View
4
Download
0
Category
Preview:
Citation preview
Cybersecurity challenges forfuture critical communications
Peter Clemons
Founder & Managing Director, Quixoticity Ltd
CCW 2016
RAI Amsterdam
June 2nd, 2016
6/2/2016 1
2
• Educated in UK/Latin America:• Languages, philosophy, sociology, economics & communications theory• Clemons Consulting dedicated to critical communications since 1998• Quixoticity established in March 2012• 20+ years of experience of economic analysis & project management
& 20 years in mobile communications (global PMR/TETRA)• Ex-director & board member of global TCCA• A fresh, flexible, adaptable, more robust approach to forecasting• Using experience, knowledge & new techniques
to open a window on the future• Working closely together with industry to explore new possibilities • Seeing the world differently – from new angles
& finding new directions• Championing innovation & visionary thinking• Very active on LinkedIn!!!
Quixoticity?
A world of increasing complexity
• Growing populations; global conflict; arms race; growing dependence on technology:
• Algorithms, processes
• Computing capacity driven by Moore’s Law (Silicon v Carbon)
• Increased connectivity/increased threats
• Big Data & analytics
• The sharing economy
• Transparency, privacy and security
• Automation (IoT/M2M) brings benefits & challenges
• The rise of systemic risk (interconnected systems)
Traditional threats
• There have always been threats to infrastructure, networks, systems & solutions:– Physical damage, i.e. fire, water, pollution
– Natural events – climatic, seismic, volcanic etc.
– Loss of essential services – electricity, air conditioning, telecoms etc.
– Technical failures – systems, hardware, software
– Theft
– Basic human error
The rise of cyber-threats• A digital, data-driven world
• Secrets become more valuable
• No longer the need to use violence to steal money or cause havoc…
• Threat classification (example: Microsoft’s STRIDE):
– Spoofing of user identity
– Tampering
– Repudiation
– Information disclosure (privacy breach or data leak)
– Denial of service
– Elevation of privilege (horizontal & vertical)
• Growing number of examples worldwide explained during these sessions
Source of cyber-threats• Where do we start in a highly interconnected world?:
• Internal:– Employees
– Contractors (and vendors)
– Partners
• External:– Cyber-criminals (professional hackers)
– Spies
– Non-professional hackers
– Activists
– Nation-state intelligence services
– Malware (virus/worms etc.)
Cyber Threat Management• Response has to match complexity of attack – constant evolution/regular updates
• A clear need for authorities to develop a more advanced threat management program due to cyber threats
• Start by purchasing secure-by-design solutions
• Then have a clear cyber threat policy backed up by training & resources:
– Early identification of threats
– Data-driven situational awareness
– More accurate decision-making
– Timely threat mitigation actions
TETRA security• TETRA standard
• TCCA > SFPG (Security & Fraud Prevention Group) Recommendations
• ETSI TC-TCCE (Technical Committee – TETRA & Critical Comms Evolution)
– Digital communications?
– Mutual authentication over the air interface
– Air interface encryption (algorithms: TEA2, TEA3 etc.)
– End-to-end encryption (algorithms: IDEA, AES)
– Anonymity
– Ambience listening; discrete listening
– Secure enabling & disabling of terminals
– Lawful interception
– Security management
– Key management (DCK, CCK, GCK, SCK)
• Over-the-air Re-keying (OTAR)
LTE security• Completely packet-switched; Increased
data rates
• SIM cards (e-SIMs)
• UICC tokens (smart cards)
• Device & network authentication
• Cryptographic keys
• Air interface protection (Uu)
• Backhaul & network protection (S1-MME; S1-U)
• Each Release – new challenges & new opportunities
Internet security & issues• TCP/IP now over 40 years old
• Security patches:
– Network layer security; IP security; security tokens
– E-mail security; Firewalls; browser choice
– Anti-virus; password managers; security suites
• Good v bad IT security arms-race:
– Malicious software (where do we start?)
– Denial-of-service attacks
– Phishing
– Applications vulnerabilities
• In search of the next-generation Internet fit for 2020s:
– RINA, Blockchains etc.
– ETSI NGP ISG
Will it get better?• “Age of austerity”
• No-one wants to pay for security
• Increase in:– Automated processes
– Number of connections
– Devices accessing network
– Intelligence at the edge
• Internet of Everything– 20-50 billion devices, sensors, actuators, machines, processes
– UAVs, wearables, video, data, analytics
• Smart Cities v Safe Cities– Newly designed networks from top-to-bottom & bottom-to-top
– Reliability, availability, capacity, coverage, resilience, privacy, security
What is being done?• Increased awareness
• Increased education
• Reputational risk drives increased focus on security
• Slow adoption because of fears
• Increased hiring of cyber-experts
• Government/SDO/industry programmes (iCERT, ENISA, ETSI/3GPP, EU….)
• Global initiatives (global standards applied locally)
• Increased cooperation (new forms of “network economics”)
• Sectoral approaches (transport, utilities etc.)
• Biometrics etc. – the “death” of passwords
The emerging digital economy
• Smarter technologies (require smarter people, societies, economies & Governments)
• 5th generation communications (5G)• Enormous new requirements for spectrum
• Cleaner, more efficient use of energy
• Cloud computing to cope with big data
• New modulation techniques for better bits/Hz
• Inessential hardware replaced by software (SDN/NFV)
• New forms of value/incentives/businesses & business models (“currencies”, micropayments, decentralised autonomous organisations)
• All communications become “critical”
Our final destination• Fully functioning, scalable, adaptable, flexible, continually evolving systems
• Better & safer (stress-free, risk-free?) user experience
• All processes become manageable by network operators & seamless to users
• Fully automated processes that free up human energy..
• ..To be more productive in a better environment
• A fairer balance between economic value and social value
• New forms of thinking & seeing the world
• A new definition of Being-Human
6/2/2016 16
For more in-depth analysis & commentary on the critical communications landscape, please contact:
Peter Clemons
Managing Director, Quixoticity Ltd.
9 Pine Grove, Penenden Heath
Maidstone, Kent. ME14 2AJ. UK
+44-7951-289934
peter@quixoticity.com
Skype: peterclemons
LinkedIn: Peter Clemons
Recommended