Strategic Cyber-Security

Joseph Ingemi

Agenda

• Introduction

• Trends, Motivations, and Innovations

• Cyber-attacker Geography

• Recommendations

• Case Study

• Conclusion

Introduction

“From this day forward, any nation that continues

to harbor or support terrorism will be regarded

by the United States as a hostile regime.” –

George W. Bush

Introduction

• Expresses a fundamental truth

• Acts of terror require a base of operation

• Similarly, cyber-attacks do so as well

• Each cyber-attack has a country of origin

Introduction

• Cyber Security is Top-Down not Bottom-up

• Managers and Decision-makers drive

cyber-security

• Information Technology Departments

simply support decisions

Introduction

• Cyber-Security is about Risk Management

• Mitigation and controls should address risk

• One size does not fit all

Introduction

What is a cyber-attack?

? ? ?

? ? ? ?

?

Introduction

What is a cyber-attack?

Any effort to steal from, defraud, disrupt or

destroy personal or enterprise-level

operations through networked systems or

maliciously causes a data breach

Trends

Where are we?

Where are we

vulnerable?

Where are we going?

Trends

Security Gaps and

Vulnerabilities

Security Gaps and

Vulnerabilities

Past

Present

Future

Vulnerabilities

Why exploit a vulnerability?

• Attacker Intent

• Type of information or data

(Why do you rob banks, Willie?)

Because that’s where the money is. –Willie Sutton

Motivations

Integrity Violation • Embarrass

• Political Agenda

• Not damaging other than emotional distress

• Demonstrate weakness, bragging rights

• Examples

Motivations

Profit • Piracy

• Theft

• Learn corporate strategies

• Examples

Motivations

Physical Damage • Destroy property

• Induce casualties

• Weaken defense capabilities

• Direct or indirect

• Example

Innovation: Cloud

• IaaS

• PaaS

• Applications

• Public vs Private vs Hybrid

• Where is the data stored?

• Who accesses the data?

• Is whole greater than the parts?

Innovation: Internet of Things

• Mobile Devices

• Controllers

• Sensors

• UAVs

• Information

Technology has a

physical impact

Innovation: 3D Printing

• Disruptive technology

• Revolutionizes supply chains

• Intellectual property more valuable than

physical inventories

Innovation vs Motivation

Integrity

Violation

Profit Physical

Damage

Cloud X X

3D Printing

Internet of

Things

Innovation vs Vulnerability

Integrity

Violation

Profit Physical

Damage

Cloud X X

3D Printing X X ?

Internet of

Things

Innovation vs Vulnerability

Integrity

Violation

Profit Physical

Damage

Cloud X X

3D Printing X X ?

Internet of

Things

X X X

Cyber-Attacker Geography

Russia

• Cyber-command (US Intel)

• Attacks on Baltic

• Georgia War

• Attacks on Ukraine PM, White House

• Attack on Western Energy Companies

• Gangsters Steal 1.2 Billion Passwords

• Industrial Control Systems

Cyber-Attacker Geography

China

• People Liberation Army Unit 61398

– Activities since 2006

– Targets align with strategic priorities

– China has denied these attacks

• Little Panda/ Anthem, US Community Health; Greatfirewall vs Greatfire vs Great Cannon

• ASEAN Monitoring

Cyber-Attacker Geography

Iran

• Strong push to develop cyber-warfare

capabilities

• Attack on Saudi Aramco

• Attack on US financial institutions

• Israeli-Iranian cyber-competition

Cyber-Attacker Geography

North Korea

• Attacks on South Korean commercial,

government and military targets, 2009-

2011

• Sony Attack

• Unit 121, 91, 35, Lab 110

Cyber-Attacker Geography

ISIS

• Fluid:

– Lone-wolf sympathizers abroad

– Westerners joining ISIS

• Focus on social media

• CENTCOM Twitter hacked

Cyber-Attacker Geography

Syria

• Syrian Electronic Army

• Defend Assad; connected to the regime

• DDOS and Malware attacks

• Spam, hack and deface western media

• Hacked AP, sent out fake news report, Dow dropped

• Sands

Cyber-Attacker Geography

Similarities

• High-level of internet surveillance

– Open-Net Initiative, “Enemies of the Internet”

• Corruption

• Lack of Civil Society

• Un-liberal

• Hostility towards/Rivalry with West

• State-sponsored cyber-groups

Cyber-Attacker Geography Internet

surveillance

Corruption Lack of

civil

society

Un-liberal Hostility State-

Sponsorship

China X X X X X X

Russia X X X X X X

Iran X X X X X X

N.

