SlideShare a Scribd company logo

Resiliency-Part One -11-3-2015

Dr Robert D. Childs
Dr Robert D. Childs

The document discusses cyber resiliency and defense, defining key terms like cybersecurity, cyber defense, and cyber resilience. It examines common types of cyber attacks and their purposes, as well as factors influencing the cyber environment like increasing device usage and sophistication of attacks. The document also outlines challenges to cyber defense and potential solutions like adopting a proactive, agile approach focused on real-time network visibility and behavior analysis.

1 of 17
Download to read offline
‹#› CYBER RESILIENCY: from Prevention to Recovery (Part 1) 8 Dec 2015 Dr. Robert D. Childs President & CEO, iCLEAR LLC Former Chancellor, National Defense University (NDU) iCollege and Deputy to NDU President for Cyber and Information
‹#› Definition of Cybersecurity The protection of information systems from theft or damage to hardware, software, and information on them, as well as from disruption or misdirection of the services they provide. It includes controlling physical access to hardware, protecting against harm that may come via network access, data and code injection, and due to malpractice by operators, whether intentional, accidental, or due to them being tricked into deviating from secure procedures. 3
‹#› 4 NATO Cooperative Cyber Defense Center of Excellence A proactive measure for detecting or obtaining information as to a cyber intrusion, cyber attack, or impending cyber operation or for determining the origin of an operation that involves launching a preemptive, preventive, or cyber counter- operation against the source. Source: Compilation of Existing Cybersecurity and Information Security Related Defintions, Open Technology Institute New America (2013) Cyber Defense Definition
‹#› Cyber Resilience Definition 5 The ability to prepare for, adapt to, withstand, and rapidly recover from disruptions resulting from deliberate attacks, accidents, or naturally occurring threats or incidents. Source: Qatar National Cyber Security Strategy (2014)
‹#› 6 Overarching Cyber Defense Questions • What are various types/purposes of attacks • What factors influence the cyber environment (trends/issues/technologies) • What are primary cyber defense challenges • What are potential solutions • What areas require further analysis/R&D • What elements are needed in a cyber defense plan
‹#› Five Most Common Types of Attacks • Socially engineered Trojans • Unpatched software • Phishing attacks • Network traveling worms • Advanced Persistent Threat (APT) 7
‹#› 8 • Identity theft (money, medical fraud, access) • Financial (banks,insurance) • Espionage (exfiltrate commercial/political/military information) • National security (military plans/operations, infrastructure) • Terrorism (communicate,fund raise,disrupt) Attack Purposes
‹#› Major Societal Factors Affecting Cybersecurity Trends • Expanding number/use of mobile devices • Increasing use of social media • Use of data analytics • Shift to cloud computing • Increasing skills crisis 9
‹#› 10 Specific Issues Influencing Cyber Environment • Increasing attacks/sophistication/seriousness • Increasing number of apps • Proliferation of opportunities (SCADA) • Pervasive/ubiquitous computing • Need for interoperability • Exponential growth of Internet of Things (IoT) • Disagreement on security metrics • Advanced Persistent Threat (APT)
Growth of Cyber Threat Vectors High Low Sophistication Sophistication of Hacking Tools & Elite Hackers Increasing Elite Hackers 1980 1985 1990 1995 2000 Sophistication Required of Common Hacktivists Declining cross site scripting password guessing self-replicating code password cracking exploiting known vulnerabilities disabling audits back doors Session hijacking sweepers sniffers packet spoofing graphic user interface automated probes/scans denial of service www attacks “stealth” / advanced scanning techniques burglaries network mgmt. diagnostics distributed attack tools Staging sophisticated C2 2010 ~ 2020 APT Sophistication of Stealth Tools & Elite Hackers Increasing …next? Dr. Gil Duval, CEO Data Security Storage, LLC 11 Elite Critical Infrastructure Exploitation Tools “The Enhanced Cybersecurity Services program …voluntary information sharing program will provide classified cyber threat and technical information …to eligible critical infrastructure companies.” - President Barack Obama, Executive Order, 12 February 2013
‹#› 12 Technologies Impacting Cyber Defense • Sensors • Wearables • Drones/robotics • Virtual reality (gaming) • Mobile devices/apps • Internet of everything
‹#› Cyber Defense Challenges • Advanced Persistent Threat (APT) • Late detection/continuing leakage • Backdoor apps • Multitude of vendors/fragmented solutions • Cloud computing 13
‹#› Cyber Defense: Old vs New Approach • Old Approach: (patch & pray-a perimeter defense) • New Approach: (proactive,agile,adaptive) • Realtime visibility across network • See how machines/people behave • Identify changes in behavior • Take corrective measures 14
‹#› Active Cyber Defense (ACD) Reactive Engagement Model • find invading code • unplug affected systems • create security patches • apply patches network wide ACD Program (not offensive) • collect, synchronized realtime capabilities • discover, define, analyze, mitigate cyber threats/ vulnerabilities • disrupt and neutralize AS ATTACKS HAPPEN 15
‹#› 16 DARPA Projects to Protect Military Technology from Hackers • High-Assurance Cyber Military Systems (HACMS)- no requirement for security patches • Cyber Grand Challenge (automated adaptive security software) • Computer individuality (distinctive computers) • Advanced encryption (fully homomorphic)
‹#› Contact Dr. Robert D. Childs President & CEO, iCLEAR LLC Former Chancellor, National Defense University(NDU) iCollege and Deputy to the NDU President for Cyber and Information e-mail: Childs@iclearllc.com iCLEAR LLC website: http://iclearllc.com

