For this project, I created an instruction manual on how to study for the CCNA 200-301 exam.
Author: gladielle
Gladielle Cifuentes’ 750-Word Expanded Definition of Military Cybersecurity
Introduction
As the internet and technology began to see many advancements, organizations realized the threats that can come from not having a security system in place. These organizations include the U.S military. According to Kilroy (2008), “In the mid-1990s, the U.S. military recognized a growing threat to its informational architecture as well as the nation’s critical infrastructure from cyber warfare.” (p. 439). For this paper, I will be defining the term ‘Military Cybersecurity’ and how it is viewed in different definitions. I will cite definitions and explain in context how authors and organizations view this term.
Definitions
The Department of Defense Instruction 8500.01 (2014) defines cybersecurity as the “prevention of damage to, protection of, and restoration of computers, electronic communications systems, electronic communications services, wire communication, and electronic communication, including information contained therein, to ensure its availability, integrity, authentication, confidentiality, and nonrepudiation”. Cyber security threats to the military have been around for many years and the U.S government has been a victim to hackers from all around the world. As per the International Standards Organization, the definition of Cyber security is “the preservation of confidentiality, integrity, and availability information in cyberspace” (ISO, 27032). Very similarly, these organizations use the term ‘integrity’ when defining Cyber security.
According to Efthymiopoulos (2019) “Cyber-security is a method of e-protection. It is a framework policy of and for defense when reflective to a political-military alliance such as NATO (North Atlantic Treaty Organization)” (pg.1). The definitions listed are related to how the military views cybersecurity and what is the DoD’s expectation is on how to control the military networks and implement cyber security protocols.
Context
Vacca (2011), mentioned that “both the US Navy and the US Air Force were originally founded to project US interests into non-governed common spaces, and both have established organizations to deal with cyber security. “(p. 159). Although this refers to two different branches of services, the overall goal for the DoD is to strengthen its cyber security. According to Krasznay & Hamornik (2019), “Governmental and military IT systems should be protected from criminals, foreign intelligence services and armed forces in cyberspace, just to name a few challenges. These elements require a new approach to cybersecurity especially in national security” (p. 291). Overall, any organization that uses technology devices, networks, or simply function through the internet, can encounter cyber security threats, to include the military. Boeke, Heinl & Veenendaal (2015). “Armed forces across the globe are investing in their capacity to defend their networks and systems, and increasingly, preparing to conduct military operations in cyberspace” (p. 70), the U.S Military, along with militaries around the world, understand the severity of cyber threats and how it could be a detrimental concern to their security information and governments.
Working Definition
The term Military Cybersecurity can be defined in many ways. Overall, specifically referring to the military, cybersecurity will continue to gain threats from hackers and it is extremely important to learn the new threats that occur and keep those who are involved and work with the military up to date with ways to prevent any cyber-attacks from happening. Cyber-attacks raise security concerns to government officials. For the major that I am studying and the career path that I chose, I believe that it is highly advisable for me to be aware of the cybersecurity concerns that the military faces. As a military member, I am aware of the constant trainings that the Air Force provides for its members on cybersecurity and awareness, and the important roles that we have in military cybersecurity.
References
Kilroy, R. J., Jr. (2008). The U.S. Military Response to Cyber Warfare. In L. J. Janczewski & A. M. Colarik (Eds.), Cyber Warfare and Cyber Terrorism (pp. 439-445). Information Science Reference. https://link.gale.com/apps/doc/CX2555100065/GVRL?u=cuny_nytc&sid=GVRL&xid=3af1f3ab
Efthymiopoulos, M. P. (2019). A cyber-security framework for development, defense and innovation at NATO. Journal of Innovation and Entrepreneurship, 8(1). doi:10.1186/s13731-019-0105-z
Snyder, D. (2015). Improving the cybersecurity of U.S. Air Force military systems throughout their life cycles. Santa Monica, CA: RAND Corporation.
