SlideShare a Scribd company logo

Pdf lachow anu

T
theresa may

Public seminar at the National Security College by Dr Irving Lachow on the promise and perils of active cyber defence

Technology
1 of 22
Download to read offline
© 2017 The MITRE Corporation. All rights reserved. | 1 | Approved for Public Release; Distribution Unlimited. Case Number 17-2636 Dr. Irv Lachow Portfolio Manager, International Cybersecurity, MITRE Visiting Fellow, The Hoover Institution, Stanford University July 13, 2017 The Promise and Peril of Active Cyber Defense
| 2 | © 2017 The MITRE Corporation. All rights reserved. For Internal MITRE Use. Approved for Public Release; Distribution Unlimited. Case Number 17-2636 Disclaimer ▪ The author's affiliation with The MITRE Corporation is provided for identification purposes only, and is not intended to convey or imply MITRE's concurrence with, or support for, the positions, opinions, or viewpoints expressed by the author.
| 3 | © 2017 The MITRE Corporation. All rights reserved. For Internal MITRE Use. Approved for Public Release; Distribution Unlimited. Case Number 17-2636 Agenda ▪ Active Cyber Defense Primer ▪ Policy Issues ▪ References ▪ Discussion
| 4 | © 2017 The MITRE Corporation. All rights reserved. For Internal MITRE Use. Approved for Public Release; Distribution Unlimited. Case Number 17-2636 Why Is Active Cyber Defense Important? ▪ Governments alone cannot protect the private sector ▪ Companies are increasingly capable of taking active steps to defend themselves—and are doing so ▪ Current legal and policy guidance is "absent, vague or difficult to operationalize." – Governments are effectively blocking companies from taking action ▪ Two most likely outcomes are undesirable: – Companies do nothing – Wild West
| 5 | © 2017 The MITRE Corporation. All rights reserved. For Internal MITRE Use. Approved for Public Release; Distribution Unlimited. Case Number 17-2636 What Does “Active Cyber Defense” Mean? ▪ Center for Cyber and Homeland Security – Active defense is a term that captures a spectrum of proactive cybersecurity measures that fall between traditional passive defense and offensive….the term is NOT synonymous with “hacking back.” (Emphasis added.) ▪ Hoffman and Levite (from Robert Dewar) – An approach to achieving cybersecurity predicated upon the deployment of measures to detect, analyze, identify and mitigate threats…combined with the capability and resources to take proactive or offensive action against threats… ▪ DARPA – DARPA’s Active Cyber Defense (ACD) program is designed to…[provide] cyber defenders a “home field” advantage: the ability to perform defensive operations that involve direct engagement with sophisticated adversaries in DoD-controlled cyberspace.
| 6 | © 2017 The MITRE Corporation. All rights reserved. For Internal MITRE Use. Approved for Public Release; Distribution Unlimited. Case Number 17-2636 Examples of ACD Actions Source: CCHS
| 7 | © 2017 The MITRE Corporation. All rights reserved. For Internal MITRE Use. Approved for Public Release; Distribution Unlimited. Case Number 17-2636 Benefits and Risks of ACD Actions Source: Hoffman and Levite
| 8 | © 2017 The MITRE Corporation. All rights reserved. For Internal MITRE Use. Approved for Public Release; Distribution Unlimited. Case Number 17-2636 ACD Activities Involve Risk Tradeoffs Source: Hoffman and Levite
| 9 | © 2017 The MITRE Corporation. All rights reserved. For Internal MITRE Use. Approved for Public Release; Distribution Unlimited. Case Number 17-2636 In Theory ACD Risks Can be Quantified Source: Hoffman and Levite
| 10 | © 2017 The MITRE Corporation. All rights reserved. For Internal MITRE Use. Approved for Public Release; Distribution Unlimited. Case Number 17-2636 Agenda ▪ Active Cyber Defense Primer ▪ Policy Issues ▪ References ▪ Discussion
| 11 | © 2017 The MITRE Corporation. All rights reserved. For Internal MITRE Use. Approved for Public Release; Distribution Unlimited. Case Number 17-2636 Key Policy and Legal Questions ▪ Who can do ACD? ▪ What can they do? ▪ When can they do ACD? ▪ Who is help responsible when…? ▪ How address int’l aspects? ▪ How address technical developments?
| 12 | © 2017 The MITRE Corporation. All rights reserved. For Internal MITRE Use. Approved for Public Release; Distribution Unlimited. Case Number 17-2636 Legal Frameworks: Not Much Help ▪ National Laws vary considerably but most prevent the bulk of ACD activities – Example: United States' Computer Fraud and Abuse Act ▪ International Laws – "Formal international treaties have no apparent direct application to the [ACD] questions being considered." ▪ Which legal models are most applicable? ▪ This lack of guidance needs to be addressed… Source: Lachow, CCHS, Rosenzweig
| 13 | © 2017 The MITRE Corporation. All rights reserved. For Internal MITRE Use. Approved for Public Release; Distribution Unlimited. Case Number 17-2636 Principles-Based Approach (Market Driven) ▪ The Concept – Create normative principles for ACD behaviors ▪ Risk-based ▪ Formalized via industry-driven code of conduct – Use market-based mechanisms to enforce desired behaviors ▪ Insurance industry ▪ Civil torts ▪ Advantages – Relies on incentives to drive behavior – Balances risks – Adaptable to dynamic environment ▪ Challenges – Legal authority is still needed – Actions can have global consequences – Markets sometimes fail Source: Hoffman and Levite
| 14 | © 2017 The MITRE Corporation. All rights reserved. For Internal MITRE Use. Approved for Public Release; Distribution Unlimited. Case Number 17-2636 Government-Licensed Private Security ▪ The Concept: – Only authorized firms are allowed to conduct ACD – Licensing requirements set by each country – Allowed actions would fall short of most aggressive ACD techniques – Close cooperation with gov’t authorities ▪ Advantages – Clear limits about allowable actions – Lower risk of collateral damage and escalation – Improved public-private cooperation ▪ Challenges – Licensing process – Oversight process – Coordination across nations – State-sanctioned activity Source: Rosenzeig
| 15 | © 2017 The MITRE Corporation. All rights reserved. For Internal MITRE Use. Approved for Public Release; Distribution Unlimited. Case Number 17-2636 “ACD Policy Framework” ▪ Fifteen recommended steps for U.S. industry, Executive Branch, and Congress ▪ Key themes – Define range of acceptable actions that balance efficacy and risk – Update legal instruments to reflect balanced approach – Work towards global standards across nations – Strengthen public-private cooperation – Create set of best practices that are promulgated across industry Source: CCHS
| 16 | © 2017 The MITRE Corporation. All rights reserved. For Internal MITRE Use. Approved for Public Release; Distribution Unlimited. Case Number 17-2636 Consensus Findings ▪ Private sector needs to be given more authority to act ▪ ACD actions need to balance benefits and risks ▪ Legal clarity is necessary if not sufficient ▪ International aspects may be most challenging ▪ Government and industry cooperation is essential
| 17 | © 2017 The MITRE Corporation. All rights reserved. For Internal MITRE Use. Approved for Public Release; Distribution Unlimited. Case Number 17-2636 Agenda ▪ Active Cyber Defense Primer ▪ Policy Issues ▪ References ▪ Discussion
| 18 | © 2017 The MITRE Corporation. All rights reserved. For Internal MITRE Use. Approved for Public Release; Distribution Unlimited. Case Number 17-2636 Key References ▪ Center for Cyber & Homeland Security (CCHS). Into the Grey Zone: The Private Sector and Active Defense Against Cyber Threats: Washington, DC, The George Washington University, 2016. ▪ Croom, Charles, “The Cyber Kill Chain: A Foundation for a New Cyber Security Strategy,” High Frontier 6, No. 4 (2010): 52-56. ▪ Hoffman, Wyatt and Ariel E. Levite. Private Sector Cyber Defense: Can Active Measures Help Stablize Cyberspace: Washington, DC, Carnegie Endowment for International Peace, 2017. ▪ Lachow, Irving. Active Cyber Defense: A Framework for Policymakers: Washington, DC, Center for a New American Security, 2013. ▪ Rosenzweig, Paul, Steven P. Bucci and David Inserra. Next Steps for U.S. Cybersecurity in the Trump Administration: Active Cyber Defense, Backgrounder, No 3188: Washington, DC, The Heritage Foundation, 2017.
| 19 | © 2017 The MITRE Corporation. All rights reserved. For Internal MITRE Use. Approved for Public Release; Distribution Unlimited. Case Number 17-2636 Agenda ▪ Active Cyber Defense Primer ▪ Policy Issues ▪ References ▪ Discussion
| 20 | © 2017 The MITRE Corporation. All rights reserved. For Internal MITRE Use. Approved for Public Release; Distribution Unlimited. Case Number 17-2636 Questions? Comments? Ideas?
| 21 | © 2017 The MITRE Corporation. All rights reserved. For Internal MITRE Use. Approved for Public Release; Distribution Unlimited. Case Number 17-2636 UK’s Government ACD Program ▪ Goal: “tackle, in [an] automated way, a significant proportion of the cyber attacks that hit the UK.” ▪ Led by National Cyber Security Centre ▪ Program elements – Strengthen infrastructure protocols – Secure email – Take down criminal websites – Filter DNS – Strengthen identity authentication Source: National Cyber Security Centre
| 22 | © 2017 The MITRE Corporation. All rights reserved. For Internal MITRE Use. Approved for Public Release; Distribution Unlimited. Case Number 17-2636 ACD Techniques Most Useful Against Advanced Adversaries ▪ Cyber “hygiene” can thwart most criminal activity ▪ ACD requires time and effort and carries risks Source: Lachow and Croom

