Cyber Civil Defense - Risk Masters - Allan Cytryn

© 2016 Risk Masters International LLC. All rights reserved. 1

UNESCOGlobal Citizenship Education

&Cyber Civil Defense


“Education gives us a profound understanding that we are tied together as citizens of the global community, and that our challenges are interconnected.” Ban Ki-moon, UN Secretary-General

Nurturing respect for all, building a sense of belonging to a common humanity and helping learners become active and responsible global citizens

…develop and apply critical skills for civic literacy, e.g. critical inquiry, information technology, media literacy, critical thinking, decision-making, problem solving, negotiation, peace building and personal and social responsibility;

From UNESCO’s GCE – Topics and Learning Objectives, 2015

What is Global Citizenship Education?


GCE: Core Concepts


Looking at Some Prominent Hacks & Experiences

WSJ, Sept 8, 2016

The suspects often gained access to email accounts by calling the help lines at internet service companies.

Although court documents didn’t name the victims, they include CIA Director John Brennan and then Deputy FBI Director Mark Giuliano, according to officials close to the case.

On May 26, 2015, the IRS announced it had discovered that cyber criminals — using taxpayer information stolen elsewhere — accessed the Get Transcript application onIRS.gov.

Forbes, Feb. 28, 2016

Washington Post, March 3, 2016

https://www.irs.gov/


Most frequently used passwords in MySpace

according to LeakedSource

MySpace: 164,000,000 records stolen


Reported Breaches in Fin. Services since 2006

It is often reported that as much as 85%-95% of all successful penetrations can be attributed to behaviors rather than sophisticated technical hacking.

In this study of all reported Financial Services breaches since 2006, only 25.3% are due to Hacking.


Company or Organization

Records Stolen

Stolen IDs

Supply Chain

Other

Anthem 80,000,000

Target 70,000,000

Home Depot 109,000,000 Network Design issues

Ebay 145,000,000

MySpace 164,000,000

JPM/Chase 83,000,000 No Hackers got lists of programs and exploited vulnerabilities

IRS 200,000 Security Design issues

Heartland 130,000,000 No Coding Issues: SQL Injection

Wells Fargo 2,000,000 Insiders; Consumer FraudNSA n/m No Insider; Security Design issues

Notable “Hacks”

With the exception of the JPM/Chase “hack”, the combination of civilian and professional security education might have mitigated both risk and exposure.


How Easy is it to “Hack”?


How Easy it is to Fix?

…of the MasterCard merchants that have adopted chip technology, fraud from counterfeit cards has dropped by 54% WSJ CIO Journal

Do You Do This? Never log in to a sensitive

site by clicking a link in any message, webpage, or document. Type the link.

If you receive a communication from a bank or credit card company, call them back at the number on the back of your ATM/debit/credit card.

Never read email -- or use sensitive websites -- on a device that does not have security software with updates being applied regularly and automatically.

Over a dozen corporate heavyweights are teaming up to fight "phishing," the use of the Internet by crooks to filch personal data such as bank-account numbers and user passwords. The companies, which include International Business Machines Corp., Fidelity Investments and Tenet Healthcare Corp, WSJ CIO Journal, June 15, 2004


Not engaging forensic experts Not engaging outside council Ambiguous decision making process No communications plan Ambiguous communications Waiting for perfect information before taking action Micromanaging the breach No remediation plans Not providing remedies to consumers and customers Not practicing

Source: CSO Online, Nov 13, 2013

Common Hack-Response Errors:

These have been standard practices of Business

Continuity Planning for more than 40 years


A Call for Cyber Civil Defense


It would aid our cyber warriors to no end, however, if we supported their efforts by doing the simple, responsible things to make our IT infrastructure less vulnerable to disruption. Or, to adapt a slogan once quite popular on the Berkeley scene: “What if They Gave a Cyber War and Nobody Had Anything to Break?”

Amrit WilliamCTO Cloud Passage

Formerly CTO at IBM

Educate the public and national leadership. The U.S. populace has been successfully mobilized in the past to respond to public safety concerns ranging from preventing forest fires to drunk driving. But today’s pervasive lack of awareness of the growing risks to computer networks undercuts any serious effort to mobilize the appropriate national response.

Lt. General David W. Barno, USA (Ret.), and Dr. Nora Bensahel Distinguished Practitioners in Residence

School of International Service at American University.

The Need for Cyber Civil Education


CyberCivil Defense

Cyber Resilience

Actions by individuals, businesses, public sector organizations and other targets for potential cyber warfare attacks taken to minimize the potential for damage to themselves and society.

Cyber Civil Defense

Cyber Security

Cyber Warriors Organizations Nations & Society


Cyber Civil Defense & Norms are Happening

WSJ CIO Journal, Sept 14, 2016

Sept 13,2016WSJ, Sept 14, 2016


Education at many levels is required to transform our Hobbesian Cyber-World into an ordered, safe and free Cyber-Society

The UNESCO Global Citizenship Education program, working together with UCLA and the Boston Global Forum, provide a platform for developing and implementing key program concepts

A Call for Action


Q & A

Thank you for your attention.


RMIChatham House Rules


You Have Been Warned

1 1

Government & Nonprofit

Cyber Civil Defense - Risk Masters - Allan Cytryn