Cybersecurity Threat Analysis: Status and Advanced Tools
Cybersecurity Threat Analysis: Status and Advanced Tools Santiago Núñez Corrales Director of Digital Technology Ministry of Science and Technology Coordinator of the e-Science Research Program Costa Rica Institute of Technology
Was aber ist deine Pflicht? Die Forderung desTages.What is my task? What the day demands. Wolfgang von Goethe
Cybersecurity: the philosophical problem• Deep inside cybersecurity, there is a fundamental fact of computing that prevents perfect incident detection• No computer program can, in principle, acquire absolute knowledge of what other program will do with certainty• Our strategies for combating cybercrime are based on its phenomenology• It is a pattern-based discipline
Kurt Gödel (1931) showed that systems based on rules are limited in the extent to which they can analyze themselves.Allan Turing, by constructing the basicmodel of a computer found that partof the latter limitation preventsprograms to calculate manyimportant properties of otherprograms.Cybersecurity depends therefore heavily upon prompt detectionand artifact inspection procedures.
Cybersecurity: the historical problem• Market forces computing technology to advance at ever-increasing rates• Software/hardware safety and security can be embedded in the design• The development pace and complexity of computing system leave gaps that evolve to become vulnerabilities• We use multi-level systems that resemble a technological swiss cheese
In hardware, processor families allow software to be compatible between different microprocessor versions. It also allows small design flaws to be inherited. Thus, source code development has become afflicted by hardware design problems. But software remains as the largest source of vulnerabilities, precisely due to market dynamics and the complexity involved in its design and development.Cyberthreats can occur at any level of the technology ladder, and closerelations to industry are essential.
Cybersecurity: the network problem• Malware propagation tactics rely heavily on the properties of data networks• The Internet is a distributed mechanism, where data is routed across the globe using many possible paths• Malware analysis is constantly pushed to the limit when faced with local information related to an incident as malware complexity increases
Remote control mechanisms, data encryption and mutant code allow malware to diversify and evolve in the types of actions and range of threats it poses. Cybersecurity depends on the distributed nature of the Internet as well as on a responsible digital culture from the users side. The weakest link in the information security chain is the user.Programs for Digital Literacy must include training information aboutdigital rights and duties of citizens.
A change of perspective: from computing to biology• Malware is becoming more intelligent, harder to trace• Virus design now is performed by emulating the selection, variation and mutation principles of natural evolution• Phylogeny becomes a meaningful concept• Coordination protocols between malware artifacts also exploit information theoretical limits to provide resilience
A change of perspective: from computing to biology Biology Computing DNA sequences Bit sequences Chemical signaling Data signaling Natural selection Artificial selection DNA recombination Binary reorganization Many infected cells Many infected files Hypermutation Random bit flipping Non-coding regions Dummy machine code
A change of perspective: from computing to biology• The latest approaches in cybercrime analysis resemble closely research in systems biology• Many of the tools already exist and can be readily applied – Data mining and pattern matching – Superco
ARTCA• An OAS-sponsored collaborative research network• Involves many significant collaborators• Hemispheric collaboration as key activity for the Americas• The goal: joint research proposals involving multiple international partners and top-level collaborators
Conclusions• The technological landscape of cybersecurity changes constantly• Many of the scientific tools required to analyze biological systems apply to cybercrime issues• CoE and OAS provide a solid cooperation platform, including the possibility to develop regional projects• Central America is in a great positio n to develop research in information security using the latest technological tools