Dr Robert D. Childs, profile picture
Uploaded byDr Robert D. Childs
PDF, PPTX183 views

Resiliency-Part One -11-3-2015

The document discusses cyber resiliency and defense, defining key terms like cybersecurity, cyber defense, and cyber resilience. It examines common types of cyber attacks and their purposes, as well as factors influencing the cyber environment like increasing device usage and sophistication of attacks. The document also outlines challenges to cyber defense and potential solutions like adopting a proactive, agile approach focused on real-time network visibility and behavior analysis.

Download as PDF, PPTX
‹#› CYBER RESILIENCY: from Prevention to Recovery (Part 1) 8 Dec 2015 Dr. Robert D. Childs President & CEO, iCLEAR LLC Former Chancellor, National Defense University (NDU) iCollege and Deputy to NDU President for Cyber and Information
‹#› Definition of Cybersecurity The protection of information systems from theft or damage to hardware, software, and information on them, as well as from disruption or misdirection of the services they provide. It includes controlling physical access to hardware, protecting against harm that may come via network access, data and code injection, and due to malpractice by operators, whether intentional, accidental, or due to them being tricked into deviating from secure procedures. 3
‹#› 4 NATO Cooperative Cyber Defense Center of Excellence A proactive measure for detecting or obtaining information as to a cyber intrusion, cyber attack, or impending cyber operation or for determining the origin of an operation that involves launching a preemptive, preventive, or cyber counter- operation against the source. Source: Compilation of Existing Cybersecurity and Information Security Related Defintions, Open Technology Institute New America (2013) Cyber Defense Definition
‹#› Cyber Resilience Definition 5 The ability to prepare for, adapt to, withstand, and rapidly recover from disruptions resulting from deliberate attacks, accidents, or naturally occurring threats or incidents. Source: Qatar National Cyber Security Strategy (2014)
‹#› 6 Overarching Cyber Defense Questions • What are various types/purposes of attacks • What factors influence the cyber environment (trends/issues/technologies) • What are primary cyber defense challenges • What are potential solutions • What areas require further analysis/R&D • What elements are needed in a cyber defense plan
‹#› Five Most Common Types of Attacks • Socially engineered Trojans • Unpatched software • Phishing attacks • Network traveling worms • Advanced Persistent Threat (APT) 7
‹#› 8 • Identity theft (money, medical fraud, access) • Financial (banks,insurance) • Espionage (exfiltrate commercial/political/military information) • National security (military plans/operations, infrastructure) • Terrorism (communicate,fund raise,disrupt) Attack Purposes
‹#› Major Societal Factors Affecting Cybersecurity Trends • Expanding number/use of mobile devices • Increasing use of social media • Use of data analytics • Shift to cloud computing • Increasing skills crisis 9
‹#› 10 Specific Issues Influencing Cyber Environment • Increasing attacks/sophistication/seriousness • Increasing number of apps • Proliferation of opportunities (SCADA) • Pervasive/ubiquitous computing • Need for interoperability • Exponential growth of Internet of Things (IoT) • Disagreement on security metrics • Advanced Persistent Threat (APT)
Growth of Cyber Threat Vectors High Low Sophistication Sophistication of Hacking Tools & Elite Hackers Increasing Elite Hackers 1980 1985 1990 1995 2000 Sophistication Required of Common Hacktivists Declining cross site scripting password guessing self-replicating code password cracking exploiting known vulnerabilities disabling audits back doors Session hijacking sweepers sniffers packet spoofing graphic user interface automated probes/scans denial of service www attacks “stealth” / advanced scanning techniques burglaries network mgmt. diagnostics distributed attack tools Staging sophisticated C2 2010 ~ 2020 APT Sophistication of Stealth Tools & Elite Hackers Increasing …next? Dr. Gil Duval, CEO Data Security Storage, LLC 11 Elite Critical Infrastructure Exploitation Tools “The Enhanced Cybersecurity Services program …voluntary information sharing program will provide classified cyber threat and technical information …to eligible critical infrastructure companies.” - President Barack Obama, Executive Order, 12 February 2013
‹#› 12 Technologies Impacting Cyber Defense • Sensors • Wearables • Drones/robotics • Virtual reality (gaming) • Mobile devices/apps • Internet of everything
‹#› Cyber Defense Challenges • Advanced Persistent Threat (APT) • Late detection/continuing leakage • Backdoor apps • Multitude of vendors/fragmented solutions • Cloud computing 13
‹#› Cyber Defense: Old vs New Approach • Old Approach: (patch & pray-a perimeter defense) • New Approach: (proactive,agile,adaptive) • Realtime visibility across network • See how machines/people behave • Identify changes in behavior • Take corrective measures 14
‹#› Active Cyber Defense (ACD) Reactive Engagement Model • find invading code • unplug affected systems • create security patches • apply patches network wide ACD Program (not offensive) • collect, synchronized realtime capabilities • discover, define, analyze, mitigate cyber threats/ vulnerabilities • disrupt and neutralize AS ATTACKS HAPPEN 15
‹#› 16 DARPA Projects to Protect Military Technology from Hackers • High-Assurance Cyber Military Systems (HACMS)- no requirement for security patches • Cyber Grand Challenge (automated adaptive security software) • Computer individuality (distinctive computers) • Advanced encryption (fully homomorphic)
‹#› Contact Dr. Robert D. Childs President & CEO, iCLEAR LLC Former Chancellor, National Defense University(NDU) iCollege and Deputy to the NDU President for Cyber and Information e-mail: Childs@iclearllc.com iCLEAR LLC website: http://iclearllc.com

