secure ? cyberspace security · the small country of israel has assembled one of the best team of...
TRANSCRIPT
CYBERSPACE!
CYBERSPACESECURITY?
SECURE?CYBERSPACESECURITY?
DavidHarriesFSN
Ottawa15December2017
12/14/2017 [email protected]
Somestart-upComments2008:FedResdisappearance2016:MadridCICAconference- ScrollingPresentation- The‘grandfailure’:offencew/odefence- Cyberqualifications;education,vocation,validation
AssumptionsEachofushasauniquesetofassumptions,biases,andinterests.How(honestly)wedeploytheminthecontemporary,self-organizingsandpile worlddetermineswhoareourfriendsandenemiesandhowwellwedo.
12/14/2017 [email protected]
WHEREISTAND:ASSUMPTIONS
‘We’areallinagrandgamerangingfromfuntowar.TherearenoPrincipalsof(this)war.
Therefore,therearenoRulesof(this)war.Goodguysarebehind;playingcatch-upchaotically.CSisthefirstgameinwhichthedefaultpositionis
opaquenessCybersecurity(CS)isaconceptinsearchofacoherent
context.
12/14/2017 [email protected]
Contextis‘king’.- Itiswhatis.- Itdetermineswhatcanbedone,andnotdone,now.- ItistheCURRENTstartpointforwhatcanbedone,andnotdone,nextandthereafter.
TheCostsof‘WILLFULBLINDNESS’or‘TUNNELVISION’
i.e.,ignoringcontextisrising,quickly…
CONTEXT
[email protected]/14/2017
The‘future’forhumanity(goodandbad)isarrivingfasterandfasterasthe‘present’.
Thepresentincludesmoreandmore‘new’history,fromthe‘past’andmadetodayincyberspace.
Our‘competence’isfallingfartherbehindwhatisnecessarynowandwillbesufficientnextandthereafterto‘savehumanity’.
COMPRESSIONchallengesCOHERENCE
[email protected]/14/2017
FrameworkforUnderstanding
STEE PLESSocial
TechnologicalEconomic
EnvironmentalPoliticalLegalEthicalSecurity
12/14/2017 [email protected]
SOCIAL
• Information(data)vsknowledge andwisdom
• WhitherPrivacy;theabilityofanindividualorgrouptosecludethemselves,orinformationaboutthemselves,andtherebyexpressthemselvesselectively?Theboundariesandcontentofwhatisconsideredprivatedifferamongculturesandindividuals,butsharecommonthemes.https://en.wikipedia.org/wiki/Privacy
• “Ithinkgoingforwardwhatwe'regoingtofindisthatconsumersuseprivacylikeacurrency.”- DougStephens,futurist
12/14/2017 [email protected]
TECHNOLOGICAL
• Isnetneutralitygood,ornot?– Diditeveractuallyexist?– Isit‘bad’forcommercialcompetition?
• “Itisimperativethatsocialmediaoutletspushbackagainstfakenews”.– Isthiswhoshouldmanthedefences?– Do‘we’haveany(other)choice(s)?
12/14/2017 [email protected]
ECONOMIC• In2004,theglobalcybersecuritymarketwasvaluedat$3.5billion(£2.43bn).
In2011itwas$64billion;in2015itwas$78billion;andit'sprojectedtobeworth$120billionby2017.Iexpectthemarketsizeofthecyberindustry toincreaseevenfaster,reaching$175billion bytheendof2017.ALECROSSinWIREDUK25April2017
• Globalspending oncybersecurityproductsandservicestocombatcybercrimewillexceed$1trillioncumulativelyoverthenextfiveyears,from2017to2021.https://www.csoonline.com/article/3132722/security/cybersecurity-industry-outlook-2017-to-2021.html
• Cybercrime damageswillcosttheworld$6trillion*annuallyby2021,upfrom$3trillionin2015.
• Therewillbe1.5millioncybersecurityjobopeningsby2019,upfrom1millionin2016.By2019,thedemandforcybersecurityprofessionalswillincreasetoapproximately6millionglobally.Thecybersecurityunemploymentratewillremainat0%overthenext5years,from2017to2021.
12/14/2017 [email protected]
ENVIRONMENTAL
• Cyberspacesecurityplaysnopartinhowandwhereclimatechange(CC)impacts,orinthestrengthofitsconsequences,atanypointintime.
• But,Cyberspacesecuritydoes influencethefrequencyandintensityofCCconsequences.Itiscontextwhichclimatechangedenierscanexploittoslow/confuse/obstructneeded,appropriateaction.
• Bitcoinisamassive energyhog.
12/14/2017 [email protected]
POLITICAL• Phoenix“pay”roll system.
