• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
Systemic cybersecurity risk

Systemic cybersecurity risk



Presentation to OECD project group on Global Risk

Presentation to OECD project group on Global Risk



Total Views
Views on SlideShare
Embed Views



5 Embeds 41

http://dooooooom.blogspot.com 24
http://dashboard.bloglines.com 6
http://theoldreader.com 6
http://dooooooom.blogspot.co.uk 4
http://dooooooom.blogspot.mx 1


Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
Post Comment
Edit your comment
  • http://www.washingtonpost.com/wp-dyn/content/article/2010/01/13/AR2010011300359.html http://www.wired.com/threatlevel/2010/06/leak/

Systemic cybersecurity risk Systemic cybersecurity risk Presentation Transcript

  • Systemic cybersecurity risk Dr Ian Brown Oxford Internet Institute University of Oxford
  • Non-systemic risks
    • Cyber graffiti: defacement of Web sites for propaganda and bragging
    • Cyber fraud: $1bn losses? Poor data. Anyway largely containable within financial system
    • “Terrorists get better returns from much simpler methods such as car bombs. Cyber terror is too low key: not enough dead bodies result, and attacks are too complex to plan and execute.” (Dr Juliette Bird, NATO)
  • Cyber war
    • “ The ‘Korean’ cyber incidents … were annoying and for some agencies, embarrassing, but there was no violence or destruction... Cybercrime does not rise to the level of an act of war, even when there is state complicity, nor does espionage – [which] are the activities that currently dominate cyber conflict... Estonia and Georgia … came under limited cyber attack as part of larger conflicts with Russia, but in neither case were there casualties, loss of territory, destruction, or serious disruption of critical services. ” (Lewis, 2009: 2—3).
    • “ At best, these operations can confuse and frustrate operators of military systems, and then only temporarily. Thus, cyberwar can only be a support function for other elements of warfare” (Libicki, 2009: xiv—xv)
  • Cyber espionage
    • TITAN RAIN: Incursions into DoD, German chancellory, Whitehall, NASA, Lockheed Martin…
    • Google attack aimed at “high-tech information to jump-start China's economy and the political information to ensure the survival of the regime” –James Lewis
    • “ [I] listened and lip-synced to Lady Gaga’s ‘Telephone’ while exfiltrating possibly the largest data spillage in American history” -SPC Bradley Manning
  • Reducing systemic risk
    • Isolate critical systems from public Internet and each other
    • Enhance risk management, robustness and continuity planning in Critical National Infrastructure systems
    • Use Content Distribution Networks and other load balancing systems to increase performance and resilience of public-facing systems
    • Better align private and social goals in securing systems, esp. on software security