safe handling of devices are
the need of the hour. One must understand the security challenges as well as the best
practices that are essential to protect one from becoming the victims of cybercrimes.
Fundamental knowledge in Cyber Security is very much required to understand the current
status of cyber world. It is imperative to safe-guard the individual, society, organization and
the government from the dangers of cyber frauds, scams, threats and attacks.

What is Cyberspace? : An Introduction

We are all living in the digital era. All our daily activities either partially or totally depend on
digital devices or Internet. Every Organization whether it is government or non-government
and individuals rely on the usage of computer networks, systems and related technologies.
Most of our daily routines, including both personal and professional activities, depend on
digital devices connected through public and private networks and the Internet.

Where do we operate, and which connects us? These are the major questions that most of
us raise when we think about the way we use Internet and other resources for
communication. The answer is : Cyber Space.

Cyber Space is the virtual space that connects all of us and enables the information
exchange, necessary to support interactions in the digital era. More specifically,
Cyberspace can be defined as,

Cyberspace refers to the virtual space that provides the infrastructure, electronic
medium and related elements necessary for online global communication.

Cyberspace is a virtual space technically created by human beings. It can be thought of as

the second life space where human beings operate for social interactions, entertainment,
business operations as well as for personal activities and interests.

"Cyberspace" no longer implies a virtual environment. However, the incorporation of

digital technology possess a large variety of competences like sensors, signals,
connections, transmissions, processors, and controllers that are necessary to create a
simulated interactive experience through Cyberspace. Simulated environments can also
be created in the Cyberspace for a virtual experience.

Cybernauts are those People who are actively engaged in Cyberspace for all their social
experience.
The Origin of Cyberspace

The term cyberspace is derived from the word cybernetics which in turn is extracted from
ancient Greek word kubernētēs, that refers to steersman or to give direction. Recent
years have seen a wide proliferation of context-dependent suffixes applied to cyber.

The term cyberspace first came into existence in various contexts in visual arts and
science fiction during 1940, 1960 and 1984. However, the first reference was made by
the founder of Electronic Frontier Foundation, in the year 1990 and later in 1991 by Mr.
Benedict, which is close to the existing relationship of computer and telecommunication
systems.

Levels of Cyberspace

Since Cyberspace is a common domain where everyone can operate and no one can
own or govern, there are many trespassing happening. Therefore, it is necessary to
understand the levels of Cyberspace.

i Core Cyberspace : Core cyberspace covers all electronic devices, the

transmission medium or connecting medium, the control codes, the operation codes,
software used to handle them and finally the data. This is the place where all of us
operate.
Ii Extended Cyberspace : The extended Cyberspace covers everything that
surrounds the core. Anybody can access the core through this extended space. For
example, an automated car or a smart appliance operated through remote control,
through this Cyberspace. That is, one gets the control of core only through extended
cyberspace.

Extended cyberspace is very attractive to new generation of intruders, including

government hackers for Cyber warfare. That is Cyberspace provides a battle space to
target government, business organizations or a Nation’s critical Infrastructure. It may
provide an informal access, if the security system is not in place. Whether Cyberspace is
attractive or not, it is all about how people choose to use it. Let us see the elements of
Cyberspace in the following section.

Components of Cyberspace

Cyberspace comprises 6 major elements as

i Physical infrastructure and telecommunication devices

ii Computer systems and related software
iii Networks connecting computer systems and devices
iv Network of Networks or Internet
v User and intermediaries Access nodes
vi Constituent Data

For example, if a person wants to send a message or picture to another person, he

needs the following :

first of all, a device for him to send and for the other person to receive, a network for
connectivity, a software or protocol to facilitate the exchange, a space or a global
mechanism for seamless integration of all, the intermediate elements that do the smooth
transfer from one end to other end and finally what is being transferred that is - data
(message, picture, audio, video or a combination of all).

The components of Cyberspace can be arranged on different levels. The level on which
cyberspace operations are conducted is determined by three layers.

The three layers of cyberspace, namely

i Physical Layer
ii Logical Layer
iii Cyber Personal Layer

Physical Layer: Comprises the components of physical and geographical network. It is

the means through which data travels.

Logical Layer: Contains network elements that are associated with each other which
are distant from the physical network. It also indicates the structure of connection of the
physical components.

Cyber Personal Layer: Involves the people actually present on the network.

