SlideShare a Scribd company logo

New threats to cyber-security

Mark Sherman
Mark Sherman

Presentation at the 8ENISE conference on the new threats to cyber-security posed by increased substitution of software for hardware, virtualization, new end points from the Internet of Things and extensive use of open source to assemble applications.

Internet
1 of 15
Download to read offline
© 2014 Carnegie Mellon University 29-Oct-2014 S5: New Threats to Cyber-Security Software Engineering Institute Carnegie Mellon University Pittsburgh, PA 15213 Mark Sherman, PhD Technical Director Cyber Security Foundations, CERT mssherman@sei.cmu.edu
2 Mark Sherman S5: New Threats to Cyber-Security © 2014 Carnegie Mellon University Copyright 2014 Carnegie Mellon University This material is based upon work funded and supported by the Department of Defense under Contract No. FA8721-05-C-0003 with Carnegie Mellon University for the operation of the Software Engineering Institute, a federally funded research and development center. NO WARRANTY. THIS CARNEGIE MELLON UNIVERSITY AND SOFTWARE ENGINEERING INSTITUTE MATERIAL IS FURNISHED ON AN “AS-IS” BASIS. CARNEGIE MELLON UNIVERSITY MAKES NO WARRANTIES OF ANY KIND, EITHER EXPRESSED OR IMPLIED, AS TO ANY MATTER INCLUDING, BUT NOT LIMITED TO, WARRANTY OF FITNESS FOR PURPOSE OR MERCHANTABILITY, EXCLUSIVITY, OR RESULTS OBTAINED FROM USE OF THE MATERIAL. CARNEGIE MELLON UNIVERSITY DOES NOT MAKE ANY WARRANTY OF ANY KIND WITH RESPECT TO FREEDOM FROM PATENT, TRADEMARK, OR COPYRIGHT INFRINGEMENT. This material has been approved for public release and unlimited distribution. This material may be reproduced in its entirety, without modification, and freely distributed in written or electronic form without requesting formal permission. Permission is required for any other use. Requests for permission should be directed to the Software Engineering Institute at permission@sei.cmu.edu. Carnegie Mellon® and CERT® are registered marks of Carnegie Mellon University. DM-0001805
3 Mark Sherman S5: New Threats to Cyber-Security © 2014 Carnegie Mellon University New Threats to Cyber-Security • Usual view of threat environment • Looking backwards from today’s threats • Looking forwards to future threats • The need for prevention is pressing
4 Mark Sherman S5: New Threats to Cyber-Security © 2014 Carnegie Mellon University Usual view of threat environment Sources: PonemanInstitute, CNNMoneystudy, May 28, 2014; McAfee Quarterly Threat Report, June 2014; Wall Street Journal, Feb 26, 2014 retailcustomerexperience.com -5_lessons_learned_from_recent_retail_data_breaches.pdf 47% of US adults had their personal information exposed by hackers Nearly 250,000,000 malware artifacts by 1Q14
5 Mark Sherman S5: New Threats to Cyber-Security © 2014 Carnegie Mellon University Looking backwards from today’s threats 92% of the 100,000 incidents from the last 10 years can be described by 9 basic patterns • Insider misuse • DOS attacks • Cyber-espionage • Crimeware • Web app attacks • Physical theft and loss • Payment card skimmers • Point-of-sale intrusions • Miscellaneous errors History will repeat itself, so future threats include today’s threats
6 Mark Sherman S5: New Threats to Cyber-Security © 2014 Carnegie Mellon University Looking forwards to future threats • Software is the new hardware • Covering the next last mile • Expanding endpoints • Development is now assembly Cyber threats track evolution of technology
7 Mark Sherman S5: New Threats to Cyber-Security © 2014 Carnegie Mellon University Software is the new hardware IT moving from specialized hardware to software, virtualizedas • Memory • Storage • Servers • Switches • Networks Cyber-physical systems (CPS) evolving to a computer with interesting peripherals • Airplane function in software moved from 8% to 80% since 1960 • Software defined radios drive communication • Television evolved to digital signal processors • Hardware security needs software analogs • New programming models need secure coding guidelines • Guard against side channel attacks enabled by virtualization
8 Mark Sherman S5: New Threats to Cyber-Security © 2014 Carnegie Mellon University The last mile has expanded to • Cellular • Main processor • Base band processor • Secure element (SIM) • Automotive • Intravehicular: more than 50 networked processors • Vehicle to infrastructure (V2I): congestion management, emergency services, law enforcement • Vehicle to vehicle (V2V): safety, efficiency • Industrial and home automation • SCADA • Bluetooth • Zigbee • Aviation • Fly by wire • Next Gen air traffic control • Smart grid • Embedded medical devices Covering the next last mile –securing the border and end points
9 Mark Sherman S5: New Threats to Cyber-Security © 2014 Carnegie Mellon University Development is now assembly Business application Mongo DB Application server HTTP server XML Parser MySQL database SIP servlet container GIF library At least 75% of organizations rely on open source as the foundation of their applications
11 Mark Sherman S5: New Threats to Cyber-Security © 2014 Carnegie Mellon University Open source is probably not secure Heartbleed and Shellshock were found by exploitation Other open source software illustrates vulnerabilities from cursory inspection Source: Steve Christey(MITRE) & Brian Martin (OSF), Buying Into the Bias: Why Vulnerability Statistics Suck, https://media.blackhat.com/us-13/US-13-Martin-Buying-Into-The-Bias-Why-Vulnerability-Statistics- Suck-Slides.pdf
12 Mark Sherman S5: New Threats to Cyber-Security © 2014 Carnegie Mellon University An ounce of prevention is worth a pound of cure “We wouldn't have to spend so much time, money, and effort on network security if we didn't have such bad software security.” Bruce Schneierin Viegaand McGraw, “Building Secure Software,” 2001
13 Mark Sherman S5: New Threats to Cyber-Security © 2014 Carnegie Mellon University The need for prevention is pressing Mission thread(Business process) 19% fail to carry out security requirement definition 27% do not practice secure design 30% do not use static analysis or manual code review during development 47% do not perform acceptance tests for third- party code More than 81% do not coordinate their security practices in various stages of the development life cycle. Source: Forrester Consulting, “State of Application Security,” January 2011
14 Mark Sherman S5: New Threats to Cyber-Security © 2014 Carnegie Mellon University Foresight leads to proactive defense Tracking evolution of technology arms developers for securing the next generation of applications
15 Mark Sherman S5: New Threats to Cyber-Security © 2014 Carnegie Mellon University Contact Information Mark Sherman (412) 268-9223 mssherman@sei.cmu.edu Web Resources (CERT/SEI) http://www.cert.org/ http://www.sei.cmu.edu/
16 Mark Sherman S5: New Threats to Cyber-Security © 2014 Carnegie Mellon University

