Cyber Attack

From CIPedia
Jump to: navigation, search


Definitions

European/EU Definitions

CIPS / ISEC

Attacks against information systems carried out by using malicious software, including botnets. [1]

Other International Definitions

ITU-T

(Cyber) attack are the activities undertaken to bypass or exploit deficiencies in a system's security mechanisms. [2]
By a direct attack on a system they exploit deficiencies in the underlying algorithms, principles, or properties of a security mechanism. Indirect attacks are performed

when they bypass the mechanism, or when they make the system use the mechanism incorrectly.

Attaque: Activités entreprises pour contourner ou exploiter des déficiences constatées dans les mécanismes de sécurité d'un système. [3]

Ataque: Actividades realizadas para obviar los mecanismos de seguridad de un sistema o aprovechar sus deficiencias. [4]

攻击: 为绕过一个系统的安全机制或利用其漏洞而采取的行动. [5]


NATO

CCD-CoE (Tallinn manual)
Cyber attack is a cyber operation, whether offensive of defensive, that is reasonable expected to cause injury or death to persons or damage or destruction to objects. [6]

National Definitions

Albania

Sulm kibernetik – konsiderohet çdo përpjekje e drejtuar/qëllimshme për të marrë akses, manipuluar, ndërhyrë ose dëmtuar integritetin, konfidencialitetin, sigurinë dhe/ose disponibilitetin e të dhënave, të një aplikimi ose të të dhënave të sistemit kompjuterik, pa patur autoritet ligjor për ta bërë këtë. [7]


Australia

Cyber attack as a deliberate act through cyberspace to manipulate, disrupt, deny, degrade or destroy computers or networks, or the information resident on them, with the effect of seriously compromising national security, stability or economic prosperity. [8]

Cyber attack: A malicious attempt to damage, destroy or disrupt data and computer systems or networks. [9]

Note that while these attacks occur using ‘cyber’ or online means, they can have physical or real world consequences.

Austria

Cyber attack refers to an attack carried out in cyberspace through tools, services, or applications in cyberspace, which is directed against one or several IT system(s). Its aim is to undermine the objectives of ICT security protection (confidentiality, integrity and availability) partly or totally. [10]

Ein Cyber Angriff ist ein Angriff mit Mitteln der IT im Cyber Raum, der sich gegen einen oder mehrere andere IT-Systeme richtet und zum Ziel hat, die Schutzziele der IKT Sicherheit als Teil oder Ganzes zu verletzen. [11]


Bulgaria

Кибер атака: злонамерена дейност, която цели да разруши, да осигури контрол над компютърна среда/инфраструктура, да наруши интегритет на данни или открадне контролирана информация. [12]

(НАТО) Действия, предприети за нарушаване, отхвърляне, влошаване или разрушаване на информация, намираща се в компютър и/или компютърна мрежа или на компютъра и/или компютърната мрежа. [13]


Burkina-Faso

Attaque est in action de malveillance consistant à tenter de contourner les fonctions de sécurité d’un Système Informatique. Il existe deux types d’attaques, les attaques passives et les attaques actives. Une attaque passive ne modifie pas le fonctionnement normal des communications et du réseau : elle se base sur l’Observation et l’Analyse du trafic. Une attaque active modifie l’état de la communication et du réseau et prend trois formes possibles: Altération des messages, Refus de Service et Connexion frauduleuse. [14]


Canada

Cyber Attack: An attack that involves the unauthorized use, manipulation, interruption or destruction of, or access to, via electronic means, electronic information or the electronic devices or computer systems and networks used to process, transmit or store that information. [15]

Cyberattaque: Attaque qui suppose l'accès non autorisé à des renseignements électroniques ou à des appareils électroniques, à des systèmes informatiques et à des réseaux utilisés pour traiter, transmettre ou stocker cette information, ou encore leur utilisation, manipulation, interruption ou destruction (par voie électronique). [16]


