SlideShare a Scribd company logo

Cyber Security: Threats and Needed Actions

Download as PPTX, PDF
John Gilligan
John Gilligan

Cyber Security: Threats and Needed Actions, a presentation by John M. Gilligan to the Reserach Board in September, 2009.

Technology
1 of 17
Cyber Security: Threats and Needed Actions John M. Gilligan www.gilligangroupinc.com Research Board September 17, 2009
Topics • Historical Perspectives • Cyber Security Threats--A National Crisis • White House Cyber Security Policy Review • Near Term Opportunities • Ongoing Efforts • Longer term Needs • Closing Thoughts 2
Historical Perspectives • Internet, software industry, (personal) computers—rooted in creativity not engineering • Security in the Cold War Era – Security “Gurus”—Keepers of the Kingdom • The World Wide Web changes the security landscape-- forever • Post Cold War: The Age of Information Sharing Legacy of the past is now our “Achilles Heel” 3
Cyber Security Threats Today--A New “Ball Game” • Our way of life depends on a reliable cyberspace • Intellectual property is being downloaded at an alarming rate • Cyberspace is now a warfare domain • Attacks increasing at an exponential rate (e.g. Conficker) • Fundamental network and system vulnerabilities cannot be fixed quickly • Entire industries exist to “Band Aid” over engineering and operational weaknesses • Industry impacts can be profound (e.g., Heartland) Cyber Security is a National Security Crisis! 4
Heartland Payment Systems Disclosure of intrusions--Jan 20, 2009 5
Obama Cyberspace Policy Review— “60 Day Review” • The Nation is at a crossroads • Cyberspace risks pose some of most serious challenges to economic and national security • Need to begin national dialogue on cybersecurity • Solutions must involve partnership with private sector and international engagement • White House must lead the way 6
Recommended Near-Term Actions • Appoint White House Cybersecurity official and supporting organization • Prepare updated national strategy • Designate cybersecurity as Presidential priority • Initiate public awareness campaign and strengthen international partnerships • New policies regarding roles/responsibilities • Prepare cyber incident response plan • Develop research plan and vision for identity management On hold pending appointment of White House Cyber Czar 7
Government Actions • Comprehensive National Cyber Initiative (CNCI) • Department of Homeland Security Reorganization • Smart Grid Cyber Security Initiative • (Some) Public-Private Partnerships – Defense Industrial Base (DIB) – Other special relationships • (Many) Legislative Proposals 8
An Effective Public-Private Partnership: 20 Critical Controls for Effective Cyber Defense* • Underlying Rationale – Let “Offense drive Defense” – Focus on most critical areas • CAG: Twenty security controls based on attack patterns • Government and Private Sector consensus • Emphasis on auditable controls and automated implementation/enforcement • Pilots and standards for tools ongoing * Also called the “Consensus Audit Guidelines” or “CAG” (http://www.sans.org/cag/) 9
Longer-Term Actions: IT Reliably Enabling Business • Change the dialogue: Reliable, resilient IT is fundamental to future National Security and Economic Growth • New business model for software industry – First step—self certified, locked-down configurations – Longer term—software with reliability warranties • Redesign the Internet to provide reliable attribution, increased security • Get the “man out of the loop”—use automated tools (e.g., SCAP) • Foster new IT services models – Assume insecure environment – Increased use of virtualization – Secure “cloud” • Develop professional cyberspace workforceNeed to Fundamentally “Change the Game” to Make Progress 10
Closing Thoughts • Government and Industry need to treat cyber security as an urgent priority • Near-term actions important but need to fundamentally change the game to get ahead of the growing threat • IT community needs to reorient the dialogue on cyber security—the objective is reliable and resilient information • As an example, Cyber Security in DoD is more mature—but still woefully inadequate Cyber Security is Fundamentally a Leadership Issue!11
Contact Information jgilligan@gilligangroupinc.com www.gilligangroupinc.com John M. Gilligan 12
Security Content Automation Protocol (SCAP) • What is it: A set of open standards that allows for the monitoring, positive control, and reporting of security posture of every device in a network. • How is it implemented: Commercial products implement SCAP protocols to exchange and enforce configuration, security policy, and vulnerability information. • Where is it going: Extensions in development to address software design weaknesses, attack patterns, and malware attributes. SCAP Enables Automated Tools To Implement And Enforce Secure Operations 13
Top 20 Cyber Attacks and Related Control (not in priority order) Attack Control Summary Comments 1. Scan for unprotected systems on networks Maintain inventory of authorized and unauthorized devices on networks Find devices that can be exploited to gain access to other interconnected systems. 2. Scan for vulnerable versions of software Maintain inventory of authorized and unauthorized software Find software versions that are able to be exploited remotely to gain entry to other systems. 3. Scan for software with weak configurations Implement secure configurations for HW/SW computer devices Original configurations from vendors often have inadequate security controls enabled. 4. Scan for network devices with exploitable vulnerabilities Implement secure configurations for network devices (routers, switches, firewalls, etc.) Network devices often become less securely configured over time unless they are diligently maintained. 5. Attack boundary devices Implement multi-layered boundary defenses Attackers attempt to exploit boundary systems (e.g., DMZ or network perimeter) to gain access to network or interrelated networks 14
Top 20 Cyber Attacks and Related Control (Continued) (not in priority order) Attack Control Summary Comments 6. Attack without being detected and maintain long-term access due to weak audit logs Maintain and monitor audit logs Weak protection of or inadequate logging and monitoring permits attackers to hide actions 7. Attack web-based or other application software Robust security controls and testing of application software Longstanding code weaknesses (e.g., SQL injection, buffer overflows) can be exploited 8. Gain administrator privileges to control target machines Implement controlled use of administrator privileges Attacks exploit weak protection or control over administrator privileges 9. Gain access to sensitive data that is not adequately protected Implement controlled access based on need to know Once inside a system, attackers exploit weak access controls 10. Exploit newly discovered and unpatched vulnerabilities Continuous vulnerability assessment and remediation Attackers exploit the time between vulnerability discovery and patching 15
Top 20 Cyber Attacks and Related Control (Continued) (not in priority order) Attack Control Summary Comments 11. Exploit inactive user accounts Monitor and control user accounts Legitimate but inactive or accounts of former employees are exploited 12. Implement malware attacks Implement up-to-date anti- virus, anti-spyware, and Intrusion Prevention System controls Malware attacks continue to evolve leaving non- updated systems exposed 13. Exploit poorly configured network services Limit and control network ports, protocols and services Attackers focus on unprotected or unneeded ports and protocols 14. Exploit weak security of wireless devices Implement controls for wireless devices Example attacks include unauthorized access from parking lots, exploiting traveling employees, etc. 15. Steal sensitive data Implement controls to detect and prevent unauthorized exfiltration Includes both electronic and physical (i.e., stolen laptops) attacks 16
Top 20 Cyber Attacks and Related Control (Continued) (not in priority order) Attack Control Summary Comments 16. Map networks looking for vulnerabilities Implement secure network engineering Look for unprotected (i.e., weak) links or weak filtering/controls in network 17. Attack networks and systems by exploiting vulnerabilities undiscovered by target system personnel Conduct penetration tests to evaluate and exercise defenses Attack exploits social engineering and inability of system to respond to automated attacks 18. Attack systems or organizations that have no or poor attack response Implement effective cyber incident response capabilities True magnitude and impact of attack can be masked by inadequate response 19. Change system configurations and/or data so that organization cannot restore it properly Implement data and system recovery procedures Leave backdoors or data errors that permit future attacks or disrupt operations 20. Exploit poorly trained or poorly skilled employees Conduct skills assessment and ensure adequate training across the enterprise Attacks focus on manipulating end users, administrators, security operators, programmers, or even system owners 17