Recommended

Social Media Mining - Chapter 10 (Behavior Analytics)
Social Media Mining - Chapter 10 (Behavior Analytics)Social Media Mining - Chapter 10 (Behavior Analytics)
Social Media Mining - Chapter 10 (Behavior Analytics)
SocialMediaMining
 
Revealing the Secret Alien Agenda
Revealing the Secret Alien AgendaRevealing the Secret Alien Agenda
Revealing the Secret Alien Agenda
Vapula
 
Introduction to Computational Social Science
Introduction to Computational Social ScienceIntroduction to Computational Social Science
Introduction to Computational Social Science
Premsankar Chakkingal
 
The Role Of Zionism in the Holocaust
The Role Of Zionism in the HolocaustThe Role Of Zionism in the Holocaust
The Role Of Zionism in the Holocaust
Zurich Files
 
PROJECT BLUE BEAM: False Flag. Free Book. 2020
PROJECT BLUE BEAM: False Flag. Free Book. 2020PROJECT BLUE BEAM: False Flag. Free Book. 2020
PROJECT BLUE BEAM: False Flag. Free Book. 2020
The Free School
 
Honeypots
HoneypotsHoneypots
Honeypots
J. Scott Christianson
 
What it Takes to be a CISO in 2017
What it Takes to be a CISO in 2017What it Takes to be a CISO in 2017
What it Takes to be a CISO in 2017
Doug Copley
 
What CIOs and CFOs Need to Know About Cyber Security
What CIOs and CFOs Need to Know About Cyber SecurityWhat CIOs and CFOs Need to Know About Cyber Security
What CIOs and CFOs Need to Know About Cyber Security
Phil Agcaoili
 

Recommended

Social Media Mining - Chapter 10 (Behavior Analytics)
Social Media Mining - Chapter 10 (Behavior Analytics)Social Media Mining - Chapter 10 (Behavior Analytics)
Social Media Mining - Chapter 10 (Behavior Analytics)
SocialMediaMining
 
Revealing the Secret Alien Agenda
Revealing the Secret Alien AgendaRevealing the Secret Alien Agenda
Revealing the Secret Alien Agenda
Vapula
 
Introduction to Computational Social Science
Introduction to Computational Social ScienceIntroduction to Computational Social Science
Introduction to Computational Social Science
Premsankar Chakkingal
 
The Role Of Zionism in the Holocaust
The Role Of Zionism in the HolocaustThe Role Of Zionism in the Holocaust
The Role Of Zionism in the Holocaust
Zurich Files
 