Cyber attacks include the unintentional or unauthorized access, use, manipulation, interruption or destruction (via electronic means) of electronic information and/or the electronic and physical infrastructure used to process, communicate and/or store that information. [17]

Les cyberattaques comprennent l’accès involontaire ou non autorisé à des renseignements électroniques et/ou des infrastructures électroniques ou matérielles utilisés pour traiter, communiquer ou entreposer cette information, ainsi que leur utilisation, leur manipulation, leur interruption ou leur destruction (par voie électronique). [18]

Chile

Ciberataque: es una expresión del ciberconflicto consistente en acciones hostiles desarrolladas en el ciberespacio con el objetivo de irrumpir, explotar, denegar, degradar o destruir la infraestructura tecnológica, componente lógico o interacciones de éste y pueden tener distintos niveles según su duración, frecuencia y daño generado. [19]


Colombia

Ataque cibernético: Acción organizada y/o premeditada de una o más personas para causar daño o problemas a un sistema informático a través del ciberespacio. [20]

Cyberattack: organised and / or premeditated misconduct or one or more individuals to cause damage to a computer system problems through cyberspace.

Ataque cibernético: acción organizada o premeditada de una o más agentes para causar daño o problemas a un sistema a través del Ciberespacio. [21]


Costa Rica

Ataque cibernético / ciberataque: Acción que tiene por propósito interrumpir, desactivar, destruir o controlar malintencionadamente un entorno/infraestructura informática; o destruir la integridad de los datos o el robo de información controlada. [22]
Sinónimo de ciberataque.

Cuba

Ataque cibernético: Acción intencionada en el ciberespacio con el objetivo de deshabilitar, destruir o controlar de forma maliciosa una infraestructura o sistema de información, destruir la integridad de los datos o robar información controlada. [23]

Ciberataques: Acto en el que se cometen agravios, daños o perjuicios a equipos y sistemas de computación que se encuentran operando en la red a nivel mundial. Puede ser orientado hacia la información, datos, protocolos, servicios, personas o grupos de ellas, entidades o instituciones usando medios de computadoras conectadas o no a Internet. [23]


Germany

National Cyber Security Strategy 2016
Ein Cyber-Angriff ist eine Einwirkung auf ein oder mehrere andere informationstechnische Systeme im oder durch den Cyber-Raum, die zum Ziel hat, deren IT-Sicherheit durch informationstechnische Mittel ganz oder teilweise zu beeinträchtigen. (2016) [24]
National Cyber Security Strategy 2011
A cyber attack is an IT attack in cyberspace directed against one or several other IT systems and aimed at damaging IT security. [25]

Ein Cyber-Angriff ist ein IT-Angriff im Cyber-Raum, der sich gegen einen oder mehrere andere IT-Systeme richtet und zum Ziel hat, die IT-Sicherheit zu brechen. [26]
BSI
Cyber attacks are attacks carried out in cyberspace through tools, services, or applications in cyberspace; in the process, cyberspace can be origin, target or the environment of the attack. [27]


Ein Cyber-Angriff ist eine Einwirkung auf ein oder mehrere andere informationstechnische Systeme im oder durch den Cyber-Raum, die zum Ziel hat, deren IT-Sicherheit durch informationstechnische Mittel ganz oder teilweise zu beeinträchtigen. [28]


Guatemala

Ataque informático y cibernético: Un intento de obtener acceso no autorizado a los servicios del sistema, recursos, información, o un intento de comprometer la integridad del mismo. Fuente: SP 800-32 [29]

Israel

תקיפה במרחב הסייבר שמסכנת נכסי סייבר או מערכות ותשתיות הנתמכות על ידם [30]

Japan

攻撃: インテリジェントな脅威、すなわちセキュリティサービスを回避し、システムのセキュリティポリシーを侵害する故意の試み(特に、方式あるいは技法という意味において)としてのインテリジェントな動作によってもたらされるセキュリティシステムへの攻撃.

