Guest Editor's Introduction • Kevin Rudd • June 2011
"Cyber" is all the rage today. Many topics fall under the “cyber-” umbrella: cyberspace, cybersociety, cyberculture, cybersecurity, cyberpunk, cyberterrorism, cyberinfrastructure, cyberart, cyberwar, cyberdefense, cyberoffense, cyberattack, cyberexploitation, cybercrime, and many more. From the perspective of the IEEE Computer Society, one of the most interesting (and challenging) of these is cybersecurity. This month in Computing Now, we explore a few cybersecurity-related topics including policy, education, attacks, infrastructure, trust, and architecture.
Although a couple of years old, "Lifting the Veil on Cyber Offense" (based on a related report from the National Research Council) raises interesting issues on offensive use of cyberattack capabilities on an adversary including some of the legal, ethical, technical, and operational aspects of such an attack. It includes some of the detailed findings from the report as well as some of its recommendations.
Just as we have a need for students to pursue education in science, technology, engineering, and mathematics (STEM), we have a need for students to pursue education in cybersecurity as well. "The CyberPatriot National High School Cyber Defense Competition" introduces a contest that challenges high school students to secure a network and protect it against a simulated attack. Developing skills in cyberdefense benefits everyone from governments and large multinational corporations down to small businesses and individuals, and these contests are one way to seed the pipeline to that end.
The best way to learn is through experience; the best way to gain experience is to learn from others' mistakes. "Anatomy of an Intrusion" and "Analysis of a Botnet Takeover" describe two attack experiences — one, a network intrusion, and the other, a study of a network of infected machines. Both offer lessons learned without having to experience the learning process directly.
Almost everyone is aware of the Internet, which connects computers together around the world. But few are aware other infrastructures — in this case the power grid — are also interconnected. Whether it's reading your power meter remotely or controlling the generation and distribution of power across regions, it's critical that these systems operate safely and securely. "Smart-Grid Security Issues" describes the smart grid and some of the security issues associated with it.
Part of using a computer is trusting that it will do the right thing. But what if it doesn't? How do you know? The Trojan horse goes way back as a way of compromising a hardened target. Software trojans compromise software systems in a manner similar to their historical/literary counterpart; hardware trojans compromise hardware in ways that can be much harder to detect or to avoid. "Trustworthy Hardware: Identifying and Classifying Hardware Trojans" describes the various dimensions across which hardware trojans can be classified and provides a broad view into the problem. (The September 2010 issue of Computing Now covered related topics; login is required to access the full text of the articles.)
Cyberdefense can be done in many ways, but using hybrid hardware–software solutions combines both performance and flexibility. "An Architectural Approach to Preventing Code Injection Attacks" demonstrates a software-only technique (no hardware modifications required) that uses memory protection and management features that already exist in modern processors to protect against inadvertently executing injected malicious code.
These articles should give you some useful background in a range of cybersecurity topics. You can follow the references and citations to find other related articles, and see the Related Links page as well. Note that other IEEE societies and other organizations will have different coverage of various "cyber-" topics, so there are many rewards for exploration.
IEEE Micro's editorial board. Contact him at rudd at usna dot edu.Kevin Rudd is an assistant professor at the United States Naval Academy and a member of