Recommended

NTXISSACSC1 Conference - Cybersecurity 2014 by Andrea Almeida
NTXISSACSC1 Conference - Cybersecurity 2014 by Andrea AlmeidaNTXISSACSC1 Conference - Cybersecurity 2014 by Andrea Almeida
NTXISSACSC1 Conference - Cybersecurity 2014 by Andrea Almeida
North Texas Chapter of the ISSA
 
NTXISSACSC2 - The Role of Threat Intelligence and Layered Security for Intrus...
NTXISSACSC2 - The Role of Threat Intelligence and Layered Security for Intrus...NTXISSACSC2 - The Role of Threat Intelligence and Layered Security for Intrus...
NTXISSACSC2 - The Role of Threat Intelligence and Layered Security for Intrus...
North Texas Chapter of the ISSA
 
NTXISSACSC2 - Bring Your Own Device: The Great Debate by Brandon Swain
NTXISSACSC2 - Bring Your Own Device: The Great Debate by Brandon SwainNTXISSACSC2 - Bring Your Own Device: The Great Debate by Brandon Swain
NTXISSACSC2 - Bring Your Own Device: The Great Debate by Brandon Swain
North Texas Chapter of the ISSA
 
Ransomware ly
Ransomware lyRansomware ly
Ransomware ly
Lisa Young
 
Database forensics
Database forensicsDatabase forensics
Database forensics
Denys A. Flores, PhD
 
TrustCom-16 - Paper ID 227
TrustCom-16 - Paper ID 227TrustCom-16 - Paper ID 227
TrustCom-16 - Paper ID 227
Denys A. Flores, PhD
 
Marcel van der Heijden - SpeedInvest & Aircloak - EU GDPR & Data Privacy Comp...
Marcel van der Heijden - SpeedInvest & Aircloak - EU GDPR & Data Privacy Comp...Marcel van der Heijden - SpeedInvest & Aircloak - EU GDPR & Data Privacy Comp...
Marcel van der Heijden - SpeedInvest & Aircloak - EU GDPR & Data Privacy Comp...
Burton Lee
 
Technical Challenges in Cyber Forensics
Technical Challenges in Cyber ForensicsTechnical Challenges in Cyber Forensics
Technical Challenges in Cyber Forensics
Ollie Whitehouse
 

Recommended

NTXISSACSC1 Conference - Cybersecurity 2014 by Andrea Almeida
NTXISSACSC1 Conference - Cybersecurity 2014 by Andrea AlmeidaNTXISSACSC1 Conference - Cybersecurity 2014 by Andrea Almeida
NTXISSACSC1 Conference - Cybersecurity 2014 by Andrea Almeida
North Texas Chapter of the ISSA
 
NTXISSACSC2 - The Role of Threat Intelligence and Layered Security for Intrus...
NTXISSACSC2 - The Role of Threat Intelligence and Layered Security for Intrus...NTXISSACSC2 - The Role of Threat Intelligence and Layered Security for Intrus...
NTXISSACSC2 - The Role of Threat Intelligence and Layered Security for Intrus...
North Texas Chapter of the ISSA
 
NTXISSACSC2 - Bring Your Own Device: The Great Debate by Brandon Swain
NTXISSACSC2 - Bring Your Own Device: The Great Debate by Brandon SwainNTXISSACSC2 - Bring Your Own Device: The Great Debate by Brandon Swain
NTXISSACSC2 - Bring Your Own Device: The Great Debate by Brandon Swain
North Texas Chapter of the ISSA
 
Ransomware ly
Ransomware lyRansomware ly
Ransomware ly
Lisa Young
 
Database forensics
Database forensicsDatabase forensics
Database forensics
Denys A. Flores, PhD
 
TrustCom-16 - Paper ID 227
TrustCom-16 - Paper ID 227TrustCom-16 - Paper ID 227
TrustCom-16 - Paper ID 227
Denys A. Flores, PhD
 
Marcel van der Heijden - SpeedInvest & Aircloak - EU GDPR & Data Privacy Comp...
Marcel van der Heijden - SpeedInvest & Aircloak - EU GDPR & Data Privacy Comp...Marcel van der Heijden - SpeedInvest & Aircloak - EU GDPR & Data Privacy Comp...
Marcel van der Heijden - SpeedInvest & Aircloak - EU GDPR & Data Privacy Comp...
Burton Lee
 