(Cyber) attack is an assault on system security that derives from an intelligent threat, i.e., an intelligent act that is a deliberate attempt (especially in the sense of a method or technique) to evade security services and violate the security policy of a system. [31]

Mexico

Ciberataque: ​Acción realizada a través de las redes de telecomunicaciones con el objetivo de dañar las Infraestructuras Críticas de Información, las Infraestructuras de Información Esenciales,​ ​así​ ​como​ ​la​ ​seguridad​ ​de​ ​las​ ​personas. [32]


Morocco

Cyberattaques: Actes malveillants envers un dispositive informatique, généralement via in réseau de télécommunications. [33]

Cyberattacks: Malicious acts against a computer device, usually via a telecommunications network.


New Zealand

Cyber attack is an attempt to undermine or compromise the function of a computer-based system, access information, or attempt to track the online movements of individuals without their permission. [34]


Nigeria

Cyber attack (usually) involves the use of malicious codes to alter digital codes, logic or data, resulting in disruptive consequences that can compromise the confidentiality, integrity, and availability of data and lead to manipulation of information systems and internetwork infrastructure. [35]


Philippines

Cyber attack:
(a) Is an attack via cyberspace, targeting an enterprise‘s use of cyberspace for the purpose of disrupting, disabling, destroying, or maliciously controlling a computing environment/infrastructure;

(b) destroying the integrity of the data or stealing controlled information; A hostile act using computer or related networks or systems, and intended to disrupt and/ or destroy an adversary's critical cyber systems, assets, or functions. [36]


Poland

Cyberatak – celowe zakłócenie prawidłowego funkcjonowania cyberprzestrzeni.

Cyber attack - deliberate disruption of the proper functioning of cyberspace. [37]


Portugal

[Definição] Ciberataque: Ataque realizado através das tecnologias de informação no ciberespaço dirigido contra um ou vários sistemas, com o objetivo de prejudicar a segurança das tecnologias de informação e da comunicação (confidencialidade, integridade e disponibilidade), em parte ou totalmente. [38]


Romania

Atac cybernetic: acţiune ostilă desfăşurată în spaţiul cibernetic de natură să afecteze securitatea cibernetică.

Cyber attack: hostile action to affect the cyberspace and Cyber Security. [39]


Atac informaţional: Acţiune de luptă ofensivă, realizată prin utilizarea unor ştiri şi comunicate, în urma cărora inamicul este „intoxicat” cu informaţii false; atac împotriva informaţiilor confidenţiale ale unor instituţii; acces neautorizat la informaţii; lansare de zvonuri, în scopul calomnierii cuiva. [40]


Senegal

Cyberattaque: un acte malveillant envers un dispositif informatique via un réseau cybernétique. [41]


Spain

Ciberataque: Forma de ciberguerra / ciberterrorismo donde combinado con un ataque físico o no se intenta impedir el empleo de los sistemas de información del adversario o el acceso la misma. [42]


Switzerland

Cyber attacks are carried out on computers, networks and data. They are aimed at disrupting the integrity of the data or the functioning of the infrastructure and restricting or interrupting their availability. They also seek to compromise the confidentiality or authenticity of information by means of unauthorised reading, deletion or modification of data, connections or server services are overloaded, information channels spied upon or surveillance and processing systems are manipulated in a targeted manner. [43]


Tanzania

Cyber attack - is a term for any illegal activity that uses a computer as its primary means of commission. [44]


Turkey

Siber saldırı: Ulusal siber uzayda bulunan bilişim sistemlerinin gizlilik, bütünlük veya erişilebilirliğini ortadan kaldırmak amacıyla, siber uzayın her hangi bir yerindeki kişi ve/veya bilişim sistemleri tarafından kasıtlı olarak yapılan işlemleri. [45]

Cyber attack: Operations carried out deliberately by a person and/or information systems at any place in cyber space for the purpose of compromising the confidentiality, integrity or availability of information systems in national cyber space. [46]

