Muhammad Zahab Naeem

MIS ASSINGMENT
Date: April 1st, 2014

Case 1

1. Is cyberwarfare a serious problem? Why or why not?

Answer: Yes, it is a serious problem and have many challenges
for security. The data can be access or stolen by anyone through
cyber warfare and can be use in damaging or as a threat to the
company, businesses or individual.

2. Assess the people, organizational, and technology factors
that have created this problem.
People: For cybercriminals, the benefit of cyberwarfare is
that they can compete with traditional superpowers for a fraction
of the cost of other types of warfare. Because more and more
modern technological infrastructure will rely on the Internet to
function, cyberwarriors will have no shortage of targets at which
to take aim. Users of targeted systems are still too careless about
security and dont do enough to help protect sensitive systems.
Organization: The U.S. has no clear policy about how the
country would respond toa catastrophic level of a cyberattack.
Eventhough the U.S. Congress is consideringlegislation to
toughen cybersecurity standards, the standards will likely
beinsufficient to defend against attacks. The organization of
U.S. cybersecurity ismessy, with no clear leader among
intelligence agencies.
Technology: While the U.S. is currently at the forefront of
cyberwarfaretechnologies, its unlikely to maintain
technological dominance because of therelatively low cost of the
technologies needed to mount these types of attacks.Secret
surveillance software can be installed on unprotected systems
and canaccess files and e-mail thus spreading itself to other
systems. Tracing identities ofspecific attackers through
cyberspace is next to impossible, making deniability ofsuspected
intruders simple.



3. What makes Stuxnet different from other cyber warfare
attacks? How serious a threat is this technology?
Answer: For security reasons SCADA systems are not usually
connected to the internet. But Stuxnet can spread via infected
memory sticks plugged into a computer's USB port. Stuxnet
checks to see if WinCC is running. If it is, it tries to log in, to
install a clandestine back door to the internet, and then to
contact a server in Denmark or Malaysia for instructions.
(Analysis of traffic to these servers is continuing, and may offer
the best chance of casting light on Stuxnet's purpose and
origins.) If it cannot find WinCC, it tries to copy itself on to
other USB devices. It can also spread across local networks via
shared folders and print spoolers. Stuxnet seemed to be designed
for industrial espionage or to allow hackers to blackmail
companies by threatening to shut down vital systems. WinCC is
a rather obscure SCADA system. And Stuxnet searches for a
particular configuration of industrial equipment as it spreads. It
launches an attack only when it finds a match.





4. What solutions have been proposed? Do you think they
will be effective? Why or why not?
Proposed solutions include the following along with an
assessment of their effectiveness:

Secretary of Defense Gates ordered the creation of
Cybercom, the first headquarters designed to coordinate
government cybersecurity efforts. It was activated in May 2010.
It will coordinate the operation and protection of military and
Pentagon computer networks. It will coordinate efforts to restrict
access to government computers and protect systems that run the
stock exchanges, clear global banking transactions, and manage
the air traffic control system. Its ultimate goal will be to prevent
catastrophic cyberattacks against the U.S. Some insiders suggest
that it might not be able to effectively organize the governmental
agencies without direct access to the President, which it
currently lacks.

Because spy agencies like the CIA are prohibited by law
from acting on American soil, some people are proposing to
entrust some of the cyberwarfare work to private defense
contractors. There is no effective way for a domestic agency to
conduct computer operations without entering prohibited
networks within the U.S. or even conduct investigations in
countries that are American allies. Preventing terrorist or
cyberwar attacks may require examining some email messages
from other countries or giving intelligence agencies more access
to networks or Internet service providers.

Case 2:

1. It has been said that a Smartphone is a microcomputer
in your hand. Discuss the security implications of this
statement.

Answer: Smartphone provides us with a single platform to
access everything which we used to access through computers,
laptops etc. It almost have everything in it, our work files,
personal files which in case of lost or theft can cause a serious
problem for us. So it is very important to carry our Smartphone
carefully and keep it in secure hands.

2. What people, organization, and technology factors must
be addressed by Smartphone security?

Answer: People - user are the people who use smart phone
should be careful in terms of lose or data get theft..

Organization - Companies have very valuable information assets
and confidential information to protect so it is important for the
companies to be careful in their access and processes through
smart phones.

Technology - Latest and most secure technology should be uses
to get the data stolen or been accessed by wrong hands like
Biometric fingerprint..

3. What problems do Smartphone security weaknesses cause
for businesses?

Answer: By week security businesses data can be access and use
by wrong which can cause a serious harm or damage to the
businesses even the businesses can get corrupted too.

4. What steps can individuals and businesses take to make
their Smart phones more secure?

Answer: Individual must be careful while handling their smart
phones and keep it in safe hands. And should use security
software's to keep their data safe and prevent others to access
their data.