SlideShare a Scribd company logo

Pdf lachow anu

T
theresa may

Public seminar at the National Security College by Dr Irving Lachow on the promise and perils of active cyber defence

Technology
1 of 22
Download to read offline
© 2017 The MITRE Corporation. All rights reserved. | 1 | Approved for Public Release; Distribution Unlimited. Case Number 17-2636 Dr. Irv Lachow Portfolio Manager, International Cybersecurity, MITRE Visiting Fellow, The Hoover Institution, Stanford University July 13, 2017 The Promise and Peril of Active Cyber Defense
| 2 | © 2017 The MITRE Corporation. All rights reserved. For Internal MITRE Use. Approved for Public Release; Distribution Unlimited. Case Number 17-2636 Disclaimer ▪ The author's affiliation with The MITRE Corporation is provided for identification purposes only, and is not intended to convey or imply MITRE's concurrence with, or support for, the positions, opinions, or viewpoints expressed by the author.
| 3 | © 2017 The MITRE Corporation. All rights reserved. For Internal MITRE Use. Approved for Public Release; Distribution Unlimited. Case Number 17-2636 Agenda ▪ Active Cyber Defense Primer ▪ Policy Issues ▪ References ▪ Discussion
| 4 | © 2017 The MITRE Corporation. All rights reserved. For Internal MITRE Use. Approved for Public Release; Distribution Unlimited. Case Number 17-2636 Why Is Active Cyber Defense Important? ▪ Governments alone cannot protect the private sector ▪ Companies are increasingly capable of taking active steps to defend themselves—and are doing so ▪ Current legal and policy guidance is "absent, vague or difficult to operationalize." – Governments are effectively blocking companies from taking action ▪ Two most likely outcomes are undesirable: – Companies do nothing – Wild West
| 5 | © 2017 The MITRE Corporation. All rights reserved. For Internal MITRE Use. Approved for Public Release; Distribution Unlimited. Case Number 17-2636 What Does “Active Cyber Defense” Mean? ▪ Center for Cyber and Homeland Security – Active defense is a term that captures a spectrum of proactive cybersecurity measures that fall between traditional passive defense and offensive….the term is NOT synonymous with “hacking back.” (Emphasis added.) ▪ Hoffman and Levite (from Robert Dewar) – An approach to achieving cybersecurity predicated upon the deployment of measures to detect, analyze, identify and mitigate threats…combined with the capability and resources to take proactive or offensive action against threats… ▪ DARPA – DARPA’s Active Cyber Defense (ACD) program is designed to…[provide] cyber defenders a “home field” advantage: the ability to perform defensive operations that involve direct engagement with sophisticated adversaries in DoD-controlled cyberspace.
| 6 | © 2017 The MITRE Corporation. All rights reserved. For Internal MITRE Use. Approved for Public Release; Distribution Unlimited. Case Number 17-2636 Examples of ACD Actions Source: CCHS
| 7 | © 2017 The MITRE Corporation. All rights reserved. For Internal MITRE Use. Approved for Public Release; Distribution Unlimited. Case Number 17-2636 Benefits and Risks of ACD Actions Source: Hoffman and Levite
| 8 | © 2017 The MITRE Corporation. All rights reserved. For Internal MITRE Use. Approved for Public Release; Distribution Unlimited. Case Number 17-2636 ACD Activities Involve Risk Tradeoffs Source: Hoffman and Levite
| 9 | © 2017 The MITRE Corporation. All rights reserved. For Internal MITRE Use. Approved for Public Release; Distribution Unlimited. Case Number 17-2636 In Theory ACD Risks Can be Quantified Source: Hoffman and Levite
| 10 | © 2017 The MITRE Corporation. All rights reserved. For Internal MITRE Use. Approved for Public Release; Distribution Unlimited. Case Number 17-2636 Agenda ▪ Active Cyber Defense Primer ▪ Policy Issues ▪ References ▪ Discussion
| 11 | © 2017 The MITRE Corporation. All rights reserved. For Internal MITRE Use. Approved for Public Release; Distribution Unlimited. Case Number 17-2636 Key Policy and Legal Questions ▪ Who can do ACD? ▪ What can they do? ▪ When can they do ACD? ▪ Who is help responsible when…? ▪ How address int’l aspects? ▪ How address technical developments?
| 12 | © 2017 The MITRE Corporation. All rights reserved. For Internal MITRE Use. Approved for Public Release; Distribution Unlimited. Case Number 17-2636 Legal Frameworks: Not Much Help ▪ National Laws vary considerably but most prevent the bulk of ACD activities – Example: United States' Computer Fraud and Abuse Act ▪ International Laws – "Formal international treaties have no apparent direct application to the [ACD] questions being considered." ▪ Which legal models are most applicable? ▪ This lack of guidance needs to be addressed… Source: Lachow, CCHS, Rosenzweig
