Embed Size (px)
Citation preview
‹#›
CYBER RESILIENCY: from Prevention to Recovery (Part 1)
8 Dec 2015
Dr. Robert D. Childs President & CEO, iCLEAR LLC
Former Chancellor, National Defense University (NDU) iCollege and Deputy to NDU President for Cyber and Information
‹#›
Definition of Cybersecurity
The protection of information systems from theft or damage to hardware, software, and information on them, as well as from disruption or misdirection of the services they provide. It includes controlling physical access to hardware, protecting against harm that may come via network access, data and code injection, and due to malpractice by operators, whether intentional, accidental, or due to them being tricked into deviating from secure procedures.
3
‹#›4
NATO Cooperative Cyber Defense Center of Excellence
A proactive measure for detecting or obtaining information as to a cyber intrusion, cyber attack, or impending cyber operation or for determining the origin of an operation that involves launching a preemptive, preventive, or cyber counter-operation against the source.
Source: Compilation of Existing Cybersecurity and Information Security Related Defintions, Open Technology Institute New America (2013)
Cyber Defense Definition
‹#›
Cyber Resilience Definition
5
The ability to prepare for, adapt to, withstand, and rapidly recover from disruptions resulting from deliberate attacks, accidents, or naturally occurring threats or incidents.
Source: Qatar National Cyber Security Strategy (2014)
‹#›6
Overarching Cyber Defense Questions
• What are various types/purposes of attacks
• What factors influence the cyber environment
(trends/issues/technologies)
• What are primary cyber defense challenges
• What are potential solutions
• What areas require further analysis/R&D
• What elements are needed in a cyber defense plan
‹#›
Five Most Common Types of Attacks
• Socially engineered Trojans
• Unpatched software
• Phishing attacks
• Network traveling worms
• Advanced Persistent Threat (APT)
7
‹#›8
• Identity theft (money, medical fraud, access)
• Financial (banks,insurance)
• Espionage (exfiltrate commercial/political/military
information)
• National security (military plans/operations,
infrastructure)
• Terrorism (communicate,fund raise,disrupt)
Attack Purposes
‹#›
Major Societal Factors Affecting Cybersecurity Trends
• Expanding number/use of mobile devices
• Increasing use of social media
• Use of data analytics
• Shift to cloud computing
• Increasing skills crisis
9
‹#›10
Specific Issues Influencing Cyber Environment
• Increasing attacks/sophistication/seriousness
• Increasing number of apps
• Proliferation of opportunities (SCADA)
• Pervasive/ubiquitous computing
• Need for interoperability
• Exponential growth of Internet of Things (IoT)
• Disagreement on security metrics
• Advanced Persistent Threat (APT)
Growth of Cyber Threat Vectors
High
Low
Soph
isti
cati
on
Sophistication of Hacking Tools & Elite Hackers
Increasing Elite Hackers
1980 1985 1990 1995 2000
Sophistication Required of
Common Hacktivists Declining
cross site scripting
password guessing
self-replicating code
password cracking
exploiting known vulnerabilities
disabling auditsback doors
Session hijacking
sweepers
sniffers
packet spoofing
graphic user interface
automated probes/scans
denial of service
www attacks
“stealth” / advanced scanning techniques
burglaries
network mgmt. diagnostics
distributed attack tools
Staging
sophisticated C2
2010 ~ 2020
APT
Sophistication of Stealth Tools & Elite Hackers
Increasing
…next?
Dr. Gil Duval, CEO Data Security Storage, LLC11
Elite
Critical Infrastructure Exploitation Tools
“The Enhanced Cybersecurity Services program …voluntary
information sharing program will provide classified cyber threat and technical information …to eligible critical infrastructure companies.” - President Barack Obama, Executive Order, 12 February 2013
‹#›12
Technologies Impacting Cyber Defense
• Sensors
• Wearables
• Drones/robotics
• Virtual reality (gaming)
• Mobile devices/apps
• Internet of everything
‹#›
Cyber Defense Challenges
• Advanced Persistent Threat (APT)
• Late detection/continuing leakage
• Backdoor apps
• Multitude of vendors/fragmented solutions
• Cloud computing
13
‹#›
Cyber Defense: Old vs New Approach
• Old Approach: (patch & pray-a perimeter defense)
• New Approach: (proactive,agile,adaptive)
• Realtime visibility across network
• See how machines/people behave
• Identify changes in behavior
• Take corrective measures
14
‹#›
Active Cyber Defense (ACD)
Reactive Engagement Model • find invading code • unplug affected systems • create security patches • apply patches network wide
ACD Program (not offensive) • collect, synchronized realtime capabilities • discover, define, analyze, mitigate cyber threats/
vulnerabilities • disrupt and neutralize AS ATTACKS HAPPEN
15
‹#›16
DARPA Projects to Protect Military Technology from Hackers
• High-Assurance Cyber Military Systems (HACMS)-
no requirement for security patches
• Cyber Grand Challenge (automated adaptive
security software)
• Computer individuality (distinctive computers)
• Advanced encryption (fully homomorphic)
‹#›
Contact
Dr. Robert D. Childs
President & CEO, iCLEAR LLC
Former Chancellor, National Defense University(NDU) iCollege and
Deputy to the NDU President for Cyber and Information
e-mail: [email protected]
iCLEAR LLC website: http://iclearllc.com