Ukraine

кібератака - спрямовані (навмисні) дії в кіберпросторі, які здійснюються за допомогою засобів електронних комунікацій (включаючи інформаційно-комунікаційні технології, програмні, програмно-апаратні засоби, інші технічні та технологічні засоби і обладнання) та спрямовані на досягнення однієї або сукупності таких цілей: порушення конфіденційності, цілісності, доступності електронних інформаційних ресурсів, що обробляються (передаються, зберігаються) в комунікаційних та/або технологічних системах, отримання несанкціонованого доступу до таких ресурсів; порушення безпеки, сталого, надійного та штатного режиму функціонування комунікаційних та/або технологічних систем; використання комунікаційної системи, її ресурсів та засобів електронних комунікацій для здійснення кібератак на інші об’єкти кіберзахисту.

{machine translation} cyberattack - directed (deliberate) actions in cyberspace, which are carried out with the help of electronic communications (including information and communication technologies, software, software and hardware, other technical and technological means and equipment) and aimed at achieving one or a combination of such purposes: violation of the confidentiality, integrity, availability of electronic information resources that are processed (transmitted, stored) in communication and / or technology systems, access to unauthorized access to such resources; violation of safety, stable, reliable and regular mode of operation of communication and / or technological systems; use of the communication system, its resources and means of electronic communications for the implementation of cyber attacks on other objects of cyber defense. [47]


United Kingdom (UK)

Cyber attack is the deliberate exploitation of computer systems, digitally-dependent enterprises and networks to cause harm. [48]


Cyber attack can refer to anything from small-scale email scams through to sophisticated largescale attacks with diverse political and economic motives. Large-scale attacks may have a number of interrelated aims such as: gaining unauthorised access to sensitive information; causing disruption to IT infrastructure; or causing physical disruption (e.g. to industrial systems). [49]

United States

NIST
Cyber attack is an attack, via cyberspace, targeting an enterprise’s use of cyberspace for the purpose of disrupting, disabling, destroying, or maliciously controlling a computing environment/infrastructure; or destroying the integrity of the data or stealing controlled information. [50]

An attack is an attempt to gain unauthorized access to system services, resources, or information, or an attempt to compromise system integrity, availability, or confidentiality. [51]


Other Definitions

East-West Institute (Russia-US)

Cyber Attack is an offensive use of a cyber weapon intended to harm a designated target.

наступательное, использование [кибероружия], с целью нанесения вреда определенной цели . [52]