Vacca, W. A. (2011). Military Culture and Cyber Security. Survival, 53(6), 159-176. doi:10.1080/00396338.2011.636520
Cyber Security Objectives. (2012). Cyber Security Policy Guidebook, 1-267. doi:10.1002/9781118241530.ch3
Krasznay, C., & Hamornik, B. (2019). Human Factors Approach to Cybersecurity Teamwork – The Military Perspective. Advances in Military Technology, 14(2). doi:10.3849/aimt.01296
Boeke, S., Heinl, C., & Veenendaal, M. (2015). Civil-military relations and international military cooperation in cyber security: Common challenges & state practices across Asia and Europe. 69–80. https://doi.org/10.1109/CYCON.2015.7158469
Summary of Cam-Winget et al.’s “Security Flaws in 802.11 Data Link Protocols”
TO: Professor Jason Ellis
FROM: Gladielle Z. Cifuentes
DATE: September 9, 2020
SUBJECT: 500-word summary
This is a 500-word summary of the article “Security Flaws in 802.11 Data Link Protocols” by Nancy Cam-Winget (Cisco Systems), Russ Housley (Vigil Security), David A. Wagner (University of CA at Berkeley) and Jesse Walker (Intel Corp.).It discusses the vulnerabilities that a WLAN experiences by a person who can potentially eavesdrop through radio receivers due to weak security protocols.
Wireless Equivalent Privacy (WEP) is the mechanism that the IEEE 802.11 protocol uses as its standard for data confidentiality. WEP had an array of flaws and would leave Wireless Local Area Networks (WLANs) with security vulnerabilities. This article will describe the flaws of WEP and how researchers went about on finding ways to improve the security or replace WEP.
WEP has many vulnerabilities and reasons as to why it is not a trustworthy security protocol. Since using WEP is optional, it causes a huge threat to security. This results in encryption of data to never be used. Another defect of WEP is the shared key standard it uses for all devices. According to this article, the most serious security breach that WEP has is how attackers can use cryptanalysis to recover the encryption keys that the WEP uses on its devices. “Once the WEP key is discovered, all security is lost.” (Cam-Winget, Housley, Wagner & Walker, 2003, p. 36). Due to the flaws of WEP, the conclusion is that this security protocol was poorly designed. Experienced security protocol designers and cryptographers are needed for the creation of such difficult security protocol designs.
A short-term solution to WEP is the creation of Temporal Key Integrity Protocol (TKIP). TKIP are sets of algorithms that “adapt the WEP protocol to address the known flaws while meeting these constraints” (Cam-Winget, Housley, Wagner & Walker, 2003, p. 37). Packet sequencing and Per-Packet key mixing are the functions that TKIP help with the security flaws of WEP for short term purposes.
A long-term solution that researchers found for WEP security flaws is using the Counter-Mode-CBC-MAC Protocol. For the algorithm of this protocol, the Advanced Encryption system was used. This system contains features that improve the operation of the WEP and its security capabilities which include: single key usage, using integrity protection for packet header/packet payload, reducing latency by allowing precomputation, pipelining and more. In order to meet the criteria for this security protocol, the CCM mode was designed.
CCM works by merging two techniques such as a counter mode for encryption and the Cipher Block Chaining Message Authentication Code (CBC-MAC). CCM is seen as a vulnerability due to it using the same key for both “confidentiality and integrity” (Cam-Winget, Housley, Wagner & Walker, 2003, p. 39)., It guarantees to never overlap the counter mode with the CBC-MAC vector.
This article reviewed WEP and the security flaws found. The authors described short-term and long-term alternative protocols that can replace WEP and how they can be implemented for securing a WLAN.
References:
Cam-Winget, N., Housley, R., Wagner, D., & Walker, J. (2003). Security Flaws in 802.11 Data Link Protocols. Communications of the ACM, 46(5), 35-39. https://doi.org/10.1145/769800.769823