Computer security
Computer security sits at the center of nearly every decision made by governments, hospitals, banks, and ordinary people with a smartphone. On the 2nd of November 1988, a 23-year-old Cornell University graduate student named Robert Tappan Morris released a program onto a network of roughly 60,000 machines. He said he only wanted to count how many computers were connected to the Internet. What he got instead was the first internet computer worm, a self-replicating piece of code that ground mainframes and workstations to a halt. That single event posed questions that societies are still wrestling with: Who is responsible when a system fails? How do you catch an attacker who hides behind proxy servers in a dozen countries? And what does it actually mean to keep a computer secure? The answers, it turns out, involve everything from metal door locks and USB dongles to international law, corporate culture, and the way ordinary employees think about their own passwords.
In April 2023, the United Kingdom Department for Science, Innovation and Technology surveyed more than four thousand organizations across business, charity, and education. The results were stark: 32% of businesses and 24% of charities recalled a breach or attack in the previous year. For large businesses the figure climbed to 69%. Those numbers capture only what organizations could remember and were willing to report. The actual landscape is far wider.
Attackers use a taxonomy of methods that ranges from brute-force blunt instruments to surgical social manipulation. A backdoor is any hidden method of bypassing authentication, sometimes placed by the original designers and sometimes installed later by criminals through malware. Once a backdoor is open, cybercriminals can modify files, steal personal information, install unwanted software, and even take control of the entire computer. Backdoors are especially hard to find because they often live inside source code or firmware, invisible without intimate knowledge of the operating system.
Denial-of-service attacks take a completely different approach: rather than sneaking in, the attacker simply drowns a target in traffic until legitimate users cannot reach it. Distributed versions, called DDoS attacks, draw on botnets, networks of compromised machines that can generate traffic far beyond what any single attacker could produce. A variant called distributed reflective denial-of-service fools innocent systems into sending traffic toward the victim, letting attackers amplify their effect while using very little bandwidth themselves.
Phishing occupies a category of its own. By sending a convincing fake email, text, or phone call, attackers trick users into handing over usernames, passwords, and credit card details without ever touching the target machine's defenses. A more focused variant, spear-phishing, uses personal or organization-specific details to make the attacker appear like a trusted source. In early 2016, the FBI reported that business email compromise scams, in which attackers impersonate executives to trick finance staff, had cost US businesses more than $2 billion in approximately two years. In May 2016, the Milwaukee Bucks NBA team fell victim to exactly this kind of attack when someone impersonating team president Peter Feigin convinced staff to hand over all employees' 2015 W-2 tax forms.
Malicious software, or malware, is defined as any code intentionally written to harm a computer system or its users. Under that umbrella lives a wide and evolving population of threat types, each with a distinct mode of attack.
Viruses are malicious code that hijacks software with the intention to do damage and spread copies of itself to other programs on a computer, but they depend on a human opening an infected file to activate. Worms have no such dependency. They are self-replicating and spread between programs, apps, and devices without any human interaction. The 2010 Stuxnet worm illustrated just how targeted a worm could become: it reportedly destroyed almost one-fifth of Iran's nuclear centrifuges by disrupting the industrial programmable logic controllers inside the facility, and it is generally believed to have been launched by Israel and the United States.
Trojan horses disguise themselves as legitimate or helpful software to trick users into installing them. Once inside, a Remote Access Trojan can create a secret backdoor on the affected device. Spyware gathers information silently and transmits it back to attackers; keyloggers, the most common form, record every keystroke to harvest usernames, passwords, and banking credentials.
Scareware weaponizes anxiety rather than code. A sudden pop-up with an urgent message, usually warning that the user has broken the law or that their device has a virus, pressures victims into buying or installing software they do not need. Ransomware goes further: it encrypts a victim's files and demands payment, usually in Bitcoin, to restore access. The June 2021 Colonial Pipeline attack brought ransomware into sharp public view when it took down the largest fuel pipeline in the United States and caused shortages across the East Coast.
Surfacing in 2017, multi-vector polymorphic attacks added another dimension of difficulty. These threats combine multiple attack channels simultaneously, spreading via the web, email, and applications, and they constantly change form, making it nearly impossible to detect them using signature-based defenses.
The Verizon Data Breach Investigations Report 2020, which examined 3,950 security breaches, found that 30% of cybersecurity incidents involved internal actors within a company. That figure points to a truth that many security engineers spend careers trying to engineer around: the end-user is widely recognized as the weakest link in the security chain, and it is estimated that more than 90% of security incidents and breaches involve some kind of human error.
Common mistakes include poor password management, sending sensitive data to the wrong email recipient, and an inability to recognize fake websites. A particularly telling habit is saving login credentials directly in a browser to ease access to banking sites, a convenience that becomes a gift to any attacker who gains physical or remote access to the machine.