Technical Challenges in Cyber Forensics
Technical Challenges in Cyber ForensicsTechnical Challenges in Cyber Forensics
Technical Challenges in Cyber Forensics
Ollie Whitehouse
 
Its not ITs problem
Its not ITs problemIts not ITs problem
Its not ITs problem
Shiva Bissessar
 
Careers in Cyber Security
Careers in Cyber SecurityCareers in Cyber Security
Careers in Cyber Security
Deep Shankar Yadav
 
Cybercrime Bill 2014: Due Diligence
Cybercrime Bill 2014: Due DiligenceCybercrime Bill 2014: Due Diligence
Cybercrime Bill 2014: Due Diligence
Shiva Bissessar
 
WPCCS 16 Presentation
WPCCS 16 PresentationWPCCS 16 Presentation
WPCCS 16 Presentation
Denys A. Flores, PhD
 
Cyber Security for Teenagers/Students
Cyber Security for Teenagers/StudentsCyber Security for Teenagers/Students
Cyber Security for Teenagers/Students
rainrjcahili
 
Threat Intelligence
Threat IntelligenceThreat Intelligence
Threat Intelligence
Deepak Kumar (D3)
 
Cyber security and AI
Cyber security and AICyber security and AI
Cyber security and AI
DexterJanPineda
 
Top Cybersecurity Challenges Facing Your Business
Top Cybersecurity Challenges Facing Your BusinessTop Cybersecurity Challenges Facing Your Business
Top Cybersecurity Challenges Facing Your Business
Nicholas Davis
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligence
Marlabs
 
Hieupc-The role of psychology in enhancing cybersecurity
Hieupc-The role of psychology in enhancing cybersecurityHieupc-The role of psychology in enhancing cybersecurity
Hieupc-The role of psychology in enhancing cybersecurity
Security Bootcamp
 
Cyber threat intelligence ppt
Cyber threat intelligence pptCyber threat intelligence ppt
Cyber threat intelligence ppt
Kumar Gaurav
 
Building an Effective Cyber Intelligence Program
Building an Effective Cyber Intelligence ProgramBuilding an Effective Cyber Intelligence Program
Building an Effective Cyber Intelligence Program
London School of Cyber Security
 
Impressions from Caribbean ICT Stakeholder Meeting, CyberSecurity
Impressions from Caribbean ICT Stakeholder Meeting, CyberSecurityImpressions from Caribbean ICT Stakeholder Meeting, CyberSecurity
Impressions from Caribbean ICT Stakeholder Meeting, CyberSecurity
Shiva Bissessar
 
Information Assurance And Security - Chapter 2 - Lesson 2
Information Assurance And Security - Chapter 2 - Lesson 2Information Assurance And Security - Chapter 2 - Lesson 2
Information Assurance And Security - Chapter 2 - Lesson 2
MLG College of Learning, Inc
 
Threat intelligence in security
Threat intelligence in securityThreat intelligence in security
Threat intelligence in security
Osama Ellahi
 
Artificial Intelligence and Cybersecurity
Artificial Intelligence and CybersecurityArtificial Intelligence and Cybersecurity
Artificial Intelligence and Cybersecurity
Olivier Busolini
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligence
ZaiffiEhsan
 
Road map for actionable threat intelligence
Road map for actionable threat intelligenceRoad map for actionable threat intelligence
Road map for actionable threat intelligence
abhisheksinghcs
 
The role of big data, artificial intelligence and machine learning in cyber i...
The role of big data, artificial intelligence and machine learning in cyber i...The role of big data, artificial intelligence and machine learning in cyber i...
The role of big data, artificial intelligence and machine learning in cyber i...
Aladdin Dandis
 
Cybersecurity: The Danger, the Cost, the Retaliation
Cybersecurity: The Danger, the Cost, the RetaliationCybersecurity: The Danger, the Cost, the Retaliation
Cybersecurity: The Danger, the Cost, the Retaliation
PECB
 
Resiliency-Part Two -11-3-2015 copy
Resiliency-Part Two -11-3-2015 copyResiliency-Part Two -11-3-2015 copy
Resiliency-Part Two -11-3-2015 copy
Dr Robert D. Childs
 
Cybercrime - Attack of the Cyber Spies
Cybercrime - Attack of the Cyber SpiesCybercrime - Attack of the Cyber Spies
Cybercrime - Attack of the Cyber Spies
Symantec Website Security
 

More Related Content

What's hot

Its not ITs problem
Its not ITs problemIts not ITs problem
Its not ITs problem
Shiva Bissessar
 
Careers in Cyber Security
Careers in Cyber SecurityCareers in Cyber Security
Careers in Cyber Security
Deep Shankar Yadav
 