Recommended

Cyber security
Cyber securityCyber security
Cyber security
Nimesh Gajjar
 
Cyber security
Cyber securityCyber security
Cyber security
Bhavin Shah
 
Cyber security and Hacking
Cyber security and HackingCyber security and Hacking
Cyber security and Hacking
Parth Makadiya
 
Cyber security
Cyber securityCyber security
Cyber security
vishakha bhagwat
 
The Importance of Cybersecurity in 2017
The Importance of Cybersecurity in 2017The Importance of Cybersecurity in 2017
The Importance of Cybersecurity in 2017
R-Style Lab
 
Cyber Security Vulnerabilities
Cyber Security VulnerabilitiesCyber Security Vulnerabilities
Cyber Security Vulnerabilities
Siemplify
 
Cyber Security - Moving Past "Best Practices"
Cyber Security - Moving Past "Best Practices"Cyber Security - Moving Past "Best Practices"
Cyber Security - Moving Past "Best Practices"
Billtrust
 
IT Security Presentation
IT Security PresentationIT Security Presentation
IT Security Presentation
elihuwalker
 

Recommended

Cyber security
Cyber securityCyber security
Cyber security
Nimesh Gajjar
 
Cyber security
Cyber securityCyber security
Cyber security
Bhavin Shah
 
Cyber security and Hacking
Cyber security and HackingCyber security and Hacking
Cyber security and Hacking
Parth Makadiya
 
Cyber security
Cyber securityCyber security
Cyber security
vishakha bhagwat
 
The Importance of Cybersecurity in 2017
The Importance of Cybersecurity in 2017The Importance of Cybersecurity in 2017
The Importance of Cybersecurity in 2017
R-Style Lab
 
Cyber Security Vulnerabilities
Cyber Security VulnerabilitiesCyber Security Vulnerabilities
Cyber Security Vulnerabilities
Siemplify
 
