Introduction to Cyber Security and Cyber-Physical Systems

Cyber Security:

Cyber Security is the protection of computers, servers, cell phones, electronic frameworks, organizations, and data from vindictive attacks. It is the body of technologies and processes designed to protect networks, devices, and data from attack or theft. Cybersecurity is essentially about individuals, processes, and technologies cooperating to incorporate the full range of threat reduction, vulnerability reduction, law enforcement, and so on. Due to the heavy dependency on computers in a cutting-edge industry that store and transmit an abundance of confidential and fundamental data about the people, cybersecurity is a critical function and needed insurance of many organizations.

Principles of Cyber Security:

The three important principles of Cyber Security are the C I A Triad i.e. Confidentiality, Integrity and Availability.

CONFIDENTIALITY

∗ Confidentiality simply refers to protection of authorized users and their approved data.

Methods used to ensure Confidentiality are:

- Data Encryption

- Passwords

- Security Tokens

INTEGRITY

∗ Integrity basically refers to looking after consistency, accuracy, and dependability of data.

∗ Data cannot be modified by people who are unauthorized.

Methods used to ensure Integrity are:

- Checksums

- User Access Controls

- Cryptographic Checksums

AVAILABILITY

∗ Data is available to authorized people as and when required without any further ado.

∗ Safeguards against loss of data or interruptions in network connections.

Methods used to ensure Availability are:

- Backups

- Firewalls

- Proxy Servers

What is a Protocol?

A protocol is a digital language through which we communicate with others over the internet. It is a set of mutually accepted rules for proper exchange of information. There are various types of protocols. Some of them are listed below:

• TCP/IP (Transmission Control Protocol/Internet Protocol)

TCP (Transmission control protocol) is used for communication over a network. What actually happens here is, the data is broken down into small packets and then sent to the destination. Moreover, the IP (Internet Protocol) works with TCP and addresses these packets thereby showing them the route to their destination. IP makes sure that the packets are transmitted to the right address.

• DHCP (Dynamic Host Configuration Protocol)

DHCP (Dynamic Host Configuration Protocol) is a client-server protocol. It assigns an IP address to any device on a network so that they can communicate using that IP.

• DNS (Domain Name System)

DNS (Domain Name Server) is the Internet’s equivalent of a phone book. They maintain a directory of domain names and translate them to IP addresses.

• FTP (File Transfer Protocol)

FTP (File transfer protocol) is basically used for transferring files to different networks. There may be a mass of files such as text files, multimedia files, etc. So, this way of file transfer is quicker than the other methods.

• ARP (Address Resolution Protocol)

ARP (Address Resolution Protocol) is a network protocol which is used to find out the hardware (MAC) address of a device from an IP address. It is used when a device wants to communicate with some other device on a local network.

• HTTP (Hyper Text Transfer Protocol)

HTTP (Hyper Text Transfer Protocol) is based on client and server model. It is used for making a connection between the web client and the web server. HTTP generally shows information in web pages.

• SMTP (Simple mail transfer protocol)

SMTP (Simple mail transfer protocol) manages the transmission and outgoing of mails over the internet. It is basically used for sending and receiving e-mails.

Why is it necessary to transfer the protocols to IP address?

This is necessary because, although domain names are easy for people to remember, computers or machines access websites based on IP addresses. So, when you type in a web address, e.g., www.google.com, your Internet Service Provider (ISP) views the DNS associated with the domain name, translates it into a machine friendly IP address (let’s say 74.125.224.72 ) and directs your internet connection to the correct website.

Threats in the Cyber world

The threats countered by cyber-security are mainly three-fold:

1. Cybercrime comprises of a person or groups targeting systems for monetary gain or to cause disruption.
2. Cyber-attack often involves politically roused data gathering.
3. Cyberterrorism is intended to sabotage electronic frameworks to cause panic or fear.

So, how do malicious attackers oversee computer systems? Here are some common strategies used to undermine cyber-security:

Malware

Malware basically means malicious software. It is one of the most common cyber threats that a hacker has created to disrupt or damage a legitimate user’s computer. Often spread by means of an unsolicited email attachment or authentic-looking download, malware might be utilized by cybercriminals to make money or in politically motivated cyber-attacks.

There are several types of malware. Some of the critical ones are:

· Virus: A self-replicating program that attaches itself to clean file and spreads all through a computer framework, contaminating files with malicious code.

· Trojans: A type of malware that is disguised as real software. Cybercriminals trick clients into transferring Trojans onto their computer where they cause harm or collect information.