• WhitherSovereignty; thefullrightandpowerofagoverningbodyoveritself,withoutanyinterferencefromoutsidesourcesorbodies?Inpoliticaltheory, sovereignty isasubstantivetermdesignatingsupremeauthorityoversomepolityhttps://en.wikipedia.org/wiki/Sovereignty
• WhitherTrustingovernment/governmentcompetence?Expertsfeargovernmentandcorporatedefensivecapabilities aren'tkeepingpacewithsophisticatedhackers.http://www.cbc.ca/news/business/cybersecurity-1.4404913
“TheSecuritiesandExchangeCommission,thetopmarketsregulatorintheUnitedStates,disclosedearlierthisweekthatcriminalshadinfiltrateditsdatabasesystemthatstoredpubliccompanyfinancialfilings.TheCommissionsaidthatitcouldhavepotentiallyallowedcriminalstotradeonthatinsideinformation.Inastatement,SEC’schairman,JayClayton,hasrevealedthattheagencyfirstdetectedthebreachayearago.However,headdedthattheCommissiononlybecameawareofthepossibilitythatthishack“mayhaveprovidedthebasisforillicitgainthroughtrading”lastmonth”
12/14/2017 [email protected]
SOVEREIGNTYBEATERSCYBERSPACECLIMATECHANGE
POLLUTIONWEALTHDISEASECONFLICTLAWS
PERSONALITYDYNAMICS
12/14/2017 [email protected]
LEGAL
• VERACITY?TT??TWT???ANBTT????• Cyberspacepolice?Cybercrimecourts?• Cybersecuritymercenaries?• Deniability:Whither‘guiltybeyondareasonabledoubt’?
• TheU.S.MediaSufferedItsMostHumiliatingDebacleinAgesandNowRefusesAllTransparencyOverWhatHappened
• https://theintercept.com/2017/12/09/the-u-s-media-yesterday-suffered-its-most-humiliating-debacle-in-ages-now-refuses-all-transparency-over-what-happened/
12/14/2017 [email protected]
‘HISTORY’
• Google’strueoriginpartlyliesinCIAandNSAresearchgrantsformasssurveillance
• TheintelligencecommunitywantedtoshapeSiliconValley’seffortsattheirinceptionsotheywouldbeusefulforhomelandsecuritypurposes.
https://qz.com/1145669/googles-true-origin-partly-lies-in-cia-and-nsa-research-grants-for-mass-surveillance/?mc_cid=c82eaf9a6a&mc_eid=97be5f71c0
12/14/2017 [email protected]
SECURITY• NOBFS– nothingworks• NATO:nowconsidersmassive cyberattacks onmembernationsat thesamelevelasattacksconducted withbulletsandballisticmissiles,buttheorganizationisstilladaptingitsresponse.Article52.0?
• ‘AM’:Imagineaworldwhereyoucanmakeanythingyouwant,justbypressing"print"..fromtoolsandtoys,tofood,andevenbodyparts.
• ForeignPolicymagazineputsthesizeofChina's"hackerarmy"atanywherefrom50,000to100,000individuals.Ithas‘invaded’SiemensAG,TrimbleIncandMoody'sAnalyticstostealbusinesssecrets.
• Cyber:The‘perfectWMD’?
12/14/2017 [email protected]
‘social’security
• FormerFacebookvicepresidentofusergrowthChamath Palihapitiya saidthatsocialmediais“erodingthecorefoundationsofhowpeoplebehave”andthathefeels“tremendousguilt”aboutcreatingtoolsthatare“rippingapartthesocialfabric.”https://qz.com/1153007/former-facebook-executive-chamath-palihapitiya-you-dont-realize-it-but-you-are-being-programmed/?mc_cid=275b9b2934&mc_eid=97be5f71c0
• TheStateoftheWorld’sChildren2017:ChildreninaDigitalWorld discusseshowdigitalaccesscanbeagamechangerforchildrenoryetanotherdividingline.https://www.unicef.org/sowc2017/
12/14/2017 [email protected]
WM‘D’
12/14/2017 [email protected]
Destruction – theconventionalnoun
DisruptionDestabilizationDeprivationDesperation
(Some)WMDofthe1990s
12/14/2017 [email protected]
WM‘D’ofthe00s
FinancialFailure
IEDs,SuicideBombers,CarBombs
Flailing*states
Drugwars
12/14/2017 [email protected]* Not a spelling error
USERS of
CYBERWEAPONSofMass’D’
12/14/2017 [email protected]
‘Historians’CriminalsLiarsMedia
GovernmentpoliticiansThe0.1%
Youandme…..
Cybersecurity OPTIONS?Social??Technological?Economic?CSU?Environmental??Political?KJU2.0,Xi2.0,…..?Legal?ICCC?Ethical?Neighbourhood ‘watch’?Security?
12/14/2017 [email protected]
ThesmallcountryofIsraelhasassembledoneofthebestteamofgovernmenthackersever,andfosteredasuccessfulprivatecybersecuritysector.Ahighschoolforcybersecuritystudies.