Cyber Security - Moving Past "Best Practices"
Cyber Security - Moving Past "Best Practices"Cyber Security - Moving Past "Best Practices"
Cyber Security - Moving Past "Best Practices"
Billtrust
 
IT Security Presentation
IT Security PresentationIT Security Presentation
IT Security Presentation
elihuwalker
 
Cyber security
Cyber securityCyber security
Cyber security
Pihu Goel
 
Pranavi verma-cyber-security-ppt
Pranavi verma-cyber-security-pptPranavi verma-cyber-security-ppt
Pranavi verma-cyber-security-ppt
PranaviVerma
 
Introduction to cyber security
Introduction to cyber securityIntroduction to cyber security
Introduction to cyber security
Self-employed
 
Cybersecurity technology adoption survey
Cybersecurity technology adoption surveyCybersecurity technology adoption survey
Cybersecurity technology adoption survey
Paperjam_redaction
 
Cyber security
Cyber securityCyber security
Cyber security
Dr. Kishor Nikam
 
Hot Cyber Security Technologies
Hot Cyber Security TechnologiesHot Cyber Security Technologies
Hot Cyber Security Technologies
RuchikaSachdeva4
 
Cyber security ppt
Cyber security pptCyber security ppt
Cyber security ppt
CH Asim Zubair
 
cyber security presentation.pptx
cyber security presentation.pptxcyber security presentation.pptx
cyber security presentation.pptx
kishore golla
 
Cyber security and demonstration of security tools
Cyber security and demonstration of security toolsCyber security and demonstration of security tools
Cyber security and demonstration of security tools
Vicky Fernandes
 
Cyber Security: A Common Problem 2018
Cyber Security: A Common Problem 2018Cyber Security: A Common Problem 2018
Cyber Security: A Common Problem 2018
joshquarrie
 
What is Cyber Security - Avantika University
What is Cyber Security - Avantika UniversityWhat is Cyber Security - Avantika University
What is Cyber Security - Avantika University
Avantika University
 
Cyber Security Demistyified
Cyber Security DemistyifiedCyber Security Demistyified
Cyber Security Demistyified
Microsoft UK
 
1. introduction to cyber security
1. introduction to cyber security1. introduction to cyber security
1. introduction to cyber security
Animesh Roy
 
Cyber security 07
Cyber security 07Cyber security 07
Cyber security 07
Habib Siddiqui
 
Introduction to Cybersecurity
Introduction to CybersecurityIntroduction to Cybersecurity
Introduction to Cybersecurity
Adri Jovin
 
CyberSecurity - UH IEEE Presentation 2015-04
CyberSecurity - UH IEEE Presentation 2015-04CyberSecurity - UH IEEE Presentation 2015-04
CyberSecurity - UH IEEE Presentation 2015-04
Kyle Lai
 
Cyber awareness program
Cyber awareness programCyber awareness program
Cyber awareness program
Avanzo net
 
Cyber security 22-07-29=013
Cyber security 22-07-29=013Cyber security 22-07-29=013
Cyber security 22-07-29=013
Dr. Amitabha Yadav
 
Cyber security
Cyber securityCyber security
Cyber security
Prem Raval
 
Basic knowledge of cyber security
Basic knowledge of cyber securityBasic knowledge of cyber security
Basic knowledge of cyber security
mahendra_chauhan
 
Cybersecurity: Challenges, Initiatives, and Best Practices
Cybersecurity: Challenges, Initiatives, and Best PracticesCybersecurity: Challenges, Initiatives, and Best Practices
Cybersecurity: Challenges, Initiatives, and Best Practices
John Gilligan
 
Understanding Technology Stakeholders
Understanding Technology StakeholdersUnderstanding Technology Stakeholders
Understanding Technology Stakeholders
John Gilligan
 

More Related Content

What's hot

Cyber security
Cyber securityCyber security
Cyber security
Pihu Goel
 
Pranavi verma-cyber-security-ppt
Pranavi verma-cyber-security-pptPranavi verma-cyber-security-ppt
Pranavi verma-cyber-security-ppt
PranaviVerma
 
Introduction to cyber security
Introduction to cyber securityIntroduction to cyber security
Introduction to cyber security
Self-employed
 
Cybersecurity technology adoption survey
Cybersecurity technology adoption surveyCybersecurity technology adoption survey
Cybersecurity technology adoption survey
Paperjam_redaction
 
Cyber security
Cyber securityCyber security
Cyber security
Dr. Kishor Nikam
 
Hot Cyber Security Technologies
Hot Cyber Security TechnologiesHot Cyber Security Technologies
Hot Cyber Security Technologies
RuchikaSachdeva4
 
Cyber security ppt
Cyber security pptCyber security ppt
Cyber security ppt
CH Asim Zubair
 
cyber security presentation.pptx
cyber security presentation.pptxcyber security presentation.pptx
cyber security presentation.pptx
kishore golla
 
