sentient cyber security
TRANSCRIPT
Sentient
Cyber
security
Peter Cochranewww.cochrane.org.uk
“The ultimate war of good v evil, machine & biological adaptability”
what we know for sure
Attacks are escalatingThe Dark Side is winningThe attack surface is increasingCyber disruption costs are growingCompanies do not collaborate and shareThe attackers operate an open marketAll our security tools are reactiveAttacker rewards are on the upPeople are the biggest riskThere are no silver bullets
It is time to rethink our strategy and solution space
More of the same butbetter & faster will not
change the game…
…we have to think anew-get out of the boxand do something verydifferent !
Malware protectionOS & App updatesFirewall settingsPassword hellMulti-devicesCloudsBMOBBYOD
Time for automation NOT coping
Mobile workingFlexi-workingVirtualisationGlobalisationRapid changeCompetition
Dynamic techMulti-teamsTravelling
WiFi, 3,4 GBlueTooth
Authentication
“People have a lot on their plat and need to be relieved of the security burden…and we have to get it all automated and dynamically secure”
People = BIGGEST THREAT
NaiveFalibleIgnorantHabitualCareless
Insiders, outsiders, alongsiders, visitors, hackers
EvilOpenClosedHonestInnocent
SlowLimitedConstrainedIrresponsibleUnresponsive
+++ and awful lot more!
People = BIGGEST THREATSocial engineering, casual observation, careless
34% divulge their passwords @ first pass98% use 1 or 2 very weak passwords and PINs95% leave PC/Laptop/Tablet/Mobile open & unlocked25% divulge their passwords during a smart conversation65% unaware of shoulder surfing & are exposed at ATMs
123456password12345678qwerty12345123456789football12341234567baseballwelcome1234567890abc1231111111qaz2wsx
dragonmastermonkeyletmeinlogin
Most common passwords
People = BIGGEST THREATSocial engineering, casual observation, careless
34% divulge their passwords @ first pass98% use 1 or 2 very weak passwords and PINs95% leave PC/Laptop/Tablet/Mobile open & unlocked25% divulge their passwords during a smart conversation65% unaware of shoulder surfing & are exposed at ATMs
123456password12345678qwerty12345123456789football12341234567baseballwelcome1234567890abc1231111111qaz2wsx
dragonmastermonkeyletmeinlogin
Most common passwords
Sarah < 1 s
Sarah56 = 13 hoursSarahRoger = 1 month
Sarah+Roger = 97 yearsSarah+R0ger = 400 years
5arah+R0ger = 485k years<5arah+R0ger> = 47M years
<?5arah+R0ger?> = 428 Bn years
Password Strength - Time to Crack
Make it hard for the enemy
Mixed letters, numbers & symbolsHigh entropy, no nouns, no repeats
D i s p e r s e d g u e r r i l l a a r m y
Strategy = overall plan of actionTactics = methods to achieve an end
the dark side
Lone AmateursLone Anarchists
GreyCompaniesDisrupter GroupsAnarchistic GroupsRouge GovernmentsFriendly GovernmentsCriminal Organisations
Strategy & FastEvolving Tactics
Chancers!
AnonymousNo constraintsSharing cultureHighly adaptableMoney motivatedDark NetworkedMoney motivated
H e a v y i n ve s t o r s i n R & D a n d t h e l a t e s t t e c h n o l o g i e sthe dark s ide Is very r icH
Malware breeding and speciation of successful strains is now their most advanced tool to defeat the far slower and behind the wave defenders
H e a v y i n ve s t o r s i n R & D a n d t h e l a t e s t t e c h n o l o g i e sthe dark s ide Is very r icH
Malware breeding and speciation of successful strains is now their most advanced tool to defeat the far slower and behind the wave defenders
Rio 2016
London 2012
>80M >800M
exponential cyber HITSEvolving machine dominated attacks are now the norm
>1.78x per year
Today >> 1G
IoT + AI = THREATs to come
FixedMobileSecureOn-lineOff-lineEvolvingInsecureSpecialisedGeneral purpose
Dispersed, fixed, mobile, dumb, intelligent…
EvilOpenClosedHonestInnocent
DisconnectedAutonomous
ConnectedIntelligentComplex
IsolatedSimpleDumbSmart
+++ a vast and growing attack surface ~50Bn things ~2020
OldSafeNewStableUnsafeVolatileReliableResilientUnreliable
Insecure Irony !
All down to a small
configuration error..
“Provides a cyber security ranking and certification service”
Member of youth division of Soviet Communist PartyStudent Technical Faculty of the KGB Higher SchoolSoftware Engineer in Soviet military intelligence service Met his wife at a KGB vacation resort in 1987
What a BIO !!!Give this man a .gov job??
