The IT Law Wiki


Computer security[]

An attack is

[a]ny kind of malicious activity that attempts to collect, disrupt, deny, degrade, or destroy information system resources or the information itself.[1]
[a]n attempt to gain unauthorized access to system services, resources, or information, or an attempt to compromise system integrity, system availability, or confidentiality.[2]
[a] deliberate attempt to compromise the security of a computer system or deprive others of the use of the system.[3]


any type of intentional exploitation of a vulnerability by a source of threat, including for breach of confidentiality.[4]


Attacks may be passive or active. The fact that an attack occurs does not necessarily mean that it will succeed. The degree of success depends on the vulnerability of the system or activity and the effectiveness of existing countermeasures.

Tracing attacks is generally difficult, because serious attackers are likely to launder their connections to the target. That is, an attacker will compromise some intermediate targets whose vulnerabilities are easy to find and exploit, and use them to launch more serious attacks on the ultimate intended target.[5]

Network or system owners can adopt practices and technologies that improve resistance to attacks or that prevent attacks from disrupting communications or operations, or from compromising or corrupting information.

Attack protection, prevention, and preemption are essential functional cyber security capabilities. Their goal is to provide an enterprise-wide capability to intercept a malicious attack, thereby preventing disruption, compromise, or misappropriation of networks, systems, or information. Robust attack protection, prevention, and preemption capabilities help mitigate threats and reduce the ability of adversaries to exploit vulnerabilities.

There are two different attack protection, prevention, and preemption strategies. The proactive strategy shields healthy network or system components or services to prevent them from becoming contaminated, corrupted, or compromised. The reactive strategy temporarily isolates compromised network or system components or services to prevent them from contaminating, corrupting, or compromising healthy assets. To be effective, both the proactive and the reactive security capabilities need to be deployed at all levels of enterprise systems.

In addition, attack protection, prevention, and preemption capabilities should be governed by a flexible, adaptable concept of operations. Not all attacks have the same scope or operational impact. Accordingly, the configuration and operation of the attack protection, prevention, and preemption capability should change in accordance with attack severity and intent (i.e., the approach must be adaptable to the nature of the attack and the assets being attacked).

State of the art[]

A variety of laws, regulations, and/or institutional policies require agencies and other organizations to be able to respond to security incidents, prevent disruption to normal operations, and isolate compromised networks and systems. Many current commercial offerings are primarily limited to reactive intrusion-detection tools using signature- and rule-based algorithmic techniques, which use preset identification rules to distinguish authorized from unauthorized access. These tools are labor-intensive to use, require constant updating, and provide only limited protection. Even though updates are released much more quickly today than in the past, the result is an arduous configuration control and patch management task.

For example, major vendors are constantly issuing updates and patches to operating systems or applications to fix security holes. In some instances, these updates and patches reopen existing vulnerabilities or create new ones while fixing the targeted problem. Many organizations, such as those operating safety-critical infrastructure systems, have policies that require all upgrades and patches to be thoroughly tested before being deployed to operational systems. But hackers now are also able to reverse-engineer patches to discover the vulnerabilities and rapidly launch attacks that exploit them before the patches can be widely deployed. This becomes a recurring cycle as new upgrades and patches are released more frequently and reverse engineering methods used by hackers improve.


See also[]