PROJECT BLUE BEAM: False Flag. Free Book. 2020
PROJECT BLUE BEAM: False Flag. Free Book. 2020PROJECT BLUE BEAM: False Flag. Free Book. 2020
PROJECT BLUE BEAM: False Flag. Free Book. 2020
The Free School
 
Honeypots
HoneypotsHoneypots
Honeypots
J. Scott Christianson
 
What it Takes to be a CISO in 2017
What it Takes to be a CISO in 2017What it Takes to be a CISO in 2017
What it Takes to be a CISO in 2017
Doug Copley
 
What CIOs and CFOs Need to Know About Cyber Security
What CIOs and CFOs Need to Know About Cyber SecurityWhat CIOs and CFOs Need to Know About Cyber Security
What CIOs and CFOs Need to Know About Cyber Security
Phil Agcaoili
 
Six Steps to Addressing Data Governance under GDPR and US Privacy Shield Regu...
Six Steps to Addressing Data Governance under GDPR and US Privacy Shield Regu...Six Steps to Addressing Data Governance under GDPR and US Privacy Shield Regu...
Six Steps to Addressing Data Governance under GDPR and US Privacy Shield Regu...
DATUM LLC
 
Click here to agree managing intellectual property when crowdsourcing solutions
Click here to agree managing intellectual property when crowdsourcing solutionsClick here to agree managing intellectual property when crowdsourcing solutions
Click here to agree managing intellectual property when crowdsourcing solutions
Ian McCarthy
 
“Fairness Cases as an Accelerant and Enabler for Cognitive Assistance Adoption”
“Fairness Cases as an Accelerant and Enabler for Cognitive Assistance Adoption”“Fairness Cases as an Accelerant and Enabler for Cognitive Assistance Adoption”
“Fairness Cases as an Accelerant and Enabler for Cognitive Assistance Adoption”
diannepatricia
 
Ntxissacsc5 purple 3-cyber insurance essentials-shawn_tuma.pptx
Ntxissacsc5 purple 3-cyber insurance essentials-shawn_tuma.pptxNtxissacsc5 purple 3-cyber insurance essentials-shawn_tuma.pptx
Ntxissacsc5 purple 3-cyber insurance essentials-shawn_tuma.pptx
North Texas Chapter of the ISSA
 
The Essentials of Cyber Insurance: A Panel of Industry Experts
The Essentials of Cyber Insurance: A Panel of Industry ExpertsThe Essentials of Cyber Insurance: A Panel of Industry Experts
The Essentials of Cyber Insurance: A Panel of Industry Experts
Shawn Tuma
 
Establishing an insider threat programme: Know your Snowden - Puneet Kukreja,...
Establishing an insider threat programme: Know your Snowden - Puneet Kukreja,...Establishing an insider threat programme: Know your Snowden - Puneet Kukreja,...
Establishing an insider threat programme: Know your Snowden - Puneet Kukreja,...
Puneet Kukreja
 
An Inside-Out Approach to Security in Financial Services
An Inside-Out Approach to Security in Financial ServicesAn Inside-Out Approach to Security in Financial Services
An Inside-Out Approach to Security in Financial Services
Forcepoint LLC
 
Fixing Intranet Search
Fixing Intranet SearchFixing Intranet Search
Fixing Intranet Search
Prescient Digital Media
 
Gdpr action plan - ISSA
Gdpr action plan - ISSAGdpr action plan - ISSA
Gdpr action plan - ISSA
Ulf Mattsson
 
Netwatcher Credit Union Tech Talk
Netwatcher Credit Union Tech TalkNetwatcher Credit Union Tech Talk
Netwatcher Credit Union Tech Talk
NetWatcher
 
Potential Opportunities for Common Federal Biometric Services
Potential Opportunities for Common Federal Biometric ServicesPotential Opportunities for Common Federal Biometric Services
Potential Opportunities for Common Federal Biometric Services
Duane Blackburn
 
Best_of_Breed_3-24-2015_How_to_Achieve_ABAC_Today copy
Best_of_Breed_3-24-2015_How_to_Achieve_ABAC_Today copyBest_of_Breed_3-24-2015_How_to_Achieve_ABAC_Today copy
Best_of_Breed_3-24-2015_How_to_Achieve_ABAC_Today copy
Stephanie McVitty
 
Takeaways from a Simulated Cyber Attack
Takeaways from a Simulated Cyber AttackTakeaways from a Simulated Cyber Attack
Takeaways from a Simulated Cyber Attack
Boston Consulting Group
 
SIAM Annual Meeting - CTeixeira MITRE V4
SIAM Annual Meeting - CTeixeira MITRE V4SIAM Annual Meeting - CTeixeira MITRE V4
SIAM Annual Meeting - CTeixeira MITRE V4
Christopher Teixeira
 
Mass Collaboration [Policy]: What, Why, and Choices
Mass Collaboration [Policy]: What, Why, and ChoicesMass Collaboration [Policy]: What, Why, and Choices
Mass Collaboration [Policy]: What, Why, and Choices
Mike Linksvayer
 
Olaf Kolkman - FIRST Keynote on Collaborative Security
Olaf Kolkman - FIRST Keynote on Collaborative SecurityOlaf Kolkman - FIRST Keynote on Collaborative Security
Olaf Kolkman - FIRST Keynote on Collaborative Security
Internet Technology Matters (Internet Society)
 
Getting Started with GDPR Compliance
Getting Started with GDPR ComplianceGetting Started with GDPR Compliance
Getting Started with GDPR Compliance
DATAVERSITY
 
Global Talent Management: 6 Keys to Unlocking Success
Global Talent Management: 6 Keys to Unlocking SuccessGlobal Talent Management: 6 Keys to Unlocking Success
Global Talent Management: 6 Keys to Unlocking Success
DDI | Development Dimensions International
 
Ethical, Social, and Political Issues in E-commerce
Ethical, Social, and Political Issues in E-commerceEthical, Social, and Political Issues in E-commerce
Ethical, Social, and Political Issues in E-commerce
Nor Ayuzi Deraman
 
Battle the Dark Side of Data Governance
Battle the Dark Side of Data GovernanceBattle the Dark Side of Data Governance
Battle the Dark Side of Data Governance
DATAVERSITY
 