Cyber security and demonstration of security tools
Cyber security and demonstration of security toolsCyber security and demonstration of security tools
Cyber security and demonstration of security tools
Vicky Fernandes
 
Cyber Security: A Common Problem 2018
Cyber Security: A Common Problem 2018Cyber Security: A Common Problem 2018
Cyber Security: A Common Problem 2018
joshquarrie
 
What is Cyber Security - Avantika University
What is Cyber Security - Avantika UniversityWhat is Cyber Security - Avantika University
What is Cyber Security - Avantika University
Avantika University
 
Cyber Security Demistyified
Cyber Security DemistyifiedCyber Security Demistyified
Cyber Security Demistyified
Microsoft UK
 
1. introduction to cyber security
1. introduction to cyber security1. introduction to cyber security
1. introduction to cyber security
Animesh Roy
 
Cyber security 07
Cyber security 07Cyber security 07
Cyber security 07
Habib Siddiqui
 
Introduction to Cybersecurity
Introduction to CybersecurityIntroduction to Cybersecurity
Introduction to Cybersecurity
Adri Jovin
 
CyberSecurity - UH IEEE Presentation 2015-04
CyberSecurity - UH IEEE Presentation 2015-04CyberSecurity - UH IEEE Presentation 2015-04
CyberSecurity - UH IEEE Presentation 2015-04
Kyle Lai
 
Cyber awareness program
Cyber awareness programCyber awareness program
Cyber awareness program
Avanzo net
 
Cyber security 22-07-29=013
Cyber security 22-07-29=013Cyber security 22-07-29=013
Cyber security 22-07-29=013
Dr. Amitabha Yadav
 
Cyber security
Cyber securityCyber security
Cyber security
Prem Raval
 
Basic knowledge of cyber security
Basic knowledge of cyber securityBasic knowledge of cyber security
Basic knowledge of cyber security
mahendra_chauhan
 

What's hot (20)

Cyber security
Cyber securityCyber security
Cyber security
 
Pranavi verma-cyber-security-ppt
Pranavi verma-cyber-security-pptPranavi verma-cyber-security-ppt
Pranavi verma-cyber-security-ppt
 
Introduction to cyber security
Introduction to cyber securityIntroduction to cyber security
Introduction to cyber security
 
Cybersecurity technology adoption survey
Cybersecurity technology adoption surveyCybersecurity technology adoption survey
Cybersecurity technology adoption survey
 
Cyber security
Cyber securityCyber security
Cyber security
 
Hot Cyber Security Technologies
Hot Cyber Security TechnologiesHot Cyber Security Technologies
Hot Cyber Security Technologies
 
Cyber security ppt
Cyber security pptCyber security ppt
Cyber security ppt
 
cyber security presentation.pptx
cyber security presentation.pptxcyber security presentation.pptx
cyber security presentation.pptx
 
Cyber security and demonstration of security tools
Cyber security and demonstration of security toolsCyber security and demonstration of security tools
Cyber security and demonstration of security tools
 
Cyber Security: A Common Problem 2018
Cyber Security: A Common Problem 2018Cyber Security: A Common Problem 2018
Cyber Security: A Common Problem 2018
 
What is Cyber Security - Avantika University
What is Cyber Security - Avantika UniversityWhat is Cyber Security - Avantika University
What is Cyber Security - Avantika University
 
Cyber Security Demistyified
Cyber Security DemistyifiedCyber Security Demistyified
Cyber Security Demistyified
 
1. introduction to cyber security
1. introduction to cyber security1. introduction to cyber security
1. introduction to cyber security
 
Cyber security 07
Cyber security 07Cyber security 07
Cyber security 07
 
Introduction to Cybersecurity
Introduction to CybersecurityIntroduction to Cybersecurity
Introduction to Cybersecurity
 
CyberSecurity - UH IEEE Presentation 2015-04
CyberSecurity - UH IEEE Presentation 2015-04CyberSecurity - UH IEEE Presentation 2015-04
CyberSecurity - UH IEEE Presentation 2015-04
 
Cyber awareness program
Cyber awareness programCyber awareness program
Cyber awareness program
 
Cyber security 22-07-29=013
Cyber security 22-07-29=013Cyber security 22-07-29=013
Cyber security 22-07-29=013
 
Cyber security
Cyber securityCyber security
Cyber security
 
Basic knowledge of cyber security
Basic knowledge of cyber securityBasic knowledge of cyber security
Basic knowledge of cyber security
 

Similar to Cyber Security: Threats and Needed Actions

Cybersecurity: Challenges, Initiatives, and Best Practices
Cybersecurity: Challenges, Initiatives, and Best PracticesCybersecurity: Challenges, Initiatives, and Best Practices
Cybersecurity: Challenges, Initiatives, and Best Practices
John Gilligan
 
