Glossary Cybersecurity

Anonymous: A loose collective group of cyber hackers who espouse Internet freedom and often attack websites that they consider symbols of authority.

botnet: A network of computers controlled by an outside actor who can give those computers orders to act in a coordinated manner, much like orders to a group of robots.

Comprehensive National Cybersecurity Initiative (CNCI): The broad federal strategy for fostering cybersecurity in America. When first drafted in 2008, it was classifi ed. An unclassified version was publicly released in 2010.

Cyberspace Policy Review: In May 2009, one of the first actions of the Obama administration was the development and release of a broad-based cyberspace policy review. This review has guided federal strategy since then.

denial-of-service attack: An attack in which a malicious actor repeatedly sends thousands of connection requests to a website every second. The many malicious requests drown out the legitimate connection requests and prevent users from accessing the site.

distributed denial of service (DDoS): A DDoS attack is related to a denial-of-service attack, but in a DDoS attack, the attacker uses more than one computer (often hundreds of distributed slave computers in a botnet) to conduct the attack.

domain name system (DNS): The DNS is the naming convention system that identifies the names of various servers and websites on the Internet. In any web address, it is the portion of the address after http://www. One example would be microsoft.com.domain name system security extension (DNSSEC): A proposed suite of security add-on functionalities that would become part of the accepted Internet protocol. New security features will allow a user to confirm the origin authentication of DNS data, authenticate the denial or existence of a domain name, and ensure the data integrity of the DNS.

Einstein: Intrusion detection and prevention systems operated by the federal government, principally to protect federal networks against malicious intrusions of malware.

encryption: The act of concealing information by transforming it into a coded message.

firewalls: Computer security systems designed to prevent intrusions.

hacktivist: A combination of the words “hacker” and “activist.” The term denotes a hacker who purports to have a political or philosophical agenda and is not motivated by criminality.

Information Sharing and Analysis Center (ISAC): A cooperative institution chartered by the federal government that brings together sector-specifi c private-sector actors to share threat and vulnerability information.

There are ISACs for the financial sector, the chemical industry, the IT sector, and most other major private-sector groups.

Internet Corporation for Assigning Names and Numbers (ICANN): A nonprofi t organization that sets the rules for creating and distributing domain names. Originally chartered by the U.S. government, it now operates on a  multilateral basis from its headquarters in California.

Internet Criminal Complaint Center (IC3): The IC3 is a unit of the U.S. Department of Justice. It serves as a central collection point for complaints of criminal cyber activity and provides estimates of criminal effects.
Internet Engineering Task Force (IETF): A self-organized group of engineers who consider technical specifi cations for the Internet. The IETF sets voluntary standards for Internet engineering and identifies “best current practices.” Though the organization has no enforcement mechanism, IETF
standards are the default for all technical Internet requirements.

Internet protocol (IP) address: An IP address is the numeric address that identifies a website on the cyber network. Typically, it looks like this: 172.16.254.1. Using the IP address, information can be communicated from one server to another. One of the critical functions of the DNS is to translate
domain names (which appear in English) into numerical IP addresses.

Internet Systems Consortium (ISC): A nonprofi t 501(c)(3) corporation that produces open-source software to support the infrastructure of the Internet. Its work is intended to develop and maintain core production-quality software, protocols, and operations.

intrusion detection system: A computer security system that detects and reports when intrusions have occurred and a firewall has been breached.

keylogger: As the name implies, a keylogger program is one that records all the keystrokes entered on a keyboard (such as the letters and numbers in a password) and then reports those keystrokes to whoever installed the program.

letters rogatory: Formal letters of request for legal assistance from the government of one country to the courts of a foreign country. This is the mechanism by which mutual legal assistance treaties are implemented.

logic bomb: A program that tells a computer to execute a certain set of instructions at a particular signal (a date or a command from outside, for example). Like many bombs or mines, the logic bomb can remain unexploded and buried for quite some time.

malware: Short for “malicious software.” A general term describing any software program intended to do harm.

microblogs: Systems, such as Twitter, that allow blogging on the Internet  but only on a “micro” scale. Twitter, for example, is limited to 140 characters per post.

mutual legal assistance treaty (MLAT): An agreement between nations to exchange information in support of investigations of violations of criminal or public law.

National Counterintelligence Executive (NCIX): Part of the Office of the Director of National Intelligence. The mission of the NCIX is the defensive
fl ip side of our own espionage efforts. It is charged with attempting to
prevent successful espionage against the United States by our adversaries.
peer-to-peer: Most Internet transmissions involve some routing by
intermediate servers that serve a controlling function. Peer-to-peer systems,
as the name implies, enable direct communications between two (or more)
endpoints without the need for intermediate routing and with no centralized
or privileged intermediary.
phishing: Phishing is a cyber tactic that involves dangling “bait” in front
of an unsuspecting user of the Internet. The bait may be an e-mail with an
attractive link to click on that takes the unwary user to a malicious site.
SCADA (supervisory control and data acquisition): SCADA systems
are used to control industrial processes, such as automobile manufacturing.
They can be, but are not necessarily, controlled by other computer operating
systems.
spear-phishing: A phishing attack that is targeted at a particular, specifi c
recipient; the name comes from the similarity of using a spear to catch a
particular fi sh.
Trojan horse: As the name implies, a computer program or message that, on
the outside, looks like an innocent piece of code. Contained within the code,
however, is a malicious piece of software.
United States Computer Emergency Readiness Team (US-CERT):
A component of the Department of Homeland Security. Its mission is to
serve as a central clearinghouse for information concerning cyber threats,
vulnerabilities, and attacks, collecting information from government and  private-sector sources and then widely disseminating that information to all  concerned actors.

virus: A piece of computer code that infects a program, much as a virus
infects a person, and replicates itself.

WikiLeaks: A website founded by Julian Assange. It accepts anonymous leaks of classifi ed, secret, and confi dential information and then posts the information in an effort to promote transparency. Controversial in operation, WikiLeaks’ most famous leak was of more than 250,000 classifi ed State
Department cables.

wiretapping: The interception of a message in transit by someone who is not the intended recipient. The term comes from the practice of attaching two clips to a copper telephone wire to intercept a phone call.
worm: A stand-alone program that replicates itself. It often hides by burrowing in and concealing itself amidst other program code, like a worm in dirt.

zero-day exploit: A vulnerability in a software program that has not previously been used or discovered. Because most vulnerabilities are quickly patched after they become known, zero-day exploits, which are not yet patched, are valuable to malicious actors. They leave systems open to
intrusions that will be successful on the “zeroth” day.