Cybercrime Bill 2014: Due Diligence
Cybercrime Bill 2014: Due DiligenceCybercrime Bill 2014: Due Diligence
Cybercrime Bill 2014: Due Diligence
Shiva Bissessar
 
WPCCS 16 Presentation
WPCCS 16 PresentationWPCCS 16 Presentation
WPCCS 16 Presentation
Denys A. Flores, PhD
 
Cyber Security for Teenagers/Students
Cyber Security for Teenagers/StudentsCyber Security for Teenagers/Students
Cyber Security for Teenagers/Students
rainrjcahili
 
Threat Intelligence
Threat IntelligenceThreat Intelligence
Threat Intelligence
Deepak Kumar (D3)
 
Cyber security and AI
Cyber security and AICyber security and AI
Cyber security and AI
DexterJanPineda
 
Top Cybersecurity Challenges Facing Your Business
Top Cybersecurity Challenges Facing Your BusinessTop Cybersecurity Challenges Facing Your Business
Top Cybersecurity Challenges Facing Your Business
Nicholas Davis
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligence
Marlabs
 
Hieupc-The role of psychology in enhancing cybersecurity
Hieupc-The role of psychology in enhancing cybersecurityHieupc-The role of psychology in enhancing cybersecurity
Hieupc-The role of psychology in enhancing cybersecurity
Security Bootcamp
 
Cyber threat intelligence ppt
Cyber threat intelligence pptCyber threat intelligence ppt
Cyber threat intelligence ppt
Kumar Gaurav
 
Building an Effective Cyber Intelligence Program
Building an Effective Cyber Intelligence ProgramBuilding an Effective Cyber Intelligence Program
Building an Effective Cyber Intelligence Program
London School of Cyber Security
 
Impressions from Caribbean ICT Stakeholder Meeting, CyberSecurity
Impressions from Caribbean ICT Stakeholder Meeting, CyberSecurityImpressions from Caribbean ICT Stakeholder Meeting, CyberSecurity
Impressions from Caribbean ICT Stakeholder Meeting, CyberSecurity
Shiva Bissessar
 
Information Assurance And Security - Chapter 2 - Lesson 2
Information Assurance And Security - Chapter 2 - Lesson 2Information Assurance And Security - Chapter 2 - Lesson 2
Information Assurance And Security - Chapter 2 - Lesson 2
MLG College of Learning, Inc
 
Threat intelligence in security
Threat intelligence in securityThreat intelligence in security
Threat intelligence in security
Osama Ellahi
 
Artificial Intelligence and Cybersecurity
Artificial Intelligence and CybersecurityArtificial Intelligence and Cybersecurity
Artificial Intelligence and Cybersecurity
Olivier Busolini
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligence
ZaiffiEhsan
 
Road map for actionable threat intelligence
Road map for actionable threat intelligenceRoad map for actionable threat intelligence
Road map for actionable threat intelligence
abhisheksinghcs
 
The role of big data, artificial intelligence and machine learning in cyber i...
The role of big data, artificial intelligence and machine learning in cyber i...The role of big data, artificial intelligence and machine learning in cyber i...
The role of big data, artificial intelligence and machine learning in cyber i...
Aladdin Dandis
 
Cybersecurity: The Danger, the Cost, the Retaliation
Cybersecurity: The Danger, the Cost, the RetaliationCybersecurity: The Danger, the Cost, the Retaliation
Cybersecurity: The Danger, the Cost, the Retaliation
PECB
 

What's hot (20)

Its not ITs problem
Its not ITs problemIts not ITs problem
Its not ITs problem
 
Careers in Cyber Security
Careers in Cyber SecurityCareers in Cyber Security
Careers in Cyber Security
 
Cybercrime Bill 2014: Due Diligence
Cybercrime Bill 2014: Due DiligenceCybercrime Bill 2014: Due Diligence
Cybercrime Bill 2014: Due Diligence
 
WPCCS 16 Presentation
WPCCS 16 PresentationWPCCS 16 Presentation
WPCCS 16 Presentation
 
Cyber Security for Teenagers/Students
Cyber Security for Teenagers/StudentsCyber Security for Teenagers/Students
Cyber Security for Teenagers/Students
 
Threat Intelligence
Threat IntelligenceThreat Intelligence
Threat Intelligence
 
Cyber security and AI
Cyber security and AICyber security and AI
Cyber security and AI
 
Top Cybersecurity Challenges Facing Your Business
Top Cybersecurity Challenges Facing Your BusinessTop Cybersecurity Challenges Facing Your Business
Top Cybersecurity Challenges Facing Your Business
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligence
 
Hieupc-The role of psychology in enhancing cybersecurity
Hieupc-The role of psychology in enhancing cybersecurityHieupc-The role of psychology in enhancing cybersecurity
Hieupc-The role of psychology in enhancing cybersecurity
 
