Attack

From CIPedia
Jump to: navigation, search


Definitions

European Definitions

Other International Definitions

IAEA

Attack is an attempt to destroy, expose, alter, disable, steal or gain unauthorized access to or make unauthorized use of an asset. [1]


ITU-T

(Cyber) attack are the activities undertaken to bypass or exploit deficiencies in a system's security mechanisms. [2]
By a direct attack on a system they exploit deficiencies in the underlying algorithms, principles, or properties of a security mechanism. Indirect attacks are performed

when they bypass the mechanism, or when they make the system use the mechanism incorrectly.

Attaque: Activités entreprises pour contourner ou exploiter des déficiences constatées dans les mécanismes de sécurité d'un système. [3]

Ataque: Actividades realizadas para obviar los mecanismos de seguridad de un sistema o aprovechar sus deficiencias. [4]

攻击: 为绕过一个系统的安全机制或利用其漏洞而采取的行动. [5]


NATO

NATO AAP-06
Action taken to disrupt, deny, degrade or destroy information resident in a computer and/or computer network, or the computer and/or computer network itself. [6]

CCD-CoE (Tallinn manual)
Cyber attack is a cyber operation, whether offensive of defensive, that is reasonable expected to cause injury or death to persons or damage or destruction to objects. [7]

National Definitions

Burkina-Faso

Attaque est in action de malveillance consistant à tenter de contourner les fonctions de sécurité d’un Système Informatique. Il existe deux types d’attaques, les attaques passives et les attaques actives. Une attaque passive ne modifie pas le fonctionnement normal des communications et du réseau : elle se base sur l’Observation et l’Analyse du trafic. Une attaque active modifie l’état de la communication et du réseau et prend trois formes possibles: Altération des messages, Refus de Service et Connexion frauduleuse. [8]


Czech Republic

Útok: Pokus o zničení, vystavení hrozbě, nežádoucí změnu, vyřazení z činnosti, zcizení nebo získání neautorizovaného přístupu k aktivu nebo uskutečnění neautorizovaného použití aktiva. [9]

Attack is an attempt at destruction, exposure to a threat, unwanted change, putting out of operation, stealing or obtaining an unauthorized access to an asset or execution of an unauthorized use of an asset. [10]


Ethiopia

Attack includes destruction of computer based critical infrastructures or disruption of their services or obliterating the confidentiality, integrity, or availability of information or computer based psychological attack on citizens or digital identity theft perpetrated by different techniques. [11]


Germany

Ein Angriff ist eine vorsätzliche Form der Gefährdung, nämlich eine unerwünschte oder unberechtigte Handlung mit dem Ziel, sich Vorteile zu verschaffen bzw. einen Dritten zu schädigen. [12]

An attack is an intentional form of threat, namely an undesirable or unauthorized action with the objective to gain advantages or harm a third party respectively. [13]
Angreifer können auch im Auftrag von Dritten handeln, die sich Vorteile verschaffen wollen (Attackers can also act on behalf of third parties that want to gain advantages).

Guatemala

Ataque: Intento de destruir, exponer, alterar, deshabilitar, robar, obtener acceso o uso de un activo no autorizado. Fuente: ISO/IEC 27000:20016 [14]

Japan

攻撃: インテリジェントな脅威、すなわちセキュリティサービスを回避し、システムのセキュリティポリシーを侵害する故意の試み(特に、方式あるいは技法という意味において)としてのインテリジェントな動作によってもたらされるセキュリティシステムへの攻撃.

(Cyber) attack is an assault on system security that derives from an intelligent threat, i.e., an intelligent act that is a deliberate attempt (especially in the sense of a method or technique) to evade security services and violate the security policy of a system. [15]


Netherlands

Aanval: Een digitale aanval is een opzettelijke inbreuk op cybersecurity. [16]


Philippines

Attack - Any kind of malicious activity that attempts to collect, disrupt, deny, degrade, or destroy information system resources or the information itself. [17]


Portugal

[Definição] Ataque: Qualquer tipo de atividade maliciosa que tenta coletar, perturbar, negar, degradar ou destruir recursos de sistema de informação ou a informação em si. [18]


