Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Cross Border Cyber Attacks: Impact on Digital Sovereignty

623 views

Published on

My presentation at the 24th All India Forensics Sciences Conference, February 10, 2018, Ahmedabad

Published in: Software

Cross Border Cyber Attacks: Impact on Digital Sovereignty

  1. 1. NETSQUARE CROSS BORDER CYBER ATTACKS: IMPACT ON DIGITAL SOVEREIGNTY Saumil Shah - CEO Net Square 24th All India Forensics Science Conference 10 February 2018, Ahmedabad
  2. 2. NETSQUARE # whoami - Saumil Shah CEO Net Square. •  Hacker, Speaker, Trainer, Entrepreneur, Author. •  20 years in Infosec. •  M.S. Computer Science Purdue University. •  LinkedIn: saumilshah •  Twitter: @therealsaumil
  3. 3. NETSQUARE Agenda •  2010-2018: A little bit of "history". •  Cyber Security – Attacks and Defense. •  Evolving Global Landscape. •  India's Emerging Digital Presence. •  Cross Border Cyber Threats. •  Realigning India's Digital Posture. •  Four Areas of Focus.
  4. 4. NETSQUARE Landmark Incidents since 2010 •  Operation Aurora (2010) [1] •  Stuxnet (2010) •  WannaCry (2017) •  Petya/NotPetya (2017) [1] JR03-2010 "Shadows in the Cloud" - Information Warfare Monitor & Shadowserver.org
  5. 5. NETSQUARE Lessons Learned from "History" •  Cost of Attacks << Cost of Defense •  Cyber Attacks/Campaigns work on a MASS SCALE ... Secondary Primary Initial Attack
  6. 6. NETSQUARE Lessons Learned from "History" •  Cyber Security is still REACTIVE – Stuck in "RULES, SIGNATURES, UPDATES" – Security by Audit COMPLIANCE •  Every large organisation breached in the past 5 years has been "100% Compliant"
  7. 7. NETSQUARE WannaCry/Petya: Reality Check •  Lots of Unpatched and EOL systems! •  DR was a Disaster! –  < 5% effective Backups. –  Average Recovery Time ~48hrs. •  Airgapped networks were reachable!
  8. 8. NETSQUARE Mass Attacks have succeeded where systems share the same GENETIC DEFECT
  9. 9. NETSQUARE Cyber Weapons Marketplace •  GOV •  PVT https://motherboard.vice.com/en_us/article/8xdayg/iphone-zero-days-inside-azimuth-security
  10. 10. NETSQUARE Cyber Defense in 2018 •  "MITIGATE AGAINST KNOWN ATTACKS" – Rules, Signatures, Updates, Patches •  Majority of the CISOs are stuck: – COMPLIANCE and FIREFIGHTING
  11. 11. NETSQUARE Cyber Defense in 2018 •  Response to Next-Gen Attacks: Rowhammer 2015 Stegosploit 2015 Meltdown 2018 Spectre 2018 ? ? ? ?
  12. 12. NETSQUARE Data Forensics in 2018 •  Trapped in CAUSALITY. •  Largely driven by TOOLS. •  End Results: – Recovery of lost/damaged data – Attribution •  Needs to EVOLVE.
  13. 13. NETSQUARE Schrödinger's HACK Computer Systems exist in both SECURE and HACKED states at the same time. Blackhat Asia 2017: https://www.slideshare.net/saumilshah/the-seven-axioms-of-security
  14. 14. NETSQUARE Global Power Shift 20th CENTURY 21st CENTURY
  15. 15. NETSQUARE A Brave New World
  16. 16. NETSQUARE If Information = Power, then... Information Generates More Information
  17. 17. NETSQUARE The Info Asymmetry Game Data Dominance •  Profiling, Analytics, Correlation •  Massive Interception, Exploitation capabilities Hardware Dominance •  Control of platform hardware and firmware – (desktop, mobile) •  Control of telecom back-end infrastructure
  18. 18. NETSQUARE The Info Asymmetry Game Society and Psy-Ops •  Industrialisation of social media manipulation •  Control over public opinion Financing Ops •  SWIFT attacks, Ransomware •  Cryptocurrency hacks
  19. 19. NETSQUARE India's Emerging Digital Presence
  20. 20. NETSQUARE Cross Border Cyber Threats Mass Scale Financial Theft Sabotage of Critical Agencies Recovery of State Sensitive Secrets Psychological Manipulation of large populaces
  21. 21. NETSQUARE Cross Border Cyber Threats Disruption of Infrastructure UPI, NPCI BSE, NSE Telecom Power Grid Transport
  22. 22. NETSQUARE Cross Border Cyber Threats Disruption of Day to Day Business Ransomware DDoS Mass ID Theft
  23. 23. NETSQUARE Realigning India's Digital Posture Reaction Resistance Resilience India's Digital DNA Critical Infrastructure AADHAR Digital Privacy Bharat Crypto Standards
  24. 24. NETSQUARE "IndigenOS" – New Digital DNA •  Move the computing base from PROPRIETARY to supported Open Standards. – No more closed source OSes. •  RESISTANCE and RESILIENCE against Mass Attacks/Cyber Campaigns. Nullcon '14: https://www.slideshare.net/saumilshah/nullcon2014-12yrs-andabakersdozen
  25. 25. NETSQUARE "IndigenOS" – New Digital DNA •  BOSS Linux (CDAC) is a good start. •  Subgraph OS, Qubes OS for higher security standards. •  Custom builds and distributions for various verticals. •  "Pays For Itself" – avoid astronomical Microsoft license costs.
  26. 26. NETSQUARE "IndigenOS" – New Digital DNA •  Government + Academia + Startups •  Publish Open Application Development Standards. •  Maintenance, Support and Update - commercial services. •  Create a new Software Ecosystem. •  Incentivise adoption via smart policies.
  27. 27. NETSQUARE Critical Infrastructure and Services •  Govt and PSUs to transition to "IndigenOS" based open platforms. •  Expansion of CERT-IN's role: – cross sector advisories, incident response, forensics and threat intelligence exchange on a commercial basis.
  28. 28. NETSQUARE Critical Infrastructure and Services •  Data Forensics and Incident Response evolved to a PROACTIVE approach. – Monitoring of emerging attacks – Malware Analysis – Active use of Honeypots, Shadowserver, etc •  DFIR to be turned into a CYBER EARLY WARNING SYSTEM.
  29. 29. NETSQUARE AADHAR and Digital Privacy Protection of Citizens' Digital Privacy is key to preserving India's Digital Sovereignty
  30. 30. NETSQUARE AADHAR Privacy Watchdog •  Government + Academia Collaboration •  Evolves regulations for use and access of AADHAR data. •  Reports violations of private data abuse. •  EU's GDPR is the GOLD STANDARD on citizen data privacy.
  31. 31. NETSQUARE AADHAR and Digital Privacy Indian Private Data should reside ON-SHORE!
  32. 32. NETSQUARE Bharat Cryptography Standards •  Indigenously developed PUBLIC KEY and SYMMETRIC KEY cryptosystems. – using "Made in India" Mathematics. •  Consumer/Commercial grade crypto •  Critical/Military grade crypto Nullcon '14: https://www.slideshare.net/saumilshah/nullcon2014-12yrs-andabakersdozen
  33. 33. NETSQUARE Bharat Cryptography Standards •  Publish as an Open Standard. •  Commercially supported Libraries and Cryptosystems. •  Integral part of "IndigenOS" platform and standards. •  Integral part of all of Digital India Initiatives.
  34. 34. NETSQUARE THANK YOU! saumil@net-square.com @therealsaumil

×