Recommended

Why is Cyber Security Important - Importance of Cyber Security - Avantika Uni...
Why is Cyber Security Important - Importance of Cyber Security - Avantika Uni...Why is Cyber Security Important - Importance of Cyber Security - Avantika Uni...
Why is Cyber Security Important - Importance of Cyber Security - Avantika Uni...Avantika University
 
Cyber Security Threats and Data Breaches
Cyber Security Threats and Data BreachesCyber Security Threats and Data Breaches
Cyber Security Threats and Data BreachesBijay Senihang
 
Cyber Security PPT
Cyber Security PPTCyber Security PPT
Cyber Security PPTashish kumar
 
cyber security
cyber securitycyber security
cyber securityabithajayavel
 
Cyber security and demonstration of security tools
Cyber security and demonstration of security toolsCyber security and demonstration of security tools
Cyber security and demonstration of security toolsVicky Fernandes
 
Cyber Security
Cyber SecurityCyber Security
Cyber Securityimtnoida112
 
cyber security
cyber securitycyber security
cyber securityBasineniUdaykumar
 
Cyber Security Research Project Topics
Cyber Security Research Project TopicsCyber Security Research Project Topics
Cyber Security Research Project TopicsMatlab Simulation
 

Recommended

Why is Cyber Security Important - Importance of Cyber Security - Avantika Uni...
Why is Cyber Security Important - Importance of Cyber Security - Avantika Uni...Why is Cyber Security Important - Importance of Cyber Security - Avantika Uni...
Why is Cyber Security Important - Importance of Cyber Security - Avantika Uni...Avantika University
 
Cyber Security Threats and Data Breaches
Cyber Security Threats and Data BreachesCyber Security Threats and Data Breaches
Cyber Security Threats and Data BreachesBijay Senihang
 
Cyber Security PPT
Cyber Security PPTCyber Security PPT
Cyber Security PPTashish kumar
 
cyber security
cyber securitycyber security
cyber securityabithajayavel
 
Cyber security and demonstration of security tools
Cyber security and demonstration of security toolsCyber security and demonstration of security tools
Cyber security and demonstration of security toolsVicky Fernandes
 
Cyber Security
Cyber SecurityCyber Security
Cyber Securityimtnoida112
 
cyber security
cyber securitycyber security
cyber securityBasineniUdaykumar
 
Cyber Security Research Project Topics
Cyber Security Research Project TopicsCyber Security Research Project Topics
Cyber Security Research Project TopicsMatlab Simulation
 
cyber security presentation.pptx
cyber security presentation.pptxcyber security presentation.pptx
cyber security presentation.pptxkishore golla
 