Cyber threat intelligence ppt
Cyber threat intelligence pptCyber threat intelligence ppt
Cyber threat intelligence ppt
 
Building an Effective Cyber Intelligence Program
Building an Effective Cyber Intelligence ProgramBuilding an Effective Cyber Intelligence Program
Building an Effective Cyber Intelligence Program
 
Impressions from Caribbean ICT Stakeholder Meeting, CyberSecurity
Impressions from Caribbean ICT Stakeholder Meeting, CyberSecurityImpressions from Caribbean ICT Stakeholder Meeting, CyberSecurity
Impressions from Caribbean ICT Stakeholder Meeting, CyberSecurity
 
Information Assurance And Security - Chapter 2 - Lesson 2
Information Assurance And Security - Chapter 2 - Lesson 2Information Assurance And Security - Chapter 2 - Lesson 2
Information Assurance And Security - Chapter 2 - Lesson 2
 
Threat intelligence in security
Threat intelligence in securityThreat intelligence in security
Threat intelligence in security
 
Artificial Intelligence and Cybersecurity
Artificial Intelligence and CybersecurityArtificial Intelligence and Cybersecurity
Artificial Intelligence and Cybersecurity
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligence
 
Road map for actionable threat intelligence
Road map for actionable threat intelligenceRoad map for actionable threat intelligence
Road map for actionable threat intelligence
 
The role of big data, artificial intelligence and machine learning in cyber i...
The role of big data, artificial intelligence and machine learning in cyber i...The role of big data, artificial intelligence and machine learning in cyber i...
The role of big data, artificial intelligence and machine learning in cyber i...
 
Cybersecurity: The Danger, the Cost, the Retaliation
Cybersecurity: The Danger, the Cost, the RetaliationCybersecurity: The Danger, the Cost, the Retaliation
Cybersecurity: The Danger, the Cost, the Retaliation
 

Viewers also liked

Resiliency-Part Two -11-3-2015 copy
Resiliency-Part Two -11-3-2015 copyResiliency-Part Two -11-3-2015 copy
Resiliency-Part Two -11-3-2015 copy
Dr Robert D. Childs
 
Cybercrime - Attack of the Cyber Spies
Cybercrime - Attack of the Cyber SpiesCybercrime - Attack of the Cyber Spies
Cybercrime - Attack of the Cyber Spies
Symantec Website Security
 
The anatomy of russian information warfare
The anatomy of russian information warfareThe anatomy of russian information warfare
The anatomy of russian information warfare
Mousselmal Tarik
 
Cyber Security for the Military and Defence Sector 2013
Cyber Security for the Military and Defence Sector 2013Cyber Security for the Military and Defence Sector 2013
Cyber Security for the Military and Defence Sector 2013
Dale Butler
 
Build a Cyber Resilient Network with Symantec
Build a Cyber Resilient Network with SymantecBuild a Cyber Resilient Network with Symantec
Build a Cyber Resilient Network with Symantec
Arrow ECS UK
 
VIMRO Cyber Security Methodology
VIMRO Cyber Security MethodologyVIMRO Cyber Security Methodology
VIMRO Cyber Security Methodology
FitCEO, Inc. (FCI)
 
LEC 11 - Superpower Espionage
LEC 11 - Superpower EspionageLEC 11 - Superpower Espionage
LEC 11 - Superpower Espionage
Cory Scurr
 
Corporate Espionage
Corporate EspionageCorporate Espionage
Corporate Espionage
earl675
 

Viewers also liked (8)

Resiliency-Part Two -11-3-2015 copy
Resiliency-Part Two -11-3-2015 copyResiliency-Part Two -11-3-2015 copy
Resiliency-Part Two -11-3-2015 copy
 
Cybercrime - Attack of the Cyber Spies
Cybercrime - Attack of the Cyber SpiesCybercrime - Attack of the Cyber Spies
Cybercrime - Attack of the Cyber Spies
 
The anatomy of russian information warfare
The anatomy of russian information warfareThe anatomy of russian information warfare
The anatomy of russian information warfare
 
Cyber Security for the Military and Defence Sector 2013
Cyber Security for the Military and Defence Sector 2013Cyber Security for the Military and Defence Sector 2013
Cyber Security for the Military and Defence Sector 2013
 
Build a Cyber Resilient Network with Symantec
Build a Cyber Resilient Network with SymantecBuild a Cyber Resilient Network with Symantec
Build a Cyber Resilient Network with Symantec
 
VIMRO Cyber Security Methodology
VIMRO Cyber Security MethodologyVIMRO Cyber Security Methodology
VIMRO Cyber Security Methodology
 
LEC 11 - Superpower Espionage
LEC 11 - Superpower EspionageLEC 11 - Superpower Espionage
LEC 11 - Superpower Espionage
 
