NACCTFO Cyber Security Presentation 2014 New Orleans
Cyber Security in
Prepared by Dr. Maurice Dawson, CSSLP, CGEIT, C|CISO
Your Motivation for this Session
Cyber Security Training
Closer to Home
Dr. Maurice (Mo) Dawson Jr.
Assistant Professor, Information Systems
Office: 228 Express Scripts Hall
Assistant Professor of Information Systems, University of Missouri- St. Louis,
08/14 - Present
Fulbright Grantee, South Ural State University, Russia, 09/14 - 09/14
ABET CS Accreditation Consultant, Colorado State University - Global
Assistant Professor of Management Information Systems, Alabama A&M
University, 08/11 - 05/14
Visiting Professor, The University of the Gambia, 03/14 - Present
Visiting Assistant Professor (Honorary) of Industrial and Systems
Engineering, The University of Tennessee, Knoxville & Space Institute, 02/14
Research Associate, Morgan State University, 08/10 - 08/11
Engineering Manager, Textron Systems - AAI Unmanned Air Systems (UAS)
Division, 01/10 - 08/11
Information Assurance Director, Future Research Corporation, 07/08 - 12/09
Senior Program Manager, Rockwell Collins - Government Systems Division,
Scout, Attack & Special Mission Solutions, 06/06 - 07/08
Senior Systems Engineer, Rockwell Collins - Government Systems Division,
Rotary Wing & Cryptographic Embedded Systems, 08/04 - 06/08
Information Assurance Engineer, British Aerospace Engineering (BAE)
Systems - Missile Defense Agency (MDA) Support, 05/04 - 08/04
Cryptographic Technician, United States Navy Reserves, 10/05 - 09/08
Senior Systems Analyst, Iowa National Guard, 01/00 - 10/05
Dawson, M. (2015) Software Assurance Maturity Model: The Need for Secure Design Process
Management. Managing Software Process Evolution, How to handle process change?.
proposal accepted, in process
Dawson, M., & Leonard, B. (2015) Software and Supply Chain: Ensuring the Delivery of Secure
Systems. Encyclopedia of Global Supply Chain Management. proposal accepted, in process
Dawson, M., Wright, J., & Truesdale, J. (2015) Cyber Security: Designing Solutions for Mobile
Security & Health Information Technology. Encyclopedia of E-Health and Telemedicine.
proposal accepted, in process
Dawson, M., Wright, J., & Omar, M. (2015) Mobile Devices: The Case for Security Hardened
Systems. Handbook of Research on New Threats and Countermeasures in Digital Crime and
Cyber Terrorism. accepted for publication and forthcoming.
Leonard, B. & Dawson, M. (2015) Legal Issues: Security and Privacy with Mobile Devices.
Handbook of Research on New Threats and Countermeasures in Digital Crime and Cyber
Terrorism. accepted for publication and forthcoming.
Dawson, M., Leonard, B., & Rahim, E. (2014) Advances in Technology Project Management:
Review of Open Source Software Integration. Technology, Innovation, and Enterprise
Transformation. accepted for publication and forthcoming.
Dawson, M., Marwan, O., & Abramson, J. (2014) Understanding the Methods Behind Cyber
Terrorism. Encyclopedia of Information Science& Technology 3rd Edition. accepted for
publication and forthcoming
Dawson, M., Al Saeed, I., Wright, J., & Onyegbula, F. (2014) Open Source Software to Enhance
the STEM Learning Environment. Encyclopedia of Education and Technology. accepted for
publication and forthcoming
Dawson, M., Omar, M., Abramson, J., & Bessette, D. (2014). The Future of National and
International Security on the Internet. Information Security in Diverse Computing
Environments. accepted for publication and forthcoming
Dawson, M. E., & Al Saeed, I. (2012). Use of Open Source Software and Virtualization in
Academia to Enhance Higher Education Everywhere. Cutting-edge Technologies in Higher
Education, 6, 283-313.
Hyperconnectivity is a growing trend that is driving cyber security
experts to develop new security architectures for multiple platforms
such as mobile devices, laptops, and even wearable displays. The
futures of national and international security rely on complex
countermeasures to ensure that a proper security posture is
maintained during this state of hyperconnectivity. To protect these
systems from exploitation of vulnerabilities it is essential to
understand current and future threats to include the laws that drive
their need to be secured. Examined within this presentation are the
potential security related threats with the use of social media,
mobile devices, virtual worlds, augmented reality, and mixed reality.
Further reviewed are some examples of the complex attacks that could
interrupt human-robot interaction, children-computer interaction,
mobile computing, social networks, and more through human
centered issues in security design.
Information Assurance Defined
Information Assurance (lA) is defined as the practice of
protecting and defending information and information
systems by ensuring their availability, integrity,
authentication, confidentiality and non repudiation. This
definition also encompasses disaster recovery, physical
security, cryptography, application security, and business
continuity of operations.
