Cyber Threats Foresight Against Iran Based on Attack Vector
Subject Areas : General
mahdi
omrani
1
masoud
shafiee
2
siavash
khorsandi
3
Keywords: Foresight, cyber threats, attack Vector, cross-impact analysis, senario,
Abstract :
Cyber threats have been extraordinary increased in recent years. Cyber attackers, including government agencies or hackers, have made significant advances in the use of various tools for attacking target systems in some countries particularly on Islamic republic of Iran. The complexity of cyber threats and the devastating effects of them on critical systems highlights necessity of cyber threats Foresight. This research can prepare the country for countering cyber threats based on existing and potential attack Vectors. First of all, 18 major cyber threats drivers base on attack Vectors through reviewing resources and interviewing with seven experts were identified. We use cross-impact analysis Future studies method to indicate main drivers of future cyber threats such as social engineering, Denial of service, ransomwares, spoofing and fraud and non-state actors. Mic Mac software will be used for this step. Finally, future scenarios for cyber threats were identified by using scenario-based approach. Scenario Wizard software will be used. The results of the research include two strong scenarios and 18 possible scenarios, based on the strongest scenario, ransomware, spoofing, fraud, social engineering and Denial of service are the most likely cyber threats by non-state actors through in a limited level
[1] B.Dupont, “The Cyber Security Environment to2022:Trends, Drivers and Implications” ssrn Electron.j. jan.2012.
[2] Raford, Noah, Online foresight platforms:Evidence for their impact on scenario planning & strategic foresight, Technological Foresight & Social Change, In press, Available online, 2014.
[3] Lough, Daniel. “A Taxonomy of Computer Attacks with Applications to Wireless Networks,” PhD thesis, Virginia Polytechnic Institute and State University, 2001.
[4] Kjaerland, M., “A taxonomy and comparison of computer Security incidents from the commercial and government sectors”.Computers and Security, 25:522–538, October 2005.
[5] Hansman, S., Hunt R., “A taxonomy of network and computer attacks”. Computer attacks”.Computer and Security (2005).
[6] Mirkovic, J., and Reiher, P. “A Taxonomy of DDoS Attack and DDoS Defense Mechanisms. In ACM CCR ,April 2004.
[7] Howard, John D. and Longstaff, Computer Security Incidents,” Technical report, Sandia National Laboratories, 1998.
[8] C. Simmons, C. Ellis, S. Shiva, D. Dasgupta, and Q. Wu, AVOIDIT: A Cyber Attack Taxonomy, This work is supported by the Office of Naval Research ,2014.
[9] https://cve.mitre.org
[10] https://nvd.nist.gov
[11] R. Koch1, M. Golling1 , G. Rodosek, A Revised Attack Taxonomy for a New Generation of Smart Attacks,2014.
[12] Rp-Mcaffee-Quarterly-Threats-Mar-2017
[13] ENISA Threat Landscape Report 2017 15 Top Cyber-Threats and Trends. 2018
[14] Reference Incident Classification Taxonomy ,Task Force Status and Way Forward , 2018
[15] Asan, seyda serdar, Umut asan, Qualitative cross-impact analysis with time consideration, Technological forecasting and social change, vol74, 2007.
[16] Godet, Michel, Creating Futures: Scenario Planning as a Strategic Management Tool, France, Economica publish,2006.