{"title":"一个u盘破坏了核项目吗?纵深防御(DiD)教学案例","authors":"P. Datta, Thomas Acton","doi":"10.1177/20438869231200284","DOIUrl":null,"url":null,"abstract":"Defense in Depth (DiD) has become an industry buzzword. But practicing DiD is easier said than done. While cybersecurity researchers have predominantly focused on securing corporate networks, there remains a serious gap in endpoint-threat awareness. Yet endpoint threats were the progenitor of 68% of breaches and hacks in 2019 (Computers Nationwide, 2022), a vulnerability that increased during the COVID-19 lockdown with relaxed BYOD (Bring Your Own Device) policies, more IoTs, and cheaper and larger USB flash drives. This teaching case uses the 2009 Stuxnet attack on Iran’s nuclear facilities to exemplify how a single USB drive was used as an endpoint threat to disrupt a nuclear infrastructure, drawing attention to the need for and how to practice DiD to counter towering complexities ushered in burgeoning endpoints cyberattacks, from hacks to ransomware. The case shows the need for DiD to simultaneously pay heed toward physical, technical, and processual (administrative) measures to prevent, defend, and mitigate cyberattacks, from hacks to ransomware. The case and its teaching notes highlight the opportunities and challenges of practicing DiD for endpoints, from flash drives to IoTs.","PeriodicalId":37921,"journal":{"name":"Journal of Information Technology Teaching Cases","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2023-09-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Did a USB drive disrupt a nuclear program? A Defense in Depth (DiD) teaching case\",\"authors\":\"P. Datta, Thomas Acton\",\"doi\":\"10.1177/20438869231200284\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Defense in Depth (DiD) has become an industry buzzword. But practicing DiD is easier said than done. While cybersecurity researchers have predominantly focused on securing corporate networks, there remains a serious gap in endpoint-threat awareness. Yet endpoint threats were the progenitor of 68% of breaches and hacks in 2019 (Computers Nationwide, 2022), a vulnerability that increased during the COVID-19 lockdown with relaxed BYOD (Bring Your Own Device) policies, more IoTs, and cheaper and larger USB flash drives. This teaching case uses the 2009 Stuxnet attack on Iran’s nuclear facilities to exemplify how a single USB drive was used as an endpoint threat to disrupt a nuclear infrastructure, drawing attention to the need for and how to practice DiD to counter towering complexities ushered in burgeoning endpoints cyberattacks, from hacks to ransomware. The case shows the need for DiD to simultaneously pay heed toward physical, technical, and processual (administrative) measures to prevent, defend, and mitigate cyberattacks, from hacks to ransomware. The case and its teaching notes highlight the opportunities and challenges of practicing DiD for endpoints, from flash drives to IoTs.\",\"PeriodicalId\":37921,\"journal\":{\"name\":\"Journal of Information Technology Teaching Cases\",\"volume\":null,\"pages\":null},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2023-09-05\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Journal of Information Technology Teaching Cases\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1177/20438869231200284\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q2\",\"JCRName\":\"Social Sciences\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Journal of Information Technology Teaching Cases","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1177/20438869231200284","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q2","JCRName":"Social Sciences","Score":null,"Total":0}
Did a USB drive disrupt a nuclear program? A Defense in Depth (DiD) teaching case
Defense in Depth (DiD) has become an industry buzzword. But practicing DiD is easier said than done. While cybersecurity researchers have predominantly focused on securing corporate networks, there remains a serious gap in endpoint-threat awareness. Yet endpoint threats were the progenitor of 68% of breaches and hacks in 2019 (Computers Nationwide, 2022), a vulnerability that increased during the COVID-19 lockdown with relaxed BYOD (Bring Your Own Device) policies, more IoTs, and cheaper and larger USB flash drives. This teaching case uses the 2009 Stuxnet attack on Iran’s nuclear facilities to exemplify how a single USB drive was used as an endpoint threat to disrupt a nuclear infrastructure, drawing attention to the need for and how to practice DiD to counter towering complexities ushered in burgeoning endpoints cyberattacks, from hacks to ransomware. The case shows the need for DiD to simultaneously pay heed toward physical, technical, and processual (administrative) measures to prevent, defend, and mitigate cyberattacks, from hacks to ransomware. The case and its teaching notes highlight the opportunities and challenges of practicing DiD for endpoints, from flash drives to IoTs.
期刊介绍:
The Journal of Information Technology Teaching Cases (JITTC) provides contemporary practical case materials for teaching topics in business and government about uses and effectiveness of technology, the organisation and management of information systems and the impacts and consequences of information technology. JITTC is designed to assist academics, scholars, and teachers in universities and other institutions of executive education, as well as instructors of organizational training courses. Case topics include but are not restricted to: alignment with the organization, innovative uses of technology, emerging technologies, the management of IT, including strategy, business models, change, infrastructure, organization, human resources, sourcing, system development and implementation, communications, technology developments, technology impacts and outcomes, technology futures, national policies and standards.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