NACCTFO Cyber Security Presentation 2014 New Orleans
NACCTFO Cyber Security Presentation 2014 New OrleansNACCTFO Cyber Security Presentation 2014 New Orleans
NACCTFO Cyber Security Presentation 2014 New OrleansMaurice Dawson
 
What is cyber security
What is cyber securityWhat is cyber security
What is cyber securitySAHANAHK
 
Cyber Security
Cyber SecurityCyber Security
Cyber SecurityBhandari Hìmáñßhü
 
Cyber security
Cyber securityCyber security
Cyber securityRishav Sadhu
 
Cyber attacks and IT security management in 2025
Cyber attacks and IT security management in 2025Cyber attacks and IT security management in 2025
Cyber attacks and IT security management in 2025Radar Cyber Security
 
What is Cyber Security - Avantika University
What is Cyber Security - Avantika UniversityWhat is Cyber Security - Avantika University
What is Cyber Security - Avantika UniversityAvantika University
 
Cyber security
Cyber security Cyber security
Cyber security Sachith Lekamge
 
Cyber security system presentation
Cyber security system presentationCyber security system presentation
Cyber security system presentationA.S. Sabuj
 
Cyber Security Presentation
Cyber Security PresentationCyber Security Presentation
Cyber Security PresentationHaniyaMaha
 
Cyber security ppt
Cyber security pptCyber security ppt
Cyber security pptDebrajKarmakar
 
Cyber security
Cyber securityCyber security
Cyber securityManjushree Mashal
 
Cyber security presentation
Cyber security presentationCyber security presentation
Cyber security presentationParab Mishra
 
Cyber Security 03
Cyber Security 03Cyber Security 03
Cyber Security 03Home
 
Basics of Cyber Security
Basics of Cyber SecurityBasics of Cyber Security
Basics of Cyber SecurityNikunj Thakkar
 
Home cyber security
Home cyber securityHome cyber security
Home cyber securityMichael File
 
Cyber awareness program
Cyber awareness programCyber awareness program
Cyber awareness programAvanzo net
 
CyberSecurity - UH IEEE Presentation 2015-04
CyberSecurity - UH IEEE Presentation 2015-04CyberSecurity - UH IEEE Presentation 2015-04
CyberSecurity - UH IEEE Presentation 2015-04Kyle Lai
 
Cybersecurity technology adoption survey
Cybersecurity technology adoption surveyCybersecurity technology adoption survey
Cybersecurity technology adoption surveyPaperjam_redaction
 
Cyber security
Cyber securityCyber security
Cyber securityKomal Samdariya
 
Secure Web Apps Training at Corporate College
Secure Web Apps Training at Corporate CollegeSecure Web Apps Training at Corporate College
Secure Web Apps Training at Corporate CollegeWorkSmart Integrated Marketing
 
Security Firm Program - Corporate College
Security Firm Program - Corporate CollegeSecurity Firm Program - Corporate College
Security Firm Program - Corporate CollegeWorkSmart Integrated Marketing
 

More Related Content

What's hot

cyber security presentation.pptx
cyber security presentation.pptxcyber security presentation.pptx
cyber security presentation.pptxkishore golla
 
NACCTFO Cyber Security Presentation 2014 New Orleans
NACCTFO Cyber Security Presentation 2014 New OrleansNACCTFO Cyber Security Presentation 2014 New Orleans
NACCTFO Cyber Security Presentation 2014 New OrleansMaurice Dawson
 
What is cyber security
What is cyber securityWhat is cyber security
What is cyber securitySAHANAHK
 
Cyber attacks and IT security management in 2025
Cyber attacks and IT security management in 2025Cyber attacks and IT security management in 2025
Cyber attacks and IT security management in 2025Radar Cyber Security
 
What is Cyber Security - Avantika University
What is Cyber Security - Avantika UniversityWhat is Cyber Security - Avantika University
What is Cyber Security - Avantika UniversityAvantika University
 
Cyber security system presentation
Cyber security system presentationCyber security system presentation
Cyber security system presentationA.S. Sabuj
 
Cyber Security Presentation
Cyber Security PresentationCyber Security Presentation
Cyber Security PresentationHaniyaMaha
 
Cyber security presentation
Cyber security presentationCyber security presentation
Cyber security presentationParab Mishra
 
Cyber Security 03
Cyber Security 03Cyber Security 03
Cyber Security 03Home
 
Basics of Cyber Security
Basics of Cyber SecurityBasics of Cyber Security
Basics of Cyber SecurityNikunj Thakkar
 
Home cyber security
Home cyber securityHome cyber security
Home cyber securityMichael File
 
Cyber awareness program
Cyber awareness programCyber awareness program
Cyber awareness programAvanzo net
 
