Module 4: Security and Real-World Application

1. Evaluation of Encryption Strength

Overview of Encryption Algorithms Encryption is the process of converting plaintext into ciphertext to
protect data from unauthorized access. Common encryption algorithms include:

 RSA (Rivest-Shamir-Adleman): A widely-used asymmetric encryption algorithm that relies on the

difficulty of factoring large prime numbers.

 AES (Advanced Encryption Standard): A symmetric encryption standard known for its efficiency
and robustness, supporting key sizes of 128, 192, and 256 bits.

 ECC (Elliptic Curve Cryptography): An asymmetric encryption technique that provides high
security with shorter key sizes, making it suitable for devices with limited computational power.

Criteria for Evaluating Encryption Strength Encryption strength is determined by several factors:

 Key Size: The length of the key used in the encryption process; larger keys generally provide
greater security.

 Computational Power: The amount of resources required to break the encryption through brute
force attacks.

 Algorithm Design: The structural soundness of the encryption algorithm and its resistance to
known attacks.

Brute Force Attacks A brute force attack involves systematically trying all possible keys until the correct
one is found. The strength of encryption is measured by how computationally impractical it is to break
using brute force.

Symmetric vs. Asymmetric Encryption

 Symmetric Encryption: Uses the same key for encryption and decryption. Faster and more
efficient but requires secure key exchange.

 Asymmetric Encryption: Uses a pair of keys (public and private). Provides stronger security for
data transmission but is slower due to complex mathematical operations.
2. Vulnerabilities and Countermeasures Against Threat Actors

Overview of Common Threat Actors

 Hackers: Individuals who exploit system vulnerabilities for various motives, ranging from
curiosity to financial gain.

 Insiders: Employees or authorized users who intentionally or unintentionally compromise system

security.

 Hacktivists: Individuals or groups that attack systems to promote political or social agendas.

 Cybercriminals: Individuals or groups that exploit systems for financial gain through activities like
phishing, ransomware, and malware distribution.

 State-Sponsored Actors: Government-backed groups that target systems for espionage,

disruption, or sabotage.

Typical Vulnerabilities

 Phishing: Fraudulent attempts to obtain sensitive information through deception.

 Malware: Malicious software designed to damage or gain unauthorized access to systems.

 Ransomware: Malware that encrypts data and demands payment for its release.

 Zero-Day Exploits: Exploits targeting previously unknown vulnerabilities before patches are
developed.

 Social Engineering: Manipulating individuals into divulging confidential information.

Countermeasures

 Network Security: Implementing firewalls, VPNs, and intrusion detection systems.

 Multi-Factor Authentication (MFA): Using multiple verification methods to enhance security.

 Data Encryption: Ensuring data remains protected even if intercepted by attackers.

 Cybersecurity Policies: Establishing guidelines for data protection, employee training, and
incident response.

Case Studies

 Examples of real-world attacks, their impacts, and how effective countermeasures were
employed.
Case Studies: Real-World Attacks, Their Impacts, and Effective Countermeasures

a. WannaCry Ransomware Attack (2017)

 Overview: A global ransomware attack that exploited a vulnerability in Windows systems

(EternalBlue).

 Impact: Affected over 230,000 computers across 150 countries, disrupting businesses,
healthcare systems (particularly the UK’s NHS), and various other industries.

 Countermeasures: Timely patching of systems, improved backup protocols, network

segmentation, and the kill-switch discovery by Marcus Hutchins, which slowed the spread of the
attack.

b. Target Data Breach (2013)

 Overview: A sophisticated attack that exploited a third-party vendor’s credentials to gain access
to Target’s network, installing malware on the POS (Point of Sale) systems.

 Impact: Compromised 40 million credit and debit card accounts and personal information of
approximately 70 million individuals.

 Countermeasures: Enhanced monitoring and segmentation of networks, increased focus on

vendor management, implementation of chip-based cards (EMV), and improvements in incident
response capabilities.

c. Stuxnet (2010)

 Overview: A highly sophisticated worm developed to sabotage Iran’s nuclear program by

targeting industrial control systems (SCADA).

