Duane C. Wilson - Cybersecurity

The MIT Press Essential Knowledge series

A complete list of the titles in this series appears at the back of this book.

Duane C. Wilson

The MIT Press | Cambridge, Massachusetts | London, England

2021 Massachusetts Institute of Technology

All rights reserved. No part of this book may be reproduced in any form by any electronic or mechanical means (including photocopying, recording, or information storage and retrieval) without permission in writing from the publisher.

The MIT Press would like to thank the anonymous peer reviewers who provided comments on drafts of this book. The generous work of academic experts is essential for establishing the authority and quality of our publications. We acknowledge with gratitude the contributions of these otherwise uncredited readers.

This book was set in Chaparral Pro by New Best-set Typesetters Ltd.

Library of Congress Cataloging-in-Publication Data

Names: Wilson, Duane, author.

Title: Cyber security / Duane Wilson.

Description: Cambridge, Massachusetts : The MIT Press, [2021] | Series: The MIT Press essential knowledge series | Includes bibliographical references and index.

Identifiers: LCCN 2020033978 | ISBN 9780262542548 (paperback)

Subjects: LCSH: Computer security. | InternetSecurity measures. | Computer networksSecurity measures. | Data protection.

Classification: LCC QA76.9.A25 W554 2021 | DDC 005.8dc23

LC record available at https://lccn.loc.gov/2020033978

10 9 8 7 6 5 4 3 2 1

d_r0

The MIT Press Essential Knowledge series offers accessible, concise, beautifully produced pocket-size books on topics of current interest. Written by leading thinkers, the books in this series deliver expert overviews of subjects that range from the cultural and the historical to the scientific and the technical.

In todays era of instant information gratification, we have ready access to opinions, rationalizations, and superficial descriptions. Much harder to come by is the foundational knowledge that informs a principled understanding of the world. Essential Knowledge books fill that need. Synthesizing specialized subject matter for nonspecialists and engaging critical topics through fundamentals, each of these compact volumes offers readers a point of access to complex ideas.

Internet security has become an enormous challenge. Almost everything we see, touch, or use is connected to the internet, including cell phones, wearable devices, home appliances, and even semiautonomous vehicles. The internet is a portal for businesses, governments, and other institutions, providing remote access to trade secrets, medical records, and financial data. And such is the paradox of connectivity: the more connected our computer systems, the more exposed they are to cyberattacksattempts to steal data, corrupt software, disrupt operations, and even physically damage hardware and networked infrastructures.

The field of cybersecurity exists to meet the challenge of understanding and protecting against such attacks. In this book, I will present the risks associated with internet use, modern methods to defend it, and general principles for safer internet use. These principles, which have been developed over the years by cybersecurity experts, tend to be disseminated to and implemented by businesses, governments, and other organizations for which the stakes are understandably high.

A network, however, is typically only as strong as its weakest link. A cyberattack on an organization often proceeds from a successful attack against just one individual. And if that person has not been trained to identify the key indicators of a cyberattack, they may unwittingly open the back door, or front door, to an intruder. This book aims to arm the reader with the knowledge needed for the front line of the cyberbattle.

The origins of cybersecurity can be traced back to World War II. At that time, cipher machines were used for cryptographythe act of sharing secrets using codes. A cipher machine is a device that is used to keep communications private through encryptionthe process of making a message private. These machines were rudimentary but frequently effective methods of secure communication during wartime. During World War II, the primary cipher machine used by Nazi Germany was called Enigma (see figure 1) and the ones used by the Japanese troops were code-named Purple. Both machines had a similar operational protocol:

1. 1.An operatorthe senderat a command post would be given a message to encrypt.
2. 2.The sender would type the message on the machine.

Figure 1 Enigma machine and components.

1. 3.For each key pressed, a lamp would light up. The character corresponding to the lamp that lit up would actually be determined by a pseudorandom substitution cipher (or code). The action of pressing a key also moved one or more rotors inside the machine so that the next key press would trigger a different substitution pattern.
2. 4.On the other end of the message, the receiver would see the lamp corresponding to the encrypted letter.
3. 5.An operatorat the receiving command postwould then press the keys associated with the lit letters and piece together the message (e.g., similar to decoding Morse code).

Cipher machines allowed military personnel to encrypt and decrypt communications. That process is called confidentiality, one of six fundamental goals of cybersecurity. (All six are formally introduced in chapter 2.) These days, cybersecurity technologies are much more complex and sophisticated than cipher machines. But it is essential that we understand the basic vulnerabilities of electronic communications.

As computer technologies became more sophisticated and interconnected, they became more susceptible to more perniciousand maliciousforms of attacks. Malicious software, or malware, emerged as the first class of threats to computer and networked systems. Some of the more commonly known types of malware are viruses, worms, ransomware, spyware, adware, Trojans, and bots. (For an overview of malware, see chapter 6.) The earliest-known cases of malware were viruses and worms. A computer virus infects another computer program and spreads whenever that program is used. A computer worm is a stand-alone program that exploits a vulnerability in a computer system, and spreads itself through vulnerabilities or by tricking the user into executing (or running) it.

The Creeper virus (or technically, the Creeper worm) was created in 1971 by Robert (Bob) H. Thomas, a researcher at BBN Technologies in Cambridge, Massachusetts. (BBN designed the first generation of gateways, or routers, for the Advanced Research Projects Agency Network [ARPANET], the precursor to the modern internet.) Creeper was an experimental self-duplicating program that was designed to demonstrate mobile transmittal of computer applications. It moved between computers connected to the ARPANET (the first version of the internet) and using BBNs TENEX operating system (OS), infected both computers and printers, displaying the message IM THE CREEPER: CATCH ME IF YOU CAN.