Pulling It All Together: Using the SDL to Prevent Real-World Threats 329
computer networks, television, and radio (not only that which is publicly
accessible, but that controlled by private or government entities in special
networks or on special frequencies), banks and other financial institu-
tions, and security, fire, hospital, and emergency services. Each element
of critical infrastructure is so vital that if it were removed from the equa-
tion, even temporarily, the entire nation would experience monumental
repercussions. Even when the infrastructure of a particular area is threat-
ened, the results can be disastrous. This can include telecommunications,
energy, banking and finance, transportation, water systems, and emer-
gency services.
6
Of course, strategic targets also include critical elements
of the government such as defense, intelligence, and other agencies con-
sidered of high value to an adversary.
Strategic software attacks are highly repeatable and use general target-
ing such as against a broad industry (military, finance, energy, etc.) or
groups of individuals (politicians, executives), and must have long-term
staying power. Strategic attacks are less sophisticated in comparison to
tactical threats and typically are lower in cost to develop and maintain.
These types of attacks can be categorized in three major areas: espionage,
criminal, and socio-political.
10.1.1.1 Espionage
Cyber spying, or cyber espionage, is the act or practice of obtaining
secrets without the permission of the holder of the information,
from individuals, competitors, rivals, groups, governments
and enemies for personal, economic, political or military
advantage using methods on the Internet, networks or individual
computers through the use of cracking techniques and malicious
software including Trojan horses and spyware. It may wholly
be perpetrated online from computer desks of professionals on
bases in far away countries or may involve infiltration at home by
computer trained conventional spies and moles or in other cases
may be the criminal handiwork of amateur malicious hackers and
software programmers. Cyber spying typically involves the use
of such access to secrets and classified information or control of
individual computers or whole networks for a strategic advantage
and for psychological, political and physical subversion activities
and sabotage.
7