Social engineering formalizes the art of exploiting human trust. Rather than attacking software, the attacker manipulates a person into disclosing passwords or granting physical access by impersonating a senior executive, a bank, a contractor, or a customer. The technique exploits cognitive biases as reliably as buffer overflows exploit code.
One countermeasure with a suggestive name is inoculation, derived from inoculation theory in psychology. The approach attempts to build resistance to manipulation by exposing people to weaker versions of persuasion attempts before the real attack arrives. Even in highly disciplined environments such as military organizations, social engineering attacks can still be difficult to foresee and prevent, which is why researchers argue that security awareness training at all levels reduces cyber risk for both individuals and organizations.
The concept of digital hygiene, a term perhaps coined as late as 2000 by Internet pioneer Vint Cerf, frames routine protective behaviors the way personal hygiene frames physical health. It has since been adopted by the United States Congress and Senate, the FBI, and EU institutions. The most common acts of digital hygiene include updating malware protection, maintaining cloud backups, managing passwords carefully, and keeping network firewalls in place.
Security by design treats protection not as a feature added after the fact but as a core requirement from the first line of code. The UK government's National Cyber Security Centre distills this philosophy into five principles: understand the system before building it, make attacking the data inherently difficult, protect core services so they are essentially never down, detect attacks as quickly as possible, and design so that any successful attack causes minimal harm.
At the technical level, several specific tools embody these principles. The principle of least privilege holds that each part of a system should have only the access it needs for its function, so a compromised component exposes only a narrow slice of the whole. Defense in depth requires that more than one subsystem be violated before an attacker can compromise overall integrity. Audit trails, especially when stored remotely in an append-only format, make it harder for intruders to erase evidence of their actions.
Firewalls remain the most common network-level prevention tool. They can be hardware or software, and in most UNIX-based operating systems such as Linux, firewall capabilities are built directly into the kernel, providing real-time filtering and blocking. Intrusion Detection Systems watch for network attacks in progress and assist with forensics after an incident. Some organizations are turning to big data platforms such as Apache Hadoop to extend machine learning into detection of advanced persistent threats.
Hardware-based protection adds a physical dimension that software alone cannot replicate. Trusted Platform Modules integrate cryptographic capabilities directly into a device via a microprocessor, authenticating hardware at the network level. Computer case intrusion detection uses a simple push-button switch to alert an operator if a machine's case has been opened since the last boot. The magazine Network World has identified infected USB dongles connected from inside a firewall as the most common hardware threat facing computer networks, which is why disabling unused USB ports is now a standard hardening step.
Role-based access control, used by the majority of enterprises with more than 500 employees, restricts system access to authorized users by assigning permissions to roles rather than individuals. Formal verification goes further still: operating systems such as seL4 and SYSGO's PikeOS have been mathematically certified for correctness, though they make up a very small percentage of the market.
Financial systems attract attackers for the most direct of reasons: money. Institutions like the US Securities and Exchange Commission, SWIFT, and commercial banks are prominent targets for criminals interested in manipulating markets. A UCLA Internet Report from 2000 found that more than nine out of ten internet users were somewhat or very concerned about credit card security. In response, Visa and MasterCard cooperated to develop the secure EMV chip now embedded in credit cards, and banks began issuing hand-held card readers for online transactions through the Chip Authentication Program.
Critical infrastructure poses a different order of risk. Stuxnet demonstrated that equipment controlled by computers not connected to the Internet can still be vulnerable, in that case through physical access to the facility. In 2014, the Computer Emergency Readiness Team, a division of the Department of Homeland Security, investigated 79 hacking incidents at energy companies alone. A successful attack on a distributed energy grid could cause loss of power across a large area for a prolonged period, consequences comparable to a natural disaster.
Aviation systems carry their own exposure. Radar surveillance over oceans extends only 175 to 225 miles offshore, and a simple power outage at one airport can cause repercussions worldwide. Adding physical security devices to aircraft could increase unloaded weight and reduce cargo or passenger capacity, a constraint that makes security trade-offs in aerospace unusually acute.
Government data has suffered some of the most consequential breaches on record. In April 2015, the Office of Personnel Management discovered it had been penetrated more than a year earlier. The stolen records totaled approximately 21.5 million personnel files, including Social Security numbers, dates and places of birth, addresses, and fingerprints of current and former government employees and anyone who had undergone a government background check. Federal officials described it as among the largest breaches of government data in US history, and it is believed the hack was perpetrated by Chinese hackers.
Medical devices have introduced a category of threat that did not exist a generation ago. Pacemakers and insulin pumps have had potentially deadly vulnerabilities demonstrated, and hospitals have been hit with ransomware, Windows XP exploits, and data breaches. On the 28th of December 2016, the US Food and Drug Administration released recommendations for how medical device manufacturers should maintain the security of Internet-connected devices, but without any enforcement structure attached.