More Related Content

PPTX
NTXISSACSC2 - The Role of Threat Intelligence and Layered Security for Intrus...
byNorth Texas Chapter of the ISSA
 
PDF
Database forensics
byDenys A. Flores, PhD
 
PDF
Ransomware ly
byLisa Young
 
PDF
TrustCom-16 - Paper ID 227
byDenys A. Flores, PhD
 
PDF
Marcel van der Heijden - SpeedInvest & Aircloak - EU GDPR & Data Privacy Comp...
byBurton Lee
 
PPTX
Technical Challenges in Cyber Forensics
byOllie Whitehouse
 
PPTX
NTXISSACSC2 - Bring Your Own Device: The Great Debate by Brandon Swain
byNorth Texas Chapter of the ISSA
 
PDF
NTXISSACSC1 Conference - Cybersecurity 2014 by Andrea Almeida
byNorth Texas Chapter of the ISSA
 
NTXISSACSC2 - The Role of Threat Intelligence and Layered Security for Intrus...
byNorth Texas Chapter of the ISSA
 
Database forensics
byDenys A. Flores, PhD
 
Ransomware ly
byLisa Young
 
TrustCom-16 - Paper ID 227
byDenys A. Flores, PhD
 
Marcel van der Heijden - SpeedInvest & Aircloak - EU GDPR & Data Privacy Comp...
byBurton Lee
 
Technical Challenges in Cyber Forensics
byOllie Whitehouse
 
NTXISSACSC2 - Bring Your Own Device: The Great Debate by Brandon Swain
byNorth Texas Chapter of the ISSA
 
NTXISSACSC1 Conference - Cybersecurity 2014 by Andrea Almeida
byNorth Texas Chapter of the ISSA
 

What's hot

PPTX
Artificial Intelligence and Cybersecurity
byOlivier Busolini
 
PDF
Threat Intelligence
byDeepak Kumar (D3)
 
PPTX
Cyber security and AI
byDexterJanPineda
 
PDF
Cyber Threat Intelligence
byMarlabs
 
PPT
Information Assurance And Security - Chapter 2 - Lesson 2
byMLG College of Learning, Inc
 
PDF
Careers in Cyber Security
byDeep Shankar Yadav
 
PDF
The role of big data, artificial intelligence and machine learning in cyber i...
byAladdin Dandis
 
PPTX
Top Cybersecurity Challenges Facing Your Business
byNicholas Davis
 
PDF
Road map for actionable threat intelligence
byabhisheksinghcs
 
PDF
Cyber threat intelligence ppt
byKumar Gaurav
 
PPTX
Threat intelligence in security
byOsama Ellahi
 
PPTX
Cyber Security for Teenagers/Students
byrainrjcahili
 
PDF
Artificial Intelligence – Time Bomb or The Promised Land?
byRaffael Marty
 
PDF
WPCCS 16 Presentation
byDenys A. Flores, PhD
 
PPTX
Hieupc-The role of psychology in enhancing cybersecurity
bySecurity Bootcamp
 
