Cybersecurity: The Undiscovered Country

Cybersecurity:The undiscovered country…Jim Stikeleather

"I offer a toast – the undiscovered country – the future." "An undiscovered country whose bourne no travelers return - puzzles the will" 2

A perfect storm is on the horizon… Enterprise 2.0 Capitalism 2.0 Management 2.0 Economics 2.0 IT 2.0 New Game, New Playing Field, New Rules, New Players… Means Innovation, Flexibility, Agility, and more… 3

Change wants to happen,Tech enables, facilitates and accelerates it… IT consumerization A new workforce Work mobility & the An old workforce Hollywood model Pervasive Innovate to zero Regulations & simplification cyber jurisprudence Smart Everything Utility computing Risk & security The new normal management 4 4

An Architecture for Systemic Innovation Foresight Frameworks Insight Signals, Trends R&D Themes Strategic Standards, Laws Plans Scenarios IP, Patents Innovation for Innovation for CustomerMarket Challenges Reference & Delivery Challenges Architectures Incubator Continual Portfolio Improvement Plan of Relative Intent Innovation Operational & Annual Plan of Plans Value Record Challenges5 Confidential Services

Then you think about it: Convergent Thinking Divergent Thinking • Analytic / Rational • Creative / Intuitive • Quantitative / Sequential • Qualitative / Subjective • Constraint-driven / Objective • Possibilities / Holistic • Specific details • Conceptual abstractionsSTART KILL IDEATION NARROW CONCEPTS EXPOSE TO INTERNAL RESOURCES UNDER TARGET DEFINE THE CONSIDERATION CUSTOMERS DRAFT NEW PRODUCT PROBLEM/ FOR OUTLINE FEATURES/ (QUALITATIVE) CONCEPTS CONTINUE OPPORTUNITY M BENEFITS TEA M IDEATION How far back depends on feedback received EXTERNAL RESOURCES REFINE May require refinement of business case and financials DEVELOP BUS KILL PLAN EXPOSE TO TARGET EXECUTIVE TEST ESTABLISH HIGH LEVEL CASE/OBTAIN DEVELOPMENT CUSTOMERS FOR MANAGEMEN MARKETING SUCCESS REQUIRE- APPROVAL TO TEST MARKET AND VOLUME ASSESSMENT T PREPARATION CRITERIA MENTS PROCEED (NEW PRODUCT (QUANTITATIVE) REVIEW DESIGN, (Mgt Review) INITIAL TIME LINE INCUBATOR) (Investment DEVELOP & (Proj Request/Sizing) Committee) PILOT Project Release Management Flow Begins (see next page) (Project Launched) Project Lifecycle Start Project KILL FINAL KILL POST ROLLOUT EXECUTIVE EVALUATION TEST MARKET WAR TURN OVER PLAN GROUP ROLL- AND EVALUATION GAMES TO PRODUCT CONTINUE REVIEW OUT MEASUREMENT FINAL TIMELINE MANAGEMENT TRAINING REFINE Some, or all of these stages may not apply to smaller efforts, or those with low execution risk/low capital investment For large projects, or those requiring post-pilot review and approval, these stages will apply (e.g. Investment Committee level projects). Project Lifecycle End Project 6 Confidential Services

CyberSec in context:Welcome to the Serendipity Economy Image courtesy of Yoan Blanc - http://www.flickr.com/photos/greut/502095764/ http://danielwrasmus.com/default.aspx7 Global Marketing

Consilience, Complexity and Emergence… Cynefin Framework http://en.wikipedia.org/wiki/Cynefin8 Global Marketing

Collaboration and Co-creation: Sur/PetitionCustomers, staff, partners, suppliers, competitors Sur/Petition – Moving Beyond Competition Competition, with its focus on what others are doing, is only the baseline for survival. “Sur/petition” focuses on value creation, going beyond traditional strategic competition to exploit the vast potential of “integrated values” that surround the purchase and use of products and services. de Bono, Edward, Sur/petition, Harper Collins, London9 Global Marketing

People – Humanities greatest resource http://www.youtube.com/watch?v=u6XAPnuFjJc http://www.youtube.com/watch?src_vid=dk8UJ-JWg-o&feature=iv&annotation_id=annotation_593316&v=XCH4FrnLlls http://www.theimaginationage.net/2010/01/smarter-work-data-visualizations.html