Estimating the financial damage from security breaches is genuinely difficult because no standard model exists and organizations are not required to report losses. Consulting firm estimates for a single year in the early 2000s ranged from $13 billion for worm and virus damage alone to $226 billion when accounting for all forms of covert attack, and those figures were widely disputed as anecdotal. The Gordon-Loeb Model, an analytical framework for security investment, suggests that the amount a firm should spend protecting information is generally only a small fraction of the expected loss from a breach.
Attribution compounds every legal challenge. Attackers route traffic through proxies, temporary dial-up accounts, wireless connections, and anonymizing procedures across multiple jurisdictions. Successfully tracing an attack often requires collecting logs from many countries simultaneously, a process that can take years and may still dead-end when local laws provide no mechanism for prosecution. The result, as one observer put it, is that the Internet is as if someone had given free plane tickets to all the online criminals of the world.
Attacker motivations span a wide spectrum. Some are thrill-seekers or vandals. Hacktivists target organizations whose activities they oppose: security firm HBGary Federal suffered a serious series of attacks in 2011 from the hacktivist group Anonymous after the firm's CEO claimed to have infiltrated them. State-sponsored attackers are now well-resourced and common, though the field began with amateurs such as Markus Hess, who hacked for the KGB, a story later recounted by Clifford Stoll in The Cuckoo's Egg. The 2015 Ukraine power grid hack, which reportedly used spear-phishing, file destruction, and denial-of-service attacks in combination, illustrated how state-level actors can coordinate multiple attack types against critical infrastructure.
In a widely publicized 2015 test, hackers remotely took control of a vehicle from 10 miles away and drove it into a ditch, prompting Tesla in 2016 to push security fixes directly over the air into its cars' computer systems. In September 2016, the United States Department of Transportation announced initial safety standards for autonomous vehicles and called on states to develop uniform policies, a regulatory footprint still taking shape as connected cars carry sensors, WiFi, Bluetooth, and cell phone network access into every lane of traffic.
Common questions
What is computer security and why does it matter?
Computer security is a subdiscipline of information security focused on protecting software, systems, and networks from unauthorized disclosure, theft, damage, disruption, or misdirection. It matters because modern societies depend on computer systems to run power grids, financial markets, electoral processes, healthcare, and aviation, making breaches potentially catastrophic.
What percentage of cybersecurity incidents involve human error?
It is estimated that more than 90% of security incidents and breaches involve some kind of human error. The Verizon Data Breach Investigations Report 2020, which examined 3,950 breaches, found that 30% of cybersecurity incidents involved internal actors within a company.
What was the first internet computer worm and who created it?
The first internet computer worm was released on the 2nd of November 1988 by Robert Tappan Morris, a 23-year-old Cornell University graduate student. Morris said he wanted to count how many machines were connected to the Internet, but the worm spread uncontrollably and slowed down thousands of computers.
How did the Stuxnet worm attack Iran's nuclear program?
The Stuxnet worm, discovered around 2010, reportedly destroyed almost one-fifth of Iran's nuclear centrifuges by disrupting the industrial programmable logic controllers inside the facility. It is generally believed to have been launched by Israel and the United States, though neither has publicly admitted this.
How much did business email compromise scams cost US companies?
In early 2016, the FBI reported that business email compromise scams had cost US businesses more than $2 billion in approximately two years. These scams typically involve attackers impersonating executives to trick finance staff into transferring funds or handing over sensitive records.
What data was stolen in the Office of Personnel Management breach?
In April 2015, the Office of Personnel Management discovered a breach that resulted in the theft of approximately 21.5 million personnel records. The stolen data included Social Security numbers, names, dates and places of birth, addresses, and fingerprints of current and former government employees and anyone who had undergone a government background check. Federal officials described it as among the largest breaches of government data in US history.
All sources
314 references cited across the entry
- 1journalTowards a More Representative Definition of Cyber SecurityDaniel Schatz et al. — 2017
- 2newsReliance spells end of road for ICT amateursNick Tate — 7 May 2013
- 3journalSystematically Understanding Cybersecurity Economics: A SurveyMazaher Kianpour et al. — 2021
- 4journalGlobal Cybersecurity: New Directions in Theory and MethodsTim Stevens — 11 June 2018
- 6conferenceComputer Security and Mobile Security ChallengesNikola Zlatanov — 3 December 2015
- 7webGhidra1 August 2018
- 8webSyzbot: Google Continuously Fuzzing The Linux KernelMichael Larabel — 2017-12-28
- 12webWhat is a backdoor attack? Definition and prevention NordVPN2023-11-30
- 13webWhat is a backdoor attack?December 4, 2023
- 14webDenial of Service (DoS) guidance16 March 2016
- 15webComputer Security
- 18bookSeven Deadliest Unified Communications AttacksDan York — 2010
- 20webWhat is Malware? IBM14 April 2022
- 21journalCyber-Attacks – Trends, Patterns and Security CountermeasuresAndreea Bendovschi — 2015
- 22webWhat is malware?