CyberSecurity - UH IEEE Presentation 2015-04
CyberSecurity - UH IEEE Presentation 2015-04CyberSecurity - UH IEEE Presentation 2015-04
CyberSecurity - UH IEEE Presentation 2015-04Kyle Lai
 
Cybersecurity technology adoption survey
Cybersecurity technology adoption surveyCybersecurity technology adoption survey
Cybersecurity technology adoption surveyPaperjam_redaction
 

What's hot (20)

cyber security presentation.pptx
cyber security presentation.pptxcyber security presentation.pptx
cyber security presentation.pptx
 
NACCTFO Cyber Security Presentation 2014 New Orleans
NACCTFO Cyber Security Presentation 2014 New OrleansNACCTFO Cyber Security Presentation 2014 New Orleans
NACCTFO Cyber Security Presentation 2014 New Orleans
 
What is cyber security
What is cyber securityWhat is cyber security
What is cyber security
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
 
Cyber security
Cyber securityCyber security
Cyber security
 
Cyber attacks and IT security management in 2025
Cyber attacks and IT security management in 2025Cyber attacks and IT security management in 2025
Cyber attacks and IT security management in 2025
 
What is Cyber Security - Avantika University
What is Cyber Security - Avantika UniversityWhat is Cyber Security - Avantika University
What is Cyber Security - Avantika University
 
Cyber security
Cyber security Cyber security
Cyber security
 
Cyber security system presentation
Cyber security system presentationCyber security system presentation
Cyber security system presentation
 
Cyber Security Presentation
Cyber Security PresentationCyber Security Presentation
Cyber Security Presentation
 
Cyber security ppt
Cyber security pptCyber security ppt
Cyber security ppt
 
Cyber security
Cyber securityCyber security
Cyber security
 
Cyber security presentation
Cyber security presentationCyber security presentation
Cyber security presentation
 
Cyber Security 03
Cyber Security 03Cyber Security 03
Cyber Security 03
 
Basics of Cyber Security
Basics of Cyber SecurityBasics of Cyber Security
Basics of Cyber Security
 
Home cyber security
Home cyber securityHome cyber security
Home cyber security
 
Cyber awareness program
Cyber awareness programCyber awareness program
Cyber awareness program
 
CyberSecurity - UH IEEE Presentation 2015-04
CyberSecurity - UH IEEE Presentation 2015-04CyberSecurity - UH IEEE Presentation 2015-04
CyberSecurity - UH IEEE Presentation 2015-04
 
Cybersecurity technology adoption survey
Cybersecurity technology adoption surveyCybersecurity technology adoption survey
Cybersecurity technology adoption survey
 
Cyber security
Cyber securityCyber security
Cyber security
 

Similar to New threats to cyber-security

Risks in the Software Supply Chain
Risks in the Software Supply Chain Risks in the Software Supply Chain
Risks in the Software Supply Chain Sonatype
 
Risks in the Software Supply Chain
Risks in the Software Supply ChainRisks in the Software Supply Chain
Risks in the Software Supply ChainMark Sherman
 
"CERT Secure Coding Standards" by Dr. Mark Sherman
"CERT Secure Coding Standards" by Dr. Mark Sherman"CERT Secure Coding Standards" by Dr. Mark Sherman
"CERT Secure Coding Standards" by Dr. Mark ShermanRinaldi Rampen
 
Segurinfo2014 Santiago Cavanna
Segurinfo2014 Santiago CavannaSegurinfo2014 Santiago Cavanna
Segurinfo2014 Santiago CavannaSantiago Cavanna
 
Unified application security analyser
Unified application security analyserUnified application security analyser
Unified application security analyserTim Youm
 
Securing the Cloud
Securing the CloudSecuring the Cloud
Securing the CloudGGV Capital
 
Cisco 2014 - Anual Security Report
Cisco 2014 - Anual Security Report Cisco 2014 - Anual Security Report
Cisco 2014 - Anual Security Report Mandar Kharkar
 
Applying Software Quality Models to Software Security
Applying Software Quality Models to Software SecurityApplying Software Quality Models to Software Security
Applying Software Quality Models to Software SecurityCAST
 
Cyber Security Trends - Where the Industry Is Heading in an Uncertainty
Cyber Security Trends - Where the Industry Is Heading in an UncertaintyCyber Security Trends - Where the Industry Is Heading in an Uncertainty
Cyber Security Trends - Where the Industry Is Heading in an UncertaintyOrganization
 
Research Article On Web Application Security
Research Article On Web Application SecurityResearch Article On Web Application Security
Research Article On Web Application SecuritySaadSaif6
 
Cisco 2014 Midyear Security Report
Cisco 2014 Midyear Security ReportCisco 2014 Midyear Security Report
Cisco 2014 Midyear Security ReportCisco Security
 
Security Awareness Training from KnowBe4
Security Awareness Training from KnowBe4Security Awareness Training from KnowBe4
Security Awareness Training from KnowBe4Carol Montgomery Adams
 
