los angeles dgs 16 presentation - the future of cybersecurity - timothy lee
TRANSCRIPT
![Page 1: Los Angeles DGS 16 presentation - The Future of Cybersecurity - Timothy Lee](https://reader031.vdocument.in/reader031/viewer/2022030316/587561a51a28ab00528b7621/html5/thumbnails/1.jpg)
The Future of CybersecurityLos Angeles Digital Government Summit 2016
Timothy Lee
![Page 2: Los Angeles DGS 16 presentation - The Future of Cybersecurity - Timothy Lee](https://reader031.vdocument.in/reader031/viewer/2022030316/587561a51a28ab00528b7621/html5/thumbnails/2.jpg)
Scope – Known Knowns
Known Knowns
Unknown Unknowns
Known
Unknowns
![Page 3: Los Angeles DGS 16 presentation - The Future of Cybersecurity - Timothy Lee](https://reader031.vdocument.in/reader031/viewer/2022030316/587561a51a28ab00528b7621/html5/thumbnails/3.jpg)
I. Human Factor Is Key To Cybersecurity
In 2015
• Social Engineering is #1 attack technique (Proofpoint)
• More than 2 billion mobile apps that steal personal data were downloaded (Proofpoint)
• 52% of the root cause of the security breaches are due to human error (CompTIA)
![Page 4: Los Angeles DGS 16 presentation - The Future of Cybersecurity - Timothy Lee](https://reader031.vdocument.in/reader031/viewer/2022030316/587561a51a28ab00528b7621/html5/thumbnails/4.jpg)
Human Behaviors vs Attack Methods
Human Behaviors
• Trust
• Desire to be helpful
• Fear (unknown, loss, authority)
• Curiosity
• Carelessness
Attack Methods
• Social Engineering (Targeted/Untargeted)
• Water holing
• Trojan / Ransomware
• Social Media / Rogue Apps marketplaces
![Page 5: Los Angeles DGS 16 presentation - The Future of Cybersecurity - Timothy Lee](https://reader031.vdocument.in/reader031/viewer/2022030316/587561a51a28ab00528b7621/html5/thumbnails/5.jpg)
Recommendation
•User Education and Awareness
•Security Policy and Standards
•Endpoint Security
• Identity and Access Management (IAM)
•Threat Intelligence Service
![Page 6: Los Angeles DGS 16 presentation - The Future of Cybersecurity - Timothy Lee](https://reader031.vdocument.in/reader031/viewer/2022030316/587561a51a28ab00528b7621/html5/thumbnails/6.jpg)
II. Collaboration Is Key To Cybersecurity
• On-line, Off-line and Real-time coordination
• Information sharing (one-way / two way)
• Command & Control (C&C)
• Centralized or Distributed
Collaborative Attack vs Collaborative Defense
![Page 7: Los Angeles DGS 16 presentation - The Future of Cybersecurity - Timothy Lee](https://reader031.vdocument.in/reader031/viewer/2022030316/587561a51a28ab00528b7621/html5/thumbnails/7.jpg)
Recommendation
• Promote Cybersecurity collaboration
• Internal Partners ( SOCs/NOCs; IT Departments)
• External Partners (FBI CyberhoodWatch, NCCIC, ISACs)
• Enhance Situational Awareness (SA) capability (Perception, Comprehension and Projection)
• Establish Threat Intelligence Program (information gathering, analyzing and dissemination)
![Page 8: Los Angeles DGS 16 presentation - The Future of Cybersecurity - Timothy Lee](https://reader031.vdocument.in/reader031/viewer/2022030316/587561a51a28ab00528b7621/html5/thumbnails/8.jpg)
III. Digital /Physical Security Convergence
• Stuxnet launched against Nuclear Control Systems, 2007
• Oil Pipeline in turkey explodes in 2008
• Hacking medical devices in 2011
• Blast Furnance in German Steelworks Attacked, 2014
• Blackouts in Ukraine, 2016
![Page 9: Los Angeles DGS 16 presentation - The Future of Cybersecurity - Timothy Lee](https://reader031.vdocument.in/reader031/viewer/2022030316/587561a51a28ab00528b7621/html5/thumbnails/9.jpg)
Digital Security Model (CIAS)
Digital Security
Confidentiality
Integrity Availability
Safety
• Data (Confidentiality, Integrity and Availability)
• People / Environments (Safety)
Source: Cybersecurity Scenario 2020 Phase 2 – Gartner G00279414
![Page 10: Los Angeles DGS 16 presentation - The Future of Cybersecurity - Timothy Lee](https://reader031.vdocument.in/reader031/viewer/2022030316/587561a51a28ab00528b7621/html5/thumbnails/10.jpg)
Recommendation
• Identify critical assets and develop a protection strategy
•Promote collaborative culture
•Establish Threat Intelligence progrma
![Page 11: Los Angeles DGS 16 presentation - The Future of Cybersecurity - Timothy Lee](https://reader031.vdocument.in/reader031/viewer/2022030316/587561a51a28ab00528b7621/html5/thumbnails/11.jpg)
Summary
•User Education and Awareness
•Cybersecurity Program based on Risk Management Framework
•Cybersecurity Collaboration
![Page 12: Los Angeles DGS 16 presentation - The Future of Cybersecurity - Timothy Lee](https://reader031.vdocument.in/reader031/viewer/2022030316/587561a51a28ab00528b7621/html5/thumbnails/12.jpg)
Thank you!