"What does it really mean for your system to be available, or how to define w...
"What does it really mean for your system to be available, or how to define w..."What does it really mean for your system to be available, or how to define w...
"What does it really mean for your system to be available, or how to define w...
Fwdays
 
GlobalLogic Java Community Webinar #18 “How to Improve Web Application Perfor...
GlobalLogic Java Community Webinar #18 “How to Improve Web Application Perfor...GlobalLogic Java Community Webinar #18 “How to Improve Web Application Perfor...
GlobalLogic Java Community Webinar #18 “How to Improve Web Application Perfor...
GlobalLogic Ukraine
 

More Related Content

Similar to Pdf lachow anu

Six Steps to Addressing Data Governance under GDPR and US Privacy Shield Regu...
Six Steps to Addressing Data Governance under GDPR and US Privacy Shield Regu...Six Steps to Addressing Data Governance under GDPR and US Privacy Shield Regu...
Six Steps to Addressing Data Governance under GDPR and US Privacy Shield Regu...
DATUM LLC
 
Click here to agree managing intellectual property when crowdsourcing solutions
Click here to agree managing intellectual property when crowdsourcing solutionsClick here to agree managing intellectual property when crowdsourcing solutions
Click here to agree managing intellectual property when crowdsourcing solutions
Ian McCarthy
 
“Fairness Cases as an Accelerant and Enabler for Cognitive Assistance Adoption”
“Fairness Cases as an Accelerant and Enabler for Cognitive Assistance Adoption”“Fairness Cases as an Accelerant and Enabler for Cognitive Assistance Adoption”
“Fairness Cases as an Accelerant and Enabler for Cognitive Assistance Adoption”
diannepatricia
 
Ntxissacsc5 purple 3-cyber insurance essentials-shawn_tuma.pptx
Ntxissacsc5 purple 3-cyber insurance essentials-shawn_tuma.pptxNtxissacsc5 purple 3-cyber insurance essentials-shawn_tuma.pptx
Ntxissacsc5 purple 3-cyber insurance essentials-shawn_tuma.pptx
North Texas Chapter of the ISSA
 
The Essentials of Cyber Insurance: A Panel of Industry Experts
The Essentials of Cyber Insurance: A Panel of Industry ExpertsThe Essentials of Cyber Insurance: A Panel of Industry Experts
The Essentials of Cyber Insurance: A Panel of Industry Experts
Shawn Tuma
 
Establishing an insider threat programme: Know your Snowden - Puneet Kukreja,...
Establishing an insider threat programme: Know your Snowden - Puneet Kukreja,...Establishing an insider threat programme: Know your Snowden - Puneet Kukreja,...
Establishing an insider threat programme: Know your Snowden - Puneet Kukreja,...
Puneet Kukreja
 
An Inside-Out Approach to Security in Financial Services
An Inside-Out Approach to Security in Financial ServicesAn Inside-Out Approach to Security in Financial Services
An Inside-Out Approach to Security in Financial Services
Forcepoint LLC
 
Fixing Intranet Search
Fixing Intranet SearchFixing Intranet Search
Fixing Intranet Search
Prescient Digital Media
 
Gdpr action plan - ISSA
Gdpr action plan - ISSAGdpr action plan - ISSA
Gdpr action plan - ISSA
Ulf Mattsson
 
Netwatcher Credit Union Tech Talk
Netwatcher Credit Union Tech TalkNetwatcher Credit Union Tech Talk
Netwatcher Credit Union Tech Talk
NetWatcher
 
Potential Opportunities for Common Federal Biometric Services
Potential Opportunities for Common Federal Biometric ServicesPotential Opportunities for Common Federal Biometric Services
Potential Opportunities for Common Federal Biometric Services
Duane Blackburn
 
Best_of_Breed_3-24-2015_How_to_Achieve_ABAC_Today copy
Best_of_Breed_3-24-2015_How_to_Achieve_ABAC_Today copyBest_of_Breed_3-24-2015_How_to_Achieve_ABAC_Today copy
Best_of_Breed_3-24-2015_How_to_Achieve_ABAC_Today copy
Stephanie McVitty
 
Takeaways from a Simulated Cyber Attack
Takeaways from a Simulated Cyber AttackTakeaways from a Simulated Cyber Attack
Takeaways from a Simulated Cyber Attack
Boston Consulting Group
 
SIAM Annual Meeting - CTeixeira MITRE V4
SIAM Annual Meeting - CTeixeira MITRE V4SIAM Annual Meeting - CTeixeira MITRE V4
SIAM Annual Meeting - CTeixeira MITRE V4
Christopher Teixeira
 
Mass Collaboration [Policy]: What, Why, and Choices
Mass Collaboration [Policy]: What, Why, and ChoicesMass Collaboration [Policy]: What, Why, and Choices
Mass Collaboration [Policy]: What, Why, and Choices
Mike Linksvayer
 
Olaf Kolkman - FIRST Keynote on Collaborative Security
Olaf Kolkman - FIRST Keynote on Collaborative SecurityOlaf Kolkman - FIRST Keynote on Collaborative Security
Olaf Kolkman - FIRST Keynote on Collaborative Security
Internet Technology Matters (Internet Society)
 
Getting Started with GDPR Compliance
Getting Started with GDPR ComplianceGetting Started with GDPR Compliance
Getting Started with GDPR Compliance
DATAVERSITY
 
Global Talent Management: 6 Keys to Unlocking Success
Global Talent Management: 6 Keys to Unlocking SuccessGlobal Talent Management: 6 Keys to Unlocking Success
Global Talent Management: 6 Keys to Unlocking Success
DDI | Development Dimensions International
 
Ethical, Social, and Political Issues in E-commerce
Ethical, Social, and Political Issues in E-commerceEthical, Social, and Political Issues in E-commerce
Ethical, Social, and Political Issues in E-commerce
Nor Ayuzi Deraman
 
Battle the Dark Side of Data Governance
Battle the Dark Side of Data GovernanceBattle the Dark Side of Data Governance
Battle the Dark Side of Data Governance
DATAVERSITY
 

Similar to Pdf lachow anu (20)

Six Steps to Addressing Data Governance under GDPR and US Privacy Shield Regu...
Six Steps to Addressing Data Governance under GDPR and US Privacy Shield Regu...Six Steps to Addressing Data Governance under GDPR and US Privacy Shield Regu...
Six Steps to Addressing Data Governance under GDPR and US Privacy Shield Regu...
 
