A taxonomy and comparison of computer security incidents from the commercial and government sectors

Abstract

Cyber incidents are growing in intensity and severity. Several industry groups are therefore taking steps to better coordinate and improve information security across sectors. Also, various different types of public–private partnerships are developing, where cyber incident information is shared across institutions. This cooperation may improve the understanding of various types of cyber incidents, their severity, and impact on various types of targets. Research has shown that different types of attackers may be distinguished in terms of sophistication, skill level, attacking style, and objective of attack. It may further be proposed that different sectors experience different types of attacks. Attack characteristics and information about the modus operandi of criminal offenders have been used to learn more about the attacker and the motive of an attack. This information may also be used to distinguish between cyber attacks towards different types of targets. The current study focuses on reported cyber intrusions by the commercial and government sectors. The reported data come from CERT ®Coordination Center (CERT/CC), which has categorized the aspects of cyber intrusions in the current study. The aspects analyzed are: ‘Method of Operation (MO)’ which refers to the methods used by perpetrator to carry out an attack; ‘Impact’ which refers to the effect of the attack; ‘Source’ which refers to the source of the attack, and ‘Target’ which refers to the victim of the attack. The current study uses 839 cases of cyber attacks towards the commercial sector and 558 cases towards the government sector. The 23 variables from the four different cyber intrusion aspects; MO, impact, source sector and target sector, were analyzed using multidimensional scaling (MDS), which is a technique that has often been used when profiling traditional types of crimes. The analysis gave a Guttman–Lingoes' coefficient of alienation of 0.19 with 42 iterations in a 3-dimensional solution. It was shown that the commercial and government sectors experience different types of attacks, with different types of impact, stemming from different sources. The findings and implications are discussed in relation to the benefits of standardization, reporting, and sharing of cyber incident information.