Romania

Atac: Totalitatea actelor de violenţă îndreptate împotriva adversarului, fie ofensive, fie defensive, oricare ar fi teritoriul pe care au loc. [19]


United States

DHS
(cyber) attack is an attempt to gain unauthorized access to system services, resources, or information, or an attempt to compromise system integrity. [20]

(cyber) attack is the intentional act of attempting to bypass one or more security services or controls of an information system. [20]
NIST
An attempt to gain unauthorized access to system services, resources, or information, or an attempt to compromise system Integrity. [21]

Attack: Any kind of malicious activity that attempts to collect, disrupt, deny, degrade, or destroy information system resources or the information itself. Source: NIST SP 800-30 [22]

Attack: The realization of some specific threat that impacts the confidentiality, integrity, accountability, or availability of a computational resource. Source: NIST SP 800-28 v2 [22]

Attack: An attempt by an unauthorized individual to fool a Verifier or a Relying Party into believing that the unauthorized individual in question is the Subscriber. Source: NIST SP 800-63-2 [22]


Standard Definition

ISA-62443-*

Attack: Assault on a System that derives from an intelligent threat. [23]


ISO/IEC 27000:2012

Attack is an attempt to destroy, expose, alter, disable, steal or gain unauthorized access to or make unauthorized use of an asset. [24]


IETF

An intentional act by which an entity attempts to evade security services and violate the security policy of a system. That is, an actual assault on system security that derives from an intelligent threat.

A method or technique used in an assault (e.g., masquerade).[25]

Discussion Topic

See also

Notes

  1. IAEA - Nuclear Security Series Glossary Version 1.3 (November 2015)
  2. ITU Security in Telecommunications and Information Technology: An overview of issues and the deployment of existing ITU-T Recommendations for secure telecommunications, ITU-T, Geneva (2012) - ITU-T H.235.
  3. Sécurité dans les télécommunications et les technologies de l’information: Aperçu des problèmes et présentation des Recommandations UIT-T existantes sur la sécurité dans les télécommunications, ITU-T, Geneva (2012) - ITU-T H.235.
  4. Seguridad de las telecomunicaciones y las tecnologías de la información: Exposición general de asuntos relacionados con la seguridad de las telecomunicaciones y la aplicación de las Recomendaciones vigentes del UIT-T, ITU-T, Geneva (2012) - ITU-T H.235.
  5. 关于电信安全的若干议题综述 及相关ITU-T建议书应用简介, ITU-T, Geneva (2012) - ITU-T H.235.
  6. NATO AAP-06 Edition 2014
  7. Tallinn Manual on the International Law Applicable to Cyber Warfare (2013)
  8. CIRT-BF Glossary
  9. http://www.govcert.cz/download/nodeid-561 Výkladový slovník kybernetické bezpečnosti (2013)
  10. http://www.govcert.cz/download/nodeid-561 Výkladový slovník kybernetické bezpečnosti (2013)
  11. Federal Nagarit Gazette Ethiopia, 2 Jan, 2014
  12. Cyber Glossar, Bundesamt fur Sicherheit in der Informationstechnik (BSI), 2014.
  13. Glossary/Terminology, Bundesamt fur Sicherheit in der Informationstechnik (BSI), 2014.
  14. La Estrategia Nacional de Seguridad Cibernética (June 2018)
  15. RFC2828 (Japanese translation)
  16. Cyber Security Beeld Nederland 2018
  17. DND GLOSSARY OF CYBER SECURITY TERMS (v.4)
  18. Glossário Centro National de Cibersegurança Portugal
  19. GLOSAR de termeni din domeniul ordinii şi siguranţei publice, MINISTERUL ADMINISTRAŢIEI ŞI INTERNELOR DIRECŢIA GENERALĂ ORGANIZARE, PLANIFICARE MISIUNI ŞI RESURSE
  20. 20.0 20.1 DHS/NICSS Glossary
  21. NISTIR 7298 rev 2: Glossary of Key Information Security Terms, May 2013/FIPS 200
  22. 22.0 22.1 22.2 NIST Glossary
  23. ISA-62443 series
  24. ISO/IEC 27000:2012, Information technology -- Security techniques -- Information security management systems -- Overview and vocabulary
  25. IETF RFC449 Internet Security Glossary 2