Case Closed with IBM Application Security on Cloud infographic
Case Closed with IBM Application Security on Cloud infographicCase Closed with IBM Application Security on Cloud infographic
Case Closed with IBM Application Security on Cloud infographicIBM Security
 
Are Your IT Systems Secure?
Are Your IT Systems Secure?Are Your IT Systems Secure?
Are Your IT Systems Secure?Nex-Tech
 
RAMNSS_2016_service_porfolio
RAMNSS_2016_service_porfolioRAMNSS_2016_service_porfolio
RAMNSS_2016_service_porfolioRhys A. Mossom
 
Mojave Networks Webinar: A Three-Pronged Approach to Mobile Security
Mojave Networks Webinar: A Three-Pronged Approach to Mobile SecurityMojave Networks Webinar: A Three-Pronged Approach to Mobile Security
Mojave Networks Webinar: A Three-Pronged Approach to Mobile SecurityMojave Networks
 
Airport security 2013 john mc carthy
Airport security 2013 john mc carthyAirport security 2013 john mc carthy
Airport security 2013 john mc carthyRussell Publishing
 

Similar to New threats to cyber-security (20)

Secure Web Apps Training at Corporate College
Secure Web Apps Training at Corporate CollegeSecure Web Apps Training at Corporate College
Secure Web Apps Training at Corporate College
 
Security Firm Program - Corporate College
Security Firm Program - Corporate CollegeSecurity Firm Program - Corporate College
Security Firm Program - Corporate College
 
Risks in the Software Supply Chain
Risks in the Software Supply Chain Risks in the Software Supply Chain
Risks in the Software Supply Chain
 
Risks in the Software Supply Chain
Risks in the Software Supply ChainRisks in the Software Supply Chain
Risks in the Software Supply Chain
 
"CERT Secure Coding Standards" by Dr. Mark Sherman
"CERT Secure Coding Standards" by Dr. Mark Sherman"CERT Secure Coding Standards" by Dr. Mark Sherman
"CERT Secure Coding Standards" by Dr. Mark Sherman
 
Presentación AMIB Los Cabos
Presentación AMIB Los CabosPresentación AMIB Los Cabos
Presentación AMIB Los Cabos
 
Segurinfo2014 Santiago Cavanna
Segurinfo2014 Santiago CavannaSegurinfo2014 Santiago Cavanna
Segurinfo2014 Santiago Cavanna
 
Unified application security analyser
Unified application security analyserUnified application security analyser
Unified application security analyser
 
Securing the Cloud
Securing the CloudSecuring the Cloud
Securing the Cloud
 
Cisco 2014 - Anual Security Report
Cisco 2014 - Anual Security Report Cisco 2014 - Anual Security Report
Cisco 2014 - Anual Security Report
 
Applying Software Quality Models to Software Security
Applying Software Quality Models to Software SecurityApplying Software Quality Models to Software Security
Applying Software Quality Models to Software Security
 
Cyber Security Trends - Where the Industry Is Heading in an Uncertainty
Cyber Security Trends - Where the Industry Is Heading in an UncertaintyCyber Security Trends - Where the Industry Is Heading in an Uncertainty
Cyber Security Trends - Where the Industry Is Heading in an Uncertainty
 
Research Article On Web Application Security
Research Article On Web Application SecurityResearch Article On Web Application Security
Research Article On Web Application Security
 
Cisco 2014 Midyear Security Report
Cisco 2014 Midyear Security ReportCisco 2014 Midyear Security Report
Cisco 2014 Midyear Security Report
 
Security Awareness Training from KnowBe4
Security Awareness Training from KnowBe4Security Awareness Training from KnowBe4
Security Awareness Training from KnowBe4
 
Case Closed with IBM Application Security on Cloud infographic
Case Closed with IBM Application Security on Cloud infographicCase Closed with IBM Application Security on Cloud infographic
Case Closed with IBM Application Security on Cloud infographic
 
Are Your IT Systems Secure?
Are Your IT Systems Secure?Are Your IT Systems Secure?
Are Your IT Systems Secure?
 
