Tuesday, May 5, 2020

Computer Security Regarding the Submarine

Question: Describe about the Computer Security for Regarding the Submarine. Answer: Part A: Computer Security Breach leads to leakage of Sensitive Submarine Information This report critically analyses the incident of security breach that has resulted in leaking of sensitive information about the Scorpene submarine that has been designed by France (Can French keep a secret?, 2016). There is no more serious incident than disclosure of the stealth secret of a country. Hence the report will focus on the questions like how did the incident occur, why did it occur and the possible solutions to the leak. A.1) The Problem The author Cameron Stewart discuss in The Australian about the latest security breach which has made sensitive information regarding the Scorpene submarine public. A submarine technology is as effective as the amount of stealth and secret it can maintain. The leaked DCNA (Direction des Constructions Navales) documents carry bolt to bolt details about the submarines capability and combat abilities along with the weaknesses (Scorpne data leak: Who is responsible for the massive information security breach? - Firstpost, 2016). The major victims of the leak are India, Malaysia, Chile and Brazil who operate the Scorpene submarine. The breach will compromise the security of the six submarine fleet that is maintained by India. This incident will further deteriorate the security condition of the country. The project that has been valued more than 3.5 billion USD was being built at Mumbai docks. The deal was inked in 2005 and leaked document shows a detailed technical specification which wil l make it easier to detect the Scorpene submarine (Joseph, 2016). A.2) How and Why did the breach happen The data and the documents that reached The Australian via mail did not contain any detail regarding the submarine. The Australian made the news public as Australia has contracted DCNS for building Shortfin Barracuda Submarines. The leak happened at the DCNS side as it contained sensitive information about other frigates and amphibious ships which have been planned to be sold to Chile and Russia. The document that has been leaked is the year 2011 document that has been used as framework for building the submarines. The leak not only have created security risk for the buyers but has also defamed the suppliers and its subcontractors. The latest leak has been attributed to lesser awareness of the contractors about the IP (Intellectual Property) protection. DCNSs leak is an eye opener that IP in this modern world of connectivity is hard to maintain and should be taken seriously (French submarine maker data breach highlights challenges of IP security, 2016). DCNS also claim that it has be en a victim of economic warfare, and it is for sure that after this incident there are few people who will trust company with their sensitive information. Various reasons have been attributed to the security breach like lack of awareness about the IP protection and data classification and protection. Intellectual Property (IP) protection is a very difficult task as it involves various stages of security involved for the protection and maintenance. Since today due to interconnectivity everything is connected to every other thing maintaining the security has become tougher. Maintaining IP is more difficult compared to other data because these data are extremely unstructured (French submarine maker data breach highlights challenges of IP security, 2016). Apart from being unstructured the work upon it is done in various segments so the full value of the data often goes unrealised by the individual working upon it. It should also be understood that the failure to understand the importance of data classification and its protection too gives rise to security breaches. If the data is not classified according to its importance and security implication, it is bound to be grouped with lesser important files which will result in access to data by unwanted personnel or hackers thus leading to leakage of information (Barile, 2014). A.3) The possible solutions There is no definite outcome for internet security breaches as the hackers and personnel do evolve with the increasing security. But the task for them can be made harder. One possible solution for the problem could be restructuring architecting the security from the very beginning. So that the security is designed to be hard to crack, easy for upkeep and recovery is smooth (StjepandiĆ¡ Liese Trappey 2015). The segmented approach will go a long way in preventing the data. Alarms can be embedded into the system to show any movement of data. The importance of data should be well understood and the classification and segmentation should be for a better understanding of security. Hence, the various aspects of the computer security have been discussed. The recent incident related to a computer security breach in France which has resulted in the release of sensitive information about submarines has been analyzed. The questions like how and why were answered and solutions were pro vided for restricting such breaches. Part B: The Anthem Medical Data Breach B.1) Problem Statement An American healthcare company Anthem Inc. which was founded in the 1940s was hacked in 2015. Anthem Inc. on 4th, Feb 2015 disclosed the fact about the network security breach that has led to the theft of 37.5 million records containing user information from its server. On a later day in February, the company further increased the number, of records that were stolen, to 78.8 million. According to the information provided by the organization the security breach compromised records of various brands of the company like Anthem Blue Cross, Blue Shields, etc. The company further confirmed that the breach didn't compromise with the financial data and the medical information of the members and patients. But other details like names, e-mail IDs, medical IDs, birthdays, social security numbers, income data, employment information, have been compromised and according to the report in The New York Times' could be used for identity theft. To prevent victimization, the firm has asked the persons to be careful regarding their accounts as vigilance might help to reduce the damage of identity