20
www.Alt3.co.uk 1 CYBER THREAT: 2015 and beyond – the age of stealth terror and crime. www.alt3.co.uk [email protected] Alt3 understanding future risks and opportunities

Cyber Threat

Embed Size (px)

Citation preview

www.Alt3.co.uk

1

CYBER THREAT:

2015 and beyond – the age of stealth terror and crime.

www.alt3.co.uk

[email protected]

Alt3understanding future

risks and opportunities

www.Alt3.co.uk

2

2014: I gave a speech outlining the scale and scope of cyber threat – and how much

this will impact the world as we know it ... and the world as we don’t know it.

Predicted that 2015 and following will be an age of increasing cyber warfare and the

rise of true cyber terrorism.

I already knew my emails were routinely viewed by outside agencies. But then all my

counter-terrorism material vanished from my laptop.

I knew I had someone’s attention.

TIMELINE:

www.Alt3.co.uk

3

Increasing online activity and the increasing sophistication of intrusion techniques mean that 2015 will be a year of:

• increased intrusion by rogue states and states with an aggressive foreign policy specifically to cause widespread economic and physical damage to other states

• the hacking of commercial organisations to steal sensitive data

• the increased use of social media for terrorist propaganda

• the hacking of individuals by minor criminals to gain access to bank accounts

• the increased use of the “dark web” by insidious criminals such as drug dealers and paedophiles

COUNTRIES NEED TO BE BETTER AT EXPLAINING THE NEED FOR SURVEILLANCE

ORGANISATIONS NEED TO BE BETTER AT PROTECTING THEIR DATA

www.Alt3.co.uk

4

CYBER WARFARE

This is the 21st century.

You don’t have to defeat an army on the battlefield to win the war.

2013: cyber warfare considered a greater threat to US interests than AQ

2014: increasing intrusion at a national security level. “Hackers” threaten to

close down nuclear power plants in South Korea. Following investigations, this

became widely viewed as an act of cyber warfare with a political purpose by a

nearby state.

www.Alt3.co.uk

5

Making sure everyone has the same understanding:

Definition of war (20th century):

“shock and awe” – large armies, zooming planes, lots of munitions, long distance PR

based on front line news comments from the boots on the ground. High risk. High

cost. Lots of death. Anti-war demonstrations. Election issue. War-weariness.

Definition of war (21st century):

Silence. You don’t know it’s happening. People continue on their daily lives while

beneath the surface the war rages … with cyber vulnerabilities exposed and people

believing they are safe. Ignorance is bliss.

www.Alt3.co.uk

6

Making sure everyone has the same understanding:

CYBER WARFARE:

Instead of the high risk / high cost / high opposition dismantling an entire country

through traditional warfare, cyber warfare can essentially close down that country at

the press of a button …

… or at least inflict serious economic damage.

But … the trouble is … anyone with a grudge can potentially do this. And the world is

full of very intelligent people.

www.Alt3.co.uk

7

Hidden Reality:

Welcome to the turbulent 21st century. The war is already raging … and many people are

blissfully unaware.

• Hacking became known in the 1960’s

• It became prevalent in the 1980’s

• It became industrialised in the 2000’s

• It broke the surface into public knowledge in 2010 with Stuxnet

• 2010,US Pentagon sets up U.S. Cyber Command

• 2013 – 2014 the rise of internet comms as a means of stealth command and control /

propaganda, increasing the pressure for surveillance and overall control

Estimated cost to produce and distribute Stuxnet: $380K

Cost of a Tomahawk Cruise missile (2011): $1.41M

Traditional 20th century armies, cost: $billions

www.Alt3.co.uk

8

Hidden Reality. IF you had to fight a war what would you do?

If you don't understand the risks, how can you prepare?

Can you afford to let the issues be blurred?

Stealth Vs “shock and awe” – what would you go for?

Low cost efficiency Vs high cost / high risk – what would you go for?

