Understanding the threat landscape in e-government infrastructure for business enterprises

Cyber threats are becoming more sophisticated and varied. The range of possible attacks that organizations face is higher than in the past. Analysis shows that the number of cyber incidents involving government agencies has increased by 35 percent between 2010 and 2013. E-government is a potential target to attacks of various kinds from a range of adversaries. The rising number of cyber threats and the increasing complexity of e-government implementations call for enhanced security of e-government infrastructures. The preparedness of organizations to future cyber-attacks depends on the awareness of the organizations about their cyber threat landscape. The threat landscape of an organization shows the range of threats that the organization faces from a security perspective. We define a threat landscape as the characteristics (attributes), the likely threat actions (methods), and objectives of the different types of threat agents who may act against the assets of an organization. In this research we focus on understanding the threat landscape of e-government infrastructure for business enterprises. Contemporary research shows a gap in understanding the threat landscape of e-government infrastructures. A systematic methodology for understanding the threat landscape of e-government infrastructures is also lacking. We argue that a threat assessment methodology can be used to understand the threat landscape of e-government infrastructure for businesses. Our analysis of the state of the art in threat assessment methodologies shows that the Threat Agent Risk Assessment (TARA) methodology developed by Intel is suitable for understanding the threat landscape of organizations. However applying the TARA methodology to e-government infrastructure for businesses is only possible by overcoming the limitations of the Threat Agent Library (TAL) and the Methods & Objectives Library (MOL) associated with it. We address the limitations of the TARA methodology by tailoring the TAL and MOL for e-government infrastructure for businesses. We use knowledge from information security literature and cyber security experts in the public sector to perform this. The outputs of the research are the tailored TAL and MOL for e-government infrastructure for businesses. We also apply the tailored TAL and MOL using TARA methodology to the Public Key Infrastructure (or Key Management System) of Digipoort PI as a practical case study. The results of the application help us in understanding the threat landscape of the PKI of Digipoort PI, and reflect and learn about the tailored TAL and MOL we designed. This research contributes to the field of Information Security by providing a tailored library of threat agents for the e-government domain. We also summarize the methods and objectives of the threat agents in the corresponding library of methods and objectives. Organizations wanting to enhance their understanding of the threat landscape of e-government infrastructure for businesses can use these libraries as a starting point for threat assessment. Furthermore, this research also provides opportunities for future research in this area as the libraries can be tailored for applying to other infrastructures in the e-government domain or new domains itself.

Subject

threat landscape
threat agent
e-government
threat assessment
cyber

To reference this document use:

http://resolver.tudelft.nl/uuid:5b21c91a-2f64-4117-9ad8-c9487e92b72b

Embargo date

2015-09-22

Part of collection

Student theses

Document type

master thesis

Rights

Files

PDF

Threat Landscape Study Public.pdf

3.76 MB

Close viewer