Management – Humanities greatest invention(the MIX - http://www.managementexchange.com/) BeginningMANAGEMENT SCHOOLS Emphasis Dates PlanningCLASSICAL SCHOOL Managing workers and Division of Labor organizations more efficiently. Scientific Management 1880s Directing Administrative Management 1940s Unity of Command Create Customers, Bureaucratic Management 1920s Lower Transaction Costs, OvercomeBEHAVIORAL SCHOOL Understanding human behavior Economic Friction Scalar Chain of in the organization. Command Human Relations 1930s Staffing Behavioral Science 1950sQUANTITATIVE SCHOOL Increasing quality of managerial Span of Control decision-making through the application of mathematical and ControllingManagement Science 1940s statistical methods. Operations Management 1940s Management Information 1950s—Systems 1970s Figurehead LeaderSYSTEMS SCHOOL 1950s Understanding the organization as a system that transforms inputs into outputs while in constant interaction with its Spokesperson Entrepreneur environment.CONTINGENCY SCHOOL 1960s Applying management principles Resource and processes as dictated by the Liaison unique characteristics of each Allocator situation. Monitor Negotiator

The Fractal Organizationand Enterprise 2.0 http://www.boostzone.fr/en/the-fractal-nature-of-entreprise-2-0/ http://www.zdnet.com/blog/hinchcliffe/the-state-of-enterprise-20/143

The Current CyberSec Model Will (continue to) Fail:• Technology: – Point solutions – Point processes – Physicality – Standards “nice to have” – Interoperability HW/SW• Governments – Economic risk / reward balance – Jurisdictional conflict (internal and external) – Geopolitical boundaries in cyberspace – Geopolitical ideals in cyberspace• Enterprise – Parochialisms – image; legal; technology; competitive – ROI – Ford Pinto Approach – Secrecy – “Unsafe at any Speed” (Nader), “The Jungle” (Sinclair)• Individuals – Reasonable, rational, prudent person• Failure to see the common good – Law of the Commons Services 13 Confidential13

CyberSec in Real Space Technology Kill switches & backdoors are Hardware built into everyday Threats products US Central Counterfeit Seagate Command electronic shipped virus- breached using components laden HDD thumb drives Apple shipped that searched with malicious Highly iPod systems for passwords code sophisticated infected with a then sent them malware like Windows based to a server. DEC computer FBI Operation Stuxnet virus. Blamed a Blamed an bound for USSR Network contract unnamed modified; Raider finds Data security manufacturer. contractor Cryptographic significant breaches equipment located in penetration of Spy Cameras developed with China. counterfeit Hacktivists inserted into backdoor for network gear Xerox copiers security agency in use globally 1960’s 1980’s 2006 2007 2008 Present Adverse Events14 Confidential

Industry-wide Risk Assessment (2010) Supply Chain Security Risk Categories Physical Security Personnel Security IT Security Policy Processes Piece Part Manufacturing (from raw material) Component Supply Chain Segments Manufacturing & Sub- Assembly Assembly & Imaging 2nd Touch Customization & Personalization Merge, Distribution & Fulfillment Customer Care Services 1. Supplier policies do not adequately address the detection / prevention of counterfeit components or product tampering (unwanted functionality or malware) 2. Required training for suppliers does not address some threats and risks to supply chain security adequately 3. OEMs need to enhance governance / auditing of supplier contractual requirements to ensure compliance15 Confidential

Safe Bets: O-TTPF™16 Confidential Services

And then you flip a coin: Computing VersusQuantum Wars Security17 Confidential Services

A better way to be secured… Content Centric Computing Content Centric Storage information-centrism PSIRP DONA content-centric networking New ID spaces TRIAD ROFL id-loc CDN clean-slate 3 Interconnecting information DPI P2P overlays NAT middleboxes IPv6Content Centric patching TCP/IPNetworking Telephony 2 Interconnecting hosts 1 Interconnecting wires 18 Confidential Services

Wildcards:19 Confidential Services

Thank you!Contact me - Stike_Stikeleather@dell.comTwitter - @stikeyoda Google+ - stikeyoda@gmail.comManagement innovation maverick - http://www.managementexchange.com/users/jim-stikeleatherEnterprise efficiency expert- http://www.enterpriseefficiency.com/archives.asp?section_id=1052Slideshare content- http://www.slideshare.net/dellenterpriseBooks: http://www.amazon.com/exec/obidos/ ISBN=0929652185/pfingarA http://www.amazon.com/Next- Generation-Computing- Distributed- Reference/dp/0132618923/ref=s r_1_1?s=books&ie=UTF8&qid=13 34940728&sr=1-1

Cybersecurity: The Undiscovered Country

by Dell Enterprise

Accessibility

Categories

Upload Details

Usage Rights

Statistics