Cyber Domain Characteristics

The significant characteristics of Cyber Domain are:

i. Connectivity
ii. Virtuality
iii. Expansion

iv. Ambiguity
v. Interactivity

i. Connectivity : Cyberspace interconnects a wide range of physical systems. All these

elements are not physically present in one place but connected virtually in different places, but
they appear as a single entity from the user’s perception.
ii. Virtuality : Cyber Space is both unbound and virtual in nature. In other words, Cyberspace
does not exist in reality. Rather, it is an abstraction that can only be realized virtually.
iii. Expansion : Since all communications take place within this virtual place through various
means and with different types of data, Cyberspace is growing very fast. With the amount of data
shared and used, as well as the number of users sharing, the situation leads to data proliferation.
iv. Ambiguity : Due to its virtual nature, and lack of physical existence, with absolutely no
centralized controlling or monitoring mechanism, Cyberspace is indistinctive and ambiguous in
nature.
v. Interactivity: Though it is intangible in nature, all communications and data sharing occur
seamlessly through this medium. Cyberspace is fundamentally interactive in nature.

Ultimately cyberspace provides collaborative and virtual space for a wide range of participants.
All the above five features make Cyberspace inherently uncertain and complex.

Driving forces of Cyberspace

The factors that influence, or the driving forces of Cyberspace are time, space,
anonymity, asymmetry and efficiency.

1.7 Advantages and Shortcomings of Cyberspace

The advantages of cyberspace include

i. Informational resources
ii. Entertainment
iii. Social networking

The virtual library of information offers required information on any topic at any point of
time and cyberspace acts as the informational resource now-a-days. Entertainment and
social networking play a major role in cyberspace as the cyberspace has been evolving
as a great medium to connect people these days.

The disadvantages are due to this great medium of connectivity, as it leads to

spamming, theft of information and threats etc., as the cyberspace provides a platform
for all criminal activities also. Therefore, security is a major challenge.

Generally, people confuse between Internet and Cyberspace. Are they one and the
same or different ?

What is Internet?

Internet is an inter-connected network. It comprises of a large number of world-wide

computers connected in a network to facilitate communication and data exchange.
It makes use of the TCP/IP protocol suite for data transmission and exchange.

A universal system of interrelated computer networksthat utilizes Internet protocol

suite(TCP/IP) to link worldwide devices is referred to as the Internet.

A wide variety of information and other communication related facilities in an

interconnected networks standardized using communication protocols is provided by
universal computer.

Therefore, Internet provides the technical platform for communication and actions
through well-defined standards of operations.

Comparing and Contrasting Internet and Cyberspace

Often, the terms Internet and cyberspace are used interchangeably and considered to
be the same in the meaning and usage. However, there are certain key differences
between Internet and Cyberspace.

The Internet links smaller or larger networks of computers, servers and other personal
devices that exist within the scope of Internet.

However, Cyberspace is a symbolic and figurative space that exists within the Internet
and supports a multitude of business, government and social interactions through
information exchange.

The design of the Internet results in a cyberspace that is built out of components and
provides services designed to form more complex services.

Data exchanged in Cyberspace can be in the form of text, audio, video and image.
Internet is a 50-year-old technology. Starting with the military applications, it was widely
used as a tool by the academicians and researchers to exchange data easily.

After digital communication revolution, introduction of TCP/IP protocol, Domain Name

System (DNS) and Addressing methods made the Internet available to all devices and
all types of users.

Due to privatization and commercialization, Internet started developing rapidly. Rather,

Internet simplified the operations of the organization by killing the distance.

Therefore, Cyberspace and Internet vary in terms of their meaning, definition and
operations.

The term cyberspace has led to the introduction of other words like, cyber security,
cybercrime, Cyberwarfare, cyber terrorism and cyber espionage.

Introduction to Cyber Security-Definition

Cyber security refers to the actions which are taken in order to prevent the computer
systems or the Internet from unauthorized access or against attacks.

It is also referred to process of protecting devices or electronic data from unauthorized

access.

Cyber Security also refers to the measures taken against data thefts or protect the
computer systems from damages such as hardware, software or information, as well as
from interruption or deception of various computer services.

Cyber Security includes techniques that protect computers, networks, programs and
data from illegal access or outbreaks that may be misused.

Cyber Security is a technology framework that consists of various procedures and

operations intended to defend networks, computers, programs and data from outbreak,
damage or illegal access.