Click here to agree managing intellectual property when crowdsourcing solutions
Click here to agree managing intellectual property when crowdsourcing solutionsClick here to agree managing intellectual property when crowdsourcing solutions
Click here to agree managing intellectual property when crowdsourcing solutions
 
“Fairness Cases as an Accelerant and Enabler for Cognitive Assistance Adoption”
“Fairness Cases as an Accelerant and Enabler for Cognitive Assistance Adoption”“Fairness Cases as an Accelerant and Enabler for Cognitive Assistance Adoption”
“Fairness Cases as an Accelerant and Enabler for Cognitive Assistance Adoption”
 
Ntxissacsc5 purple 3-cyber insurance essentials-shawn_tuma.pptx
Ntxissacsc5 purple 3-cyber insurance essentials-shawn_tuma.pptxNtxissacsc5 purple 3-cyber insurance essentials-shawn_tuma.pptx
Ntxissacsc5 purple 3-cyber insurance essentials-shawn_tuma.pptx
 
The Essentials of Cyber Insurance: A Panel of Industry Experts
The Essentials of Cyber Insurance: A Panel of Industry ExpertsThe Essentials of Cyber Insurance: A Panel of Industry Experts
The Essentials of Cyber Insurance: A Panel of Industry Experts
 
Establishing an insider threat programme: Know your Snowden - Puneet Kukreja,...
Establishing an insider threat programme: Know your Snowden - Puneet Kukreja,...Establishing an insider threat programme: Know your Snowden - Puneet Kukreja,...
Establishing an insider threat programme: Know your Snowden - Puneet Kukreja,...
 
An Inside-Out Approach to Security in Financial Services
An Inside-Out Approach to Security in Financial ServicesAn Inside-Out Approach to Security in Financial Services
An Inside-Out Approach to Security in Financial Services
 
Fixing Intranet Search
Fixing Intranet SearchFixing Intranet Search
Fixing Intranet Search
 
Gdpr action plan - ISSA
Gdpr action plan - ISSAGdpr action plan - ISSA
Gdpr action plan - ISSA
 
Netwatcher Credit Union Tech Talk
Netwatcher Credit Union Tech TalkNetwatcher Credit Union Tech Talk
Netwatcher Credit Union Tech Talk
 
Potential Opportunities for Common Federal Biometric Services
Potential Opportunities for Common Federal Biometric ServicesPotential Opportunities for Common Federal Biometric Services
Potential Opportunities for Common Federal Biometric Services
 
Best_of_Breed_3-24-2015_How_to_Achieve_ABAC_Today copy
Best_of_Breed_3-24-2015_How_to_Achieve_ABAC_Today copyBest_of_Breed_3-24-2015_How_to_Achieve_ABAC_Today copy
Best_of_Breed_3-24-2015_How_to_Achieve_ABAC_Today copy
 
Takeaways from a Simulated Cyber Attack
Takeaways from a Simulated Cyber AttackTakeaways from a Simulated Cyber Attack
Takeaways from a Simulated Cyber Attack
 
SIAM Annual Meeting - CTeixeira MITRE V4
SIAM Annual Meeting - CTeixeira MITRE V4SIAM Annual Meeting - CTeixeira MITRE V4
SIAM Annual Meeting - CTeixeira MITRE V4
 
Mass Collaboration [Policy]: What, Why, and Choices
Mass Collaboration [Policy]: What, Why, and ChoicesMass Collaboration [Policy]: What, Why, and Choices
Mass Collaboration [Policy]: What, Why, and Choices
 
Olaf Kolkman - FIRST Keynote on Collaborative Security
Olaf Kolkman - FIRST Keynote on Collaborative SecurityOlaf Kolkman - FIRST Keynote on Collaborative Security
Olaf Kolkman - FIRST Keynote on Collaborative Security
 
Getting Started with GDPR Compliance
Getting Started with GDPR ComplianceGetting Started with GDPR Compliance
Getting Started with GDPR Compliance
 
Global Talent Management: 6 Keys to Unlocking Success
Global Talent Management: 6 Keys to Unlocking SuccessGlobal Talent Management: 6 Keys to Unlocking Success
Global Talent Management: 6 Keys to Unlocking Success
 
Ethical, Social, and Political Issues in E-commerce
Ethical, Social, and Political Issues in E-commerceEthical, Social, and Political Issues in E-commerce
Ethical, Social, and Political Issues in E-commerce
 
Battle the Dark Side of Data Governance
Battle the Dark Side of Data GovernanceBattle the Dark Side of Data Governance
Battle the Dark Side of Data Governance
 

Recently uploaded

"What does it really mean for your system to be available, or how to define w...
"What does it really mean for your system to be available, or how to define w..."What does it really mean for your system to be available, or how to define w...
"What does it really mean for your system to be available, or how to define w...
Fwdays
 
GlobalLogic Java Community Webinar #18 “How to Improve Web Application Perfor...
GlobalLogic Java Community Webinar #18 “How to Improve Web Application Perfor...GlobalLogic Java Community Webinar #18 “How to Improve Web Application Perfor...
GlobalLogic Java Community Webinar #18 “How to Improve Web Application Perfor...
GlobalLogic Ukraine
 
QR Secure: A Hybrid Approach Using Machine Learning and Security Validation F...
QR Secure: A Hybrid Approach Using Machine Learning and Security Validation F...QR Secure: A Hybrid Approach Using Machine Learning and Security Validation F...
QR Secure: A Hybrid Approach Using Machine Learning and Security Validation F...
AlexanderRichford
 
"Choosing proper type of scaling", Olena Syrota
"Choosing proper type of scaling", Olena Syrota"Choosing proper type of scaling", Olena Syrota
"Choosing proper type of scaling", Olena Syrota
Fwdays
 