RAMNSS_2016_service_porfolio
RAMNSS_2016_service_porfolioRAMNSS_2016_service_porfolio
RAMNSS_2016_service_porfolio
 
Mojave Networks Webinar: A Three-Pronged Approach to Mobile Security
Mojave Networks Webinar: A Three-Pronged Approach to Mobile SecurityMojave Networks Webinar: A Three-Pronged Approach to Mobile Security
Mojave Networks Webinar: A Three-Pronged Approach to Mobile Security
 
Airport security 2013 john mc carthy
Airport security 2013 john mc carthyAirport security 2013 john mc carthy
Airport security 2013 john mc carthy
 

Recently uploaded

Delhi Call Girls Rohini 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call
Delhi Call Girls Rohini 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip CallDelhi Call Girls Rohini 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call
Delhi Call Girls Rohini 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Callshivangimorya083
 
VIP 7001035870 Find & Meet Hyderabad Call Girls Dilsukhnagar high-profile Cal...
VIP 7001035870 Find & Meet Hyderabad Call Girls Dilsukhnagar high-profile Cal...VIP 7001035870 Find & Meet Hyderabad Call Girls Dilsukhnagar high-profile Cal...
VIP 7001035870 Find & Meet Hyderabad Call Girls Dilsukhnagar high-profile Cal...aditipandeya
 
VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Room
VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With RoomVIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Room
VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Roomdivyansh0kumar0
 
Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$kojalkojal131
 
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Room
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With RoomVIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Room
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Roomishabajaj13
 
VIP Kolkata Call Girl Kestopur 👉 8250192130 Available With Room
VIP Kolkata Call Girl Kestopur 👉 8250192130 Available With RoomVIP Kolkata Call Girl Kestopur 👉 8250192130 Available With Room
VIP Kolkata Call Girl Kestopur 👉 8250192130 Available With Roomdivyansh0kumar0
 
Call Girls In Mumbai Central Mumbai ❤️ 9920874524 👈 Cash on Delivery
Call Girls In Mumbai Central Mumbai ❤️ 9920874524 👈 Cash on DeliveryCall Girls In Mumbai Central Mumbai ❤️ 9920874524 👈 Cash on Delivery
Call Girls In Mumbai Central Mumbai ❤️ 9920874524 👈 Cash on Deliverybabeytanya
 
Best VIP Call Girls Noida Sector 75 Call Me: 8448380779
Best VIP Call Girls Noida Sector 75 Call Me: 8448380779Best VIP Call Girls Noida Sector 75 Call Me: 8448380779
Best VIP Call Girls Noida Sector 75 Call Me: 8448380779Delhi Call girls
 
Russian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls KolkataRussian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls Kolkataanamikaraghav4
 
AWS Community DAY Albertini-Ellan Cloud Security (1).pptx
AWS Community DAY Albertini-Ellan Cloud Security (1).pptxAWS Community DAY Albertini-Ellan Cloud Security (1).pptx
AWS Community DAY Albertini-Ellan Cloud Security (1).pptxellan12
 
Low Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls Kolkata
Low Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls KolkataLow Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls Kolkata
Low Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls Kolkataanamikaraghav4
 
₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...
₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...
₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...Diya Sharma
 
Russian Call Girls Thane Swara 8617697112 Independent Escort Service Thane
Russian Call Girls Thane Swara 8617697112 Independent Escort Service ThaneRussian Call Girls Thane Swara 8617697112 Independent Escort Service Thane
Russian Call Girls Thane Swara 8617697112 Independent Escort Service ThaneCall girls in Ahmedabad High profile
 
VIP Kolkata Call Girl Dum Dum 👉 8250192130 Available With Room
VIP Kolkata Call Girl Dum Dum 👉 8250192130 Available With RoomVIP Kolkata Call Girl Dum Dum 👉 8250192130 Available With Room
VIP Kolkata Call Girl Dum Dum 👉 8250192130 Available With Roomdivyansh0kumar0
 
Russian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls KolkataRussian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls Kolkataanamikaraghav4
 

Recently uploaded (20)

Delhi Call Girls Rohini 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call
Delhi Call Girls Rohini 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip CallDelhi Call Girls Rohini 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call
Delhi Call Girls Rohini 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call
 
VIP 7001035870 Find & Meet Hyderabad Call Girls Dilsukhnagar high-profile Cal...
VIP 7001035870 Find & Meet Hyderabad Call Girls Dilsukhnagar high-profile Cal...VIP 7001035870 Find & Meet Hyderabad Call Girls Dilsukhnagar high-profile Cal...
VIP 7001035870 Find & Meet Hyderabad Call Girls Dilsukhnagar high-profile Cal...
 
VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Room
VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With RoomVIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Room
VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Room
 
Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝
 
Rohini Sector 22 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Rohini Sector 22 Call Girls Delhi 9999965857 @Sabina Saikh No AdvanceRohini Sector 22 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Rohini Sector 22 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
 
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$
 
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Room
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With RoomVIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Room
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Room
 
VIP Kolkata Call Girl Kestopur 👉 8250192130 Available With Room
VIP Kolkata Call Girl Kestopur 👉 8250192130 Available With RoomVIP Kolkata Call Girl Kestopur 👉 8250192130 Available With Room
VIP Kolkata Call Girl Kestopur 👉 8250192130 Available With Room
 
Dwarka Sector 26 Call Girls | Delhi | 9999965857 🫦 Vanshika Verma More Our Se...
Dwarka Sector 26 Call Girls | Delhi | 9999965857 🫦 Vanshika Verma More Our Se...Dwarka Sector 26 Call Girls | Delhi | 9999965857 🫦 Vanshika Verma More Our Se...
Dwarka Sector 26 Call Girls | Delhi | 9999965857 🫦 Vanshika Verma More Our Se...
 
