Defending Cyberspace: Are We Ready?NEAL ZIRING, TD IADOCTOBER, 2012
Defending Cyberspace: Are We Ready?       The current environment      What keeps me up at       Why should we care?   ...
Current State       What is the magnitude of the problem?        –   Consumers embracing mobile solutions        –   Incr...
Why is the Threat Growing?       Hard truth: the more technology we        use, the more we need to protect        Simple...
Defining Emerging Threats       What is an emerging        threat?       Why should we study        them?       Who are...
Emerging Threat Types         Threats fall into one or both categories:      –   Technological – threats       –   Behavi...
Technological Threat: Malware       Threat                             Response    –   Customized malware and          –...
Technological Threat: Internet of Things     Threat                                Response    –   Increasing gadgets & ...
Technological Threat: IPv6       What is IPv6 and why should we care?    –   Next generation protocol for the Internet   ...
Technological Threat: IPv6    Threat –   New attack, exploitation, stealth, and exfiltration techniques     based on IPv6...
Technological Threat: Mobility        Threat:     – More malware and attacks from mobile platforms     – Use of mobile pl...
Behavioral Threat: Faster Pace    Threat:– All parts of attacker operation cycle accelerating– No innate obstacles to 10-...
Behavioral Threat: Lifecycle Scope    Threat:–    Attackers backing into earlier stages of security     lifecycle to impr...
Behavior Threat: Application Focus    Threat: –   Initial attacks increasingly focused on applications –   Expect to see ...
Behavioral Threat: Counter-attack Culture    Threat: –   Assertions from some advocates that victims can and should count...
Behavioral Threat: Nation-State Actors    Threat: – Nation-state level actors exploiting very   broad spectrum of non-tra...
What about the Cloud?    Threats: – Concentration of vulnerability/risk at       cloud providers – Attackers co-opting cl...
Security in the Cloud • Separate accreditation of cloud infrastructure and   cloud-borne mission applications • Flexible a...
Future of Cyber Defense    Shift towards “stronger” commercial solutions    Public and Private Partnerships in action  ...
Conclusions    Broad spectrum of new and growing threats    Effective response strategies must target both     attacker ...
Forward. Thinking.21
Upcoming SlideShare
Loading in …5
×

Strategic Approach to Addressing Emerging Cyber Threats (Neal Ziring, Technical Director, Information Assurance Directorate (IAD), NSA)

2,179 views
2,029 views

Published on

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
2,179
On SlideShare
0
From Embeds
0
Number of Embeds
1,283
Actions
Shares
0
Downloads
21
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide
  • IAD will be active and innovative.Information Assurance VisionariesForward ThinkingForward ProgressForward MobilityForward Momentum Go Forward Team --- and Do Great Things!!
  • Strategic Approach to Addressing Emerging Cyber Threats (Neal Ziring, Technical Director, Information Assurance Directorate (IAD), NSA)