PDF
Cyber Threat Intelligence
byZaiffiEhsan
 
PDF
Its not ITs problem
byShiva Bissessar
 
PDF
Building an Effective Cyber Intelligence Program
byLondon School of Cyber Security
 
PDF
Cybercrime Bill 2014: Due Diligence
byShiva Bissessar
 
PDF
Impressions from Caribbean ICT Stakeholder Meeting, CyberSecurity
byShiva Bissessar
 
Artificial Intelligence and Cybersecurity
byOlivier Busolini
 
Threat Intelligence
byDeepak Kumar (D3)
 
Cyber security and AI
byDexterJanPineda
 
Cyber Threat Intelligence
byMarlabs
 
Information Assurance And Security - Chapter 2 - Lesson 2
byMLG College of Learning, Inc
 
Careers in Cyber Security
byDeep Shankar Yadav
 
The role of big data, artificial intelligence and machine learning in cyber i...
byAladdin Dandis
 
Top Cybersecurity Challenges Facing Your Business
byNicholas Davis
 
Road map for actionable threat intelligence
byabhisheksinghcs
 
Cyber threat intelligence ppt
byKumar Gaurav
 
Threat intelligence in security
byOsama Ellahi
 
Cyber Security for Teenagers/Students
byrainrjcahili
 
Artificial Intelligence – Time Bomb or The Promised Land?
byRaffael Marty
 
WPCCS 16 Presentation
byDenys A. Flores, PhD
 
Hieupc-The role of psychology in enhancing cybersecurity
bySecurity Bootcamp
 
Cyber Threat Intelligence
byZaiffiEhsan
 
Its not ITs problem
byShiva Bissessar
 
Building an Effective Cyber Intelligence Program
byLondon School of Cyber Security
 
Cybercrime Bill 2014: Due Diligence
byShiva Bissessar
 
Impressions from Caribbean ICT Stakeholder Meeting, CyberSecurity
byShiva Bissessar
 

Viewers also liked

PPT
Corporate Espionage
byearl675
 
PDF
Resiliency-Part Two -11-3-2015 copy
byDr Robert D. Childs
 
PPTX
Build a Cyber Resilient Network with Symantec
byArrow ECS UK
 
PDF
The anatomy of russian information warfare
byMousselmal Tarik
 
PDF
Cyber Security for the Military and Defence Sector 2013
byDale Butler
 
PPTX
Cybercrime - Attack of the Cyber Spies
bySymantec Website Security
 
PPTX
LEC 11 - Superpower Espionage
byCory Scurr
 
PDF
VIMRO Cyber Security Methodology
byFitCEO, Inc. (FCI)
 
Corporate Espionage
byearl675
 
Resiliency-Part Two -11-3-2015 copy
byDr Robert D. Childs
 
Build a Cyber Resilient Network with Symantec
byArrow ECS UK
 
The anatomy of russian information warfare
byMousselmal Tarik
 
Cyber Security for the Military and Defence Sector 2013
byDale Butler
 
Cybercrime - Attack of the Cyber Spies
bySymantec Website Security
 
LEC 11 - Superpower Espionage
byCory Scurr
 
VIMRO Cyber Security Methodology
byFitCEO, Inc. (FCI)
 

Similar to Resiliency-Part One -11-3-2015

PDF
InfoSec 101 Cyber attack vs cyber defense
byyatarz
 
PDF
Cyber Security In The Digital Age - Infocenter
byicncqatar
 
PDF
Introduction to Cyber Security presentation
byRosy G
 
PPTX
Cyber security # Lec 1
byKabul Education University
 
PDF
Hunting for cyber threats targeting weapon systems
byFidelis Cybersecurity
 
PDF
National Critical Information Infrastructure Protection Centre (NCIIPC): Role...
byCybersecurity Education and Research Centre
 
PDF
Cyber Security
byNC Military Business Center
 
PDF
Security - intelligence - maturity-model-ciso-whitepaper
byCMR WORLD TECH
 
PDF
Cyber war scenario what are the defenses
byA. V. Rajabahadur
 
PDF
Francesca Bosco, Le nuove sfide della cyber security
byAndrea Rossetti
 
PPTX
Abhishek kurre.pptx
byDolchandra
 
PDF
DNS Cybersecurity in 2012-2015
byAndrzej Bartosiewicz
 
PPTX
Cyber Security: Threats and Needed Actions
byJohn Gilligan
 
PPTX
TakeDownCon Rocket City: Research Advancements Towards Protecting Critical As...
byEC-Council
 