Corporate Espionage
Corporate EspionageCorporate Espionage
Corporate Espionage
 

Similar to Resiliency-Part One -11-3-2015

Lec 1- Intro to cyber security and recommendations
Lec 1- Intro to cyber security and recommendationsLec 1- Intro to cyber security and recommendations
Lec 1- Intro to cyber security and recommendations
BilalMehmood44
 
Security & Privacy - Lecture A
Security & Privacy - Lecture ASecurity & Privacy - Lecture A
Security & Privacy - Lecture A
CMDLearning
 
Cyber Security: A Hands on review
Cyber Security: A Hands on reviewCyber Security: A Hands on review
Cyber Security: A Hands on review
MiltonBiswas8
 
CS_Lecture01.pptx for the new lab conservatio of computer network
CS_Lecture01.pptx for the new lab conservatio of computer networkCS_Lecture01.pptx for the new lab conservatio of computer network
CS_Lecture01.pptx for the new lab conservatio of computer network
saad504633
 
CP Expo 2014: Cybersecurity and Cybercrime
CP Expo 2014: Cybersecurity and CybercrimeCP Expo 2014: Cybersecurity and Cybercrime
CP Expo 2014: Cybersecurity and Cybercrime
Leonardo
 
Cyber Security and Data Privacy in Information Systems.pptx
Cyber Security and Data Privacy in Information Systems.pptxCyber Security and Data Privacy in Information Systems.pptx
Cyber Security and Data Privacy in Information Systems.pptx
Roshni814224
 
Introduction to cyber security.pptx
Introduction to cyber security.pptxIntroduction to cyber security.pptx
Introduction to cyber security.pptx
SharmaAnirudh2
 
CCNA Security 02- fundamentals of network security
CCNA Security 02- fundamentals of network securityCCNA Security 02- fundamentals of network security
CCNA Security 02- fundamentals of network security
Ahmed Habib
 
Unit 1.pptx
Unit 1.pptxUnit 1.pptx
Unit 1.pptx
MsVaishaliKumar
 
Network Security for Computer science and Engineering.ppt
Network Security for Computer science and Engineering.pptNetwork Security for Computer science and Engineering.ppt
Network Security for Computer science and Engineering.ppt
AkfeteAssefa
 
Honey Pot Intrusion Detection System
Honey Pot Intrusion Detection SystemHoney Pot Intrusion Detection System
Honey Pot Intrusion Detection System
International Journal of Engineering Inventions www.ijeijournal.com
 
E04 05 2841
E04 05 2841E04 05 2841
E04 05 2841
International Journal of Engineering Inventions www.ijeijournal.com
 
Deterring hacking strategies via
Deterring hacking strategies viaDeterring hacking strategies via
Deterring hacking strategies via
IJNSA Journal
 
DETERRING HACKING STRATEGIES VIA TARGETING SCANNING PROPERTIES
DETERRING HACKING STRATEGIES VIA TARGETING SCANNING PROPERTIESDETERRING HACKING STRATEGIES VIA TARGETING SCANNING PROPERTIES
DETERRING HACKING STRATEGIES VIA TARGETING SCANNING PROPERTIES
IJNSA Journal
 
CyberSecurity.pdf
CyberSecurity.pdfCyberSecurity.pdf
CyberSecurity.pdf
Suleiman55
 
Information Systems.pptx
Information Systems.pptxInformation Systems.pptx
Information Systems.pptx
KnownId
 
Internship ankita jain
Internship ankita jainInternship ankita jain
Internship ankita jain
Ankita Jain
 
Network security
Network securityNetwork security
Network security
hajra azam
 
Forensics
ForensicsForensics
Forensics
Laura Aviles
 
security in it (data and cyber security)
security in it (data and cyber security)security in it (data and cyber security)
security in it (data and cyber security)
Rohana K Amarakoon
 

Similar to Resiliency-Part One -11-3-2015 (20)

Lec 1- Intro to cyber security and recommendations
Lec 1- Intro to cyber security and recommendationsLec 1- Intro to cyber security and recommendations
Lec 1- Intro to cyber security and recommendations
 
Security & Privacy - Lecture A
Security & Privacy - Lecture ASecurity & Privacy - Lecture A
Security & Privacy - Lecture A
 
Cyber Security: A Hands on review
Cyber Security: A Hands on reviewCyber Security: A Hands on review
Cyber Security: A Hands on review
 
CS_Lecture01.pptx for the new lab conservatio of computer network
CS_Lecture01.pptx for the new lab conservatio of computer networkCS_Lecture01.pptx for the new lab conservatio of computer network
CS_Lecture01.pptx for the new lab conservatio of computer network
 
CP Expo 2014: Cybersecurity and Cybercrime
CP Expo 2014: Cybersecurity and CybercrimeCP Expo 2014: Cybersecurity and Cybercrime
CP Expo 2014: Cybersecurity and Cybercrime
 