Understanding Technology Stakeholders
Understanding Technology StakeholdersUnderstanding Technology Stakeholders
Understanding Technology Stakeholders
John Gilligan
 
Understanding Technology Stakeholders: Their Progress and Challenges
Understanding Technology Stakeholders: Their Progress and ChallengesUnderstanding Technology Stakeholders: Their Progress and Challenges
Understanding Technology Stakeholders: Their Progress and Challenges
John Gilligan
 
Embedded Systems Security
Embedded Systems Security Embedded Systems Security
Embedded Systems Security
Malachi Jones
 
30ITSecurityThreatsVulnerabilitiesandCountermeasuresV1.ppt
30ITSecurityThreatsVulnerabilitiesandCountermeasuresV1.ppt30ITSecurityThreatsVulnerabilitiesandCountermeasuresV1.ppt
30ITSecurityThreatsVulnerabilitiesandCountermeasuresV1.ppt
Kaukau9
 
Federal Cybersecurity: The latest challenges, initiatives and best practices
Federal Cybersecurity: The latest challenges, initiatives and best practicesFederal Cybersecurity: The latest challenges, initiatives and best practices
Federal Cybersecurity: The latest challenges, initiatives and best practices
John Gilligan
 
Cyber Security: Past and Future
Cyber Security: Past and FutureCyber Security: Past and Future
Cyber Security: Past and Future
John Gilligan
 
CyberCrime in the Cloud and How to defend Yourself
CyberCrime in the Cloud and How to defend Yourself CyberCrime in the Cloud and How to defend Yourself
CyberCrime in the Cloud and How to defend Yourself
Alert Logic
 
Cyber security for business
Cyber security for businessCyber security for business
Cyber security for business
Daniel Thomas
 
IIoT Endpoint Security
IIoT Endpoint Security IIoT Endpoint Security
IIoT Endpoint Security
Industrial Internet Consortium
 
IIoT Endpoint Security – The Model in Practice
IIoT Endpoint Security – The Model in PracticeIIoT Endpoint Security – The Model in Practice
IIoT Endpoint Security – The Model in Practice
team-WIBU
 
Leveraging Federal Procurement to Improve Cyber Security
Leveraging Federal Procurement to Improve Cyber SecurityLeveraging Federal Procurement to Improve Cyber Security
Leveraging Federal Procurement to Improve Cyber Security
John Gilligan
 
M1_Introduction_IPS.pptx
M1_Introduction_IPS.pptxM1_Introduction_IPS.pptx
M1_Introduction_IPS.pptx
imanuelantoniussohir
 
An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)
Ahmad Haghighi
 
Security & control in management information system
Security & control in management information systemSecurity & control in management information system
Security & control in management information system
Online
 
Cyber Security: Threats and Needed Actions
Cyber Security: Threats and Needed ActionsCyber Security: Threats and Needed Actions
Cyber Security: Threats and Needed Actions
John Gilligan
 
Utilizing the Critical Security Controls to Secure Healthcare Technology
Utilizing the Critical Security Controls to Secure Healthcare TechnologyUtilizing the Critical Security Controls to Secure Healthcare Technology
Utilizing the Critical Security Controls to Secure Healthcare Technology
EnclaveSecurity
 
security onion
security onionsecurity onion
security onion
Boni Yeamin
 
Enterprise Security Monitoring, And Log Management.
Enterprise Security Monitoring, And Log Management.Enterprise Security Monitoring, And Log Management.
Enterprise Security Monitoring, And Log Management.
Boni Yeamin
 
Cyber Security: Past and Future
Cyber Security: Past and FutureCyber Security: Past and Future
Cyber Security: Past and Future
John Gilligan
 

Similar to Cyber Security: Threats and Needed Actions (20)

Cybersecurity: Challenges, Initiatives, and Best Practices
Cybersecurity: Challenges, Initiatives, and Best PracticesCybersecurity: Challenges, Initiatives, and Best Practices
Cybersecurity: Challenges, Initiatives, and Best Practices
 
Understanding Technology Stakeholders
Understanding Technology StakeholdersUnderstanding Technology Stakeholders
Understanding Technology Stakeholders
 
Understanding Technology Stakeholders: Their Progress and Challenges
Understanding Technology Stakeholders: Their Progress and ChallengesUnderstanding Technology Stakeholders: Their Progress and Challenges
Understanding Technology Stakeholders: Their Progress and Challenges
 
Embedded Systems Security
Embedded Systems Security Embedded Systems Security
Embedded Systems Security
 
30ITSecurityThreatsVulnerabilitiesandCountermeasuresV1.ppt
30ITSecurityThreatsVulnerabilitiesandCountermeasuresV1.ppt30ITSecurityThreatsVulnerabilitiesandCountermeasuresV1.ppt
30ITSecurityThreatsVulnerabilitiesandCountermeasuresV1.ppt
 
Federal Cybersecurity: The latest challenges, initiatives and best practices
Federal Cybersecurity: The latest challenges, initiatives and best practicesFederal Cybersecurity: The latest challenges, initiatives and best practices
Federal Cybersecurity: The latest challenges, initiatives and best practices
 
Cyber Security: Past and Future
Cyber Security: Past and FutureCyber Security: Past and Future
Cyber Security: Past and Future
 
CyberCrime in the Cloud and How to defend Yourself
CyberCrime in the Cloud and How to defend Yourself CyberCrime in the Cloud and How to defend Yourself
CyberCrime in the Cloud and How to defend Yourself
 
Cyber security for business
Cyber security for businessCyber security for business
Cyber security for business
 
IIoT Endpoint Security
IIoT Endpoint Security IIoT Endpoint Security
IIoT Endpoint Security
 
IIoT Endpoint Security – The Model in Practice
IIoT Endpoint Security – The Model in PracticeIIoT Endpoint Security – The Model in Practice
IIoT Endpoint Security – The Model in Practice
 
Leveraging Federal Procurement to Improve Cyber Security
Leveraging Federal Procurement to Improve Cyber SecurityLeveraging Federal Procurement to Improve Cyber Security
Leveraging Federal Procurement to Improve Cyber Security
 
M1_Introduction_IPS.pptx
M1_Introduction_IPS.pptxM1_Introduction_IPS.pptx
M1_Introduction_IPS.pptx
 
An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)
 
Security & control in management information system
Security & control in management information systemSecurity & control in management information system
Security & control in management information system
 
Cyber Security: Threats and Needed Actions
Cyber Security: Threats and Needed ActionsCyber Security: Threats and Needed Actions
Cyber Security: Threats and Needed Actions
 
Utilizing the Critical Security Controls to Secure Healthcare Technology
Utilizing the Critical Security Controls to Secure Healthcare TechnologyUtilizing the Critical Security Controls to Secure Healthcare Technology
Utilizing the Critical Security Controls to Secure Healthcare Technology
 
security onion
security onionsecurity onion
security onion
 
Enterprise Security Monitoring, And Log Management.
Enterprise Security Monitoring, And Log Management.Enterprise Security Monitoring, And Log Management.
Enterprise Security Monitoring, And Log Management.
 
Cyber Security: Past and Future
Cyber Security: Past and FutureCyber Security: Past and Future
Cyber Security: Past and Future
 

More from John Gilligan

Automating Enterprise IT Management
Automating Enterprise IT ManagementAutomating Enterprise IT Management
Automating Enterprise IT Management
John Gilligan
 
Solving the CIO’s Cybersecurity Dilemma
Solving the CIO’s Cybersecurity DilemmaSolving the CIO’s Cybersecurity Dilemma
Solving the CIO’s Cybersecurity Dilemma
John Gilligan
 
Ensuring Effective Security The CIOs Dilemma 11 17 08
Ensuring Effective Security The CIOs Dilemma 11 17 08Ensuring Effective Security The CIOs Dilemma 11 17 08
Ensuring Effective Security The CIOs Dilemma 11 17 08
John Gilligan
 
Cyber Security - the 21st Century Domain
Cyber Security - the 21st Century DomainCyber Security - the 21st Century Domain
Cyber Security - the 21st Century Domain
John Gilligan
 
Consensus Audit Guidelines 2008
Consensus Audit Guidelines 2008Consensus Audit Guidelines 2008
Consensus Audit Guidelines 2008
John Gilligan
 
Security In The Supply Chain
Security In The Supply ChainSecurity In The Supply Chain
Security In The Supply Chain
John Gilligan
 

More from John Gilligan (6)

Automating Enterprise IT Management
Automating Enterprise IT ManagementAutomating Enterprise IT Management
Automating Enterprise IT Management
 
Solving the CIO’s Cybersecurity Dilemma
Solving the CIO’s Cybersecurity DilemmaSolving the CIO’s Cybersecurity Dilemma
Solving the CIO’s Cybersecurity Dilemma
 
Ensuring Effective Security The CIOs Dilemma 11 17 08
Ensuring Effective Security The CIOs Dilemma 11 17 08Ensuring Effective Security The CIOs Dilemma 11 17 08
Ensuring Effective Security The CIOs Dilemma 11 17 08
 
Cyber Security - the 21st Century Domain
Cyber Security - the 21st Century DomainCyber Security - the 21st Century Domain
Cyber Security - the 21st Century Domain
 
Consensus Audit Guidelines 2008
Consensus Audit Guidelines 2008Consensus Audit Guidelines 2008
Consensus Audit Guidelines 2008
 
Security In The Supply Chain
Security In The Supply ChainSecurity In The Supply Chain
Security In The Supply Chain
 

Recently uploaded

Mind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AIMind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AI
Kumud Singh
 
Climate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing DaysClimate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing Days
Kari Kakkonen
 