This is the 21st century. “You don’t have to defeat an army on the battlefield to win the

war”

For the past 5 years cyber warfare has been raging. Most people don’t even know it.

www.Alt3.co.uk

9

Hidden Reality:

Cyber Warfare is:

• a “game” of cat and mouse

• something all the major powers are engaged in

• initially around IP theft and defensive security

• now major multinational vulnerability and threat assessment

• and when found out … becomes a “blame game”

• includes the balance between the freedom of the net and control of information in the

face of social media mass movements and / or terrorist propaganda

The world is changing. The pace of change is increasing. The more we live our lives

on line, the greater the automation, the greater the “footprints in the sand” – and the

greater the vulnerability.

www.Alt3.co.uk

10

Cyber Warfare Vulnerabilities:

Critical Infrastructure – any core system an advanced country requires to maintain its

daily operations:

• transport

• health

• financial

• energy

• water

• government

- not a move away from high tech IP theft or financial crime but an evolution into

national security.

www.Alt3.co.uk

11

In todays fragile economic climate … what if …

… one of these critical service sectors was to be suddenly unavailable? There would be:

• chaos

• a momentum of chaos

• an attempted sudden imposition of “control” from the centre

• devaluation

• potential social disintegration

Welcome to the turbulent 21st century. You don’t have to defeat an army on the battlefield

to win the war.

www.Alt3.co.uk

12

In todays fragile economic climate … in the next 2-3 years …

Cyber Warfare will become the number ONE priority for national security.

(closely followed by terrorism and then rogue, extremist states – all of which are linked)

And within this timeframe there will be at least one major global / regional

intrusion episode with a severe damage probability.

Do not make the mistake of thinking bad things just happen to other people.

www.Alt3.co.uk

13

So, who’s doing this?

• Major global / international powers

o aggressive foreign policy

o stealth warfare

o seeking to steal IP and gain commercial benefit

o even as a means of defence

• Extremist states

• Other countries

• Extremist and anarchist groups including terrorists

• Industrial espionage hackers

• Mischief makers

• … and we are

The war is raging. It is gathering pace.

www.Alt3.co.uk

14

Evidence? Full Scale and Massive Intrusion. The open secret:

• large scale IP theft that can not take place without national knowledge –

originally to steal commercial secrets, now mainly to steal the technology

secrets that are at the core of modern defence systems

• the constant probing of defences by potentially hostile powers – most

developed countries now have a budget for cyber defence and often for cyber

offence

Dates for some major national level cyber attacks:

• Baltic States – 2007

• Georgia – 2008

• Ukraine – 2014

• South Korea - 2014

www.Alt3.co.uk

15

The point is …

• it exists

• it is a fact of life

• it is more prevalent than most people realise

• it is set to become even more prevalent

• no one is immune to the potential consequences of cyber war

In a highly competitive world when there is conflict or the risk of conflict

(therefore the need to defend) countries want that low cost / low risk option.

www.Alt3.co.uk

16

The targets of Cyber war – FACTS:

1. The world is becoming more “automated” – faster, more global, more communicative.

2. every time you make a phone call, every time you engage in a transaction, every time

you visit a web page, every comment you make on line … you leave a footprint. This is

“high availability” data.

3. every time an organisation electronically touches the outside world for any reason …

they create their own footprint. Crucially, they do so through gateways.

4. If not guarded properly these on line gateways are in fact open doors.

5. Cyber warfare and a large proportion of cyber crime focuses on finding a route through

these open doors or poorly guarded gateways.

6. This is “vulnerability”.

www.Alt3.co.uk

17

What do we need to do? Understand the nature of vulnerability:

• what are the national vulnerabilities?

• do bad things really just happen to someone else?

• what are the common international vulnerabilities?

• from where are the common threats?

• what is the common ground? Build alliances.

• it’s not “us against the world”. There IS a shared threat and a common ground.

The world is changing. The pace of change is increasing. Reach out. You will be

surprised at who our friends are with whom we share a common goal.

www.Alt3.co.uk

18

The Greatest Threat?

Nationalism?

The belief it’s us against the world and no one else can be trusted.

FACT:

• there are many of us who share the same threat

• there are many of us who share the same vulnerabilities

• shared defence creates greater security

• this means mutual respect, benefits AND privacy

• no one member is greater than any of the others

This is our only viable future.

www.Alt3.co.uk

19

2015 onward:

Countries need to work together to form a common shield against:

• rogue and aggressive states currently engaged in cyber warfare• the use of social media as a terrorist propaganda tool

Police organisations need to work closely together to prevent:

• organised crime / cyber criminals • paedophiles

Business organisations need to be more aware of:

• the changing nature of the threat against them• their vulnerability

www.Alt3.co.uk

20

Thank you.

If you don't understand the risks, how can you prepare? Can you afford to let the issues be blurred?

[email protected]