Apps Break Data
Apps Break DataApps Break Data
Apps Break Data
Ivo Velitchkov
 
Session 1 - Intro to Robotic Process Automation.pdf
Session 1 - Intro to Robotic Process Automation.pdfSession 1 - Intro to Robotic Process Automation.pdf
Session 1 - Intro to Robotic Process Automation.pdf
UiPathCommunity
 
What is an RPA CoE? Session 1 – CoE Vision
What is an RPA CoE? Session 1 – CoE VisionWhat is an RPA CoE? Session 1 – CoE Vision
What is an RPA CoE? Session 1 – CoE Vision
DianaGray10
 
Poznań ACE event - 19.06.2024 Team 24 Wrapup slidedeck
Poznań ACE event - 19.06.2024 Team 24 Wrapup slidedeckPoznań ACE event - 19.06.2024 Team 24 Wrapup slidedeck
Poznań ACE event - 19.06.2024 Team 24 Wrapup slidedeck
FilipTomaszewski5
 
From Natural Language to Structured Solr Queries using LLMs
From Natural Language to Structured Solr Queries using LLMsFrom Natural Language to Structured Solr Queries using LLMs
From Natural Language to Structured Solr Queries using LLMs
Sease
 
Mutation Testing for Task-Oriented Chatbots
Mutation Testing for Task-Oriented ChatbotsMutation Testing for Task-Oriented Chatbots
Mutation Testing for Task-Oriented Chatbots
Pablo Gómez Abajo
 
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...
Jason Yip
 
AI in the Workplace Reskilling, Upskilling, and Future Work.pptx
AI in the Workplace Reskilling, Upskilling, and Future Work.pptxAI in the Workplace Reskilling, Upskilling, and Future Work.pptx
AI in the Workplace Reskilling, Upskilling, and Future Work.pptx
Sunil Jagani
 
Discover the Unseen: Tailored Recommendation of Unwatched Content
Discover the Unseen: Tailored Recommendation of Unwatched ContentDiscover the Unseen: Tailored Recommendation of Unwatched Content
Discover the Unseen: Tailored Recommendation of Unwatched Content
ScyllaDB
 
The Microsoft 365 Migration Tutorial For Beginner.pptx
The Microsoft 365 Migration Tutorial For Beginner.pptxThe Microsoft 365 Migration Tutorial For Beginner.pptx
The Microsoft 365 Migration Tutorial For Beginner.pptx
operationspcvita
 
"NATO Hackathon Winner: AI-Powered Drug Search", Taras Kloba
"NATO Hackathon Winner: AI-Powered Drug Search", Taras Kloba"NATO Hackathon Winner: AI-Powered Drug Search", Taras Kloba
"NATO Hackathon Winner: AI-Powered Drug Search", Taras Kloba
Fwdays
 
AWS Certified Solutions Architect Associate (SAA-C03)
AWS Certified Solutions Architect Associate (SAA-C03)AWS Certified Solutions Architect Associate (SAA-C03)
AWS Certified Solutions Architect Associate (SAA-C03)
HarpalGohil4
 
Introducing BoxLang : A new JVM language for productivity and modularity!
Introducing BoxLang : A new JVM language for productivity and modularity!Introducing BoxLang : A new JVM language for productivity and modularity!
Introducing BoxLang : A new JVM language for productivity and modularity!
Ortus Solutions, Corp
 
Day 2 - Intro to UiPath Studio Fundamentals
Day 2 - Intro to UiPath Studio FundamentalsDay 2 - Intro to UiPath Studio Fundamentals
Day 2 - Intro to UiPath Studio Fundamentals
UiPathCommunity
 
Demystifying Knowledge Management through Storytelling
Demystifying Knowledge Management through StorytellingDemystifying Knowledge Management through Storytelling
Demystifying Knowledge Management through Storytelling
Enterprise Knowledge
 
Connector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectors
Connector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectorsConnector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectors
Connector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectors
DianaGray10
 

Recently uploaded (20)

"What does it really mean for your system to be available, or how to define w...
"What does it really mean for your system to be available, or how to define w..."What does it really mean for your system to be available, or how to define w...
"What does it really mean for your system to be available, or how to define w...
 
GlobalLogic Java Community Webinar #18 “How to Improve Web Application Perfor...
GlobalLogic Java Community Webinar #18 “How to Improve Web Application Perfor...GlobalLogic Java Community Webinar #18 “How to Improve Web Application Perfor...
GlobalLogic Java Community Webinar #18 “How to Improve Web Application Perfor...
 
QR Secure: A Hybrid Approach Using Machine Learning and Security Validation F...
QR Secure: A Hybrid Approach Using Machine Learning and Security Validation F...QR Secure: A Hybrid Approach Using Machine Learning and Security Validation F...
QR Secure: A Hybrid Approach Using Machine Learning and Security Validation F...
 
"Choosing proper type of scaling", Olena Syrota
"Choosing proper type of scaling", Olena Syrota"Choosing proper type of scaling", Olena Syrota
"Choosing proper type of scaling", Olena Syrota
 
Apps Break Data
Apps Break DataApps Break Data
Apps Break Data
 
Session 1 - Intro to Robotic Process Automation.pdf
Session 1 - Intro to Robotic Process Automation.pdfSession 1 - Intro to Robotic Process Automation.pdf
Session 1 - Intro to Robotic Process Automation.pdf
 
What is an RPA CoE? Session 1 – CoE Vision
What is an RPA CoE? Session 1 – CoE VisionWhat is an RPA CoE? Session 1 – CoE Vision
What is an RPA CoE? Session 1 – CoE Vision
 
Poznań ACE event - 19.06.2024 Team 24 Wrapup slidedeck
Poznań ACE event - 19.06.2024 Team 24 Wrapup slidedeckPoznań ACE event - 19.06.2024 Team 24 Wrapup slidedeck
Poznań ACE event - 19.06.2024 Team 24 Wrapup slidedeck
 
From Natural Language to Structured Solr Queries using LLMs
From Natural Language to Structured Solr Queries using LLMsFrom Natural Language to Structured Solr Queries using LLMs
From Natural Language to Structured Solr Queries using LLMs
 
Mutation Testing for Task-Oriented Chatbots
Mutation Testing for Task-Oriented ChatbotsMutation Testing for Task-Oriented Chatbots
Mutation Testing for Task-Oriented Chatbots
 
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...
 
AI in the Workplace Reskilling, Upskilling, and Future Work.pptx
AI in the Workplace Reskilling, Upskilling, and Future Work.pptxAI in the Workplace Reskilling, Upskilling, and Future Work.pptx
AI in the Workplace Reskilling, Upskilling, and Future Work.pptx
 
Discover the Unseen: Tailored Recommendation of Unwatched Content
Discover the Unseen: Tailored Recommendation of Unwatched ContentDiscover the Unseen: Tailored Recommendation of Unwatched Content
Discover the Unseen: Tailored Recommendation of Unwatched Content
 
The Microsoft 365 Migration Tutorial For Beginner.pptx
The Microsoft 365 Migration Tutorial For Beginner.pptxThe Microsoft 365 Migration Tutorial For Beginner.pptx
The Microsoft 365 Migration Tutorial For Beginner.pptx
 
"NATO Hackathon Winner: AI-Powered Drug Search", Taras Kloba
"NATO Hackathon Winner: AI-Powered Drug Search", Taras Kloba"NATO Hackathon Winner: AI-Powered Drug Search", Taras Kloba
"NATO Hackathon Winner: AI-Powered Drug Search", Taras Kloba
 
AWS Certified Solutions Architect Associate (SAA-C03)
AWS Certified Solutions Architect Associate (SAA-C03)AWS Certified Solutions Architect Associate (SAA-C03)
AWS Certified Solutions Architect Associate (SAA-C03)
 
Introducing BoxLang : A new JVM language for productivity and modularity!
Introducing BoxLang : A new JVM language for productivity and modularity!Introducing BoxLang : A new JVM language for productivity and modularity!
Introducing BoxLang : A new JVM language for productivity and modularity!
 
Day 2 - Intro to UiPath Studio Fundamentals
Day 2 - Intro to UiPath Studio FundamentalsDay 2 - Intro to UiPath Studio Fundamentals
Day 2 - Intro to UiPath Studio Fundamentals
 
Demystifying Knowledge Management through Storytelling
Demystifying Knowledge Management through StorytellingDemystifying Knowledge Management through Storytelling
Demystifying Knowledge Management through Storytelling
 
Connector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectors
Connector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectorsConnector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectors
Connector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectors
 