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
名前 です男
 
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
SOFTTECHHUB
 
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
Neo4j
 
PCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase TeamPCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase Team
ControlCase
 
Monitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR EventsMonitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR Events
Ana-Maria Mihalceanu
 
Artificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopmentArtificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopment
Octavian Nadolu
 
UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6
DianaGray10
 
Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1
DianaGray10
 
Generative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionGenerative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to Production
Aggregage
 
Video Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the FutureVideo Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the Future
Alpen-Adria-Universität
 
A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...
sonjaschweigert1
 
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Albert Hoitingh
 
Data structures and Algorithms in Python.pdf
Data structures and Algorithms in Python.pdfData structures and Algorithms in Python.pdf
Data structures and Algorithms in Python.pdf
TIPNGVN2
 
“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...
“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...
“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...
Edge AI and Vision Alliance
 
20240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 202420240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 2024
Matthew Sinclair
 
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
James Anderson
 
How to use Firebase Data Connect For Flutter
How to use Firebase Data Connect For FlutterHow to use Firebase Data Connect For Flutter
How to use Firebase Data Connect For Flutter
Daiki Mogmet Ito
 
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
Neo4j
 

Recently uploaded (20)

Mind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AIMind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AI
 
Climate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing DaysClimate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing Days
 
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
 
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
 
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
 
PCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase TeamPCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase Team
 
Monitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR EventsMonitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR Events
 
Artificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopmentArtificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopment
 
UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6
 
Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1
 
Generative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionGenerative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to Production
 
Video Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the FutureVideo Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the Future
 
A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...
 
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
 
Data structures and Algorithms in Python.pdf
Data structures and Algorithms in Python.pdfData structures and Algorithms in Python.pdf
Data structures and Algorithms in Python.pdf
 
“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...
“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...
“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...
 
20240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 202420240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 2024
 
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
 
How to use Firebase Data Connect For Flutter
How to use Firebase Data Connect For FlutterHow to use Firebase Data Connect For Flutter
How to use Firebase Data Connect For Flutter
 