See also

Notes

  1. CIPS and Programme Prevention of and Fight against Crime (ISEC)
  2. ITU Security in Telecommunications and Information Technology: An overview of issues and the deployment of existing ITU-T Recommendations for secure telecommunications, ITU-T, Geneva (2012) - ITU-T H.235.
  3. Sécurité dans les télécommunications et les technologies de l’information: Aperçu des problèmes et présentation des Recommandations UIT-T existantes sur la sécurité dans les télécommunications, ITU-T, Geneva (2012) - ITU-T H.235.
  4. Seguridad de las telecomunicaciones y las tecnologías de la información: Exposición general de asuntos relacionados con la seguridad de las telecomunicaciones y la aplicación de las Recomendaciones vigentes del UIT-T, ITU-T, Geneva (2012) - ITU-T H.235.
  5. 关于电信安全的若干议题综述 及相关ITU-T建议书应用简介, ITU-T, Geneva (2012) - ITU-T H.235.
  6. Tallinn Manual on the International Law Applicable to Cyber Warfare (2013)
  7. Dokumenti i Politikave për Sigurinë Kibernetike 2015 - 2017
  8. Australia's International Cyber Engagement Strategy (2017)
  9. on-line glossary Stay Safe On-line
  10. Austrian Cyber Security Strategy, Federal Chancellery of the Republic of Austria, Vienna (2013)
  11. Österreichische Strategie für Cyber Sicherheit (2013)
  12. „Кибер устойчива България 2020” - Republic of Bulgaria: national cyber security strategy "Cyber Resilient Bulgaria 2020"(2016)
  13. „Кибер устойчива България 2020” - Republic of Bulgaria: national cyber security strategy "Cyber Resilient Bulgaria 2020"(2016)
  14. CIRT-BF Glossary
  15. Canada’s Cyber Security Strategy: Canada's Vision for Security and prosperity in the digital age (2018)
  16. Stratégie nationale de cybersécurité: Vision du canada pour la sécurité et la prospérité dans l'ère numérique (2018)
  17. Canada’s Cyber Security Strategy (2010). For a Stronger and More Prosperous Canada (2010)
  18. Stratégie de cybersécurité du Canada: renforcer le Canada et accroître sa prospérité. (2010)
  19. BASES PARA UNA POLÍTICA NACIONAL DE CIBERSEGURIDAD, MARZO DE 2015, Chile
  20. Lineamientos de política para ciberseguridad y ciberdefensa (2011)
  21. Conpes 3854 POLÍTICA NACIONAL DE SEGURIDAD DIGITAL (2016)
  22. Estrategia Nacional de Ciberseguridad de Costa Rica (2017)
  23. 23.0 23.1 Glossary of Cyber terms/Glosario de términos, Centro de Seguridad del Ciberespacio
  24. Cyber-Sicherheitsstrategie für Deutschland 2016
  25. Cyber Security Strategy for Germany (2011)
  26. Cyber-Sicherheitstrategie für Deutschland (2011)
  27. Unpublished working glossary of UP KRITIS and BSI, 2014
  28. BSI Glossar
  29. La Estrategia Nacional de Seguridad Cibernética (June 2018)
  30. CERT.IL Glossary
  31. RFC2828 (Japanese translation)
  32. Estragia Nacional de Ciberseguridad (November 2017)
  33. STRATEGIE NATIONALE EN MATIERE DE CYBERSECURITE, Morocco, 2011
  34. New Zealand’s Cyber Security Strategy (2011)
  35. National Cybersecurity Policy and Strategy (2014)
  36. DND GLOSSARY OF CYBER SECURITY TERMS (v.4)
  37. 2013 Narodowy Program Ochrony Infrastruktury Krytycznej
  38. Glossário Centro National de Cibersegurança Portugal
  39. Hotărârea nr. 271/2013 pentru aprobarea Strategiei de securitate cibernetică
  40. GLOSAR de termeni din domeniul ordinii şi siguranţei publice, MINISTERUL ADMINISTRAŢIEI ŞI INTERNELOR DIRECŢIA GENERALĂ ORGANIZARE, PLANIFICARE MISIUNI ŞI RESURSE
  41. STRATÉGIE NATIONALE DE CYBERSÉCURITÉ DU SÉNÉGAL (SNC2022)
  42. CIBERSEGURIDAD. RETOS Y AMENAZAS A LA SEGURIDAD NACIONAL EN EL CIBERESPACIO, MINISTERIO DE DEFENSA (2010)
  43. National strategy for the protection of Switzerland against cyber risks (2012)
  44. [THE UNITED REPUBLIC OF TANZANIA/MINISTRY OF FINANCE -ICT SECURITY GUIDELINES (2012)]
  45. 2016-2019 ULUSAL SİBER GÜVENLİK STRATEJİSİ
  46. Turkey's National Cyber Security Strategy 2016-2019 (2016)
  47. ЗАКОН УКРАЇНИ - Про основні засади забезпечення кібербезпеки України / THE LAW OF UKRAINE: About the basic principles of providing cyber security of Ukraine 2163-19
  48. National Cyber Security Strategy 2016, HM Government
  49. Cyber Security in the UK, Postnote Number 389, September 2011
  50. NIST Special Publication 800-53 Rev 4: Security and Privacy Controls for Federal Information Systems and Organizations (April 2013)
  51. NIST Special Publication 800-82 Rev 2: Guide to Industrial Control Systems (ICS) Security (May 2015)
  52. RUSSIA-­‐U.S. BILATERAL ON CYBERSECURITY: CRITICAL TERMINOLOGY FOUNDATIONS