Rohini Sector 6 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Rohini Sector 6 Call Girls Delhi 9999965857 @Sabina Saikh No AdvanceRohini Sector 6 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Rohini Sector 6 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
 
Call Girls In Mumbai Central Mumbai ❤️ 9920874524 👈 Cash on Delivery
Call Girls In Mumbai Central Mumbai ❤️ 9920874524 👈 Cash on DeliveryCall Girls In Mumbai Central Mumbai ❤️ 9920874524 👈 Cash on Delivery
Call Girls In Mumbai Central Mumbai ❤️ 9920874524 👈 Cash on Delivery
 
Best VIP Call Girls Noida Sector 75 Call Me: 8448380779
Best VIP Call Girls Noida Sector 75 Call Me: 8448380779Best VIP Call Girls Noida Sector 75 Call Me: 8448380779
Best VIP Call Girls Noida Sector 75 Call Me: 8448380779
 
Russian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls KolkataRussian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls Kolkata
 
AWS Community DAY Albertini-Ellan Cloud Security (1).pptx
AWS Community DAY Albertini-Ellan Cloud Security (1).pptxAWS Community DAY Albertini-Ellan Cloud Security (1).pptx
AWS Community DAY Albertini-Ellan Cloud Security (1).pptx
 
Low Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls Kolkata
Low Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls KolkataLow Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls Kolkata
Low Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls Kolkata
 
₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...
₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...
₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...
 
Russian Call Girls Thane Swara 8617697112 Independent Escort Service Thane
Russian Call Girls Thane Swara 8617697112 Independent Escort Service ThaneRussian Call Girls Thane Swara 8617697112 Independent Escort Service Thane
Russian Call Girls Thane Swara 8617697112 Independent Escort Service Thane
 
VIP Kolkata Call Girl Dum Dum 👉 8250192130 Available With Room
VIP Kolkata Call Girl Dum Dum 👉 8250192130 Available With RoomVIP Kolkata Call Girl Dum Dum 👉 8250192130 Available With Room
VIP Kolkata Call Girl Dum Dum 👉 8250192130 Available With Room
 
Russian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls KolkataRussian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls Kolkata
 
Rohini Sector 26 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Rohini Sector 26 Call Girls Delhi 9999965857 @Sabina Saikh No AdvanceRohini Sector 26 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Rohini Sector 26 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
 

