cyber security: the strategic view
DESCRIPTION
Cyber Security: The Strategic View By: Kah-Kin Ho, Head of Cyber Security Business Development Threat Response, Intelligence and Development (TRIAD) This session begins by giving an overview of how Cisco sees the challenges and opportunities of cyber security for the Government which include areas such as recent development on applicability of International Law to Cyber conflict, the evolving role of the Government as the legitimate security provider, Public-Private Partnership issues, and the evolving technical, social and political threat landscape. Cisco recognizes that cyber security begins at the policy level and translates through to the operational and system level. We will discuss why an intelligence-led network-centric approach that focuses on enforcing policy, enhancing situational awareness, and providing the insight necessary to tackle threats before they impact information and infrastructure assets is key to Cyber Security.TRANSCRIPT
![Page 1: Cyber Security: The Strategic View](https://reader033.vdocument.in/reader033/viewer/2022042714/554da714b4c905047b8b4a94/html5/thumbnails/1.jpg)
© 2011 Cisco and/or its affiliates. All rights reserved. 1
Cyber Security: The Strategic View Kah-Kin Ho
Head of Cyber Security Business Development
Threat Response, Intelligence and Development (TRIAD) 9th October 2013
![Page 2: Cyber Security: The Strategic View](https://reader033.vdocument.in/reader033/viewer/2022042714/554da714b4c905047b8b4a94/html5/thumbnails/2.jpg)
2 2 2 2 2 2 2 2 2 2 2 2
Agenda
Threat Landscape
Cisco’s Overall Approach
Intelligence-led Cyber Defense
Summary
![Page 3: Cyber Security: The Strategic View](https://reader033.vdocument.in/reader033/viewer/2022042714/554da714b4c905047b8b4a94/html5/thumbnails/3.jpg)
Associated Press Twitter Account Attack AP Twitter account hacked
Perpetrated by the Syrian Electronic Army.
Same group also successfully attacked:
60 Minutes BBC CBS NPR
![Page 4: Cyber Security: The Strategic View](https://reader033.vdocument.in/reader033/viewer/2022042714/554da714b4c905047b8b4a94/html5/thumbnails/4.jpg)
AP Twitter Account
![Page 5: Cyber Security: The Strategic View](https://reader033.vdocument.in/reader033/viewer/2022042714/554da714b4c905047b8b4a94/html5/thumbnails/5.jpg)
Dow Jones took a dip …. briefly
![Page 6: Cyber Security: The Strategic View](https://reader033.vdocument.in/reader033/viewer/2022042714/554da714b4c905047b8b4a94/html5/thumbnails/6.jpg)
20 million compromised end-users X 250 bps upstream bandwidth = 5 Gbps
DDOS is back ..
![Page 7: Cyber Security: The Strategic View](https://reader033.vdocument.in/reader033/viewer/2022042714/554da714b4c905047b8b4a94/html5/thumbnails/7.jpg)
1000 compromised datacenter servers X 5Mbps upstream bandwidth = 5 Gbps
![Page 8: Cyber Security: The Strategic View](https://reader033.vdocument.in/reader033/viewer/2022042714/554da714b4c905047b8b4a94/html5/thumbnails/8.jpg)
1000 compromised datacenter servers + 20M open DNS resolvers @25Kbps = 500 Gbps
![Page 9: Cyber Security: The Strategic View](https://reader033.vdocument.in/reader033/viewer/2022042714/554da714b4c905047b8b4a94/html5/thumbnails/9.jpg)
DDoS Attacks on Banks
• Can mask wire fraud before, during, or after • Overwhelm bank personnel • Prevent transfer notification to customer • Prevent customer from reporting fraud
Costly disruption of service, or…?