PDF
Cyber as WMD- April 2015- GFSU
byMohit Rampal
 
PDF
SecurityOperations
byAntonio (Tony) Robinson
 
PPTX
Cyber threat enterprise leadership required march 2014
byPeter ODell
 
PDF
Exp w22 exp-w22
bySelectedPresentations
 
PDF
A US Cybersecurity Strategy for 2030
byScott Dickson
 
PPTX
Take Down
byProf John Walker FRSA Purveyor Dark Intelligence
 
InfoSec 101 Cyber attack vs cyber defense
byyatarz
 
Cyber Security In The Digital Age - Infocenter
byicncqatar
 
Introduction to Cyber Security presentation
byRosy G
 
Cyber security # Lec 1
byKabul Education University
 
Hunting for cyber threats targeting weapon systems
byFidelis Cybersecurity
 
National Critical Information Infrastructure Protection Centre (NCIIPC): Role...
byCybersecurity Education and Research Centre
 
Cyber Security
byNC Military Business Center
 
Security - intelligence - maturity-model-ciso-whitepaper
byCMR WORLD TECH
 
Cyber war scenario what are the defenses
byA. V. Rajabahadur
 
Francesca Bosco, Le nuove sfide della cyber security
byAndrea Rossetti
 
Abhishek kurre.pptx
byDolchandra
 
DNS Cybersecurity in 2012-2015
byAndrzej Bartosiewicz
 
Cyber Security: Threats and Needed Actions
byJohn Gilligan
 
TakeDownCon Rocket City: Research Advancements Towards Protecting Critical As...
byEC-Council
 