- 24webMulti-Vector Attacks Demand Multi-Vector Protection24 July 2017
- 25newsNew polymorphic malware evades three-quarters of AV scannersRenee Millman — 15 December 2017
- 26citationWhat is Cyber Threat Intelligence and How is it Evolving?Wiem Tounsi — Wiley — 2019-05-15
- 27webIdentifying Phishing AttemptsCase
- 29webPhishers send fake invoicesAri Lazarus — 23 February 2018
- 30webEmail Security17 May 2022
- 32journalSecurity beyond cybersecurity: side-channel attacks against non-cyber systems and their countermeasuresAaron Spence et al. — June 2022
- 33webSocial EngineeringArcos Sergio
- 34newsCEO email scam costs companies $2bnKara Scannell — 24 February 2016
- 35newsBucks leak tax info of players, employees as result of email scam20 May 2016
- 37encyclopediaA Dictionary of Computer ScienceOxford University Press — 21 January 2016
- 38bookHandbook of Biometric Anti-Spoofing: Trusted Biometrics under Spoofing AttacksSpringer — 2014
- 40webPhotos of an NSA "upgrade" factory show Cisco router getting implantSean Gallagher — 14 May 2014
- 41webHTML smuggling surges: Highly evasive loader technique increasingly used in banking malware, targeted attacksMicrosoft Threat Intelligence — 2021-11-11
- 43conferenceExploring the Relationship between Organizational Culture and Information Security CultureJoo S. Lim et al. — Security Research Institute (SRI), Edith Cowan University — 2009
- 44conferencePost-secondary Education Network Security: the End User Challenge and Evolving ThreatsKarl Reimers et al. — IATED — 2017
- 46journalInformation security culture-from analysis to changeThomas Schlienger et al. — 2003
- 47ietfInternet Security Glossary
- 48webCNSS Instruction No. 400926 April 2010
- 50webCyber security design principles21 May 2019
- 51webHow the NCSC thinks about security architecture5 April 2018
- 54webSecurity ArchitectureCory Jannsen — Janalta Interactive Inc
- 55journalInternet security: firewalls and beyondRolf Oppliger — 1997-05-01
- 57newsWhy ONI May Be Our Best Hope for Cyber Security NowAlex Woodie — 9 May 2016
- 58webWhat Is The CIA Triad?Debbie Walkowski — 9 July 2019
- 60bookVulnerability ManagementPark Foreman — Auerbach Publications — 2009
- 61bookCCNA Cybersecurity Operations Companion GuideA. Johnson — Cisco Press — 2018
- 62bookPCI DSS: A Pocket GuideAlan Calder et al. — IT Governance Limited — 2014
- 63conferenceFormal verification at IntelJ. Harrison — 2003
- 64conferenceFormal verification of a real-time hardware designZerksis D. Umrigar et al. — IEEE Press — 1983
- 66conferenceIngredients of Operating System Correctness? Lessons Learned in the Formal Verification of PikeOSChristoph Baumann et al.