![Page 10: Cyber Security: The Strategic View](https://reader033.vdocument.in/reader033/viewer/2022042714/554da714b4c905047b8b4a94/html5/thumbnails/10.jpg)
The Facebook Vector
![Page 11: Cyber Security: The Strategic View](https://reader033.vdocument.in/reader033/viewer/2022042714/554da714b4c905047b8b4a94/html5/thumbnails/11.jpg)
11 11 11 11 11 11 11 11 11 11 11 11
Unique Malware Content
![Page 12: Cyber Security: The Strategic View](https://reader033.vdocument.in/reader033/viewer/2022042714/554da714b4c905047b8b4a94/html5/thumbnails/12.jpg)
12 12 12 12 12 12 12 12 12 12 12 12
Detection is key to Respond and Recover
Source: Verizon Data Breach Investigation Report 2012
![Page 13: Cyber Security: The Strategic View](https://reader033.vdocument.in/reader033/viewer/2022042714/554da714b4c905047b8b4a94/html5/thumbnails/13.jpg)
Secure Security Interdependency
Source: WEF Global Risk 2013
![Page 14: Cyber Security: The Strategic View](https://reader033.vdocument.in/reader033/viewer/2022042714/554da714b4c905047b8b4a94/html5/thumbnails/14.jpg)
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 14
Critical Infrastructures in Private Hands
![Page 15: Cyber Security: The Strategic View](https://reader033.vdocument.in/reader033/viewer/2022042714/554da714b4c905047b8b4a94/html5/thumbnails/15.jpg)
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 15
- security incidents can have crippling effect
Security Incidents can have crippling effect
![Page 16: Cyber Security: The Strategic View](https://reader033.vdocument.in/reader033/viewer/2022042714/554da714b4c905047b8b4a94/html5/thumbnails/16.jpg)
Security Incident: Private Cost + Social Cost (negative security externality)
Divergent Interest
Global Threats, Targets, Adversaries, GDP
Corporate Profits
Private Sector: Corporate Efficiency Government: National Security & Economic Prosperity
![Page 17: Cyber Security: The Strategic View](https://reader033.vdocument.in/reader033/viewer/2022042714/554da714b4c905047b8b4a94/html5/thumbnails/17.jpg)
Regulate Facilitate Collaborate
Evolving Role of the Government
“Do As I Say”
“How Can I Help You Do Better” “Do As I Say” “What Can We Do Better
Together”
![Page 18: Cyber Security: The Strategic View](https://reader033.vdocument.in/reader033/viewer/2022042714/554da714b4c905047b8b4a94/html5/thumbnails/18.jpg)
Can Cyber Operation amount to an Armed Attack?
NATO Article 5 of Washington Treaty
The Parties agree that an armed attack against one or more of them in Europe or North America shall be considered an attack against them all and consequently they agree that, if such an armed attack occurs, each of them, in exercise of the right of individual or collective self-defence recognised by Article 51 of the Charter of the United Nations will assist the Party or Parties so attacked by taking forthwith, individually and in concert with the other Parties, such action as it deems necessary, including the use of armed force, to restore and maintain the security of the North Atlantic area. Any such armed attack and all measures taken as a result thereof shall immediately be reported to the Security Council. Such measures shall be terminated when the Security Council has taken the measures necessary to restore and maintain international peace and security.
![Page 19: Cyber Security: The Strategic View](https://reader033.vdocument.in/reader033/viewer/2022042714/554da714b4c905047b8b4a94/html5/thumbnails/19.jpg)
19 19 19 19 19 19 19 19 19 19 19 19
International Law on Conflict (Cyber)
Two distinct bodies of law – jus ad bellum, jus in bello
Interest started more than a decade ago, lost momentum after 9/11 event, picked up after Estonia (2007) and Georgia (2008)
![Page 20: Cyber Security: The Strategic View](https://reader033.vdocument.in/reader033/viewer/2022042714/554da714b4c905047b8b4a94/html5/thumbnails/20.jpg)
![Page 21: Cyber Security: The Strategic View](https://reader033.vdocument.in/reader033/viewer/2022042714/554da714b4c905047b8b4a94/html5/thumbnails/21.jpg)
![Page 22: Cyber Security: The Strategic View](https://reader033.vdocument.in/reader033/viewer/2022042714/554da714b4c905047b8b4a94/html5/thumbnails/22.jpg)
1010101001010101010101101011101110101101010110101110100101111011
1010101001010101010101101011101110101101010110101110100101111011
101010100101010110101110111010111010111010
![Page 23: Cyber Security: The Strategic View](https://reader033.vdocument.in/reader033/viewer/2022042714/554da714b4c905047b8b4a94/html5/thumbnails/23.jpg)
"Use the network as the platform to deliver intelligence, visibility and control that enable organizations to defend critical assets."
