• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content

Loading…

Flash Player 9 (or above) is needed to view presentations.
We have detected that you do not have it on your computer. To install it, go here.

Like this presentation? Why not share!

Cyber Security: Past and Future

on

  • 1,767 views

Cyber Security: Past and Future, a presentation by John M. Gilligan at CERT's 20th Anniversary Technology Symposium, held in March 2009 in Pittsburgh, PA.

Cyber Security: Past and Future, a presentation by John M. Gilligan at CERT's 20th Anniversary Technology Symposium, held in March 2009 in Pittsburgh, PA.

Statistics

Views

Total Views
1,767
Views on SlideShare
1,721
Embed Views
46

Actions

Likes
1
Downloads
74
Comments
0

3 Embeds 46

http://www.gilligangroupinc.com 18
http://www.slideshare.net 14
http://gilligangroupinc.com 14

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    Cyber Security: Past and Future Cyber Security: Past and Future Presentation Transcript

    • Cyber Security: Past and Future
      John M. Gilligan
      CERT’s 20th Anniversary Technical Symposium
      Pittsburgh, PA
      www.gilligangroupinc.com
      March 10, 2009
    • Topics
      Historical Perspectives
      Cyber Security Today--A National Crisis
      Cyber Security Commission Recommendations
      Near Term Opportunities
      Longer-Term Game Changing Initiatives
      Closing Thoughts
      2
    • Historical Perspectives
      Computer Security in the Cold War Era
      Security “Gurus”—Keepers of the Kingdom
      The Internet changes the security landscape-- forever
      The Age of Information Sharing
      Omissions of the past are now our “Achilles Heel”
      Our Approaches To Providing Mission Enabling IT Are Stuck In The Past
      3
    • Cyber Security Today—A New “Ball Game”
      Our way of life depends on a reliable cyberspace
      Intellectual property is being downloaded at an alarming rate
      Cyberspace is now a warfare domain
      Attacks increasing at an exponential rate
      Fundamental network and system vulnerabilities cannot be fixed quickly
      Entire industries exist to “Band Aid” over engineering and operational weaknesses
      Cyber Security is a National Security Crisis!
      4
    • Commission Cyber Security for the 44th Presidency:Key Recommendations
      Create a comprehensive national security strategy for cyberspace
      Lead from the White House
      Reinvent public-private partnerships
      Regulate cyberspace
      Modernize authorities
      Leverage government procurement
      Build on recent progress with CNCI
      5
    • Near-Term Opportunities
      Use government IT acquisitions to change IT business model
      Enhance public-private partnerships
      Adopt the Consensus Audit Guidelines (CAG)
      Update FISMA
      Implement more secure Internet protocols
      Implement comprehensive, federated authentication strategy
      Leverage Stimulus Package to improve cyber security
      6
    • Use Government IT Procurement
      Cyber security needs to be reflected in our contractual requirements
      Many “locked down” configuration defined
      Use government-industry partnership to accelerate implementation of secure configurations
      Get started now, improve configuration guidelines over time and leverage SCAP!
      Build on FDCC Successes and Lessons Learned
      7
    • Security Content Automation Protocol (SCAP)
      What is it: A set of open standards that allows for the monitoring, positive control, and reporting of security posture of every device in a network.
      How is it implemented: Commercial products implement SCAP protocols to exchange and enforce configuration, security policy, and vulnerability information.
      Where is it going: Extensions in development to address software design weaknesses, attack patterns, and malware attributes.
      SCAP Enables Automated Tools To Implement And Enforce Secure Operations
      8
    • Enhance Public-Private Partnerships
      Most of our nation’s critical infrastructure is owned by the private sector
      Much of our government-sponsored research intellectual property is “protected” by industry
      Regulators need to guide/govern private sector efforts
      Private and public sectors must act in cooperation
      Defense Industrial Base (DIB): an excellent model
      Protecting Government and Military Systems Is Not Sufficient
      9
    • Implement Consensus Audit Guidelines (CAG)
      Underlying Rationale
      Let “Offense drive Defense”
      Focus on most critical areas
      CAG: Twenty security controls based on attack patterns
      Emphasis on auditable controls and automated implementation/enforcement
      Public comment period through March 25th
      Pilots and standards for tools later this year
      10
    • Update FISMA
      Emphasize evaluating effectiveness of controls vs. paper reviews
      Enhance authority and accountability of CISO
      Foster government leadership
      Independent, expert reviews
      Procurement standards
      Dynamic sharing of lessons learned
      11
    • Near-Term Opportunities
      Use government IT acquisitions to change IT business model
      Enhance public-private partnerships
      Adopt Consensus Audit Guidelines (CAG)
      Update FISMA
      Implement more secure Internet protocols
      Implement comprehensive, federated authentication strategy
      Leverage Stimulus Package to improve cyber security
      12
    • Longer-Term: IT Reliably Enabling Economy
      Change the dialogue: Reliable, resilient IT is fundamental to future economic growth
      New business model for software industry
      Redesign the Internet
      Get the “man out of the loop”—use automated tools (e.g., SCAP)
      Develop professional cyberspace workforce
      Foster new IT services models
      Need to Fundamentally “Change the Game” to Make Progress
      13
    • Closing Thoughts
      Government and Industry need to treat cyber security as an urgent priority
      Near-term actions important but need to fundamentally change the game to get ahead of threat
      IT community needs to reorient the dialogue on cyber security—the objective is reliable and resilient information
      Cyber Security is Fundamentally a Leadership Issue!
      14
    • Contact Information
      jgilligan@gilligangroupinc.com
      www.gilligangroupinc.com
      John M. Gilligan
      15
    • Security Standards Efforts:Security Content Automation Protocol (SCAP)
      16
    • Security Standards Efforts: Next Steps*
      17
      * Making Security Measurable – The MITRE Corporation