- 67webGetting it RightJack Ganssle
- 69bookCybersecurity Operations HandbookJohn Rittinghouse PhD CISM et al. — Digital Press — 2003-10-02
- 70webTurn on 2-step verification (2SV)17 December 2018
- 71webNCSC's cyber security training for staff now available14 April 2021
- 72conferenceCyber Security InoculationJ. Treglia et al. — 2017
- 74webToken-based authenticationSafeNet.com
- 75webLock and protect your Windows PCTheWindowsClub.com — 10 February 2010
- 76webIntel Trusted Execution Technology: White PaperJames Greene — Intel Corporation — 2012
- 77webSafeNet ProtectDrive 8.44 October 2008
- 78webSecure Hard Drives: Lock Down Your DataPCMag.com — 11 May 2009
- 79journalGuidelines for Managing the Security of Mobile Devices in the EnterpriseMurugiah P. Souppaya et al. — 2013
- 80webAccess Control Statistics: Trends & Insights2024-02-23
- 81webForget IDs, use your phone as credentialsFox Business Network — 4 November 2013
- 83webUsing IOMMU for DMA Protection in UEFI FirmwareIntel Corporation
- 84journalReconfigurable Security Architecture (RESA) Based on PUF for FPGA-Based IoT DevicesArmin Babaei et al. — 2022-07-26
- 85journalA Survey on Supply Chain Security: Application Areas, Security Threats, and Solution ArchitecturesVikas Hassija et al. — 2021-04-15
- 87journalWhat is formal verification?Alok Sanghavi — 21 May 2010
- 88journalRole-Based Access ControlFerraiolo, D.F. et al. — October 1992
- 89journalRole-Based Access Control ModelsR Sandhu et al. — August 1996
- 90conferenceA multi-domain role activation modelAbreu, Vilmar et al. — IEEE Press — 2017
- 91bookEconomic Analysis of Role-Based Access ControlA.C. O'Connor et al. — Research Triangle Institute — 2002
- 92webStudies prove once again that users are the weakest link in the security chain22 January 2014
- 93webThe Role of Human Error in Successful Security Attacks2 September 2014
- 94web90% of security incidents trace back to PEBKAC and ID10T errors15 April 2015
- 95webProtect your online banking with 2FA7 October 2018
- 97newsRisky business: why security awareness is crucial for employeesTracey Caldwell — 12 February 2013
- 100webPresident of the Republic at the Aftenposten's Technology ConferenceKersti Kaljulaid — 16 October 2017
- 101newsSecurity execs call on companies to improve 'cyber hygiene'Hannah Kuchler — 27 April 2015
- 103newsProfessor Len Adleman explains how he coined the term "computer virus"1 November 2017
- 106webProtected Voices
- 107journalThe New Market ManipulationTom C. W. Lin — 3 July 2017
- 108journalFinancial Weapons of WarTom C. W. Lin — 2016
- 109reportThe UCLA Internet report: Surveying the digital futureJeffrey I. Cole et al. — 2000
- 110webHackers attacked the U.S. energy grid 79 times this yearJose Pagliery — Cable News Network — 18 November 2014
- 111conferenceComputer Security in Aviation: Vulnerabilities, Threats, and RisksP. G. Neumann — 1997
- 112reportAviation security: terrorist acts demonstrate urgent need to improve security at the nation's airportsGerald L. Dillingham — United States. General Accounting Office — 20 September 2001
- 114webHacker Says He Can Break into Airplane Systems Using In-Flight Wi-Fi4 August 2014
- 115newsHacker says to show passenger jets at risk of cyber attackJim Finkle — 4 August 2014
- 116magazineOnline course bolsters cybersecurity in aviationAlan Cesar — Purdue University School of Aeronautics and Astronautics — 15 Dec 2023
- 118webCentralised Services: NewPENS moves forward – Eurocontrol.int17 January 2016
- 119webNextGen Data CommunicationFAA
- 122webIs Your Watch Or Thermostat A Spy? Cybersecurity Firms Are On It6 August 2014
- 123newsAs Insurers Offer Discounts For Fitness Trackers, Wearers Should Step With CautionStephanie O'Neill — 2018-11-19
- 124journalSecurity Techniques for the Electronic Health RecordsCB Kruse et al. — July 21, 2017
- 125newsHome Depot: 56 million cards exposed in breachMelvin Backman — CNNMoney — 18 September 2014
- 126magazineStaples: Breach may have affected 1.16 million customers' cards19 December 2014
- 127newsTarget: 40 million credit cards compromised19 December 2013
- 128news2.5 Million More People Potentially Exposed in Equifax BreachStacy Cowley — 2 October 2017
- 129newsExclusive: FBI warns healthcare sector vulnerable to cyber attacksJim Finkle — 23 April 2014
- 130newsLack of Employee Security Training Plagues US BusinessesTara Seals — 6 November 2015
- 131webAnonymous speaks: the inside story of the HBGary hackPeter Bright — Arstechnica.com — 15 February 2011
- 132webHow one man tracked down Anonymousand paid a heavy priceNate Anderson — Arstechnica.com — 9 February 2011
- 133webWhat caused Sony hack: What we know nowJose Palilery — 24 December 2014
- 134newsSony Hackers Have Over 100 Terabytes Of Documents. Only Released 200 Gigabytes So FarJames Cook — 16 December 2014
- 135reportTracking & Hacking: Security & Privacy Gaps Put American Drivers at Risk6 February 2015
- 137newsThe problem with self-driving cars: who controls the code?23 December 2015
- 138conferenceComprehensive Experimental Analyses of Automotive Attack SurfacesStephen Checkoway et al. — USENIX Association — 2011
- 139webThe next frontier of hacking: your carTimothy B. Lee — 18 January 2015
- 140magazineHackers Remotely Kill a Jeep on the HighwayWith Me in ItAndy Greenberg — 21 July 2015
- 141newsHackers take control of car, drive it into a ditch22 July 2015
- 142newsTesla fixes software bug that allowed Chinese hackers to control car remotely21 September 2016
- 143newsSelf-Driving Cars Gain Powerful Ally: The GovernmentCecilia Kang — 19 September 2016
- 145webVehicle Cybersecurity
- 149conferenceApplication of RFID in Supply Chain SystemMohammad Anwar Rahman et al.