| 13 | © 2017 The MITRE Corporation. All rights reserved. For Internal MITRE Use. Approved for Public Release; Distribution Unlimited. Case Number 17-2636 Principles-Based Approach (Market Driven) ▪ The Concept – Create normative principles for ACD behaviors ▪ Risk-based ▪ Formalized via industry-driven code of conduct – Use market-based mechanisms to enforce desired behaviors ▪ Insurance industry ▪ Civil torts ▪ Advantages – Relies on incentives to drive behavior – Balances risks – Adaptable to dynamic environment ▪ Challenges – Legal authority is still needed – Actions can have global consequences – Markets sometimes fail Source: Hoffman and Levite
| 14 | © 2017 The MITRE Corporation. All rights reserved. For Internal MITRE Use. Approved for Public Release; Distribution Unlimited. Case Number 17-2636 Government-Licensed Private Security ▪ The Concept: – Only authorized firms are allowed to conduct ACD – Licensing requirements set by each country – Allowed actions would fall short of most aggressive ACD techniques – Close cooperation with gov’t authorities ▪ Advantages – Clear limits about allowable actions – Lower risk of collateral damage and escalation – Improved public-private cooperation ▪ Challenges – Licensing process – Oversight process – Coordination across nations – State-sanctioned activity Source: Rosenzeig
| 15 | © 2017 The MITRE Corporation. All rights reserved. For Internal MITRE Use. Approved for Public Release; Distribution Unlimited. Case Number 17-2636 “ACD Policy Framework” ▪ Fifteen recommended steps for U.S. industry, Executive Branch, and Congress ▪ Key themes – Define range of acceptable actions that balance efficacy and risk – Update legal instruments to reflect balanced approach – Work towards global standards across nations – Strengthen public-private cooperation – Create set of best practices that are promulgated across industry Source: CCHS
| 16 | © 2017 The MITRE Corporation. All rights reserved. For Internal MITRE Use. Approved for Public Release; Distribution Unlimited. Case Number 17-2636 Consensus Findings ▪ Private sector needs to be given more authority to act ▪ ACD actions need to balance benefits and risks ▪ Legal clarity is necessary if not sufficient ▪ International aspects may be most challenging ▪ Government and industry cooperation is essential
| 17 | © 2017 The MITRE Corporation. All rights reserved. For Internal MITRE Use. Approved for Public Release; Distribution Unlimited. Case Number 17-2636 Agenda ▪ Active Cyber Defense Primer ▪ Policy Issues ▪ References ▪ Discussion
| 18 | © 2017 The MITRE Corporation. All rights reserved. For Internal MITRE Use. Approved for Public Release; Distribution Unlimited. Case Number 17-2636 Key References ▪ Center for Cyber & Homeland Security (CCHS). Into the Grey Zone: The Private Sector and Active Defense Against Cyber Threats: Washington, DC, The George Washington University, 2016. ▪ Croom, Charles, “The Cyber Kill Chain: A Foundation for a New Cyber Security Strategy,” High Frontier 6, No. 4 (2010): 52-56. ▪ Hoffman, Wyatt and Ariel E. Levite. Private Sector Cyber Defense: Can Active Measures Help Stablize Cyberspace: Washington, DC, Carnegie Endowment for International Peace, 2017. ▪ Lachow, Irving. Active Cyber Defense: A Framework for Policymakers: Washington, DC, Center for a New American Security, 2013. ▪ Rosenzweig, Paul, Steven P. Bucci and David Inserra. Next Steps for U.S. Cybersecurity in the Trump Administration: Active Cyber Defense, Backgrounder, No 3188: Washington, DC, The Heritage Foundation, 2017.
| 19 | © 2017 The MITRE Corporation. All rights reserved. For Internal MITRE Use. Approved for Public Release; Distribution Unlimited. Case Number 17-2636 Agenda ▪ Active Cyber Defense Primer ▪ Policy Issues ▪ References ▪ Discussion
| 20 | © 2017 The MITRE Corporation. All rights reserved. For Internal MITRE Use. Approved for Public Release; Distribution Unlimited. Case Number 17-2636 Questions? Comments? Ideas?
| 21 | © 2017 The MITRE Corporation. All rights reserved. For Internal MITRE Use. Approved for Public Release; Distribution Unlimited. Case Number 17-2636 UK’s Government ACD Program ▪ Goal: “tackle, in [an] automated way, a significant proportion of the cyber attacks that hit the UK.” ