Your SlideShare is downloading. ×
Cybersecurity: The Undiscovered Country
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×

Introducing the official SlideShare app

Stunning, full-screen experience for iPhone and Android

Text the download link to your phone

Standard text messaging rates apply

Cybersecurity: The Undiscovered Country

1,307
views

Published on

You cannot secure the pipes, secure the servers or even just secure the storage – you have to be able to trust the data, based on the data – and nothing else! Current models of security are pretty …

You cannot secure the pipes, secure the servers or even just secure the storage – you have to be able to trust the data, based on the data – and nothing else! Current models of security are pretty much cyberspace equivalents for fixed fortifications in “real space” warfare. The safe bet is that data becomes self protecting by 2030, and hopefully much before that. In the shorter term the emphasis has to shift from being an IT issue to being an Enterprise-wide Risk Management issue. There are three paths of technology development – all of whom should start bearing fruit in the next 3 to five years - that are foundations to being able to trust the data solely based on the data itself. Content Centric Networking(PARC and NSF), Content centric computing (work load based), content centric storage (already started with de-duping technology).

Published in: Technology, Business, Education

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
1,307
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
11
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Cybersecurity:The undiscovered country…Jim Stikeleather
  • 2. "I offer a toast – the undiscovered country – the future." "An undiscovered country whose bourne no travelers return - puzzles the will" 2
  • 3. A perfect storm is on the horizon… Enterprise 2.0 Capitalism 2.0 Management 2.0 Economics 2.0 IT 2.0 New Game, New Playing Field, New Rules, New Players… Means Innovation, Flexibility, Agility, and more… 3
  • 4. Change wants to happen,Tech enables, facilitates and accelerates it… IT consumerization A new workforce Work mobility & the An old workforce Hollywood model Pervasive Innovate to zero Regulations & simplification cyber jurisprudence Smart Everything Utility computing Risk & security The new normal management 4 4
  • 5. An Architecture for Systemic Innovation Foresight Frameworks Insight Signals, Trends R&D Themes Strategic Standards, Laws Plans Scenarios IP, Patents Innovation for Innovation for CustomerMarket Challenges Reference & Delivery Challenges Architectures Incubator Continual Portfolio Improvement Plan of Relative Intent Innovation Operational & Annual Plan of Plans Value Record Challenges5 Confidential Services
  • 6. Then you think about it: Convergent Thinking Divergent Thinking • Analytic / Rational • Creative / Intuitive • Quantitative / Sequential • Qualitative / Subjective • Constraint-driven / Objective • Possibilities / Holistic • Specific details • Conceptual abstractionsSTART KILL IDEATION NARROW CONCEPTS EXPOSE TO INTERNAL RESOURCES UNDER TARGET DEFINE THE CONSIDERATION CUSTOMERS DRAFT NEW PRODUCT PROBLEM/ FOR OUTLINE FEATURES/ (QUALITATIVE) CONCEPTS CONTINUE OPPORTUNITY M BENEFITS TEA M IDEATION How far back depends on feedback received EXTERNAL RESOURCES REFINE May require refinement of business case and financials DEVELOP BUS KILL PLAN EXPOSE TO TARGET EXECUTIVE TEST ESTABLISH HIGH LEVEL CASE/OBTAIN DEVELOPMENT CUSTOMERS FOR MANAGEMEN MARKETING SUCCESS REQUIRE- APPROVAL TO TEST MARKET AND VOLUME ASSESSMENT T PREPARATION CRITERIA MENTS PROCEED (NEW PRODUCT (QUANTITATIVE) REVIEW DESIGN, (Mgt Review) INITIAL TIME LINE INCUBATOR) (Investment DEVELOP & (Proj Request/Sizing) Committee) PILOT Project Release Management Flow Begins (see next page) (Project Launched) Project Lifecycle Start Project KILL FINAL KILL POST ROLLOUT EXECUTIVE EVALUATION TEST MARKET WAR TURN OVER PLAN GROUP ROLL- AND EVALUATION GAMES TO PRODUCT CONTINUE REVIEW OUT MEASUREMENT FINAL TIMELINE MANAGEMENT TRAINING REFINE Some, or all of these stages may not apply to smaller efforts, or those with low execution risk/low capital investment For large projects, or those requiring post-pilot review and approval, these stages will apply (e.g. Investment Committee level projects). Project Lifecycle End Project 6 Confidential Services
  • 7. CyberSec in context:Welcome to the Serendipity Economy Image courtesy of Yoan Blanc - http://www.flickr.com/photos/greut/502095764/ http://danielwrasmus.com/default.aspx7 Global Marketing
  • 8. Consilience, Complexity and Emergence… Cynefin Framework http://en.wikipedia.org/wiki/Cynefin8 Global Marketing
  • 9. Collaboration and Co-creation: Sur/PetitionCustomers, staff, partners, suppliers, competitors Sur/Petition – Moving Beyond Competition Competition, with its focus on what others are doing, is only the baseline for survival. “Sur/petition” focuses on value creation, going beyond traditional strategic competition to exploit the vast potential of “integrated values” that surround the purchase and use of products and services. de Bono, Edward, Sur/petition, Harper Collins, London9 Global Marketing