New threats to cyber-security

  • 1. © 2014 Carnegie Mellon University 29-Oct-2014 S5: New Threats to Cyber-Security Software Engineering Institute Carnegie Mellon University Pittsburgh, PA 15213 Mark Sherman, PhD Technical Director Cyber Security Foundations, CERT mssherman@sei.cmu.edu
  • 2. 2 Mark Sherman S5: New Threats to Cyber-Security © 2014 Carnegie Mellon University Copyright 2014 Carnegie Mellon University This material is based upon work funded and supported by the Department of Defense under Contract No. FA8721-05-C-0003 with Carnegie Mellon University for the operation of the Software Engineering Institute, a federally funded research and development center. NO WARRANTY. THIS CARNEGIE MELLON UNIVERSITY AND SOFTWARE ENGINEERING INSTITUTE MATERIAL IS FURNISHED ON AN “AS-IS” BASIS. CARNEGIE MELLON UNIVERSITY MAKES NO WARRANTIES OF ANY KIND, EITHER EXPRESSED OR IMPLIED, AS TO ANY MATTER INCLUDING, BUT NOT LIMITED TO, WARRANTY OF FITNESS FOR PURPOSE OR MERCHANTABILITY, EXCLUSIVITY, OR RESULTS OBTAINED FROM USE OF THE MATERIAL. CARNEGIE MELLON UNIVERSITY DOES NOT MAKE ANY WARRANTY OF ANY KIND WITH RESPECT TO FREEDOM FROM PATENT, TRADEMARK, OR COPYRIGHT INFRINGEMENT. This material has been approved for public release and unlimited distribution. This material may be reproduced in its entirety, without modification, and freely distributed in written or electronic form without requesting formal permission. Permission is required for any other use. Requests for permission should be directed to the Software Engineering Institute at permission@sei.cmu.edu. Carnegie Mellon® and CERT® are registered marks of Carnegie Mellon University. DM-0001805
  • 3. 3 Mark Sherman S5: New Threats to Cyber-Security © 2014 Carnegie Mellon University New Threats to Cyber-Security • Usual view of threat environment • Looking backwards from today’s threats • Looking forwards to future threats • The need for prevention is pressing
  • 4. 4 Mark Sherman S5: New Threats to Cyber-Security © 2014 Carnegie Mellon University Usual view of threat environment Sources: PonemanInstitute, CNNMoneystudy, May 28, 2014; McAfee Quarterly Threat Report, June 2014; Wall Street Journal, Feb 26, 2014 retailcustomerexperience.com -5_lessons_learned_from_recent_retail_data_breaches.pdf 47% of US adults had their personal information exposed by hackers Nearly 250,000,000 malware artifacts by 1Q14
  • 5. 5 Mark Sherman S5: New Threats to Cyber-Security © 2014 Carnegie Mellon University Looking backwards from today’s threats 92% of the 100,000 incidents from the last 10 years can be described by 9 basic patterns • Insider misuse • DOS attacks • Cyber-espionage • Crimeware • Web app attacks • Physical theft and loss • Payment card skimmers • Point-of-sale intrusions • Miscellaneous errors History will repeat itself, so future threats include today’s threats
  • 6. 6 Mark Sherman S5: New Threats to Cyber-Security © 2014 Carnegie Mellon University Looking forwards to future threats • Software is the new hardware • Covering the next last mile • Expanding endpoints • Development is now assembly Cyber threats track evolution of technology
  • 7. 7 Mark Sherman S5: New Threats to Cyber-Security © 2014 Carnegie Mellon University Software is the new hardware IT moving from specialized hardware to software, virtualizedas • Memory • Storage • Servers • Switches • Networks Cyber-physical systems (CPS) evolving to a computer with interesting peripherals • Airplane function in software moved from 8% to 80% since 1960 • Software defined radios drive communication • Television evolved to digital signal processors • Hardware security needs software analogs • New programming models need secure coding guidelines • Guard against side channel attacks enabled by virtualization
  • 8. 8 Mark Sherman S5: New Threats to Cyber-Security © 2014 Carnegie Mellon University The last mile has expanded to • Cellular • Main processor • Base band processor • Secure element (SIM) • Automotive • Intravehicular: more than 50 networked processors • Vehicle to infrastructure (V2I): congestion management, emergency services, law enforcement • Vehicle to vehicle (V2V): safety, efficiency • Industrial and home automation • SCADA • Bluetooth • Zigbee • Aviation • Fly by wire • Next Gen air traffic control • Smart grid • Embedded medical devices Covering the next last mile –securing the border and end points
  • 9. 9 Mark Sherman S5: New Threats to Cyber-Security © 2014 Carnegie Mellon University Development is now assembly Business application Mongo DB Application server HTTP server XML Parser MySQL database SIP servlet container GIF library At least 75% of organizations rely on open source as the foundation of their applications
  • 10. 11 Mark Sherman S5: New Threats to Cyber-Security © 2014 Carnegie Mellon University Open source is probably not secure Heartbleed and Shellshock were found by exploitation Other open source software illustrates vulnerabilities from cursory inspection Source: Steve Christey(MITRE) & Brian Martin (OSF), Buying Into the Bias: Why Vulnerability Statistics Suck, https://media.blackhat.com/us-13/US-13-Martin-Buying-Into-The-Bias-Why-Vulnerability-Statistics- Suck-Slides.pdf
  • 11. 12 Mark Sherman S5: New Threats to Cyber-Security © 2014 Carnegie Mellon University An ounce of prevention is worth a pound of cure “We wouldn't have to spend so much time, money, and effort on network security if we didn't have such bad software security.” Bruce Schneierin Viegaand McGraw, “Building Secure Software,” 2001
  • 12. 13 Mark Sherman S5: New Threats to Cyber-Security © 2014 Carnegie Mellon University The need for prevention is pressing Mission thread(Business process) 19% fail to carry out security requirement definition 27% do not practice secure design 30% do not use static analysis or manual code review during development 47% do not perform acceptance tests for third- party code More than 81% do not coordinate their security practices in various stages of the development life cycle. Source: Forrester Consulting, “State of Application Security,” January 2011
  • 13. 14 Mark Sherman S5: New Threats to Cyber-Security © 2014 Carnegie Mellon University Foresight leads to proactive defense Tracking evolution of technology arms developers for securing the next generation of applications
  • 14. 15 Mark Sherman S5: New Threats to Cyber-Security © 2014 Carnegie Mellon University Contact Information Mark Sherman (412) 268-9223 mssherman@sei.cmu.edu Web Resources (CERT/SEI) http://www.cert.org/ http://www.sei.cmu.edu/
  • 15. 16 Mark Sherman S5: New Threats to Cyber-Security © 2014 Carnegie Mellon University