- 150newsGary McKinnon profile: Autistic 'hacker' who started writing computer programs at 1423 January 2009
- 151newsGary McKinnon extradition ruling due by 16 October6 September 2012
- 152courthttps://publications.parliament.uk/pa/ld200708/ldjudgmt/jd080730/mckinn-1.htm16 June 2008
- 153newsFresh Leak on US Spying: NSA Accessed Mexican President's Email2013-10-20
- 154webMassive Data Breach Puts 4 Million Federal Employees' Records at RiskSanders, Sam — 4 June 2015
- 155newsU.S. government hacked; feds think China is the culpritLiptak, Kevin — 4 June 2015
- 156newsEncryption "would not have helped" at OPM, says DHS officialSean Gallagher
- 157journalSchools Learn Lessons From Security BreachesMichelle R. Davis — 19 October 2015
- 159journalTwenty Cloud Security Considerations for Supporting the Internet of ThingsJatinder Singh et al. — 2015
- 160newsWhy The FTC Can't Regulate The Internet Of ThingsChris Clearfield
- 162webInternet of Things: Converging Technologies for Smart Environments and Integrated EcosystemsOvidiu Vermesan et al. — River Publishers
- 163journalRethinking Security for the Internet of ThingsChris Clearfield — 2013-06-20
- 164webHotel room burglars exploit critical flaw in electronic door locks26 November 2012
- 165webHospital Medical Devices Used As Weapons in Cyberattacks6 August 2015
- 166webPacemaker hack can deliver deadly 830-volt joltJeremy Kirk — 17 October 2012
- 167newsHow Your Pacemaker Will Get Hacked17 November 2014
- 168magazineHacking Hospitals And Holding Hostages: Cybersecurity In 2016Kalev Leetaru
- 169webCyber-Angriffe: Krankenhäuser rücken ins Visier der HackerWirtschafts Woche — 7 December 2016
- 171webMedStar Hospitals Recovering After 'Ransomware' Hack31 March 2016
- 172webUS hospitals hacked with ancient exploitsDarren Pauli — 28 June 2016
- 173webZombie OS lurches through Royal Melbourne Hospital spreading virusDarren Pauli — 19 January 2016
- 174newsHacked Lincolnshire hospital computer systems 'back up'2 November 2016
- 175newsLincolnshire operations cancelled after network attack31 October 2016
- 176newsLegion cyber-attack: Next dump is sansad.nic.in, say hackers12 December 2016
- 177webFormer New Hampshire Psychiatric Hospital Patient Accused Of Data BreachCBS Boston — 27 December 2016
- 178webTexas Hospital hacked, affects nearly 30,000 patient recordsHealthcare IT News — 4 November 2016
- 179webNew cybersecurity guidelines for medical devices tackle evolving threatsRachel Becker — 27 December 2016
- 180webPostmarket Management of Cybersecurity in Medical Devices28 December 2016
- 181newsD.C. distributed energy proposal draws concerns of increased cybersecurity risksJaclyn Brandt — 18 June 2018
- 183reportThe Economic Impact of Cyber-AttacksB. Cashell et al. — Congressional Research Service, Government, and Finance Division — 2004
- 184journalThe Economics of Information Security InvestmentLawrence Gordon et al. — November 2002
- 185newsU.S. and Britain Help Ukraine Prepare for Potential Russian CyberassaultDavid E. Sanger et al. — 2021-12-20
- 186webCyber-Attack Against Ukrainian Critical Infrastructure CISA2021-07-20
- 187journalQ&A. What Motivates Cyber-Attackers?Chen Han et al. — 2014
- 188journalExploring the Subculture of Ideologically Motivated Cyber-AttackersSteven Chermick et al. — April 2017
- 189bookSecurity engineering: a guide to building dependable distributed systemsRoss Anderson — John Wiley & Sons — 2020
- 190webThe Leading Cloud Recruiting SoftwareiCIMS
- 192press releaseThe TJX Companies, Inc. Victimized by Computer System Intrusion; Provides Information to Help Protect CustomersThe TJX Companies, Inc. — 17 January 2007
- 195newsStuxnet Worm a U.S. Cyber-Attack on Iran Nukes?Tucker Reals — 24 September 2010
- 196magazineCyberwar Issues Likely to Be Addressed Only After a CatastropheKim Zetter — 17 February 2011
- 197webCone of silence surrounds U.S. cyberwarfareChris Carroll — Stars and Stripes — 18 October 2011
- 198webComputers as Weapons of WarJohn Bumgarner — IO Journal — 27 April 2010
- 199newsNSA collecting phone records of millions of Verizon customers dailyGlenn Greenwald — 6 June 2013
- 200webTranscript: ARD interview with Edward SnowdenHubert Seipel
