joseph ingemi strategic cyber security
DESCRIPTION
ÂTRANSCRIPT
Strategic Cyber-Security
Joseph Ingemi
Agenda
• Introduction
• Trends, Motivations, and Innovations
• Cyber-attacker Geography
• Recommendations
• Case Study
• Conclusion
Introduction
“From this day forward, any nation that continues
to harbor or support terrorism will be regarded
by the United States as a hostile regime.” –
George W. Bush
Introduction
• Expresses a fundamental truth
• Acts of terror require a base of operation
• Similarly, cyber-attacks do so as well
• Each cyber-attack has a country of origin
Introduction
• Cyber Security is Top-Down not Bottom-up
• Managers and Decision-makers drive
cyber-security
• Information Technology Departments
simply support decisions
Introduction
• Cyber-Security is about Risk Management
• Mitigation and controls should address risk
• One size does not fit all
Introduction
What is a cyber-attack?
? ? ?
? ? ? ?
?
Introduction
What is a cyber-attack?
Any effort to steal from, defraud, disrupt or
destroy personal or enterprise-level
operations through networked systems or
maliciously causes a data breach
Trends
Where are we?
Where are we
vulnerable?
Where are we going?
Trends
Security Gaps and
Vulnerabilities
Security Gaps and
Vulnerabilities
Past
Present
Future
Vulnerabilities
Why exploit a vulnerability?
• Attacker Intent
• Type of information or data
(Why do you rob banks, Willie?)
Because that’s where the money is. –Willie Sutton
Motivations
Integrity Violation • Embarrass
• Political Agenda
• Not damaging other than emotional distress
• Demonstrate weakness, bragging rights
• Examples
Motivations
Profit • Piracy
• Theft
• Learn corporate strategies
• Examples
Motivations
Physical Damage • Destroy property
• Induce casualties
• Weaken defense capabilities
• Direct or indirect
• Example
Innovation: Cloud
• IaaS
• PaaS
• Applications
• Public vs Private vs Hybrid
• Where is the data stored?
• Who accesses the data?
• Is whole greater than the parts?
Innovation: Internet of Things
• Mobile Devices
• Controllers
• Sensors
• UAVs
• Information
Technology has a
physical impact
Innovation: 3D Printing
• Disruptive technology
• Revolutionizes supply chains
• Intellectual property more valuable than
physical inventories
Innovation vs Motivation
Integrity
Violation
Profit Physical
Damage
Cloud X X
3D Printing
Internet of
Things
Innovation vs Vulnerability
Integrity
Violation
Profit Physical
Damage
Cloud X X
3D Printing X X ?
Internet of
Things
Innovation vs Vulnerability
Integrity
Violation
Profit Physical
Damage
Cloud X X
3D Printing X X ?
Internet of
Things
X X X
Cyber-Attacker Geography
Russia
• Cyber-command (US Intel)
• Attacks on Baltic
• Georgia War
• Attacks on Ukraine PM, White House
• Attack on Western Energy Companies
• Gangsters Steal 1.2 Billion Passwords
• Industrial Control Systems
Cyber-Attacker Geography
China
• People Liberation Army Unit 61398
– Activities since 2006
– Targets align with strategic priorities
– China has denied these attacks
• Little Panda/ Anthem, US Community Health; Greatfirewall vs Greatfire vs Great Cannon
• ASEAN Monitoring
Cyber-Attacker Geography
Iran
• Strong push to develop cyber-warfare
capabilities
• Attack on Saudi Aramco
• Attack on US financial institutions
• Israeli-Iranian cyber-competition
Cyber-Attacker Geography
North Korea
• Attacks on South Korean commercial,
government and military targets, 2009-
2011
• Sony Attack
• Unit 121, 91, 35, Lab 110
Cyber-Attacker Geography
ISIS
• Fluid:
– Lone-wolf sympathizers abroad
– Westerners joining ISIS
• Focus on social media
• CENTCOM Twitter hacked
Cyber-Attacker Geography
Syria
• Syrian Electronic Army
• Defend Assad; connected to the regime
• DDOS and Malware attacks
• Spam, hack and deface western media
• Hacked AP, sent out fake news report, Dow dropped
• Sands
Cyber-Attacker Geography
Similarities
• High-level of internet surveillance
– Open-Net Initiative, “Enemies of the Internet”
• Corruption
• Lack of Civil Society
• Un-liberal
• Hostility towards/Rivalry with West
• State-sponsored cyber-groups
Cyber-Attacker Geography Internet
surveillance
Corruption Lack of
civil
society
Un-liberal Hostility State-
Sponsorship
China X X X X X X
Russia X X X X X X
Iran X X X X X X
N.
Korea X X X X X X
ISIS ? X X X X X
Syria X X X X X X
Cyber-Attacker Geography
• Cyber-Attacks are a low cost vector of
attack by our nation’s enemies
• Relationship between international
relations and cyber-security threats – Regimes
– Power Blocs
• Cannot separate global markets from
global rivalries – Economic liberalism does not assure good behavior
Recommendations
• Organizational
• State and Local
• Federal Government
Recommendations
Organizational
• Inventory
– Data and Processes
– Hardware and Software
• Access
• Risk Assessment
• Mitigation and Controls
• Monitor
Recommendations
Organizational
Critical Considerations:
• Analysis drives technology and framework
• Everything has a value
• Location, Location, Location
– Be Aware of the one-off, eg, India
Recommendations
State-Local
• Develop public-private partnerships to build
resiliency – Build awareness
– Spread best practices, esp., small businesses
– Economic Development
• Law Enforcement
• Education – Encourage good behavior
– Build next generation of cyber-security experts
Recommendations
Federal • Develop a cyber-security regulatory regime/PPP/best practices
– Systemic vs Individual Risk
– 3 Bills
• Evaluate the international environment and rate nations based on cyber-threat – Advisory list
– Intelligence
– Examine outside trade relationships and alliances among partners
• Maintain and strengthen alliances to assure that our strategic interests are aligned with our allies.
– Egypt
– Great Britain
– India
– Indonesia
– Israel
• Integrate cyber-security with both non-defense and defense relationships – Make cyber-security a consideration in response options
• Depends on the impact on physical world
– Make cyber-security an integrated part of diplomacy and assistance.
– International economic bodies should have a cyber-security component.
Recommendations
• Integrate cyber-security with both non-defense and defense relationships – The Defense Department, Homeland Security and the Justice Department
should conduct regular joint exercises with allies for countering cyber-attacks. • South Korea
• Eastern Europe
– Prosecuting cyber-attackers must be made a law-enforcement priority • Joint Cybercrime Action Task Force
• Interpol
• Prosecution and extradition treaties
– Cyber-security must be a component of immigration policy
• Develop cyber-security Centers of Excellence as inter-disciplinary research and instruction centers.
– USMA CTC
– CDC-like National Department
– Cyber Red Cross
– ISAOs
Case Study
• Trans-Pacific Partnership (TPP)
• Includes: Australia, Brunei, Canada, Chile,
Japan, Malaysia, Mexico, New Zealand, Peru,
Singapore, and Vietnam
• E-commerce in terms of tariffs
• Integrated telecommunications
• Regulatory coherence
• Intellectual Property
Case Study Internet
surveillance
Corruption Lack of civil
society
Un-liberal Hostility State-
Sponsorship
Aus ?
Bru ? x
Can
Chile
Jap
Mal ? ?
Mex x
NZ
Per x
Sing ? ? ?
Viet x x ? x
Case Study
China
Chile Aus
Japan Mal HK
Sing Viet
Case Study
Approach-Government
• Special care to information sharing with
Australia, New Zealand and Japan
• Collective Security-Mutual Defense Agreement
– Aus, NZ, Chile, Japan, Malaysia, Singapore, Vietnam
– Coordinated law enforcement
– Cyber-defense umbrella
• Trilateral talks at G20
Case Study
China-centric FTAA
• US Isolation vs Cyber-Security Exposure
• Fast-Track TPP
• Cyber-security Alliance within FTAA
• Private Sector Vigilance
Case Study
Approach-Private
• Evaluate supply chains and human
resource policies for business partners
– Aus, Chile, Japan, Malaysia, Singapore,
Vietnam
• Evaluate business partners relationships
based on their relationship with China
– Higher risk premiums
Conclusion
“Economic globalization, in its essence, ignores national frontiers. Foreign policy affirms them, even as it seeks to reconcile conflicting national aims or ideals of world order”
–Henry Kissinger
References
• Mandiant, APT 1: Exposing of China’s
Cyber Espionage Units (2013)
• Akamai, State of the Internet
• The HIll, Cybersecurity Update
• Politico, Morning Cybersecurity Update
• Sophos, Naked Security
• RealClearDefense
• MS-ISAC