I’m, not paranoid but,
excuse me *******
****
some ancient WISDOMS
Strategy without tactics is the slowestroute to victory
Tactics without strategy is the noisebefore defeat
Be so subtle that you are invisible
Be so mysterious you are intangible
Then you will control your rivals’ fate
Supreme art of war - subdue the enemy without fighting
~5C BC
behav i oural analys is
“To know your enemy you must become your enemy”
A key from the past, but now far more diverse & important
This now applies to people, organisations, machines and networks!
“The ultimate test is to attack yourself using what you know” (PC)
b e h av i o u ra l a n a lys i sPeople, devices, networks, components, things are habitual
Habituality identifies us
Any deviation indicates some form of change
b e h av i o u ra l a n a lys i sNetwork data shows a marked increase in activ ity
222120191817161514131210987654
Attack generated data
Normal data
two pr i mary w eaponsBOT Local - PC/Laptop/LAN - Outgoing traffic dominates
- Everything slows down
- Operations take longer
- Power consumption up
- Electronics runs hotter
Wider Implications - Target disabled/overwhelmed
- Some servers less responsive
- Points of network congestion
- Overall net traffic peaks/limits
- Increases other security risks
MALWARE Spreading
WannaCry 2017 Windows 7 Windows XP Windows Server 2003
CodeRed 2001 CodeRed II 2001 Nimda 2001 Beast 2002 MS Windows Specific
NSA EternalBlue April 07 >>> WannaCry May 07 >200k machines in 150 countries
CodeRed Worm July 2001
Local - Machines lock up
- Normal traffic ceases
- New spreading traffic
- People report issues
Wider - LAN traffic > 0
- Net traffic changes
- Groups are isolated
- IT receive reports
- ISPs receive reports
• Telkom (South Africa)[152]
• Timrå Municipality, Sweden[153]
• Universitas Jember, Indonesia[154]
• University of Milano-Bicocca, Italy[155]
• University of Montreal, Canada[156]
• Vivo, Brazil[142]
• Andhra Pradesh Police, India[119]
• Aristotle University of Thessaloniki, Greece[120]
• Automobile Dacia, Romania[121]
• Cambrian College, Canada[122]
• Chinese public security bureau[123]
• CJ CGV[124]
• Dalian Maritime University[125]
• Deutsche Bahn[126]
• Dharmais Hospital, Indonesia[127]
• Faculty Hospital, Nitra, Slovakia[128]
• FedEx[129]
• Garena Blade and Soul[130]
• Guilin University Of Aerospace Technology[125]
• Guilin University Of Electronic Technology[125]
• Harapan Kita Hospital, Indonesia[127]
• Hezhou University[125]
• Hitachi[131]
• Instituto Nacional de Salud, Colombia[132]
• Lakeridge Health[133]
• LAKS[134]
• National Health Service (England)[139][86][88]
• NHS Scotland[86][88]
• Nissan Motor Manufacturing UK[139]
• O2, Germany[140][141]
• Petrobrás[142]
• PetroChina[13][123]
• Portugal Telecom[143]
• Q-Park[144]
• Renault[145]
• Russian Railways[146]
• Sandvik[127]
• São Paulo Court of Justice[142]
• Saudi Telecom Company[147]
• Sberbank[104]
• Shandong University[125]
• State Governments of India
• Suzhou Vehicle Administration[125]
• Sun Yat-sen University, China[127]
• Telefónica[150]
• Telenor Hungary, Hungary[151]
• LATAM Airlines Group[135]
• MegaFon[136]
• Ministry of Internal Affairs of Russian Fed[137]
• Ministry of Foreign Affairs (Romania)[138]
wannacry v ict ims>200k machines in >150 countries - All MS
• Telkom (South Africa)[152]
• Timrå Municipality, Sweden[153]
• Universitas Jember, Indonesia[154]
• University of Milano-Bicocca, Italy[155]
• University of Montreal, Canada[156]
• Vivo, Brazil[142]
• Andhra Pradesh Police, India[119]
• Aristotle University of Thessaloniki, Greece[120]
• Automobile Dacia, Romania[121]
• Cambrian College, Canada[122]
• Chinese public security bureau[123]
• CJ CGV[124]
• Dalian Maritime University[125]
• Deutsche Bahn[126]
• Dharmais Hospital, Indonesia[127]
• Faculty Hospital, Nitra, Slovakia[128]
• FedEx[129]
• Garena Blade and Soul[130]
• Guilin University Of Aerospace Technology[125]
• Guilin University Of Electronic Technology[125]
• Harapan Kita Hospital, Indonesia[127]
• Hezhou University[125]
• Hitachi[131]
• Instituto Nacional de Salud, Colombia[132]
• Lakeridge Health[133]
• LAKS[134]
• National Health Service (England)[139][86][88]
• NHS Scotland[86][88]
• Nissan Motor Manufacturing UK[139]
• O2, Germany[140][141]
• Petrobrás[142]
• PetroChina[13][123]
• Portugal Telecom[143]
• Q-Park[144]
• Renault[145]
• Russian Railways[146]
• Sandvik[127]
• São Paulo Court of Justice[142]
• Saudi Telecom Company[147]
• Sberbank[104]
• Shandong University[125]
• State Governments of India
• Suzhou Vehicle Administration[125]
• Sun Yat-sen University, China[127]
• Telefónica[150]
• Telenor Hungary, Hungary[151]
• LATAM Airlines Group[135]
• MegaFon[136]
• Ministry of Internal Affairs of Russian Fed[137]
• Ministry of Foreign Affairs (Romania)[138]
wannacry v ict ims>200k machines in >150 countries - All MS
2016 Ransome Ware Growth > 600% Earnings > $1Bn
2017 Ransome Ware Growth > ??%
Earnings > $10Bn ?