· Spyware: A program that secretly records what a user does, so that cybercriminals can utilize their data. For instance, spyware could collect credit card details.

· Ransomware: Malware which locks down a user’s records and information, with the threat of erasing it unless a ransom receives monetary benefits.

· Botnets: Networks of malware infected PCs which the cyber-attackers use to perform tasks online without the permission of the user.

Phishing

Phishing is when cybercriminals target victims with mails that seem to be from a legitimate company asking for sensitive data. Phishing attacks are frequently used to trick people into handing over credit card data and other personal details.

SQL injection

A SQL (structured language query) injection is a type of cyber-attack used to take control of and steal data from a database. Cybercriminals exploit vulnerabilities in data-driven applications to insert malicious code into a databased via a malicious SQL statement. This gives them access to the sensitive information contained in the database.

Man-in-the-middle attack

A man-in-the-middle attack is a type of cyber threat where a cybercriminal intercepts communication between two individuals in order to steal information. For example, on an unsecure WiFi network, the cyber attacker could intercept data being passed from the victim’s device to the network.

Denial-of-service attack

A denial-of-service attack is where cybercriminals prevent a computer system from fulfilling legitimate requests by overwhelming the networks and servers with traffic. This renders the system unusable, preventing an organization from carrying out vital functions

Why is Cyber Security Important?

Cyber security is important in light of the fact that administration, military, corporate, financial, and medical organizations gather, process, and store unprecedented amounts of information on computers and other devices. A critical portion of that data can be sensitive information, regardless of whether that be intellectual property, financial information, personal information, or other sorts of data for which unauthorized access or exposure could have adverse effects. Organizations transfer critical data across several networks while doing businesses, and cyber security describes the discipline dedicated to safeguarding that data and the systems used to store it. As the extent of cyber-attacks grow, organizations, specifically those that are allotted the task of safeguarding information relating to national security, health, or financial records, need to take necessary steps to protect their sensitive business and personal information. In March 2013, the nation’s top intelligence officials alerted that cyber-attacks and digital spying are among the top threats to national security, shrouding even terrorism.

Cyber-Physical System (CPS):

A cyber-physical system (CPS) basically implies a blend of computer-aided software segments with mechanical and electronic parts, which can be accessed through a data foundation like server centers where the Internet generally communicates. It is a mechanism intended to be controlled or monitored by PC based algorithms. In CPS, hardware and software components operate on different spatial and temporal scales. Moreover, it is characterized by its high level of intricacy. The hypothetical basis of CPS emerges from the networking of installed systems via wired or wireless communication networks.

Functions of CPS:

· Automatically control and monitor different types of industrial, scientific and business measures.

· Operate as a large-scale system and distribute tasks and roles.

· Require inter-disciplinary systems that are highly dependent on each other.

· Improvise their performance eventually.

· Can self-adapt and change in progressively with real-time scenario.

· Need for powerful decision systems.

Use cases of CPS:

Some examples of CPS include automobile frameworks, clinical monitoring, measure control systems, robotics systems, automatic pilot flying, traffic logistics system and many more. Many instances of CPS surround us in our daily lives. At homes, we have vacuum cleaner, smart lighting systems, smart heating, ventilation, and air-conditioning systems. For transportation purpose we have cars, airplanes, motorized scooters, and electric bicycles. Existing systems like these represent the areas where we can expect to see huge advancement and improvement in future. For instance, while cars have been around for almost 300 years, several new features get added consequently and are now available in vehicle product lines.

Clinical solutions include pacemakers, insulin pumps, personal assistance robots, and smart prosthetics. A large number of these technologies did not even exist until recently and have the potential both to save lives and to significantly improve prosperity and well-being. Wearable fitness and health-monitoring systems guarantee to have a highly positive impact on users, regardless of whether they are healthy or have a physical or an intellectual incapacity. Health monitoring systems are just one illustration of the entire space of sensor networks, which incorporate those made of tiny sensors used to observe large land, marine, or aerial space.

Challenges in Cyber-Physical Systems:

Below are the challenges and risks involved in CPS related to Industry 4.0:

· Information protection and data security

· Lack of benefit quantification

· Absence of prioritization by top administration

· Industrial broadband structure

· Industrial espionage/sabotage

· Production blackouts due to non-accessibility of data

So, this was something that all of us must be aware of. Now that almost the entire world is indulged in some or the other cyber activities be it social networking, education, gaming or general surfing, it is highly necessary for us to stay alert and get shielded against the above mentioned threats and attacks. Hope that the article was helpful and informative! Thanks for reading.