Korea X X X X X X

ISIS ? X X X X X

Syria X X X X X X

Cyber-Attacker Geography

• Cyber-Attacks are a low cost vector of

attack by our nation’s enemies

• Relationship between international

relations and cyber-security threats – Regimes

– Power Blocs

• Cannot separate global markets from

global rivalries – Economic liberalism does not assure good behavior

Recommendations

• Organizational

• State and Local

• Federal Government

Recommendations

Organizational

• Inventory

– Data and Processes

– Hardware and Software

• Access

• Risk Assessment

• Mitigation and Controls

• Monitor

Recommendations

Organizational

Critical Considerations:

• Analysis drives technology and framework

• Everything has a value

• Location, Location, Location

– Be Aware of the one-off, eg, India

Recommendations

State-Local

• Develop public-private partnerships to build

resiliency – Build awareness

– Spread best practices, esp., small businesses

– Economic Development

• Law Enforcement

• Education – Encourage good behavior

– Build next generation of cyber-security experts

Recommendations

Federal • Develop a cyber-security regulatory regime/PPP/best practices

– Systemic vs Individual Risk

– 3 Bills

• Evaluate the international environment and rate nations based on cyber-threat – Advisory list

– Intelligence

– Examine outside trade relationships and alliances among partners

• Maintain and strengthen alliances to assure that our strategic interests are aligned with our allies.

– Egypt

– Great Britain

– India

– Indonesia

– Israel

• Integrate cyber-security with both non-defense and defense relationships – Make cyber-security a consideration in response options

• Depends on the impact on physical world

– Make cyber-security an integrated part of diplomacy and assistance.

– International economic bodies should have a cyber-security component.

Recommendations

• Integrate cyber-security with both non-defense and defense relationships – The Defense Department, Homeland Security and the Justice Department

should conduct regular joint exercises with allies for countering cyber-attacks. • South Korea

• Eastern Europe

– Prosecuting cyber-attackers must be made a law-enforcement priority • Joint Cybercrime Action Task Force

• Interpol

• Prosecution and extradition treaties

– Cyber-security must be a component of immigration policy

• Develop cyber-security Centers of Excellence as inter-disciplinary research and instruction centers.

– USMA CTC

– CDC-like National Department

– Cyber Red Cross

– ISAOs

Case Study

• Trans-Pacific Partnership (TPP)

• Includes: Australia, Brunei, Canada, Chile,

Japan, Malaysia, Mexico, New Zealand, Peru,

Singapore, and Vietnam

• E-commerce in terms of tariffs

• Integrated telecommunications

• Regulatory coherence

• Intellectual Property

Case Study Internet

surveillance

Corruption Lack of civil

society

Un-liberal Hostility State-

Sponsorship

Aus ?

Bru ? x

Can

Chile

Jap

Mal ? ?

Mex x

NZ

Per x

Sing ? ? ?

Viet x x ? x

Case Study

China

Chile Aus

Japan Mal HK

Sing Viet

Case Study

Approach-Government

• Special care to information sharing with

Australia, New Zealand and Japan

• Collective Security-Mutual Defense Agreement

– Aus, NZ, Chile, Japan, Malaysia, Singapore, Vietnam

– Coordinated law enforcement

– Cyber-defense umbrella

• Trilateral talks at G20

Case Study

China-centric FTAA

• US Isolation vs Cyber-Security Exposure

• Fast-Track TPP

• Cyber-security Alliance within FTAA

• Private Sector Vigilance

Case Study

Approach-Private

• Evaluate supply chains and human

resource policies for business partners

– Aus, Chile, Japan, Malaysia, Singapore,

Vietnam

• Evaluate business partners relationships

based on their relationship with China

– Higher risk premiums

Conclusion

“Economic globalization, in its essence, ignores national frontiers. Foreign policy affirms them, even as it seeks to reconcile conflicting national aims or ideals of world order”

–Henry Kissinger

References

• Mandiant, APT 1: Exposing of China’s

Cyber Espionage Units (2013)

• Akamai, State of the Internet

• The HIll, Cybersecurity Update

• Politico, Morning Cybersecurity Update

• Sophos, Naked Security

• RealClearDefense

• MS-ISAC