Parts-Syllabus
Part B
EM201 Advanced Navigation and Maritime Cyber Security
Cyber Security
Cyber Security Introduction
Cyber Security:Definitions, general, security overview, digital security,

Cyber Security:Definitions, general, security overview, digital security,

Of course. Here is a comprehensive overview of cybersecurity, breaking down the key definitions, general concepts, and the idea of digital security.

1. Definitions: What is Cyber Security?

At its core, Cyber Security (also spelled cybersecurity) is the practice of protecting systems, networks, and programs from digital attacks. These attacks are usually aimed at accessing, changing, or destroying sensitive information; extorting money from users; or interrupting normal business processes.

Think of it as the digital equivalent of real-world security. You have locks on your doors (passwords, firewalls), security cameras (monitoring), and security guards (incident response teams) to protect your assets (data).

The C.I.A. Triad: The Foundation of Security

Most security practices are built around preserving three core principles, known as the CIA Triad:

  1. Confidentiality: Ensuring that data is accessible only to authorized users. It’s about keeping secrets secret.

    • Example: Your bank account information should only be visible to you and authorized bank employees. Encryption is a key tool for ensuring confidentiality.

  2. Integrity: Ensuring that data is accurate, trustworthy, and has not been tampered with or modified by an unauthorized person.

    • Example: The balance in your bank account should not be alterable by a hacker. If you send $100, the recipient should receive exactly $100, not $1 or $1,000.

  3. Availability: Ensuring that systems and data are accessible and usable when an authorized user needs them.

    • Example: A company’s website should be online and available for customers to use. A denial-of-service attack is an attack on availability.

2. General Security Overview

This section covers the “who, what, and why” of cybersecurity.

Why is Cyber Security so Important?

  • Data Protection: We live in a data-driven world. Personal information (names, addresses, social security numbers), financial data, intellectual property, and medical records are all stored digitally.
  • Critical Infrastructure: Modern society relies on interconnected systems. Power grids, water treatment facilities, traffic control systems, and hospitals are all connected to networks and vulnerable to attack. A successful attack could have devastating real-world consequences.
  • National Security: Nations engage in cyber-espionage to steal state secrets and in cyber-warfare to disrupt a rival’s infrastructure.
  • Economic Stability: Businesses can lose billions from theft, fraud, and reputational damage. A major breach can put a company out of business.

Who are the Attackers? (Threat Actors)

  1. Cybercriminals: These are individuals or organized groups motivated by financial gain. They use ransomware, steal credit card data, and commit fraud.
  2. Nation-States (State-Sponsored Actors): These are funded by governments to conduct espionage, steal intellectual property, or disrupt the critical infrastructure of other nations. They are typically highly skilled and well-resourced.
  3. Hacktivists: These attackers are motivated by a political or social cause. They often deface websites or launch denial-of-service attacks to spread their message. (e.g., Anonymous).
  4. Insider Threats: These are current or former employees, contractors, or partners who have legitimate access to systems but abuse it, either maliciously (out of revenge) or accidentally (by making a mistake).

What are the Common Types of Attacks?

  • Malware (Malicious Software): A broad category of software designed to cause harm.
    • Viruses: Attach themselves to clean files and spread to other files.
    • Ransomware: Encrypts your files and demands a ransom payment for the decryption key. This is one of the most damaging threats to businesses and individuals today.
    • Spyware: Secretly records your actions, such as keystrokes or browsing habits.
  • Phishing: The practice of sending fraudulent emails or messages that appear to be from a legitimate source. The goal is to trick the victim into revealing sensitive information (like passwords or credit card numbers) or to deploy malware.
  • Denial-of-Service (DoS) / Distributed Denial-of-Service (DDoS) Attack: An attempt to make a machine or network resource unavailable to its intended users. In a DDoS attack, the attacker uses thousands of compromised computers (a “botnet”) to flood a target (like a website) with traffic, overwhelming it and knocking it offline.
  • Man-in-the-Middle (MitM) Attack: An attacker secretly intercepts and relays communication between two parties who believe they are communicating directly. This is a common risk on public Wi-Fi networks.
  • Zero-Day Exploit: An attack that targets a previously unknown vulnerability in software or hardware. Because developers don’t know about it, there is “zero days” to create a patch, making these exploits highly dangerous.

3. Digital Security: The Personal Side of Cyber Security

Digital Security is often used interchangeably with cybersecurity, but it typically emphasizes the individual’s role and the protection of personal digital assets and identity. It’s cybersecurity applied to your life.

It’s about the tools and best practices you can use to protect your identity, data, and devices.

Key Digital Security Practices for Everyone:

  1. Use Strong, Unique Passwords:

    • Don’t reuse passwords across different sites. If one site is breached, all your accounts are at risk.
    • Use a password manager to generate and store complex passwords securely.

  2. Enable Multi-Factor Authentication (MFA/2FA):

    • This is the single most effective thing you can do to secure your accounts.
    • It requires a second piece of information (like a code from your phone) in addition to your password, making it much harder for an attacker to get in.

  3. Think Before You Click (Avoid Phishing):

    • Be suspicious of unsolicited emails, especially those creating a sense of urgency (“Your account will be suspended!”).
    • Check the sender’s email address and hover over links to see the actual destination URL before clicking.

  4. Keep Your Software Updated:

    • Software updates (for your OS, browser, and applications) often contain critical security patches for newly discovered vulnerabilities. Enable automatic updates whenever possible.

  5. Secure Your Home Wi-Fi Network:

    • Change the default administrator password on your router.
    • Use a strong encryption protocol (WPA2 or WPA3).

  6. Be Careful on Public Wi-Fi:

    • Avoid logging into sensitive accounts (like banking) on public networks.
    • Use a Virtual Private Network (VPN) to encrypt your internet traffic and protect your privacy.

  7. Back Up Your Data:

    • Regularly back up your important files to an external hard drive or a cloud service. This is your best defense against data loss from hardware failure or a ransomware attack.

Summary

  • Cyber Security is the broad, technical field of defending digital systems against attacks.
  • It’s built on the CIA Triad: Confidentiality, Integrity, and Availability.
  • The threat landscape is diverse, with motivations ranging from financial gain to political espionage.
  • Digital Security is the personal application of cybersecurity principles to protect your own data and identity.
  • Simple habits like using a password manager, enabling MFA, and being wary of phishing can dramatically improve your personal security.
Cyber Security: International Maritime Organization GuidelinesIndian Information Technology Act;