  • 10. People – Humanities greatest resource http://www.youtube.com/watch?v=u6XAPnuFjJc http://www.youtube.com/watch?src_vid=dk8UJ-JWg-o&feature=iv&annotation_id=annotation_593316&v=XCH4FrnLlls http://www.theimaginationage.net/2010/01/smarter-work-data-visualizations.html
  • 11. Management – Humanities greatest invention(the MIX - http://www.managementexchange.com/) BeginningMANAGEMENT SCHOOLS Emphasis Dates PlanningCLASSICAL SCHOOL Managing workers and Division of Labor organizations more efficiently. Scientific Management 1880s Directing Administrative Management 1940s Unity of Command Create Customers, Bureaucratic Management 1920s Lower Transaction Costs, OvercomeBEHAVIORAL SCHOOL Understanding human behavior Economic Friction Scalar Chain of in the organization. Command Human Relations 1930s Staffing Behavioral Science 1950sQUANTITATIVE SCHOOL Increasing quality of managerial Span of Control decision-making through the application of mathematical and ControllingManagement Science 1940s statistical methods. Operations Management 1940s Management Information 1950s—Systems 1970s Figurehead LeaderSYSTEMS SCHOOL 1950s Understanding the organization as a system that transforms inputs into outputs while in constant interaction with its Spokesperson Entrepreneur environment.CONTINGENCY SCHOOL 1960s Applying management principles Resource and processes as dictated by the Liaison unique characteristics of each Allocator situation. Monitor Negotiator
  • 12. The Fractal Organizationand Enterprise 2.0 http://www.boostzone.fr/en/the-fractal-nature-of-entreprise-2-0/ http://www.zdnet.com/blog/hinchcliffe/the-state-of-enterprise-20/143
  • 13. The Current CyberSec Model Will (continue to) Fail:• Technology: – Point solutions – Point processes – Physicality – Standards “nice to have” – Interoperability HW/SW• Governments – Economic risk / reward balance – Jurisdictional conflict (internal and external) – Geopolitical boundaries in cyberspace – Geopolitical ideals in cyberspace• Enterprise – Parochialisms – image; legal; technology; competitive – ROI – Ford Pinto Approach – Secrecy – “Unsafe at any Speed” (Nader), “The Jungle” (Sinclair)• Individuals – Reasonable, rational, prudent person• Failure to see the common good – Law of the Commons Services 13 Confidential13
  • 14. CyberSec in Real Space Technology Kill switches & backdoors are Hardware built into everyday Threats products US Central Counterfeit Seagate Command electronic shipped virus- breached using components laden HDD thumb drives Apple shipped that searched with malicious Highly iPod systems for passwords code sophisticated infected with a then sent them malware like Windows based to a server. DEC computer FBI Operation Stuxnet virus. Blamed a Blamed an bound for USSR Network contract unnamed modified; Raider finds Data security manufacturer. contractor Cryptographic significant breaches equipment located in penetration of Spy Cameras developed with China. counterfeit Hacktivists inserted into backdoor for network gear Xerox copiers security agency in use globally 1960’s 1980’s 2006 2007 2008 Present Adverse Events14 Confidential
  • 15. Industry-wide Risk Assessment (2010) Supply Chain Security Risk Categories Physical Security Personnel Security IT Security Policy Processes Piece Part Manufacturing (from raw material) Component Supply Chain Segments Manufacturing & Sub- Assembly Assembly & Imaging 2nd Touch Customization & Personalization Merge, Distribution & Fulfillment Customer Care Services 1. Supplier policies do not adequately address the detection / prevention of counterfeit components or product tampering (unwanted functionality or malware) 2. Required training for suppliers does not address some threats and risks to supply chain security adequately 3. OEMs need to enhance governance / auditing of supplier contractual requirements to ensure compliance15 Confidential
  • 16. Safe Bets: O-TTPF™16 Confidential Services
  • 17. And then you flip a coin: Computing VersusQuantum Wars Security17 Confidential Services
  • 18. A better way to be secured… Content Centric Computing Content Centric Storage information-centrism PSIRP DONA content-centric networking New ID spaces TRIAD ROFL id-loc CDN clean-slate 3 Interconnecting information DPI P2P overlays NAT middleboxes IPv6Content Centric patching TCP/IPNetworking Telephony 2 Interconnecting hosts 1 Interconnecting wires 18 Confidential Services
  • 19. Wildcards:19 Confidential Services
  • 20. Thank you!Contact me - Stike_Stikeleather@dell.comTwitter - @stikeyoda Google+ - stikeyoda@gmail.comManagement innovation maverick - http://www.managementexchange.com/users/jim-stikeleatherEnterprise efficiency expert- http://www.enterpriseefficiency.com/archives.asp?section_id=1052Slideshare content- http://www.slideshare.net/dellenterpriseBooks: http://www.amazon.com/exec/obidos/ ISBN=0929652185/pfingarA http://www.amazon.com/Next- Generation-Computing- Distributed- Reference/dp/0132618923/ref=s r_1_1?s=books&ie=UTF8&qid=13 34940728&sr=1-1