Sophisticated Threats: Yesterday,
Today and Tomorrow
Jason Healey
June 2014
jhealey@atlanticcouncil.org Twitter: @Jason_He...
Computer Network Vulnerabilities
Hardware Leakage
Software Leakage
Deliberate Penetration
Accidental Disclosure
Physical A...
Hardware Leakage
Software Leakage
Deliberate Penetration
Accidental Disclosure
Physical Attack
Modify at Factory
Written i...
State-Sponsored Cyber Espionage?
• “Espionage over networks
can be cost-efficient, offer
nearly immediate results,
and tar...
State-Sponsored Cyber Espionage
• “Espionage over networks
can be cost-efficient, offer
nearly immediate results,
and targ...
Advanced Persistent Threat
• “Extensive resources in money, personnel, and
technology”
• “Adept in circumventing physical ...
Advanced Persistent Threat
• “Extensive resources in money, personnel, and
technology”
• “Adept in circumventing physical ...
The Threat … from 1997
Look familiar?
From President’s Commission on Critical Infrastructure Projection (PCCIP Report) 1997
The Threat … from 1997
Look familiar?
JTF-CND Commander’s Presentation to DSB Summer Study, 2000
Bad Guys Finish First
• “Few if any contemporary computer security controls
have prevented a [red team] from easily access...
Bad Guys Finish First
Lt Col Roger Schell (USAF) in 1979
• “Few if any contemporary computer security controls
have preven...
Back to the Future All Over Again
“…the only cyberwar raging is inside the U.S. government
where Washington lawyers and po...
TODAY
Adversary Groups on Left
Which Industry Each Targets
on Right
CrowdStrike Annual Report
2013
Everyone, Everywhere,
All Ways, and Always
Russia china
usa
Organized crime – israel – france – UK - IndIa…
•Titan Rain
•N...
Everyone, Everywhere,
All Ways, and Always
Russia china
usa
Organized crime – israel – france – UK - IndIa…
•Titan Rain
•N...
What Has Changed?
Some Important Trends
1. Rise of the professionals
2. Fed by power of the free/stolen market
3. More agg...
What Has Not Changed?
Some Important Trends
1. Basic computer vulnerabilities
2. Basic categories of threat
3. Identities ...
WHAT COMES TOMORROW?
Tomorrow…
• The conventional answer:
• Maybe our “five-year clock” finally runs out
– Being hurried perhaps more by our in...
Great News!
Security is Getting Better!
Whether in detection, control, or prevention, we are notching
personal bests …
- D...
Bad News! We’re Still Losing and at a Faster Rate!
O>D
Whether in detection, control, or prevention, we are notching
perso...
Or Is It Exponentially Worse?
Time
Effectiveness
Improvement of Defense
2014
Improvement of Offense
Can This Last Forever?
Time
Effectiveness
Improvement of Defense
Tipping Point?
2014
Improvement of Offense
O>D
O>>D
Time
Effectiveness
Tipping Point
20xx
When There Are More Predators
Than Prey
“Somalia”
“Wild West”
THIS HAS BEEN VERY NEGATIVE,
SO TO END ON A POSITIVE NOTE…
QUESTIONS?
jhealey@atlanticcouncil.org Twitter: @Jason_Healey
Cyber Statecraft Initiative
• International conflict, compet...
Jason Healy - Atlantic Council - Keynote Address: The sophisticated threat – yesterday, today and tomorrow
Upcoming SlideShare
Loading in...5
×

Jason Healy - Atlantic Council - Keynote Address: The sophisticated threat – yesterday, today and tomorrow

229

Published on

Jason Healy delivered the presentation at the 2014 ADM Cyber Security Summit.

The 2014 ADM Cyber Security Summit focused on “Combatting Emerging and increasingly sophisticated cyber threats” both domestically and internationally, and showcased relevant organisational case studies and supporting research from academia.

For more information about the event, please visit: http://www.informa.com.au/cybersecuritysummit14

0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
229
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
17
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

Jason Healy - Atlantic Council - Keynote Address: The sophisticated threat – yesterday, today and tomorrow

