**4. The cyber-security arena**

In 2010, the US government received on average, 60 million attempted cyber-attacks per day. This problem is not limited to government; Facebook recently announced that it receives over 600,000 attempted cyber-attacks per day (Enzer, 2011) although this is small compared to their one billion daily logins. Staggering as these numbers are, they show the volume of attacks that companies and even individuals now face while connected to the Internet. Managers, IT professionals, and IT security professionals must take a holistic view of security in their planning. This is crucial if a company is to survive amidst today's onslaught of cyber-attacks.

The cyber-security arena has expanded dramatically. Cyber-security now includes mobile phones, embedded computers (widely employed in our infrastructure), cloud computing,

Cyber Security 23

tendency to outsource information technology projects to Asia. This tit-for-tat accusation and response is by no means a recent development, with China and Russia frequently

Very few press reviews of the preceding congressional report covered the alarming discussion of a growing number of other unnamed countries, as well as activist and terrorist groups, who are increasing in their cyber-attack capabilities. Today we see an evolving marriage of capability and intent from groups with far more sinister objectives than espionage. Some of these groups have sought to wreak havoc and damage critical

Until recently, the principal threat to the private sector has been from 'traditional hackers' – skilled individuals seeking information freedom, money or fun, and 'script kiddies' – using tools created by others primarily for personal entertainment. The aforementioned events and reports indicate a very obvious shift of intentions. The cost-to-benefit tradeoff of a successful cyber-attack, and the availability of the internet as a delivery mechanism, effectively arms the masses. With the right skills, anyone, anywhere, can launch a potentially devastating cyber-attack. Several of these attacks were discussed in a recent whitepaper that analyzed the cyber-attack capabilities and vulnerabilities of Libya under the anti-Gadaffi uprising (CSFI, 2011). For example, a SCADA targeted cyber-attack against Libya's oil refineries could limit Gadaffi's funding, but risks severe economic damage to already-struggling countries such as Italy and Ireland who are dependent on Libya for most

In the last few years, studies have highlighted the vulnerability of critical infrastructure to cyber-attack. Nuclear plants, electric smart-grids, gas pipelines, traffic management systems, prison systems, and water distribution facilities have all been identified as at risk from a cyber-attack. Fortunately at the time of this publication, actual attacks like these remain the subject of academic discussion. Many security analysts fear this situation will be short-lived. It should be clear by now that there is no such thing as an uninteresting target for cyberattackers. We know that certain industries and organizations may be targeted more persistently and receive more attacks than others, but should realize that every system and organization is at risk. Understanding the motivation an attacker may have to attack our

In the next section, we shall see how recent cyber-attacks are being targeted to realize these objectives and describe their potential impact to information systems and organizations.

mentioned in counterintelligence reports over the last twelve years (ibid).

infrastructure and have shown no aversion to the taking of human life.

systems can help us to be more prepared for the eventuality of an attack.

In summary, the motivation for cyber-attacks may include:

Critical infrastructure control & sabotage

Intellectual property theft

 Service disruption Financial gain Equipment damage

 Political reasons Personal entertainment

of their oil.

and all types of data storage. And cyber-crime has become a business, operating without borders, and has become increasingly difficult to arrest (BCS Security Forum, 2010).