- 201journalCan You Trust NIST?Lily Hay Newman — 9 October 2013
- 202newsNIST Removes Cryptography Algorithm from Random Number Generator Recommendations21 April 2014
- 204newsTarget Missed Warnings in Epic Hack of Credit Card DataMichael Riley et al. — 17 March 2014
- 205webHome Depot says 53 million emails stolenSeth Rosenblatt — CBS Interactive — 6 November 2014
- 206newsMillions more Americans hit by government personnel data hack9 July 2017
- 207newsU.S. Suspects Hackers in China Breached About four (4) Million People's Records, Officials SayDevlin Barrett — 4 June 2015
- 208webChina Suspected in Theft of Federal Employee RecordsTom Risen — 5 June 2015
- 210newsHacking Linked to China Exposes Millions of U.S. WorkersDavid Sanger — 5 June 2015
- 211journalThe Ashley Madison affairSteve Mansfield-Devine — 1 September 2015
- 212newsHackers Breached Colonial Pipeline Using Compromised PasswordTurton, W. et al. — Bloomberg L.P. — 4 June 2021
- 213webMikko Hypponen: Fighting viruses, defending the netTED — 19 July 2011
- 214webMikko Hypponen – Behind Enemy LinesHack in the Box Security Conference — 9 December 2012
- 215webEnsuring the Security of Federal Information Systems and Cyber Critical Infrastructure and Protecting the Privacy of Personally Identifiable InformationGovernment Accountability Office
- 216newsThe Venn diagram between libertarians and crypto bros is so close it's basically a circleGeorgia King — 23 May 2018
- 217newsFormer White House aide backs some Net regulation / Clarke says government, industry deserve 'F' in cyber securityCarrie Kirby — 24 June 2011
- 218journalPrivatizing Political Authority: Cybersecurity, Public-Private Partnerships, and the Reproduction of Liberal Political OrderDaniel McCarthy — 11 June 2018
- 219webIt's Time to Treat Cybersecurity as a Human Rights Issue26 May 2020
- 220webFIRST MissionFIRST
- 221webFIRST MembersFIRST
- 222webEuropean council
- 223webMAAWG
- 224webMAAWG
- 225newsGovernment of Canada Launches Canada's Cyber Security Strategy3 October 2010
- 226webCanada's Cyber Security StrategyGovernment of Canada
- 227webAction Plan 2010–2015 for Canada's Cyber Security StrategyGovernment of Canada
- 228webCyber Incident Management Framework For CanadaGovernment of Canada
- 230webCyber Security Bulletins
- 231webReport a Cyber Security IncidentGovernment of Canada
- 232newsGovernment of Canada Launches Cyber Security Awareness Month With New Public Awareness PartnershipGovernment of Canada — 27 September 2012
- 235webGetCyberSafeGovernment of Canada
- 239webSecuring critical infrastructures: What you need to know about Hong Kong's first cyber legislationTow Lu Lim et al. — 2025-03-21
- 240webSafeguarding Hong Kong's cybersecurity: Essential insights for Critical Infrastructure OperatorsTow Lu Lim et al. — 2026-01-19
- 243newsSouth Korea seeks global support in cyber attack probe7 March 2011
- 244newsSeoul Puts a Price on CyberdefenseKwanwoo Jun — 23 September 2013
- 245newsUK cyber-centre thwarts hostile hackers2018-10-15
- 246webNew head of GCHQ cyber security agency announcedKim Sengupta — 2020-07-29
- 247webUK's 2022 National Cyber Security Strategy: The Top 10 takeawaysEdward Targett — 2021-12-16
- 248webNational Cyber Strategy 20222022-12-15
- 249webNational Cyber Force will target UK adversaries onlineHelen Warrell — 19 November 2020
- 250webNational Cyber Strategy of the United States of AmericaSeptember 2018
- 251webBiden Adviser On Cyber Threats And The New Executive Order To Combat ThemMary Louise Kelly — 13 May 2021
- 253newsNational security strategyHouse White — white house — March 2023
- 254webNational Cyber Security DivisionU.S. Department of Homeland Security
- 255webFAQ: Cyber Security R&D CenterU.S. Department of Homeland Security S&T Directorate
- 256webFederal Bureau of Investigation – PrioritiesFederal Bureau of Investigation
- 258webInfragard, Official Site
- 260webCCIPS25 March 2015
- 261webA Framework for a Vulnerability Disclosure Program for Online SystemsCybersecurity Unit, Computer Crime & Intellectual Property Section Criminal Division U.S. Department of Justice — July 2017
- 262webMission and Vision
