Jerry Gamblin gave a talk on lessons for security professionals from studying historical dictators and their programs. He discussed insider threats using examples like Caesar and Brutus, and Edward Snowden. For incident response, he examined Napoleon's execution of the Duke of Enghien. He questioned whether security programs focus too much on new tools over basics like user training and patching. Finally, he compared overreliance on technology without user training to Germany's defeat in WWII despite advanced weapons under Hitler.
2. About me
Jerry Gamblin
Security Specialist
Missouri House Of Representatives
Contact Information:
Jerry.Gamblin@gmail.com
@jgamblin
www.jerrygamblin.com
10. Marcus Junius Brutus
49 BC: Fought with Pompey to Greece
during the civil war against Caesar.
48 BC: Pardoned by Caesar.
46 BC: Made governor of Gaul.
45 BC: Made Praetor.
44 BC: Murdered Caesar
11.
12. How does your company defend
against insider threats?
13. Insider Threats
You can not detect and defend from insider threats from
behind your keyboard.
16. Edward Snowden
2004: Enlisted in the United States Army as a
Special Forces recruit.
2005: Security Guard for the National Security
Agency
2007: Network Administrator for the State
Department
2011: Worked for NSA in Japan.
2012: Contractor for Booze Allen Hamilton.
2013: Leaked NSA surveillance programs to
the press.
17. Could you have identified and
stopped Edward Snowden on your
network?
20. Louis Antoine
Duke of Enghien
•
Only son of Louis Henri de Bourbon.
•
Given the title Duke of Enghien at birth.
•
Military school at Commodore de Vinieux.
•
Fought in the French Revolutionary Wars
against France.
•
Married Charlotte de Rohan.
•
Arrested for allegedly being part of the
Cadoudal–Pichegru conspiracy
32. Hacking Back
You are engaged in repressing an insurrection against the laws
of the United States. If at any point on or in the vicinity of any
military line which is now or which shall be used between the
city of Philadelphia and the city of Washington you find
[resistance] which renders it necessary to suspend the writ of
habeas corpus for the public safety, you personally or through
the officer in command at the point where resistance occurs are
authorized to suspend that writ.
Lincoln to General Winfield Scott on April 27, 1861
33. Article 1. Section 9.
of the United States Constitution
The privilege of the writ of
habeas corpus shall not be
suspended (by congress),
unless when in cases of
rebellion or invasion the
public safety may require
it.
34. Ex parte Merryman
Such is the case now before
me, and I can only say that if
the authority which the
constitution has confided to
the judiciary can be usurped
by the President the people of
the United States are no longer
living under a government of
laws.
35. Jon Huntsman
Commission on
Theft of American Intellectual Property
Without damaging the
intruder’s own network,
companies that experience
cyber theft ought to be able to
retrieve their electronic files or
prevent the exploitation of their
stolen information.
36.
37.
38. We'd politely remind
them there's a federal
criminal statute
barring that.
Justice Department's Computer Crime and
Intellectual Property Section.
39.
40. What do you think the future of
hacking back (active defense) is?
42. I am getting ready to use Adolf Hitler and WWII to make a point
about network security. I am not trying to be flippant or
disrespectful in the slightest and I understand the extreme cost
of war.
44. Wunderwaffe
Sturmgewehr 44 - The first assault rifle
Horten Ho 229 - A turbojet flying wing stealth
jet fighter/bomber
Flettner Fl 265 - The world's earliest known
airworthy synchropter
Schwerer Gustav - An 800mm railway gun
V2 - First human-made object to achieve
sub-orbital spaceflight
45.
46.
47.
48.
49.
50. It has been argued that Germany lost
WWII by picking advanced tools over
proven techniques…
51. … just like IT security.
Highly Trained Staff
Everyone has a CISSP!
No End User Training
Unless mandated
Patch Management System
End Users Have Admin Rights.
Next Generation Firewall
No Auditing of Web Apps.
Shiny SIEM
No one actually checks logs.
New Security Policy Guidelines
Shadow IT has taken over.
52.
53. Why do security professionals have
such a hard time getting the basics
right?
56. Nuclear Program of Iran
• 1957: The United States and Iran sign a civil nuclear co-operation agreement as part of the
U.S. Atoms for Peace program.
• 1968: Iran signs the Nuclear Non-Proliferation Treaty and ratifies it.
• 1979: Iran's Islamic revolution puts a freeze on the existing nuclear program.
• 1982: Iranian officials announced that they planned to build a reactor powered by their
own uranium at the Isfahan Nuclear Technology Centre.
• 1995: Iran signs an $800 million contract with the Russian Ministry of Atomic Energy in Busheh.
• 2002: The United States accuses Iran of attempting to make nuclear weapons.
• 2004: Iran removes seals placed upon uranium centrifuges by the International Atomic
Energy Agency and resumes construction of the centrifuges at Natanz.
57.
58. Iranian Nuclear Scientist Killed
• Masoud Alimohammadi
• January 12, 2010
• Majid Shahriari
• November 29, 2010
• Fereydoon Abbasi
• November 29, 2010
• Darioush Rezaeinejad
• July 23, 2011
• Mostafa Ahmadi-Roshan
• January 11, 2012
59.
60. Stuxnet
• Computer worm discovered in June 2010
• Written by the US and Israel to attack Iran's
nuclear facilities
• Stuxnet infects PLCs by subverting the Step-7
software application that is used to
reprogram these devices.
• It is initially spread using USB flash drives.
61. Bruce Schneier
I personally believe that
training users in security is
generally a waste of time, and
that the money can be spent
better elsewhere.
62.
63.
64. What are your thoughts on security
awareness programs?
66. Kim
Jong-un
• First Secretary of the Workers' Party of Korea
• First Chairman of the National Defense
Commission of North Korea
• Commander of the Korean People's Army
67. North Korean Nuclear Program
Phase I (1956–80) Start of North Korea’s
domestic plutonium production program.
Phase II (1980–94) Growth of North
Korea’s domestic plutonium production
program.
Phase III (1994–2002) covers the period of
the "nuclear freeze".
Phase IV (2002–present) Renewed
nuclear activities and tests.
68.
69.
70.
71.
72.
73.
74. What does your priority list look like
for your security program?
76. Contact Info
Jerry Gamblin
Security Specialist
Missouri House Of Representatives
Contact Information:
Jerry.Gamblin@gmail.com
@jgamblin
www.jerrygamblin.com