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
 

Cyber Security: Threats and Needed Actions

  • 1. Cyber Security: Threats and Needed Actions John M. Gilligan www.gilligangroupinc.com Research Board September 17, 2009
  • 2. Topics • Historical Perspectives • Cyber Security Threats--A National Crisis • White House Cyber Security Policy Review • Near Term Opportunities • Ongoing Efforts • Longer term Needs • Closing Thoughts 2
  • 3. Historical Perspectives • Internet, software industry, (personal) computers—rooted in creativity not engineering • Security in the Cold War Era – Security “Gurus”—Keepers of the Kingdom • The World Wide Web changes the security landscape-- forever • Post Cold War: The Age of Information Sharing Legacy of the past is now our “Achilles Heel” 3
  • 4. Cyber Security Threats Today--A New “Ball Game” • Our way of life depends on a reliable cyberspace • Intellectual property is being downloaded at an alarming rate • Cyberspace is now a warfare domain • Attacks increasing at an exponential rate (e.g. Conficker) • Fundamental network and system vulnerabilities cannot be fixed quickly • Entire industries exist to “Band Aid” over engineering and operational weaknesses • Industry impacts can be profound (e.g., Heartland) Cyber Security is a National Security Crisis! 4
  • 5. Heartland Payment Systems Disclosure of intrusions--Jan 20, 2009 5
  • 6. Obama Cyberspace Policy Review— “60 Day Review” • The Nation is at a crossroads • Cyberspace risks pose some of most serious challenges to economic and national security • Need to begin national dialogue on cybersecurity • Solutions must involve partnership with private sector and international engagement • White House must lead the way 6
  • 7. Recommended Near-Term Actions • Appoint White House Cybersecurity official and supporting organization • Prepare updated national strategy • Designate cybersecurity as Presidential priority • Initiate public awareness campaign and strengthen international partnerships • New policies regarding roles/responsibilities • Prepare cyber incident response plan • Develop research plan and vision for identity management On hold pending appointment of White House Cyber Czar 7
  • 8. Government Actions • Comprehensive National Cyber Initiative (CNCI) • Department of Homeland Security Reorganization • Smart Grid Cyber Security Initiative • (Some) Public-Private Partnerships – Defense Industrial Base (DIB) – Other special relationships • (Many) Legislative Proposals 8
  • 9. An Effective Public-Private Partnership: 20 Critical Controls for Effective Cyber Defense* • Underlying Rationale – Let “Offense drive Defense” – Focus on most critical areas • CAG: Twenty security controls based on attack patterns • Government and Private Sector consensus • Emphasis on auditable controls and automated implementation/enforcement • Pilots and standards for tools ongoing * Also called the “Consensus Audit Guidelines” or “CAG” (http://www.sans.org/cag/) 9
  • 10. Longer-Term Actions: IT Reliably Enabling Business • Change the dialogue: Reliable, resilient IT is fundamental to future National Security and Economic Growth • New business model for software industry – First step—self certified, locked-down configurations – Longer term—software with reliability warranties • Redesign the Internet to provide reliable attribution, increased security • Get the “man out of the loop”—use automated tools (e.g., SCAP) • Foster new IT services models – Assume insecure environment – Increased use of virtualization – Secure “cloud” • Develop professional cyberspace workforceNeed to Fundamentally “Change the Game” to Make Progress 10
  • 11. Closing Thoughts • Government and Industry need to treat cyber security as an urgent priority • Near-term actions important but need to fundamentally change the game to get ahead of the growing threat • IT community needs to reorient the dialogue on cyber security—the objective is reliable and resilient information • As an example, Cyber Security in DoD is more mature—but still woefully inadequate Cyber Security is Fundamentally a Leadership Issue!11
  • 13. Security Content Automation Protocol (SCAP) • What is it: A set of open standards that allows for the monitoring, positive control, and reporting of security posture of every device in a network. • How is it implemented: Commercial products implement SCAP protocols to exchange and enforce configuration, security policy, and vulnerability information. • Where is it going: Extensions in development to address software design weaknesses, attack patterns, and malware attributes. SCAP Enables Automated Tools To Implement And Enforce Secure Operations 13
  • 14. Top 20 Cyber Attacks and Related Control (not in priority order) Attack Control Summary Comments 1. Scan for unprotected systems on networks Maintain inventory of authorized and unauthorized devices on networks Find devices that can be exploited to gain access to other interconnected systems. 2. Scan for vulnerable versions of software Maintain inventory of authorized and unauthorized software Find software versions that are able to be exploited remotely to gain entry to other systems. 3. Scan for software with weak configurations Implement secure configurations for HW/SW computer devices Original configurations from vendors often have inadequate security controls enabled. 4. Scan for network devices with exploitable vulnerabilities Implement secure configurations for network devices (routers, switches, firewalls, etc.) Network devices often become less securely configured over time unless they are diligently maintained. 5. Attack boundary devices Implement multi-layered boundary defenses Attackers attempt to exploit boundary systems (e.g., DMZ or network perimeter) to gain access to network or interrelated networks 14
  • 15. Top 20 Cyber Attacks and Related Control (Continued) (not in priority order) Attack Control Summary Comments 6. Attack without being detected and maintain long-term access due to weak audit logs Maintain and monitor audit logs Weak protection of or inadequate logging and monitoring permits attackers to hide actions 7. Attack web-based or other application software Robust security controls and testing of application software Longstanding code weaknesses (e.g., SQL injection, buffer overflows) can be exploited 8. Gain administrator privileges to control target machines Implement controlled use of administrator privileges Attacks exploit weak protection or control over administrator privileges 9. Gain access to sensitive data that is not adequately protected Implement controlled access based on need to know Once inside a system, attackers exploit weak access controls 10. Exploit newly discovered and unpatched vulnerabilities Continuous vulnerability assessment and remediation Attackers exploit the time between vulnerability discovery and patching 15
  • 16. Top 20 Cyber Attacks and Related Control (Continued) (not in priority order) Attack Control Summary Comments 11. Exploit inactive user accounts Monitor and control user accounts Legitimate but inactive or accounts of former employees are exploited 12. Implement malware attacks Implement up-to-date anti- virus, anti-spyware, and Intrusion Prevention System controls Malware attacks continue to evolve leaving non- updated systems exposed 13. Exploit poorly configured network services Limit and control network ports, protocols and services Attackers focus on unprotected or unneeded ports and protocols 14. Exploit weak security of wireless devices Implement controls for wireless devices Example attacks include unauthorized access from parking lots, exploiting traveling employees, etc. 15. Steal sensitive data Implement controls to detect and prevent unauthorized exfiltration Includes both electronic and physical (i.e., stolen laptops) attacks 16
  • 17. Top 20 Cyber Attacks and Related Control (Continued) (not in priority order) Attack Control Summary Comments 16. Map networks looking for vulnerabilities Implement secure network engineering Look for unprotected (i.e., weak) links or weak filtering/controls in network 17. Attack networks and systems by exploiting vulnerabilities undiscovered by target system personnel Conduct penetration tests to evaluate and exercise defenses Attack exploits social engineering and inability of system to respond to automated attacks 18. Attack systems or organizations that have no or poor attack response Implement effective cyber incident response capabilities True magnitude and impact of attack can be masked by inadequate response 19. Change system configurations and/or data so that organization cannot restore it properly Implement data and system recovery procedures Leave backdoors or data errors that permit future attacks or disrupt operations 20. Exploit poorly trained or poorly skilled employees Conduct skills assessment and ensure adequate training across the enterprise Attacks focus on manipulating end users, administrators, security operators, programmers, or even system owners 17