    1. 1. Defending Cyberspace: Are We Ready?NEAL ZIRING, TD IADOCTOBER, 2012
    2. 2. Defending Cyberspace: Are We Ready?  The current environment  What keeps me up at  Why should we care? night?  The time has come2
    3. 3. Current State  What is the magnitude of the problem? – Consumers embracing mobile solutions – Increased reliance on the internet  Cyber Intrusions on the Rise ? – Targeted companies among the best at security – Lost of intellectual property – Different strokes for different folks3
    4. 4. Why is the Threat Growing?  Hard truth: the more technology we use, the more we need to protect Simple Equation: Reliance on Internet  (Technology Use) – Growing reliance on the Internet = increased investment by malicious actors Investment by malicious actors (Need to Protect)4
    5. 5. Defining Emerging Threats  What is an emerging threat?  Why should we study them?  Who are the stakeholders?  What is at risk?5
    6. 6. Emerging Threat Types  Threats fall into one or both categories: – Technological – threats – Behavioral – threats driven driven by new or evolving by changes in attacker or technology, standards, devi target ces, protocols, etc. behavior, practices, operati onal norms, regulatory regimes, etc.6
    7. 7. Technological Threat: Malware  Threat  Response – Customized malware and – Reputation services provide attacks make simple some help, will need to get blacklisting and signature more sophisticated over time detection less effective – Whitelisting (federated – Expect to see much more on- whitelisting services) the-fly custom generation – Trust foundations can help for the longer term To: Defense A www.hackedsite.com 010100101010010101001 010100101010010101001 010100101010010101001 0101001010101001010107
    8. 8. Technological Threat: Internet of Things  Threat  Response – Increasing gadgets & gizmos on – Incentivize security with networks certification and liability vehicles – Easy avenues for network – Standardize simplified protocols attacks for ’things’ to use; reduce vulnerabilities due to complexity – Little incentive for thing – Standardize quantitative makers to secure them measures 010100101010 1101010010108
    9. 9. Technological Threat: IPv6  What is IPv6 and why should we care? – Next generation protocol for the Internet – Defines how data is sent from one computer to another – Contains addressing and control information to route packets – Why a future move to IPv6?:  The last IPv4 blocks have been distributed  Increased address space  More effiecient routing  Better mobility support9
    10. 10. Technological Threat: IPv6  Threat – New attack, exploitation, stealth, and exfiltration techniques based on IPv6 features Welcome to – Lack of IPv6 experience in defensive workforce IPv6 Training • IPv6 Programming • IPv6 in the Internet  Response • IPv6 Exploitation and Defense – Training for defenders and IT operators – Coverage of IPv6 in colleges and competitions – Selective and measured introduction of IPv6 into enterprise operations10
    11. 11. Technological Threat: Mobility  Threat: – More malware and attacks from mobile platforms – Use of mobile platforms as attack surface for enterprise networks (driven by consumerization of IT)  Response: – Addition of core security functionality to enterprise mobile platforms: • Data-at-rest protection, particularly • for keys & credentials • Mobile Device Management • Secure communications based on standards – Sophisticated policy enforcement and monitoring for mobile users11
    12. 12. Behavioral Threat: Faster Pace Threat:– All parts of attacker operation cycle accelerating– No innate obstacles to 10-50x speed-up– Malicious activity coordination getting tighter Response:– Automate! Drive all defensive actions at net speed– Use hardened/layered architectures to slow attack cycles– Standardize defensive info exchange to gain speed12
    13. 13. Behavioral Threat: Lifecycle Scope Threat:– Attackers backing into earlier stages of security lifecycle to improve scale and utility– Supply-chain attacks Response:– Very difficult: hardening supply chains is a very hard problem– Software: greater use of signed software should help– Hardware: still in research stage. Some benefit from anti- counterfeiting efforts– Layered security13
    14. 14. Behavior Threat: Application Focus  Threat: – Initial attacks increasingly focused on applications – Expect to see increase in breadth of apps targeted – App developers may not have resources to harden their products  Response: – Make it easier for developers to write secure apps – Make it harder for compromised app to inflict harm across entire platform14
    15. 15. Behavioral Threat: Counter-attack Culture  Threat: – Assertions from some advocates that victims can and should counter- attack – Opens huge can of worms for mis-direction, lawlessness, etc  Response: – Education about difficulties of attribution and liability issues – Clearer laws and international norms – Partnerships across sectors and segments15
    16. 16. Behavioral Threat: Nation-State Actors  Threat: – Nation-state level actors exploiting very broad spectrum of non-traditional targets – Assymetry of national resources focused on commercial, academic, even NGO targets  Response: – Unity of effort and visibility toward common defense – Sharing of actionable intrusion information across sectors (eventually, at machine speed) – Establishment of deterrents and international norms16
    17. 17. What about the Cloud?  Threats: – Concentration of vulnerability/risk at cloud providers – Attackers co-opting cloud resources – Attackers purchasing cloud resources  Response: – Standards and best practices for continuous monitoring and defense in cloud environments – Extension of trust foundations into cloud platforms – More consistent legal regimes and international norms – Means for extending reputation into cloud-based services17
    18. 18. Security in the Cloud • Separate accreditation of cloud infrastructure and cloud-borne mission applications • Flexible accreditation for cloud infrastructure • Accreditation based on continuous monitoring • Cloud Security Services18
    19. 19. Future of Cyber Defense  Shift towards “stronger” commercial solutions  Public and Private Partnerships in action  Sharing information in real time  Laws, policies, standards and norms  Building the cyber workforce19
    20. 20. Conclusions  Broad spectrum of new and growing threats  Effective response strategies must target both attacker and defender motivations  Most effective responses cross lines between government, industry, infrastructure, etc.  Unity of effort will be essential to success20
    21. 21. Forward. Thinking.21

    ×