Cyber terrorism is on the rise
and is constantly affecting
millions every day. These
malicious attacks can affect
one single person to entire
These attacks can be done with
a few lines of code or large
complex programs that have
the ability to target specific
As the United States
government has stated, an act
of cyber terrorism is an act of
war; it is imperative that we
explore this new method of
terrorism and how it can be
mitigated to an acceptable risk.
Cyber security has become a matter of
national, international, economic, and
societal importance that affects multiple
nations (Walker, 2012).
ln Estonia and Georgia there were direct
attacks on government cyber
infrastructure (Beidleman, 2009). The
attacks in Estonia rendered the
government's infrastructure useless.
The government and other associated
entities heavily relied upon this e-
government infrastructure. These
attacks help lead to the development of
cyber defense organizations that drive
laws and policies within Europe.
Laws and Policies to Combat
The USA PATRIOT was signed into law by President George W.
Bush in 2001 after September 11, 200 I (Bullock, Haddow,
Coppola, & Yeletaysi, 2009). This act was created in response
to the event of 9/11 which provided government agencies
increased abilities. These increased abilities provided the
government rights to search various communications such as
email, telephone records, medical records, and more of those
who were thoughts of terrorist acts (Bullock, Haddow,
Coppola, & Yeletaysi, 2009).
During the fall of 20 l 0 many headlines declared
that Stuxnet was the game-changer in terms of
cyber warfare (Denning, 2012). This malicious
worm was complex and designed to target only a
specific system. This worm had the ability to detect
location, system type, and more. And this worm
only attacked the system if it met specific
parameters that were designed in the code.
Stuxnet tampered directly with software in a
programmable logic controller (PLC) that controlled
the centrifuges at Natanz. This tampering ultimately
caused a disruption in the Iranian nuclear program.
The Department of Homeland Security (DHS) is
concerned with cyber attacks on infrastructure such as
supervisory control and data acquisition (SCADA)
systems. SCADA systems are the systems that
autonomously monitor and adjust switching among
other processes within critical infrastructures such as
nuclear plants, and power grids. DHS is worried about
these systems as they are unmanned frequently and
remotely accessed. As they are remotely accessed,
this could allow anyone to take control of assets to
critical infrastructure remotely.
There has been increasing mandates and directives to
ensure any system deployed meets stringent
requirements. As the Stuxnet worm has become a
reality, future attacks could be malicious code directly
targeting specific locations of critical infrastructure.
Legitimate Applications that Can
Be Used to Retrieve Information
Presently, there is valid spy software available for various
smartphones. An example of this is FlexiSpy, a legitimate commercial
spyware program that cost over $300 (United States Computer
Emergency Readiness Team, 2010). FlexiSpy can:
Listen to actual phone calls as they happen;
Secretly read Short Message Service (SMS) texts, call logs, and
Listen to the phone surroundings (use as remote bugging device);
View phone GPS location;
Forward all email events to another inbox;
Remotely control all phone functions via SMS;
Accept or reject communication based on predetermined lists; and
Evade detection during operation (United States Computer
Emergency Readiness Team,2010).
The increase of the social networking trend can be based on the security
features of for every user. Internet stalking can be noted by a threat
from an outside source that harms or conflicts harm to a piece of
information or person. These threats can international or nation
depending on where the organization or user is geographically located.
With internet stalking being noted more often in today's society; it is
also presumed that people are also becoming more vulnerable to
attacks from internet insecurity. Insecure internet can be looked at
based on what the user currently is using in terms of connectivity but
can always be looked at as a threat to any customer.
When international threats are aimed at consumers, it can be perceived
as a threat that is directed to the nation based that it is from outside the
country. These circumstances can be legal or illegal based on the source
of the threat. Many users see these types of threats as being identified
as acts of terror based that many users do not know much information
about the types of threats that are visible.
Special Features Available in
Over the months of development, we occasionally add cool new features to Kali
and document them on our blogs. The following list attempts to gather some of
Automating Kali Linux deployment via Unattended PXE installations
Kali Linux ISO of doom, the perfect hardware backdoor.
Customizing and bending Kali Linux to your will using Kali Linux live build recipes.
Mastering Kali Linux tool sets with Kali Metapackages.
Kali Linux in the cloud Kali Amazon EC2 images available.
Kali Linux LUKS Full Disk Encryption (FDE).
Nuking your Kali Linux hard disk with the Kali LUKS nuke option.
Kali Linux running on Android through Linux Deploy.
Kali Linux accessibility features, adding support for blind and visually impaired
Kali Linux on a Raspberry Pi and a bunch of other interesting ARM devices.
Kali Linux Live USB persistence with LUKS encryption.
Click http://www.kali.org/official-documentation/ for further information