Cyber Security involves a wide range of practices in protecting the integrity of networks,
programs and data from various attacks, harm or unintended access.

Cyber Security refers to protection of computer resources or information from theft,

compromise or confront using deterrent measures through a consideration of possible
information threats, like malwares and other malevolent codes. Identity management,
risk management and incident management are some of the common cyber security
strategies in practice.

Importance of Cyber Security

Some of the remarkable significance of Cyber Security are:

• It endeavors to safeguard that the security properties are realized and maintained by
the Organization.
• User’s assets are protected against various cyber security risks and remain intact.
• The importance of ensuring protection from attacks, damage and authorized access on
networks, computers and programs is equivalent to daily routine operations of an
organization.
• Helping to understand the current trends in IT and develop effective solutions.
• Reducing vulnerability in information and ICT systems and networks.
• Enforcing integrity, confidentiality and availability.

Common Tools of Cyber Security

With the understanding based on the discussions made so far, the Common tools used
for cyber security may be listed as:
• Passwords

• Anti-virus/Anti-malware Software
• Software patches
• Firewalls

• Two-factor Authentication
• Encryption

Key Elements of Cyber Security

The key essentials of Cyber Security are:

i. Application Security
ii. Information Security
iii. Network Security
iv. Disaster Recovery
v. Operational Security and
vi. End-User Education

Application Security

Application security covers procedures or actions that can be taken care of throughout
various stages in the development life-cycle process of an application. This is to ensure
that the application is protected from threats and vulnerabilities that arises through faults
in the development of applications like, design, deployment, up-gradation or
preservation. Some of the basic techniques involved in ensuring security in applications
are:

• Validating the Input parameters

• Authenticating and authorizing valid Users/Roles
• Managing Sessions, manipulating parameters and managing the exceptions
• Security Auditing and Log Analysis.

Information Security

The fortification of information from illegal access or information theft thereby preserving
the privacy is referred to as the Information Security. Some of the common practices that
provides Information security are:
• Identification, validation and authorization of users
• Cryptography.

Network Security

The process of ensuring the usability, consistency, truthfulness and security of the
network is referred to as the Network security. Large number of threats are recognized
and stopped from further spreading or entering into the network system through an
Effective network security strategy. Network security compromises of the following
components:

• Anti-virus and anti-spyware

• Firewall, identifies and blocks any unauthorized network access

• Intrusion Detection system (IDS) automatically detects Network Intrusions and Intrusion
Prevention Systems (IPS) that identifies destructive threats, like zero-day or zero-hour
attacks
• Virtual Private Networks (VPNs) provides safe remote access.

Disaster Recovery

A development process that is used to assess various types of risks and establish
different priorities thereby evolving disaster recover strategies is known as Disaster
recovery. Every organizations must develop proper disaster recovery strategies to
protect their business-related activities from damage. Rather, they should take pro-active
measures to handle disasters because information is a major asset of an Organization.

Operational Security

Very stubborn or stringent measures must be taken as far as operational level security is
concerned especially in a complete automated environment. Of all the risks, it is really
difficult to fix the operational risks in an organization when data leakages or security
breaches happen.

End-User Education
The most essential and viable solution is end user education. Most of the security
incidents happen only because of lack of knowledge on the handling side of the users.
Many incidents happen without realizing the significance of certain activities.
Of all the above, end-user education is very important for an organization to avoid
unnecessary incidents against security.

What are the cyber security questions?

The questions to be addressed on securing the operations in cyberspace are

i. From what to protect?

ii. What to protect?
iii. How to protect?
The main focus is on the first question. The main concern on this aspect is on Deciding
on what or from what, to mainly protect, and how to operate strongly during system
failures.
Addressing the second question is on the possible threats and the threats are analysed
for further detection in future.

The third question addresses the object’s security assurance from threatening factors
through measures and procedures of implementation.

Cyber security has a significant importance in the current world of digital technologies as
most people make use of Internet for their daily activities. This replaces the mechanical
process with the use of software. The global usage of Internet has also authorized
individuals to unleash unique levels of innovation, creativity, and has also created new
markets unruling old ones. As Internet is used world-wide it suffers from various security
challenges and issues of which most of them help in improving the emergence of cyber
security practices. The major challenge that exists in cyberspace is the anonymity, as it
creates security breaches and complexity between individuals and government
legislations.