 Impact: Destroyed approximately one-fifth of Iran’s nuclear centrifuges by causing them to spin
out of control, while providing false feedback to operators.

 Countermeasures: Increased awareness of supply chain security, enhanced ICS security

protocols, better network isolation, and improved monitoring of critical infrastructure systems.

d. SolarWinds Supply Chain Attack (2020)

 Overview: A nation-state-backed attack targeting SolarWinds’ Orion software, impacting several

U.S. federal agencies and large corporations.

 Impact: Compromise of sensitive data, extensive espionage efforts, and significant costs in
remediation and investigation.

 Countermeasures: Enhanced supply chain security practices, implementation of Zero Trust

architectures, continuous monitoring, and third-party risk assessments.
e. Equifax Data Breach (2017)

 Overview: Exploitation of a vulnerability in the Apache Struts framework used by Equifax’s

online dispute portal.

 Impact: Exposure of personal information of approximately 147 million individuals, leading to

widespread identity theft concerns.

 Countermeasures: Improved patch management processes, stronger encryption practices, and

improved identity and access management (IAM) protocols.

f. Colonial Pipeline Ransomware Attack (2021)

 Overview: Ransomware attack launched by the DarkSide group targeting Colonial Pipeline’s IT
systems, resulting in a shutdown of fuel distribution across the U.S. East Coast.

 Impact: Caused fuel shortages, economic disruptions, and a ransom payment of $4.4 million
(though a portion was later recovered).

 Countermeasures: Enhanced segmentation between IT and OT networks, improved incident

response planning, and increased collaboration with federal agencies.

Important:

 The importance of timely patching and vulnerability management.

 The need for better segmentation of networks and access control.

 The growing significance of supply chain security.

 Improved incident response and preparedness are crucial for mitigating damages.

 Collaboration between private entities and government agencies can significantly enhance
defense capabilities.
3. Data Privacy Act of 2012 and Cybercrime Law

Data Privacy Act of 2012

 Scope: The Data Privacy Act of 2012 (Republic Act No. 10173) was enacted to protect all forms of
information, whether private, personal, or sensitive. It applies to all individuals and organizations
that process personal data within the Philippines and those involved in processing personal data
of Filipino citizens.

 Principles: The law is built on fundamental principles of transparency, legitimate purpose, and
proportionality.

 Data Subject Rights: The law grants individuals the right to be informed, access, rectify, and
object to data processing. They also have the right to data portability, restriction, and erasure.

Cybercrime Prevention Act of 2012

 Coverage: The Cybercrime Prevention Act of 2012 (Republic Act No. 10175) addresses various
cybercrimes such as hacking, illegal access, identity theft, cyber-squatting, child pornography,
libel, and other online offenses.

 Legal Implications: Defines penalties for different types of cybercrimes, establishes procedures
for investigation and prosecution, and provides measures for law enforcement agencies to
address cybercrimes.

Importance of These Laws in Enhancing Cybersecurity

 These laws provide legal frameworks to safeguard personal data and combat cybercrime.

 Encourage organizations to adopt best practices in data protection and cybersecurity to ensure
compliance.

 Serve as deterrents to would-be cybercriminals through defined penalties and legal

consequences.

Challenges and Limitations

 Difficulty in enforcing laws across borders due to jurisdictional challenges.

 Balancing privacy rights with national security and public safety requirements.

 Adapting to rapidly evolving cyber threats that may not yet be covered by existing laws.
Comparison with International Standards and Regulations (e.g., GDPR)

 The GDPR (General Data Protection Regulation) of the European Union provides a more
comprehensive framework for data protection, including stricter requirements for data
processing, security, and breach notification.

 While both the Data Privacy Act and GDPR focus on data protection, the GDPR places more
emphasis on consent, data minimization, and accountability.

 The Cybercrime Prevention Act of 2012, while focused on cybercrimes, may lack some of the
broader privacy protections found in GDPR.