Cyber Security and Data Privacy in Information Systems.pptx
Cyber Security and Data Privacy in Information Systems.pptxCyber Security and Data Privacy in Information Systems.pptx
Cyber Security and Data Privacy in Information Systems.pptx
 
Introduction to cyber security.pptx
Introduction to cyber security.pptxIntroduction to cyber security.pptx
Introduction to cyber security.pptx
 
CCNA Security 02- fundamentals of network security
CCNA Security 02- fundamentals of network securityCCNA Security 02- fundamentals of network security
CCNA Security 02- fundamentals of network security
 
Unit 1.pptx
Unit 1.pptxUnit 1.pptx
Unit 1.pptx
 
Network Security for Computer science and Engineering.ppt
Network Security for Computer science and Engineering.pptNetwork Security for Computer science and Engineering.ppt
Network Security for Computer science and Engineering.ppt
 
Honey Pot Intrusion Detection System
Honey Pot Intrusion Detection SystemHoney Pot Intrusion Detection System
Honey Pot Intrusion Detection System
 
E04 05 2841
E04 05 2841E04 05 2841
E04 05 2841
 
Deterring hacking strategies via
Deterring hacking strategies viaDeterring hacking strategies via
Deterring hacking strategies via
 
DETERRING HACKING STRATEGIES VIA TARGETING SCANNING PROPERTIES
DETERRING HACKING STRATEGIES VIA TARGETING SCANNING PROPERTIESDETERRING HACKING STRATEGIES VIA TARGETING SCANNING PROPERTIES
DETERRING HACKING STRATEGIES VIA TARGETING SCANNING PROPERTIES
 
CyberSecurity.pdf
CyberSecurity.pdfCyberSecurity.pdf
CyberSecurity.pdf
 
Information Systems.pptx
Information Systems.pptxInformation Systems.pptx
Information Systems.pptx
 
Internship ankita jain
Internship ankita jainInternship ankita jain
Internship ankita jain
 
Network security
Network securityNetwork security
Network security
 
Forensics
ForensicsForensics
Forensics
 
security in it (data and cyber security)
security in it (data and cyber security)security in it (data and cyber security)
security in it (data and cyber security)
 

More from Dr Robert D. Childs

Long Bio+pix
Long Bio+pixLong Bio+pix
Long Bio+pix
Dr Robert D. Childs
 
IRMC_Crains_CIO_Awards_Detroit_Sep2012_ver2
IRMC_Crains_CIO_Awards_Detroit_Sep2012_ver2IRMC_Crains_CIO_Awards_Detroit_Sep2012_ver2
IRMC_Crains_CIO_Awards_Detroit_Sep2012_ver2
Dr Robert D. Childs
 
DITEC JAN 31 2015 (PDF)
DITEC JAN 31 2015 (PDF)DITEC JAN 31 2015 (PDF)
DITEC JAN 31 2015 (PDF)
Dr Robert D. Childs
 
BobProgram
BobProgramBobProgram
BobProgram
Dr Robert D. Childs
 
Government Computer news Hall of Fame-1
Government Computer news Hall of Fame-1Government Computer news Hall of Fame-1
Government Computer news Hall of Fame-1Dr Robert D. Childs
 

More from Dr Robert D. Childs (8)

Long Bio+pix
Long Bio+pixLong Bio+pix
Long Bio+pix
 
IRMC_Crains_CIO_Awards_Detroit_Sep2012_ver2
IRMC_Crains_CIO_Awards_Detroit_Sep2012_ver2IRMC_Crains_CIO_Awards_Detroit_Sep2012_ver2
IRMC_Crains_CIO_Awards_Detroit_Sep2012_ver2
 
Articles and Presentations-2
Articles and Presentations-2Articles and Presentations-2
Articles and Presentations-2
 
Homeland Security Article-1-1
Homeland Security Article-1-1Homeland Security Article-1-1
Homeland Security Article-1-1
 
DITEC JAN 31 2015 (PDF)
DITEC JAN 31 2015 (PDF)DITEC JAN 31 2015 (PDF)
DITEC JAN 31 2015 (PDF)
 
BobProgram
BobProgramBobProgram
BobProgram
 
Federal 100 Award Article
Federal 100 Award ArticleFederal 100 Award Article
Federal 100 Award Article
 
Government Computer news Hall of Fame-1
Government Computer news Hall of Fame-1Government Computer news Hall of Fame-1
Government Computer news Hall of Fame-1
 

