Cyber Defense Methods
We are helping the world by protecting technology, banks, secrets, and information from malicious people. Therefore, I am researching what type of defense methods cybersecurity workers use as their techniques and strategies.
In the article “Cyber Defense Triad for Where Security Matters.” The article discusses approaches to cybersecurity and the lack of a trustworthy system to protect the security of networked computer simultaneously in mandatory access control policy, protection against subversion, and verifiability. Topics include the U.S. spending on information security. It also talks about the requirements of a trustworthy operating system to build security for cyber systems, and the cost and time required to build and evaluate a high-assurance security kernel. It says that “The security problem will remain as long as manufacturers remain committed to current system architectures, produced without a firm requirement for security.” This is interesting because to me it says that there will always be a need for cybersecurity workers. It also talks about types of attacks, like malware, which I find interesting, It says, “Even worse, a witted adversary has numerous opportunities to subvert or sabotage a computer’s protection software itself to introduce insidious new flaws.“ Malware is used in most attacks here; “ This is an example of “malware,” a preferred attack for many of the most serious breaches.”
Security and Cyber-Espionage
The next article I read was “The myths and facts behind cybersecurity risks for industrial control systems.” The article talks about how cybersecurity first started. It shows what is real and fake about threats when dealing with cybersecurity. While talking about cybersecurity, the article asks the question “How are they getting in?” It says that not only can they get in via internet but they can use database records and viruses in programs. The statement, “cyber attack need to be considered in the design of not just the control systems”, is interesting to me because it talks about cybersecurity. In the article it states “Furthermore, most organizations are highly reluctant to report security incidents as they are viewed as potential embarrassments.” It also says, “ In fact, many organizations have denied that there even is a risk to industrial systems from cyber attack.” To me, this is saying that companies are afraid of saying they are having security problems because it will not only be embarrassing but can also scare off customers. For example, if I was a big bank with a lot of people who were supporting the bank, releasing to the public that we have security issues will make people feel like their money is not safe and will want to close their bank accounts. This is an excellent example of why cybersecurity is very important for normal people and companies. The hacking community is increasing. Therefore, the situation is likely to get worse.
In the article “Cybersecurity in the Smart Grid: Survey and challenges”, the article talks about how The Smart Grid is considered a revolutionary and evolutionary regime of existing power grids. The Smart Grid is expected to greatly enhance efficiency and reliability of future power systems with renewable energy resources. The article states “Along with the salient features of the Smart Grid, cyber security emerges to be a critical issue because millions of electronic devices are interconnected via communication networks throughout critical power facilities, which has an immediate impact on the reliability of such a widespread infrastructure” which to me shows why it is important to have cyber security banks, websites, and company computers. To me, this says that if the smart grid were to be hacked all the devices interconnected with it can also be hacked along with it.
In the article, “Exclusive: Operation Shady RAT—Unprecedented cyber-espionage campaign and intellectual-property bonanza”, it talks about a high-level hacking campaign called Shady Rat. It says that Shady Rat has hacked computers in 14 different countries, affecting around 70 people from governments, nonprofits, and other organizations. Shady RAT has been stealing valuable property including government secrets, e-mail archives, legal contracts, and other things from more than 70 public and private-sector organizations. The article states that “for at least five years, a high-level hacking campaign, named Operation Shady rat, has infiltrated the computer systems of national governments.” The reason why this is so interesting is that it shows how important security is. It also says that “operation Shady RAT has been stealing valuable intellectual property (including government secrets, e-mail archives, legal contracts, negotiation plans for business activities, and design schematics) from more than 70 public- and private-sector organizations in 14 countries.” this is a major problem because our government’s secrets and personal info can be released or viewed by hackers anytime, which can be used for ransom. It has been going on for more than five years, and it still has not been stopped. This article explains about cybersecurity by show what high-level hackers are searching for or the reason they are hacking things like the government’s e-mail archives. This may also show what you should protect more online.
Cyber Attacks Modelling
In the article, “Modeling multistep cyber attacks for scenario recognition”, it talks about making a replica of a cyber attack. This article also describes what sets off security alarms, like intrusion detection sensors, integrity checkers, and firewalls. Integrity checks are a sensor that will go off if something is moved or changed without administration access or an unscheduled trigger. The article states that “developing attack models for multi-step attack scenarios could be quite time-consuming.” This shows that even though developing attack models take a lot of time, they still do it because safety is very important. It also says, “Our discussion of attacks and attack steps is guided by the following key definitions” which shows the way they set up an attack model and the steps it takes to make. Additionally, it states “An attack modeling language must be able to express the knowledge compiled in the modeling tasks described above” meaning a test attack must be able to do and explain the steps like identify logical attack methods that a normal attack would use.
For my interview, I interviewed someone named Jonathan V. I interview Johnathan by phone. I asked him a set of 10 questions. First I asked him to describe his responsibilities he told me that he is responsible for the network and computer security. He is also responsible for troubleshooting and installing programs. I asked him other questions, like his educational background and the degree it takes to be a security systems engineer. He told me that he attended the University of Maryland, he also said that his job requires a Bachelor’s but some jobs accept Masters. One of the questions I made for him was “Do you ever think that you wish you could have done something other than cybersecurity?” in which he replied “ No, I was always into technology growing up. If not cybersecurity I probably would have chosen something with computers anyway. ” I asked him how many years he attended college, and he told me five years, but you only need to go for 4. I asked him other things like how long has he been employed at his workplace and he told me he has only been there for around a year. I asked him to Describe a problem, issue or need he has observed in this industry. He told me that sometimes communication could be an issue when something doesn’t go the right way. If something bad happens, we need fast responses so everyone can understand what’s happening.I also asked what are some challenges you have when working with cybersecurity and he told me that some people try to hack him or mess with them just for fun or to cause mayhem.
This interview helped me understand more about cybersecurity workers and the problems and challenges they face as well as the things it takes to become one. He told me a little about everything like the responsibilities and the things you can expect being cyber security worker. Reading my articles also showed me how important cybersecurity could be as well as how an attack can be conducted in many ways with and without internet. Therefore I believe that cybersecurity workers are helping out the world around them physically and digitally, by giving everyone protection over their digital valuables and other important items.
Education and Programming
After reading the essays I came to the conclusion that I wanted to make my topic about an anti-virus. I wanted to make a real program that will actually work, can be downloaded and used, and will protect the computers from viruses and other malicious attacks. First, I researched what a normal anti-virus has and what it doesn’t have so that I could add to it or improve the already thought of features. I had my own ideas to add to the program which would make it unique. I decided to code my program in a application called”Visual Studios” which is a program made by Microsoft for the development of other programs. I mainly researched old viruses and how they operated to understand how to prevent against them. A well known virus that I researched is known as “WannaCry-Ransomware”. The virus spreads to computers and demands money or else it will delete all important files. Due to me having a computer and having a passion for technology, researching how to prevent my technology from slowing down, being broken, or locked, was very common. I also live in a household with people who don’t know how to fix their own technology and are constantly asking me for help.
I knew there are many different ways computers can be attacked and I wanted to cover all bases. That is why I also researched how in person attacks work and thought of how I could fight off the attacks. I figured that I could make the computer detect such attacks by checking the typing words per minutes. I also made the program be able to disable certain programs that could be considered too powerful. After I figured out how I wanted my anti-virus, I started sorting out the features from most to least important. Once I figured out what was most important, I started making the program and only thinking about my end goal. When I started, the visual aspect wasn’t on my mind as much as functionality. My first build only had one feature and it looked visually ugly. I was still happy it worked as intended and then started to add more features and changed the design completely. My most recent build looks extremely good and very professional.
I started to take a log on each program build. I also started taking videos and pictures of the program itself. I wanted to implement a license-key system and upon researching how to do so, I found that I would need to use a web host to keep the information of what codes work and what codes have been used. I used a website I had previously created as a web host. Once I set up the license-key system, it took little to no time to test on other machines. I had an issue where you could use the same key more than once, but it was an easy fix. Programming overall was not a hard task but from time to time my mind did drift and I took breaks. I personally believe that this can be a good solution to my engineering problem. Not only does it protect computers for big companies and even personal uses, but it is also unique by having features that other antivirus softwares don’t offer. I hope to one day get my program patent and possibly start my own company.
My future plans with the program consist of adding additional features as well as upgrading the old ones, changing how the program looks to be visually stunning to the customers and competition, and gathering customer suggestions. Once I gather suggestions and understand the every-day customer’s needs, I will be able to make a fully-function program that can be marketed and sold to anyone. Once I believe the program is worth real money, I will try to start my own cooperation or partner up with a company and hopefully work my way through the ranks. I hope to be the “new face” of protection when it comes to cyber security and become a well known anti virus provider such as Norton, Avast, and even Malwarebytes.
Conclusion
This project has taught me about time management, professionalism, and other important skills. I have also gained knowledge from the articles I chose in my project and have learned about many things such as pen testing and attack defense. I know there is still a lot to learn, and a long way to go but I believe I can be successful if I put an effort into it. I was inspired to make my own program by many friends who have done so themselves. I hope to impress anyone who I present my project to as well as use it in my future life and career.
