Target. Hunt. Disrupt.

WHAT’S NEXT IN CYBERSECURITY

Ely Kahn, Co-Founder of Sqrrl

AGENDA My Story What is Cybersecurity?

  Definition   Cyber Threats

Cybersecurity Policy   How is it made?   Hard problems in cybersecurity policy

© 2015 Sqrrl | All Rights Reserved 2

MY STORY

© 2015 Sqrrl | All Rights Reserved

Harvard > Booz Allen > DHS > White House > Wharton > Sqrrl

3

AGENDA My Story What is Cybersecurity?

  Definition   Cyber Threats

Cybersecurity Policy   How is it made?   Hard problems in cybersecurity policy

© 2015 Sqrrl | All Rights Reserved 4

WHAT IS CYBERSECURITY?

“The security of and operations in cyberspace, and encompasses the full range of threat reduction, vulnerability reduction, deterrence, international engagement, incident response, resiliency, and recovery policies and activities, including computer network operations, information assurance, law enforcement, diplomacy, military, and intelligence missions as they relate to the security and stability of the global information and communications infrastructure.”

© 2015 Sqrrl | All Rights Reserved

Definition from the 2009 White House Cyberspace Policy Review

5

BUT WHAT IS CYBERSPACE?

© 2015 Sqrrl | All Rights Reserved 6

TYPES OF THREATS

© 2015 Sqrrl | All Rights Reserved 7 Source: Solon Group

EVOLUTION OF THE THREAT

© 2015 Sqrrl | All Rights Reserved 8 Source: DoD

APT ATTACK CYCLE

© 2015 Sqrrl | All Rights Reserved 9 Source: RSA

TARGETED ATTACKS HAVE CHANGED THE GAME

10 Source: Battery Ventures © 2015 Sqrrl | All Rights Reserved

CASE STUDY: STUXNET

© 2015 Sqrrl | All Rights Reserved 11 Source: Painedge

AGENDA My Story What is Cybersecurity?

  Definition   Cyber Threats

Cybersecurity Policy   How is it made?   Hard problems in cybersecurity policy

© 2015 Sqrrl | All Rights Reserved 12

NATIONAL SECURITY COUNCIL

© 2015 Sqrrl | All Rights Reserved 13

Nat’l Security Council

Deputies Committee

Principals Committee

Policy Coord. Committees

Outputs

•  Executive Orders •  Draft legislation •  National strategies and

plans •  Budget priorities •  Interagency programs •  Industry coordination

CONGRESSIONAL LAWMAKING

© 2015 Sqrrl | All Rights Reserved 14 Source: Westlaw

REGULATORY RULEMAKING

© 2015 Sqrrl | All Rights Reserved 15 Source: Langner

STANDARDS DEVELOPMENT

© 2015 Sqrrl | All Rights Reserved 16

HARD POLICY PROBLEM #1

© 2015 Sqrrl | All Rights Reserved

Information Sharing

17

HARD POLICY PROBLEM #2

© 2015 Sqrrl | All Rights Reserved

Preventing cyber espionage

18

HARD POLICY PROBLEM #3

© 2015 Sqrrl | All Rights Reserved

Balancing offense vs. defense

19

HOW TO LEARN MORE?

My favorite online resources:   Dark Reading   SC Magazine   Politico   Passcode

Sqrrl.com   If you are interested in an internship, write me a blog

ely@sqrrl.com

© 2015 Sqrrl | All Rights Reserved

Start reading, start writing

20