Scott CharneyScott Charney
Cybercrime and Risk Management
Cybercrime and Risk Management
PwC
PwC
Understanding Risks:Computer As Target Understanding Risks:Computer As Target
Confidentiality
– The Cuckoo’s Egg
Integrity
– Seattle Sentencing
– Pac Bell Intrusion
Availability
– Morris Worm
– Infrastructure Protection
– Cascading Effects
Confidentiality
– The Cuckoo’s Egg
Integrity
– Seattle Sentencing
– Pac Bell Intrusion
Availability
– Morris Worm
– Infrastructure Protection
– Cascading Effects
2
PwC3
Understanding Risks:Computer As Tool
Understanding Risks:Computer As Tool
Frauds
– Internal: The Airline Scam
– External: Phony e-businesses
Distribution Offenses
– Copyrighted Software
– Inappropriate Material
Frauds
– Internal: The Airline Scam
– External: Phony e-businesses
Distribution Offenses
– Copyrighted Software
– Inappropriate Material
PwC4
Understanding Risks:Computer As Storage Device
Understanding Risks:Computer As Storage Device
Large Volume of Data
Duplicated and Distributed
Recoverable
Large Volume of Data
Duplicated and Distributed
Recoverable
PwC
Future - What’s to come?Future - What’s to come?
Start with the Charney Theorem
+ Add anonymity
+ Add global connectivity
+ Add critical infrastructures
+ Add evidentiary issues
= Lifetime Employment for Law Enforcement and Computer Security Professionals
Start with the Charney Theorem
+ Add anonymity
+ Add global connectivity
+ Add critical infrastructures
+ Add evidentiary issues
= Lifetime Employment for Law Enforcement and Computer Security Professionals
5
PwC
And It’s Probably Worse Than We Think...
And It’s Probably Worse Than We Think...
DoD Controlled Study
– Machines Attacked: 38,000
– Machine Penetrated: 24,700 (65%)
– Attacks Detected: 988 (4%)
– Attacks Reported: 267 (27%)
DoD Controlled Study
– Machines Attacked: 38,000
– Machine Penetrated: 24,700 (65%)
– Attacks Detected: 988 (4%)
– Attacks Reported: 267 (27%)
6
PwC
What to Do: Manage Risk -- Implement Comprehensive Security!
What to Do: Manage Risk -- Implement Comprehensive Security!
Be Prepared To Prevent and Respond to Computer Incidents
Considering Physical, Personnel and Technical Security
Be Prepared To Prevent and Respond to Computer Incidents
Considering Physical, Personnel and Technical Security
PwC
PreventionPrevention
Identify Assets (Computer Resources and Data)
Assess Internal and External Threats to Those Assets– Insider Threats: employees, contractors, JVs– Outsider Threats: hackers, hackivists, thieves, competitors,
terrorists, nation-states
Develop Core Business Policies to Protect Assets– Access Control Policies (watch remote access!)– Retention and destruction policies– Appropriate computer use– Workplace Monitoring?
Educate Users and TEST COMPLIANCE
Identify Assets (Computer Resources and Data)
Assess Internal and External Threats to Those Assets– Insider Threats: employees, contractors, JVs– Outsider Threats: hackers, hackivists, thieves, competitors,
terrorists, nation-states
Develop Core Business Policies to Protect Assets– Access Control Policies (watch remote access!)– Retention and destruction policies– Appropriate computer use– Workplace Monitoring?
Educate Users and TEST COMPLIANCE
PwC
PreventionPrevention
Technical Approaches
– Map the Network
– Test Existing Security (Attack and Penetration)
• Application Defaults
• Bad Configurations - Known Vulnerabilities
• Password Management
– Install Defenses
• Firewalls
• IDS and CADS
• Encryption (VPNS, PKIs)
Technical Approaches
– Map the Network
– Test Existing Security (Attack and Penetration)
• Application Defaults
• Bad Configurations - Known Vulnerabilities
• Password Management
– Install Defenses
• Firewalls
• IDS and CADS
• Encryption (VPNS, PKIs)
PwC
ResponseResponse
Develop response plan
– Identify Key Personnel for Response
– Identify Response Objectives
• Remediation vs. Investigation– Institute Response Procedures
• Audit Trails, Caller-ID
• Evidence Retention and Preservation
• Notifications (e.g., internal, downstream, law enforcement, regulatory authorities)
Develop response plan
– Identify Key Personnel for Response
– Identify Response Objectives
• Remediation vs. Investigation– Institute Response Procedures
• Audit Trails, Caller-ID
• Evidence Retention and Preservation
• Notifications (e.g., internal, downstream, law enforcement, regulatory authorities)
Cybercrime and Risk Management
Cybercrime and Risk Management
Scott Charney(202) 822-4349
Scott Charney(202) 822-4349
PwC