Cyber as WMD- April 2015- GFSU
byMohit Rampal
 
SecurityOperations
byAntonio (Tony) Robinson
 
Cyber threat enterprise leadership required march 2014
byPeter ODell
 
Exp w22 exp-w22
bySelectedPresentations
 
A US Cybersecurity Strategy for 2030
byScott Dickson
 
Take Down
byProf John Walker FRSA Purveyor Dark Intelligence
 

More from Dr Robert D. Childs

PDF
DITEC JAN 31 2015 (PDF)
byDr Robert D. Childs
 
PDF
BobProgram
byDr Robert D. Childs
 
PDF
IRMC_Crains_CIO_Awards_Detroit_Sep2012_ver2
byDr Robert D. Childs
 
PDF
Long Bio+pix
byDr Robert D. Childs
 
PDF
Articles and Presentations-2
byDr Robert D. Childs
 
PDF
Homeland Security Article-1-1
byDr Robert D. Childs
 
PDF
Federal 100 Award Article
byDr Robert D. Childs
 
PDF
Government Computer news Hall of Fame-1
byDr Robert D. Childs
 
DITEC JAN 31 2015 (PDF)
byDr Robert D. Childs
 
BobProgram
byDr Robert D. Childs
 
IRMC_Crains_CIO_Awards_Detroit_Sep2012_ver2
byDr Robert D. Childs
 
Long Bio+pix
byDr Robert D. Childs
 
Articles and Presentations-2
byDr Robert D. Childs
 
Homeland Security Article-1-1
byDr Robert D. Childs
 
Federal 100 Award Article
byDr Robert D. Childs
 
Government Computer news Hall of Fame-1
byDr Robert D. Childs
 

Resiliency-Part One -11-3-2015

  • 1.
    ‹#› CYBER RESILIENCY: fromPrevention to Recovery (Part 1) 8 Dec 2015 Dr. Robert D. Childs President & CEO, iCLEAR LLC Former Chancellor, National Defense University (NDU) iCollege and Deputy to NDU President for Cyber and Information
  • 3.
    ‹#› Definition of Cybersecurity Theprotection of information systems from theft or damage to hardware, software, and information on them, as well as from disruption or misdirection of the services they provide. It includes controlling physical access to hardware, protecting against harm that may come via network access, data and code injection, and due to malpractice by operators, whether intentional, accidental, or due to them being tricked into deviating from secure procedures. 3
  • 4.
    ‹#› 4 NATO Cooperative CyberDefense Center of Excellence A proactive measure for detecting or obtaining information as to a cyber intrusion, cyber attack, or impending cyber operation or for determining the origin of an operation that involves launching a preemptive, preventive, or cyber counter- operation against the source. Source: Compilation of Existing Cybersecurity and Information Security Related Defintions, Open Technology Institute New America (2013) Cyber Defense Definition
  • 5.
    ‹#› Cyber Resilience Definition 5 Theability to prepare for, adapt to, withstand, and rapidly recover from disruptions resulting from deliberate attacks, accidents, or naturally occurring threats or incidents. Source: Qatar National Cyber Security Strategy (2014)
  • 6.
    ‹#› 6 Overarching Cyber DefenseQuestions • What are various types/purposes of attacks • What factors influence the cyber environment (trends/issues/technologies) • What are primary cyber defense challenges • What are potential solutions • What areas require further analysis/R&D • What elements are needed in a cyber defense plan
  • 7.
    ‹#› Five Most CommonTypes of Attacks • Socially engineered Trojans • Unpatched software • Phishing attacks • Network traveling worms • Advanced Persistent Threat (APT) 7
  • 8.
    ‹#› 8 • Identity theft(money, medical fraud, access) • Financial (banks,insurance) • Espionage (exfiltrate commercial/political/military information) • National security (military plans/operations, infrastructure) • Terrorism (communicate,fund raise,disrupt) Attack Purposes
  • 9.
    ‹#› Major Societal FactorsAffecting Cybersecurity Trends • Expanding number/use of mobile devices • Increasing use of social media • Use of data analytics • Shift to cloud computing • Increasing skills crisis 9
  • 10.
    ‹#› 10 Specific Issues InfluencingCyber Environment • Increasing attacks/sophistication/seriousness • Increasing number of apps • Proliferation of opportunities (SCADA) • Pervasive/ubiquitous computing • Need for interoperability • Exponential growth of Internet of Things (IoT) • Disagreement on security metrics • Advanced Persistent Threat (APT)
  • 11.
    Growth of CyberThreat Vectors High Low Sophistication Sophistication of Hacking Tools & Elite Hackers Increasing Elite Hackers 1980 1985 1990 1995 2000 Sophistication Required of Common Hacktivists Declining cross site scripting password guessing self-replicating code password cracking exploiting known vulnerabilities disabling audits back doors Session hijacking sweepers sniffers packet spoofing graphic user interface automated probes/scans denial of service www attacks “stealth” / advanced scanning techniques burglaries network mgmt. diagnostics distributed attack tools Staging sophisticated C2 2010 ~ 2020 APT Sophistication of Stealth Tools & Elite Hackers Increasing …next? Dr. Gil Duval, CEO Data Security Storage, LLC 11 Elite Critical Infrastructure Exploitation Tools “The Enhanced Cybersecurity Services program …voluntary information sharing program will provide classified cyber threat and technical information …to eligible critical infrastructure companies.” - President Barack Obama, Executive Order, 12 February 2013
  • 12.
    ‹#› 12 Technologies Impacting CyberDefense • Sensors • Wearables • Drones/robotics • Virtual reality (gaming) • Mobile devices/apps • Internet of everything
  • 13.
    ‹#› Cyber Defense Challenges •Advanced Persistent Threat (APT) • Late detection/continuing leakage • Backdoor apps • Multitude of vendors/fragmented solutions • Cloud computing 13
  • 14.
    ‹#› Cyber Defense: Oldvs New Approach • Old Approach: (patch & pray-a perimeter defense) • New Approach: (proactive,agile,adaptive) • Realtime visibility across network • See how machines/people behave • Identify changes in behavior • Take corrective measures 14
  • 15.
    ‹#› Active Cyber Defense(ACD) Reactive Engagement Model • find invading code • unplug affected systems • create security patches • apply patches network wide ACD Program (not offensive) • collect, synchronized realtime capabilities • discover, define, analyze, mitigate cyber threats/ vulnerabilities • disrupt and neutralize AS ATTACKS HAPPEN 15
  • 16.
    ‹#› 16 DARPA Projects toProtect Military Technology from Hackers • High-Assurance Cyber Military Systems (HACMS)- no requirement for security patches • Cyber Grand Challenge (automated adaptive security software) • Computer individuality (distinctive computers) • Advanced encryption (fully homomorphic)
  • 17.
    ‹#› Contact Dr. Robert D.Childs President & CEO, iCLEAR LLC Former Chancellor, National Defense University(NDU) iCollege and Deputy to the NDU President for Cyber and Information e-mail: [email protected] iCLEAR LLC website: http://iclearllc.com