Cyber security is a global phenomenon. For example, recent socially-engineered attacks that target CEOs of global corporations appear to be instigated by the Chinese group dubbed the “comment crew.” In their 2011 survey Symantec found that the number one cyber risk business concern was external cyber-attacks, followed by concerns about both unintentional insider error (2nd risk) and intentional insider error ( 3rd risk). Analysis by Verizon’s cyber forensics team indicates that the massive increase in external threats overshadows insider attacks. Despite the increase in external threats little is known about the source of such threats; or the global implications this evolving threat environment.
At the global level, cyber security requires not only attribution and forensics, but harmonized laws and effective information sharing. In spite of this growing consensus there is still little empirical understanding of the global cyber threat environment, an understanding that is critical for forensics. Currently, many cyber theories are based on anecdotal evidence and case studies. However, the science of security needs a strong empirical base for strong theory. It is now possible to create such an empirical base as companies like Symantec have been amassing large quantities of data on attacks. In contrast to much of the work in cyber security we take a socio-technical approach looking at the human element. As such, we postulate that the potential severity of the threat is a function of the political environment rather than the just the technology.
The objective of this project is to empirically characterize the global cyber threat environment and to test this hypotheses using Symantec data. A virtual machine will be constructed and global data on the threat network (which IP attacks which) attributed by location, type of attack, severity and potential impact will be collected by time period. The resultant geo-temporal network will then analyzed at the global level controlling for factors such as machines per country, internet access and the interstate hostility and alliance. The proposed research will create a global mapping of the threat environment, changes in that environment, and its relation to geographical and political factors. This will provide an empirical baseline for reasoning about the threat environment. An empirical basis is critical for the growth of science.
Internet Access – Red High Blue Low |