Resiliency-Part One -11-3-2015

  • 1. ‹#› CYBER RESILIENCY: from Prevention to Recovery (Part 1) 8 Dec 2015 Dr. Robert D. Childs President & CEO, iCLEAR LLC Former Chancellor, National Defense University (NDU) iCollege and Deputy to NDU President for Cyber and Information
  • 2.
  • 3. ‹#› Definition of Cybersecurity The protection of information systems from theft or damage to hardware, software, and information on them, as well as from disruption or misdirection of the services they provide. It includes controlling physical access to hardware, protecting against harm that may come via network access, data and code injection, and due to malpractice by operators, whether intentional, accidental, or due to them being tricked into deviating from secure procedures. 3
  • 4. ‹#› 4 NATO Cooperative Cyber Defense Center of Excellence A proactive measure for detecting or obtaining information as to a cyber intrusion, cyber attack, or impending cyber operation or for determining the origin of an operation that involves launching a preemptive, preventive, or cyber counter- operation against the source. Source: Compilation of Existing Cybersecurity and Information Security Related Defintions, Open Technology Institute New America (2013) Cyber Defense Definition
  • 5. ‹#› Cyber Resilience Definition 5 The ability to prepare for, adapt to, withstand, and rapidly recover from disruptions resulting from deliberate attacks, accidents, or naturally occurring threats or incidents. Source: Qatar National Cyber Security Strategy (2014)
  • 6. ‹#› 6 Overarching Cyber Defense Questions • What are various types/purposes of attacks • What factors influence the cyber environment (trends/issues/technologies) • What are primary cyber defense challenges • What are potential solutions • What areas require further analysis/R&D • What elements are needed in a cyber defense plan
  • 7. ‹#› Five Most Common Types of Attacks • Socially engineered Trojans • Unpatched software • Phishing attacks • Network traveling worms • Advanced Persistent Threat (APT) 7
  • 8. ‹#› 8 • Identity theft (money, medical fraud, access) • Financial (banks,insurance) • Espionage (exfiltrate commercial/political/military information) • National security (military plans/operations, infrastructure) • Terrorism (communicate,fund raise,disrupt) Attack Purposes
  • 9. ‹#› Major Societal Factors Affecting Cybersecurity Trends • Expanding number/use of mobile devices • Increasing use of social media • Use of data analytics • Shift to cloud computing • Increasing skills crisis 9
  • 10. ‹#› 10 Specific Issues Influencing Cyber Environment • Increasing attacks/sophistication/seriousness • Increasing number of apps • Proliferation of opportunities (SCADA) • Pervasive/ubiquitous computing • Need for interoperability • Exponential growth of Internet of Things (IoT) • Disagreement on security metrics • Advanced Persistent Threat (APT)
  • 11. Growth of Cyber Threat Vectors High Low Sophistication Sophistication of Hacking Tools & Elite Hackers Increasing Elite Hackers 1980 1985 1990 1995 2000 Sophistication Required of Common Hacktivists Declining cross site scripting password guessing self-replicating code password cracking exploiting known vulnerabilities disabling audits back doors Session hijacking sweepers sniffers packet spoofing graphic user interface automated probes/scans denial of service www attacks “stealth” / advanced scanning techniques burglaries network mgmt. diagnostics distributed attack tools Staging sophisticated C2 2010 ~ 2020 APT Sophistication of Stealth Tools & Elite Hackers Increasing …next? Dr. Gil Duval, CEO Data Security Storage, LLC 11 Elite Critical Infrastructure Exploitation Tools “The Enhanced Cybersecurity Services program …voluntary information sharing program will provide classified cyber threat and technical information …to eligible critical infrastructure companies.” - President Barack Obama, Executive Order, 12 February 2013
  • 12. ‹#› 12 Technologies Impacting Cyber Defense • Sensors • Wearables • Drones/robotics • Virtual reality (gaming) • Mobile devices/apps • Internet of everything
  • 13. ‹#› Cyber Defense Challenges • Advanced Persistent Threat (APT) • Late detection/continuing leakage • Backdoor apps • Multitude of vendors/fragmented solutions • Cloud computing 13
  • 14. ‹#› Cyber Defense: Old vs New Approach • Old Approach: (patch & pray-a perimeter defense) • New Approach: (proactive,agile,adaptive) • Realtime visibility across network • See how machines/people behave • Identify changes in behavior • Take corrective measures 14
  • 15. ‹#› Active Cyber Defense (ACD) Reactive Engagement Model • find invading code • unplug affected systems • create security patches • apply patches network wide ACD Program (not offensive) • collect, synchronized realtime capabilities • discover, define, analyze, mitigate cyber threats/ vulnerabilities • disrupt and neutralize AS ATTACKS HAPPEN 15
  • 16. ‹#› 16 DARPA Projects to Protect Military Technology from Hackers • High-Assurance Cyber Military Systems (HACMS)- no requirement for security patches • Cyber Grand Challenge (automated adaptive security software) • Computer individuality (distinctive computers) • Advanced encryption (fully homomorphic)
  • 17. ‹#› Contact Dr. Robert D. Childs President & CEO, iCLEAR LLC Former Chancellor, National Defense University(NDU) iCollege and Deputy to the NDU President for Cyber and Information e-mail: Childs@iclearllc.com iCLEAR LLC website: http://iclearllc.com