![Page 24: Cyber Security: The Strategic View](https://reader033.vdocument.in/reader033/viewer/2022042714/554da714b4c905047b8b4a94/html5/thumbnails/24.jpg)
CYBER 'KILL CHAIN' MODEL
RECON PACKAGE DELIVER EXPLOIT INSTALL CONTROL
“CYBER KILL CHAIN” is a Lockheed Martin Trademark
![Page 25: Cyber Security: The Strategic View](https://reader033.vdocument.in/reader033/viewer/2022042714/554da714b4c905047b8b4a94/html5/thumbnails/25.jpg)
![Page 26: Cyber Security: The Strategic View](https://reader033.vdocument.in/reader033/viewer/2022042714/554da714b4c905047b8b4a94/html5/thumbnails/26.jpg)
DISCOVERREMEDIATE
DEFEND
![Page 27: Cyber Security: The Strategic View](https://reader033.vdocument.in/reader033/viewer/2022042714/554da714b4c905047b8b4a94/html5/thumbnails/27.jpg)
Normality
Capacity
Resource surge capacity
Degraded organization capacity
Incident
Likelihood of Attack and Vulnerability Reduction
Prevent Prepare
Impact Reduction
Respond Recover
Intelligence-led approach Cisco Security Intelligence Operation
Detection
Intelligence-led Cyber Defense
![Page 28: Cyber Security: The Strategic View](https://reader033.vdocument.in/reader033/viewer/2022042714/554da714b4c905047b8b4a94/html5/thumbnails/28.jpg)
Threat Operations Center SensorBase Dynamic Updates
![Page 29: Cyber Security: The Strategic View](https://reader033.vdocument.in/reader033/viewer/2022042714/554da714b4c905047b8b4a94/html5/thumbnails/29.jpg)
![Page 30: Cyber Security: The Strategic View](https://reader033.vdocument.in/reader033/viewer/2022042714/554da714b4c905047b8b4a94/html5/thumbnails/30.jpg)
![Page 31: Cyber Security: The Strategic View](https://reader033.vdocument.in/reader033/viewer/2022042714/554da714b4c905047b8b4a94/html5/thumbnails/31.jpg)
Security Support Operations
Current SSO Presence in the Following Regions: • California • Texas • Ohio • Idaho • China • Ukraine • UK • Canada • India • Australia
Languages: Arabic, Farsi/Persian, Hebrew, Syriac, Urdu, Bengali, Gujarati, Gurmukhi, Hindi, Marathi, Sinhala, Tamil, Thai, Chinese, Japanese, Korean, Belarusian, Bulgarian, Kazakh, Macedonian, Russian, Ukrainian, Greek, Armenian, Georgian, Basque, Catalan, Croatian, Czech, Danish, Dutch, English, Estonian, Filipino, Finnish, French, German, Hungarian, Icelandic, Indonesian, Italian, Malay, Norwegian, Polish, Portuguese, Romanian, Slovak, Slovene, Spanish, Swedish, Turkish, Vietnamese
![Page 32: Cyber Security: The Strategic View](https://reader033.vdocument.in/reader033/viewer/2022042714/554da714b4c905047b8b4a94/html5/thumbnails/32.jpg)
![Page 33: Cyber Security: The Strategic View](https://reader033.vdocument.in/reader033/viewer/2022042714/554da714b4c905047b8b4a94/html5/thumbnails/33.jpg)
![Page 34: Cyber Security: The Strategic View](https://reader033.vdocument.in/reader033/viewer/2022042714/554da714b4c905047b8b4a94/html5/thumbnails/34.jpg)
![Page 35: Cyber Security: The Strategic View](https://reader033.vdocument.in/reader033/viewer/2022042714/554da714b4c905047b8b4a94/html5/thumbnails/35.jpg)
![Page 36: Cyber Security: The Strategic View](https://reader033.vdocument.in/reader033/viewer/2022042714/554da714b4c905047b8b4a94/html5/thumbnails/36.jpg)
![Page 37: Cyber Security: The Strategic View](https://reader033.vdocument.in/reader033/viewer/2022042714/554da714b4c905047b8b4a94/html5/thumbnails/37.jpg)
Context Inspection
Aunt Jenny 234 Any St. Anytown, CA
From:
Aunt Jenny 234 Any St. Anytown, CA
From:
• Where’s it coming from?
• How many others have seen it?
• How new is it?
• Who owns the package?
• What else have they sent us?
• Is the sender even a real person?
![Page 38: Cyber Security: The Strategic View](https://reader033.vdocument.in/reader033/viewer/2022042714/554da714b4c905047b8b4a94/html5/thumbnails/38.jpg)
Deny 13. Allow Everything Else.
![Page 39: Cyber Security: The Strategic View](https://reader033.vdocument.in/reader033/viewer/2022042714/554da714b4c905047b8b4a94/html5/thumbnails/39.jpg)
Should-i-go-here.com
Feeds Endpoint
Telemetry
Human Intel
Cloud
Web
IPS
Firewall
Corpora
![Page 40: Cyber Security: The Strategic View](https://reader033.vdocument.in/reader033/viewer/2022042714/554da714b4c905047b8b4a94/html5/thumbnails/40.jpg)
Concluding Remarks
![Page 41: Cyber Security: The Strategic View](https://reader033.vdocument.in/reader033/viewer/2022042714/554da714b4c905047b8b4a94/html5/thumbnails/41.jpg)