  1. 1. Sophisticated Threats: Yesterday, Today and Tomorrow Jason Healey June 2014 jhealey@atlanticcouncil.org Twitter: @Jason_Healey
  2. 2. Computer Network Vulnerabilities Hardware Leakage Software Leakage Deliberate Penetration Accidental Disclosure Physical Attack Modify at Factory Look Familiar?
  3. 3. Hardware Leakage Software Leakage Deliberate Penetration Accidental Disclosure Physical Attack Modify at Factory Written in 1969 ….
  4. 4. State-Sponsored Cyber Espionage? • “Espionage over networks can be cost-efficient, offer nearly immediate results, and target specific locations … insulated from risks of internationally embarrassing incidents” Heard this Lately?
  5. 5. State-Sponsored Cyber Espionage • “Espionage over networks can be cost-efficient, offer nearly immediate results, and target specific locations … insulated from risks of internationally embarrassing incidents” Written in 1988 ….
  6. 6. Advanced Persistent Threat • “Extensive resources in money, personnel, and technology” • “Adept in circumventing physical and procedural safeguards” • “Patient and motivated” • “Capable of exploiting a successful attack for maximum long-term gain” Look Familiar?
  7. 7. Advanced Persistent Threat • “Extensive resources in money, personnel, and technology” • “Adept in circumventing physical and procedural safeguards” • “Patient and motivated” • “Capable of exploiting a successful attack for maximum long-term gain” Look Familiar? From 1991 ….
  8. 8. The Threat … from 1997 Look familiar? From President’s Commission on Critical Infrastructure Projection (PCCIP Report) 1997
  9. 9. The Threat … from 1997 Look familiar? JTF-CND Commander’s Presentation to DSB Summer Study, 2000
  10. 10. Bad Guys Finish First • “Few if any contemporary computer security controls have prevented a [red team] from easily accessing any information sought.” Heard this Lately?
  11. 11. Bad Guys Finish First Lt Col Roger Schell (USAF) in 1979 • “Few if any contemporary computer security controls have prevented a [red team] from easily accessing any information sought.”
  12. 12. Back to the Future All Over Again “…the only cyberwar raging is inside the U.S. government where Washington lawyers and policymakers, military leaders, and official hackers battle over the value and legality of network attack.” Washington Post, 1999 “Attention to security gimmicks results in overlooking serious weaknesses.” Schell, 1979 “The market does not work well enough to raise the security of computer systems at a rate fast enough to match the apparent growth in threats to systems.” Computers at Risk, 1991 “Government and commercial computer systems are so poorly protected today they can essentially be considered defenseless - an Electronic Pearl Harbor waiting to happen.” Schwartau, 1991
  13. 13. TODAY
  14. 14. Adversary Groups on Left Which Industry Each Targets on Right CrowdStrike Annual Report 2013
  15. 15. Everyone, Everywhere, All Ways, and Always Russia china usa Organized crime – israel – france – UK - IndIa… •Titan Rain •Night Dragon •Shadows in the Cloud •Putter Panda – Unit 61486 •Unit 61938 •Estonia, Georgia, Ukraine •Buckshot Yankee •Energetic Bear •Snake •Stuxnet, Flame •Xkeyscore •TAO •Bull Run
  16. 16. Everyone, Everywhere, All Ways, and Always Russia china usa Organized crime – israel – france – UK - IndIa… •Titan Rain •Night Dragon •Shadows in the Cloud •Putter Panda – Unit 61486 •Unit 61938 •Estonia, Georgia, Ukraine •Buckshot Yankee •Energetic Bear •Snake •Stuxnet, Flame •Xkeyscore •TAO •Bull Run To companies like Microsoft or Google, all of these are ‘attackers’ and so all are adversaries. If you belong to a SIGINT organization, you are APT too!
  17. 17. What Has Changed? Some Important Trends 1. Rise of the professionals 2. Fed by power of the free/stolen market 3. More aggressive attacks and espionage 4. Real national security attacks 5. Attacks aren’t just by the “bad guys” anymore 6. Scope and scale of attacks
  18. 18. What Has Not Changed? Some Important Trends 1. Basic computer vulnerabilities 2. Basic categories of threat 3. Identities of low- and high-end threat 4. General fecklessness of defense 5. Dynamics of cyber conflict 6. Relationship of offense to defense (O>D) 7. Truly destructive attacks are still “five years away”
  19. 19. WHAT COMES TOMORROW?
  20. 20. Tomorrow… • The conventional answer: • Maybe our “five-year clock” finally runs out – Being hurried perhaps more by our increasing vulnerability than ability or intent of adversaries – We can discuss in Q&A – But first, the unconventional answer
  21. 21. Great News! Security is Getting Better! Whether in detection, control, or prevention, we are notching personal bests … - Dan Geer, 2014 Time Effectiveness Improvement of Defense Tipping Point? 2014
  22. 22. Bad News! We’re Still Losing and at a Faster Rate! O>D Whether in detection, control, or prevention, we are notching personal bests but all the while the opposition is setting world records. - Dan Geer, 2014 Time Effectiveness Improvement of Defense 2014 Improvement of Offense http://geer.tinho.net/geer.rsa.28ii14.txt
  23. 23. Or Is It Exponentially Worse? Time Effectiveness Improvement of Defense 2014 Improvement of Offense
  24. 24. Can This Last Forever? Time Effectiveness Improvement of Defense Tipping Point? 2014 Improvement of Offense
  25. 25. O>D O>>D Time Effectiveness Tipping Point 20xx When There Are More Predators Than Prey “Somalia” “Wild West”
  26. 26. THIS HAS BEEN VERY NEGATIVE, SO TO END ON A POSITIVE NOTE…
  27. 27. QUESTIONS? jhealey@atlanticcouncil.org Twitter: @Jason_Healey Cyber Statecraft Initiative • International conflict, competition and cooperation in cyberspace •Our goal is Saving Cyberspace •Publications (all at our website, atlanticcouncil.org) • Public and Private Events 1. History of cyber conflict 2. Future of cyber conflict 3. Systemic cyber risks 4. Public sector-centric strategy 5. Sustainable cyberspace
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×