- 263speechRemarks at the Defense Information Technology Acquisition SummitWilliam J. Lynn, III — November 12, 2009
- 264webMilitary's Cyber Commander Swears: "No Role" in Civilian NetworksNoah Shachtman — 2010-09-23
- 265webFCC CybersecurityFCC
- 268reportAir Traffic Control: FAA Needs a More Comprehensive Approach to Address Cybersecurity As Agency Transitions to NextGenU. S. Government Accountability Office — 14 April 2015
- 269webFAA Working on New Guidelines for Hack-Proof PlanesAliya Sternstein — 4 March 2016
- 270webProtecting Civil Aviation from CyberattacksBart Elias — 18 June 2015
- 271conferenceCYBER SECURITY EMPLOYMENT POLICY AND WORKPLACE DEMAND IN THE U.S. GOVERNMENTDavid Anderson et al. — IATED — 2019
- 272newsDHS launches national cyber alert systemVerton, Dan — IDG — 28 January 2004
- 274journalThe new cyber arms raceMark Clayton — 2011-03-07
- 275newsObama to be urged to split cyberwar command from NSANakashima — 13 September 2016
- 276journalThe geopolitics of renewable energy: Debunking four emerging mythsIndra Overland — 1 March 2019
- 277journalHow We Stopped Worrying about Cyber Doom and Started Collecting DataRyan C. Maness et al. — 11 June 2018
- 278journalThe Impact of Cyber Conflict on International InteractionsRyan C. Maness et al. — 25 March 2015
- 279bookStyle and Statistics: The Art of Retail AnalyticsBrittany Bullard — Wiley — 2016
- 280webCybersecurity Skills Shortage Impact on Cloud ComputingJon Oltsik — 18 March 2016
- 281webWhy is a Degree in Cyber Security one of the Best?Terry Robinson — 2018-05-30
- 282webGovernment vs. Commerce: The Cyber Security Industry and You (Part One)Richard de Silva — Defence IQ — 11 October 2011
- 284webAbout Cyber Security architect2021-08-01
- 285webHow to become a Chief Information Security Officer (CISO)?2021-08-01
- 286webData Protection OfficersJanuary 2021
- 287webStudent Cybersecurity ResourcesNICCS (US National Initiative for Cybercareers and Studies)
- 288webCurrent Job Opportunities at DHSU.S. Department of Homeland Security
- 289webCybersecurity Training & ExercisesU.S. Department of Homeland Security — 12 May 2010
- 290webCyber Security Awareness Free Training and WebcastsMS-ISAC (Multi-State Information Sharing & Analysis Center)
- 292webThe UK Cyber Security Strategy: Report on Progress and Forward Plans December 2014United Kingdom Cabinet Office
- 294press releaseSingapore Operational Technology (OT) Cybersecurity Competency Framework2021-10-08
- 295webConfidentiality
- 296webData Integrity
- 297webEndpoint Security10 November 2010
- 300journalComputer Security Discourse at RAND, SDC, and NSA (1958-1970)Thomas J. Misa — 2016
- 301webPost-processing audit tools and techniquesA. J. Neumann et al. — US Department of Commerce, National Bureau of Standards — 1977
- 302webHow NIST can protect the CIA triad, including the often overlooked 'I' – integrityLuke Irwin — 5 April 2018
- 303webThe CIA TriadChad Perrin — 30 June 2008
- 304reportEngineering Principles for Information Technology SecurityG. Stoneburner et al. — csrc.nist.gov — 2004
- 305journalThe Origin and Early History of the Computer Security Software Products IndustryJeffrey R. Yost — April 2015
- 306webA Brief History of Computer Viruses & What the Future Holds2023-04-19
- 307webInterview with Ray Tomlinson on Creeper/ReaperRay Tomlinson
- 309webThe Morris Worm - 30 Years Since First Major Attack on the InternetFBI News — 2018-11-02
- 310bookThe Internet Encyclopedia, Volume 2Robert J Boncella — Wiley — April 2004
- 311web1993: Mosaic Launches and the Web is Set Free8 December 2021
- 312webWeb Design Museum - Netscape Navigator 2.010 March 2023
- 313newsBush Order Expands Network Monitoring: Intelligence Agencies to Track IntrusionsNakashima — 26 January 2008
- 314newsHow the U.S. Lost to HackersNicole Perlroth — 7 February 2021
- 315webHow Chinese Spies Got the N.S.A.'s Hacking Tools, and Used Them for AttacksNicole Perlroth et al. — May 6, 2019
- 316magazineThe Strange Journey of an NSA Zero-Day—Into Multiple Enemies' HandsAndy Greenberg — May 7, 2019
- 317newsEx-U.S. intel operatives admit hacking American networks for UAEJoel Schectman et al. — 2021-09-14