we are in a cyber warEngaged in a full on, and accelerating, arms race
The old defencesMaintainedUpgradedImproved
Dynamic Combatants
Active Defenders
Passive Defenders
Full on Aggressors ?
The new defencesEvolutionary
Pro-ActiveIntelligentAdaptable
Situational AwarenessAutomated and predictive at every operating level
Behavioural Analysis 24 x 7 ICs ISPs WiFi Hubs LANs Cards Traffic Servers Circuits Devices Internet Networks
Organisations Companies
Platforms Groups People Mobile
Fixed
Deviations andexceptions to
long termequilibriuminvestigated
and analysedby multiple AIs
in real time withthreat identification
and automated reaction
Auto-immunityMirrors biological forebears
Behavioural Analysis 24 x 7 ICs ISPs WiFi Hubs LANs Cards Traffic Servers Circuits Devices Internet Networks
Organisations Companies
Platforms Groups People Mobile
Fixed
Broadcasting Malware
Responding with updated
protection Wider Network Updated
Latest Solution Update
Dynamic isolation of infected devices and components
leading to repairA mix o f c l ean and in fec tedAuto-immunity
A Multiplicity of channelsAttack detection/exposure/thwarting using access diversity
BlueTooth Short Range Device to Cloud Device to Device
SatCom Broadcast
WiFi, WiMax Medium Range WLAN/Cloud
Integrated and intelligent security systems embedded
into all products and componentsZigBe/Other ?? Car-to-Car Direct Communications
Defence opportunities in channel/device/system diversity
A wide plurality of channel detection and protection
Attacks almost never isolated or single sourced
Not restricted to single channel/attempt
Secure attack and infection isolation
Diverse immunity/support access
Distributed info sharing
GEO info location
3, 4, 5 G Long Range
Device to Net Device to Cloud
SPACE
AIR
SEA
LAND
CYBER
Dominated by Government
Forces
Dominated by Industry and Whitehats?
Warfare continues to rapidly evolve, but governments does not have the frameworks to deal with the growing Cyber Threat
The big defence challenge is to make all infrastructures, facilities and peoples safe from simultaneous attack across any and all domains - civil and military
theatres of warNo longer a so l e m i l i ta ry p rese rve
DO MORE THAN THIS !Typical industry advice given by experts
• Conduct live fire drills • Enact penetration testing • Reward your responsive people • Introduce staff training/tutorials/briefings • Get ‘White Hats’ to hack your organisation
• Don’t stop adapting • Build multi-layer security • Use the best hosting companies • Employ the best support and ISPs • Use the latest security technologies • Create ‘what if ’ - attack/penetration strategies
Live fire & EducationMake it real, make it effective and up to date
War Games - Spoof Attacks Rewards for the Alert Regular Briefings Constant Watch
The miltary play all
day and go into war
now and again
We are in a war every
day but never play !
Supporting MaterialsSlide sets, blogs, papers, tutorial publications
Slide Sets
https://www.slideshare.net/PeterCochrane/evolving-it-security-threats-and-solutions
https://www.slideshare.net/PeterCochrane/from-identity-to-ownership-theft
https://www.slideshare.net/PeterCochrane/the-infinite-security-of-clouds
https://www.slideshare.net/PeterCochrane/block-chain-basics
Papers/Blogs/Tutorials
http://cochrane.org.uk/publications/articles-lectures-preprints-and-reprints/cyber-security-auto-immunity/
http://cochrane.org.uk/publications/articles-lectures-preprints-and-reprints/blockchain-ultimate-ledger/
https://www.financialdirector.co.uk/financial-director/opinion/2402924/it-strategy-ownership-theft-will-eclipse-identity-threat-epidemics
https://www.computing.co.uk/ctg/opinion/2474472/need-to-know-or-need-to-share-the-dark-side-is-winning-and-the-industry-needs-to-act
http://insights.wired.com/profiles/blogs/cybercrime-security-and-the-risks-of-the-future#ixzz2mmRGO2Bv