theft. B.2) Affected People According to the data released by the company 78.8 million people have been affected by the theft. If the data USA Today are to be believed, then the number of affect mass could increase to 80 million. The data that has been compromised include every data needed for identity theft like name, social security number, etc. The stolen data of 80 million people could be used for identity theft hence making a large populace vulnerable to identity cloning. Identity theft is a deliberate use of others identity to gain financial advantages. Hence it can be easily understood that people whose details have been compromised are living in fear. The organization Anthem Inc. also maintains thousands of HighMark customers whose information was compromised. The CEO of the company addressed the sufferers of the incident and apologized for the same, thus creating a lot of fuss about the issue. The breach has shaken the investor confidence, and the company has been struggling to maintain the market share that it previously had. The customers too have been skeptical about the security policies of the company and fears investing with it. Although no incident of identity theft has been recorded till now due to the security breach but the possibility and the impact of the breach has been profound. B.3) Details of Attack Carried Out The company was on its way to implementing two-tier securities before which the breach totally took the IT expert of the company by shock. As per the report by J. K. Wall, as soon as the security breach was found all the system with a single level of safety was shut down. Before the attack, only individual level authentication was done by recording the username and password, so hackers acquired the combination of two and started the breach for weeks. Although at final stages hacker had all the information needed for accessing the sensitive data, the company is still not sure about the source of the initial breach. Every company makes a trade-off between the ease of handling system and the involved security for making the system both easy to use and user-friendly. This can result in minor challenges for the system which the hackers use to gain access to the network. The data about the patients constituted around 35 GB of disc space and was moved in small chunks to avoid unwanted attention and had been done for weeks to before the breach was noticed. B.4) Possible Solution to Prevent the Attack It had been mentioned in the previous section that the IT experts were just a few weeks away from implementing a two-tier security system. Once the system was in place, the hackers might not have been able to breach the security. So it can be easily understood that single level security is unsafe, and a multi-level security is the need of the time. Apart from multi-level security, the IT professionals should be more proactive to stop any attack on the system. According to The LA Times initial attempts of hacking were detected and deflected, but the final one went unnoticed for six weeks. It is estimated that the hacker was extremely persistent and might have gained access to the system using phishing on of the IT managers. References Anthem data breach could affect affiliate customers, including Highmark. (2016).Pittsburgh Post-Gazette. Retrieved 25 August 2016, from https://www.post-gazette.com/business/tech-news/2015/02/06/Anthem-data-breach-could-affect-affiliate-customers-including-Highmark/stories/201502060059 Barile, I., Wootton, B., Kessler, D., Upadhyay, R. (2014).U.S. Patent No. 8,695,090. Washington, DC: U.S. Patent and Trademark Office. Can French keep a secret?. (2016).Theaustralian.com.au. Retrieved 25 August 2016, from https://www.theaustralian.com.au/opinion/itll-be-50bn-down-the-gurgler-ifthe-french-cant-keep-a-secret/news-story/535be2819009eb7180b468ef5751f7fb Data Breach at Health Insurer Anthem Could Impact Millions Krebs on Security. (2016).Krebsonsecurity.com. Retrieved 25 August 2016, from https://krebsonsecurity.com/2015/02/data-breach-at-health-insurer-anthem-could-impact-millions/ Details of Anthem's massive cyber attack remain in the dark a year later. (2016).Modern Healthcare. Retrieved 25 August 2016, from https://www.modernhealthcare.com/article/20160330/NEWS/160339997 Forbes Welcome. (2016).Forbes.com. Retrieved 25 August 2016, from https://www.forbes.com/sites/danmunro/2015/12/31/data-breaches-in-healthcare-total-over-112-million-records-in-2015/#43f5c8937fd5 French submarine maker data breach highlights challenges of IP security. (2016).ComputerWeekly. Retrieved 25 August 2016, from https://www.computerweekly.com/news/450303120/French-submarine-maker-data-breach-highlights-challenges-of-IP-security Goldstein, R. (2016).Millions of Anthem Customers Targeted in Cyberattack.Nytimes.com. Retrieved 25 August 2016, from https://www.nytimes.com/2015/02/05/business/hackers-breached-data-of-millions-insurer-says.html?_r=0 Joseph, J. (2016).Scorpene data leak Not a tight ship, submarine project leaked like a sieve.The Hindu. Retrieved 25 August 2016, from https://www.thehindu.com/news/national/scorpene-data-leak-not-a-tight-ship-submarine-project-leaked-like-a-sieve/article9027165.ece Riley, C. (2016).Insurance giant Anthem hit by a massive data breach.CNNMoney. Retrieved 25 August 2016, from https://money.cnn.com/2015/02/04/technology/anthem-insurance-hack-data-security/ Scorpne data leak: Who is responsible for the massive information security breach? - Firstpost. (2016).Firstpost. Retrieved 25 August 2016, from https://www.firstpost.com/world/scorpene-submarine-leak-who-is-responsible-for-the-massive-information-security-breach-2976018.html StjepandiĆ¡, J., Liese, H., Trappey, A. J. (2015). Intellectual property protection. InConcurrent Engineering in the 21st Century(pp. 521-551). Springer International Publishing. The massive breach at health care company Anthem Inc.. (2016).USA TODAY. Retrieved 25 August 2016, from https://www.usatoday.com/story/tech/2015/02/04/health-care-anthem-hacked/22900925/ Times, L. (2016).Anthem is warning consumers about its huge data breach. Here's a translation..latimes.com. Retrieved 25 August 2016, from https://www.latimes.com/business/la-fi-mh-anthem-is-warning-consumers-20150306-column.html

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.