Pdf lachow anu

  • 1. © 2017 The MITRE Corporation. All rights reserved. | 1 | Approved for Public Release; Distribution Unlimited. Case Number 17-2636 Dr. Irv Lachow Portfolio Manager, International Cybersecurity, MITRE Visiting Fellow, The Hoover Institution, Stanford University July 13, 2017 The Promise and Peril of Active Cyber Defense
  • 2. | 2 | © 2017 The MITRE Corporation. All rights reserved. For Internal MITRE Use. Approved for Public Release; Distribution Unlimited. Case Number 17-2636 Disclaimer ▪ The author's affiliation with The MITRE Corporation is provided for identification purposes only, and is not intended to convey or imply MITRE's concurrence with, or support for, the positions, opinions, or viewpoints expressed by the author.
  • 3. | 3 | © 2017 The MITRE Corporation. All rights reserved. For Internal MITRE Use. Approved for Public Release; Distribution Unlimited. Case Number 17-2636 Agenda ▪ Active Cyber Defense Primer ▪ Policy Issues ▪ References ▪ Discussion
  • 4. | 4 | © 2017 The MITRE Corporation. All rights reserved. For Internal MITRE Use. Approved for Public Release; Distribution Unlimited. Case Number 17-2636 Why Is Active Cyber Defense Important? ▪ Governments alone cannot protect the private sector ▪ Companies are increasingly capable of taking active steps to defend themselves—and are doing so ▪ Current legal and policy guidance is "absent, vague or difficult to operationalize." – Governments are effectively blocking companies from taking action ▪ Two most likely outcomes are undesirable: – Companies do nothing – Wild West
  • 5. | 5 | © 2017 The MITRE Corporation. All rights reserved. For Internal MITRE Use. Approved for Public Release; Distribution Unlimited. Case Number 17-2636 What Does “Active Cyber Defense” Mean? ▪ Center for Cyber and Homeland Security – Active defense is a term that captures a spectrum of proactive cybersecurity measures that fall between traditional passive defense and offensive….the term is NOT synonymous with “hacking back.” (Emphasis added.) ▪ Hoffman and Levite (from Robert Dewar) – An approach to achieving cybersecurity predicated upon the deployment of measures to detect, analyze, identify and mitigate threats…combined with the capability and resources to take proactive or offensive action against threats… ▪ DARPA – DARPA’s Active Cyber Defense (ACD) program is designed to…[provide] cyber defenders a “home field” advantage: the ability to perform defensive operations that involve direct engagement with sophisticated adversaries in DoD-controlled cyberspace.
  • 6. | 6 | © 2017 The MITRE Corporation. All rights reserved. For Internal MITRE Use. Approved for Public Release; Distribution Unlimited. Case Number 17-2636 Examples of ACD Actions Source: CCHS
  • 7. | 7 | © 2017 The MITRE Corporation. All rights reserved. For Internal MITRE Use. Approved for Public Release; Distribution Unlimited. Case Number 17-2636 Benefits and Risks of ACD Actions Source: Hoffman and Levite
  • 8. | 8 | © 2017 The MITRE Corporation. All rights reserved. For Internal MITRE Use. Approved for Public Release; Distribution Unlimited. Case Number 17-2636 ACD Activities Involve Risk Tradeoffs Source: Hoffman and Levite
  • 9. | 9 | © 2017 The MITRE Corporation. All rights reserved. For Internal MITRE Use. Approved for Public Release; Distribution Unlimited. Case Number 17-2636 In Theory ACD Risks Can be Quantified Source: Hoffman and Levite
  • 10. | 10 | © 2017 The MITRE Corporation. All rights reserved. For Internal MITRE Use. Approved for Public Release; Distribution Unlimited. Case Number 17-2636 Agenda ▪ Active Cyber Defense Primer ▪ Policy Issues ▪ References ▪ Discussion
  • 11. | 11 | © 2017 The MITRE Corporation. All rights reserved. For Internal MITRE Use. Approved for Public Release; Distribution Unlimited. Case Number 17-2636 Key Policy and Legal Questions ▪ Who can do ACD? ▪ What can they do? ▪ When can they do ACD? ▪ Who is help responsible when…? ▪ How address int’l aspects? ▪ How address technical developments?
  • 12. | 12 | © 2017 The MITRE Corporation. All rights reserved. For Internal MITRE Use. Approved for Public Release; Distribution Unlimited. Case Number 17-2636 Legal Frameworks: Not Much Help ▪ National Laws vary considerably but most prevent the bulk of ACD activities – Example: United States' Computer Fraud and Abuse Act ▪ International Laws – "Formal international treaties have no apparent direct application to the [ACD] questions being considered." ▪ Which legal models are most applicable? ▪ This lack of guidance needs to be addressed… Source: Lachow, CCHS, Rosenzweig
  • 13. | 13 | © 2017 The MITRE Corporation. All rights reserved. For Internal MITRE Use. Approved for Public Release; Distribution Unlimited. Case Number 17-2636 Principles-Based Approach (Market Driven) ▪ The Concept – Create normative principles for ACD behaviors ▪ Risk-based ▪ Formalized via industry-driven code of conduct – Use market-based mechanisms to enforce desired behaviors ▪ Insurance industry ▪ Civil torts ▪ Advantages – Relies on incentives to drive behavior – Balances risks – Adaptable to dynamic environment ▪ Challenges – Legal authority is still needed – Actions can have global consequences – Markets sometimes fail Source: Hoffman and Levite
  • 14. | 14 | © 2017 The MITRE Corporation. All rights reserved. For Internal MITRE Use. Approved for Public Release; Distribution Unlimited. Case Number 17-2636 Government-Licensed Private Security ▪ The Concept: – Only authorized firms are allowed to conduct ACD – Licensing requirements set by each country – Allowed actions would fall short of most aggressive ACD techniques – Close cooperation with gov’t authorities ▪ Advantages – Clear limits about allowable actions – Lower risk of collateral damage and escalation – Improved public-private cooperation ▪ Challenges – Licensing process – Oversight process – Coordination across nations – State-sanctioned activity Source: Rosenzeig
  • 15. | 15 | © 2017 The MITRE Corporation. All rights reserved. For Internal MITRE Use. Approved for Public Release; Distribution Unlimited. Case Number 17-2636 “ACD Policy Framework” ▪ Fifteen recommended steps for U.S. industry, Executive Branch, and Congress ▪ Key themes – Define range of acceptable actions that balance efficacy and risk – Update legal instruments to reflect balanced approach – Work towards global standards across nations – Strengthen public-private cooperation – Create set of best practices that are promulgated across industry Source: CCHS
  • 16. | 16 | © 2017 The MITRE Corporation. All rights reserved. For Internal MITRE Use. Approved for Public Release; Distribution Unlimited. Case Number 17-2636 Consensus Findings ▪ Private sector needs to be given more authority to act ▪ ACD actions need to balance benefits and risks ▪ Legal clarity is necessary if not sufficient ▪ International aspects may be most challenging ▪ Government and industry cooperation is essential
  • 17. | 17 | © 2017 The MITRE Corporation. All rights reserved. For Internal MITRE Use. Approved for Public Release; Distribution Unlimited. Case Number 17-2636 Agenda ▪ Active Cyber Defense Primer ▪ Policy Issues ▪ References ▪ Discussion
  • 18. | 18 | © 2017 The MITRE Corporation. All rights reserved. For Internal MITRE Use. Approved for Public Release; Distribution Unlimited. Case Number 17-2636 Key References ▪ Center for Cyber & Homeland Security (CCHS). Into the Grey Zone: The Private Sector and Active Defense Against Cyber Threats: Washington, DC, The George Washington University, 2016. ▪ Croom, Charles, “The Cyber Kill Chain: A Foundation for a New Cyber Security Strategy,” High Frontier 6, No. 4 (2010): 52-56. ▪ Hoffman, Wyatt and Ariel E. Levite. Private Sector Cyber Defense: Can Active Measures Help Stablize Cyberspace: Washington, DC, Carnegie Endowment for International Peace, 2017. ▪ Lachow, Irving. Active Cyber Defense: A Framework for Policymakers: Washington, DC, Center for a New American Security, 2013. ▪ Rosenzweig, Paul, Steven P. Bucci and David Inserra. Next Steps for U.S. Cybersecurity in the Trump Administration: Active Cyber Defense, Backgrounder, No 3188: Washington, DC, The Heritage Foundation, 2017.
  • 19. | 19 | © 2017 The MITRE Corporation. All rights reserved. For Internal MITRE Use. Approved for Public Release; Distribution Unlimited. Case Number 17-2636 Agenda ▪ Active Cyber Defense Primer ▪ Policy Issues ▪ References ▪ Discussion
  • 20. | 20 | © 2017 The MITRE Corporation. All rights reserved. For Internal MITRE Use. Approved for Public Release; Distribution Unlimited. Case Number 17-2636 Questions? Comments? Ideas?
  • 21. | 21 | © 2017 The MITRE Corporation. All rights reserved. For Internal MITRE Use. Approved for Public Release; Distribution Unlimited. Case Number 17-2636 UK’s Government ACD Program ▪ Goal: “tackle, in [an] automated way, a significant proportion of the cyber attacks that hit the UK.” ▪ Led by National Cyber Security Centre ▪ Program elements – Strengthen infrastructure protocols – Secure email – Take down criminal websites – Filter DNS – Strengthen identity authentication Source: National Cyber Security Centre
  • 22. | 22 | © 2017 The MITRE Corporation. All rights reserved. For Internal MITRE Use. Approved for Public Release; Distribution Unlimited. Case Number 17-2636 ACD Techniques Most Useful Against Advanced Adversaries ▪ Cyber “hygiene” can thwart most criminal activity ▪ ACD requires time and effort and carries risks Source: Lachow and Croom