The document discusses cybersecurity threats and policymaking. It summarizes Ely Kahn's background in cybersecurity and defines cybersecurity. It then outlines the types of cyber threats including advanced persistent threats and targeted attacks. The document discusses the Stuxnet case study. It explains how national cybersecurity policy is made through the National Security Council, Congress, and regulatory agencies. It identifies three hard policy problems around information sharing, cyber espionionage, and balancing offense and defense in cybersecurity.

1. Target. Hunt. Disrupt.
WHAT’S NEXT IN
CYBERSECURITY
Ely Kahn, Co-Founder of Sqrrl

2. AGENDA
My Story
What is Cybersecurity?
Definition
Cyber Threats
Cybersecurity Policy
How is it made?
Hard problems in cybersecurity policy
© 2015 Sqrrl | All Rights Reserved 2

3. MY STORY
© 2015 Sqrrl | All Rights Reserved
Harvard > Booz Allen > DHS > White House > Wharton > Sqrrl
3

4. AGENDA
My Story
What is Cybersecurity?
Definition
Cyber Threats
Cybersecurity Policy
How is it made?
Hard problems in cybersecurity policy
© 2015 Sqrrl | All Rights Reserved 4

5. WHAT IS CYBERSECURITY?
“The security of and operations in cyberspace, and encompasses the full
range of threat reduction, vulnerability reduction, deterrence,
international engagement, incident response, resiliency, and recovery
policies and activities, including computer network operations,
information assurance, law enforcement, diplomacy, military, and
intelligence missions as they relate to the security and stability of the
global information and communications infrastructure.”
© 2015 Sqrrl | All Rights Reserved
Definition from the 2009 White House Cyberspace Policy Review
5

6. BUT WHAT IS CYBERSPACE?
© 2015 Sqrrl | All Rights Reserved 6

7. TYPES OF THREATS
© 2015 Sqrrl | All Rights Reserved 7
Source: Solon Group

8. EVOLUTION OF THE THREAT
© 2015 Sqrrl | All Rights Reserved 8
Source: DoD

9. APT ATTACK CYCLE
© 2015 Sqrrl | All Rights Reserved 9
Source: RSA

10. TARGETED ATTACKS HAVE CHANGED THE GAME
10Source: Battery Ventures© 2015 Sqrrl | All Rights Reserved

11. CASE STUDY: STUXNET
© 2015 Sqrrl | All Rights Reserved 11
Source: Painedge

12. AGENDA
My Story
What is Cybersecurity?
Definition
Cyber Threats
Cybersecurity Policy
How is it made?
Hard problems in cybersecurity policy
© 2015 Sqrrl | All Rights Reserved 12

13. NATIONAL SECURITY COUNCIL
© 2015 Sqrrl | All Rights Reserved 13
Nat’l Security
Council
Deputies
Committee
Principals
Committee
Policy Coord.
Committees
Outputs
• Executive Orders
• Draft legislation
• National strategies and
plans
• Budget priorities
• Interagency programs
• Industry coordination

14. CONGRESSIONAL LAWMAKING
© 2015 Sqrrl | All Rights Reserved 14
Source: Westlaw

15. REGULATORY RULEMAKING
© 2015 Sqrrl | All Rights Reserved 15
Source: Langner

16. STANDARDS DEVELOPMENT
© 2015 Sqrrl | All Rights Reserved 16

17. HARD POLICY PROBLEM #1
© 2015 Sqrrl | All Rights Reserved
Information Sharing
17

18. HARD POLICY PROBLEM #2
© 2015 Sqrrl | All Rights Reserved
Preventing cyber espionage
18

19. HARD POLICY PROBLEM #3
© 2015 Sqrrl | All Rights Reserved
Balancing offense vs. defense
19

20. HOW TO LEARN MORE?
My favorite online resources:
Dark Reading
SC Magazine
Politico
Passcode
Sqrrl.com
If you are interested in an internship, write me a blog
ely@sqrrl.com
© 2015 Sqrrl | All Rights Reserved
Start reading, start writing
20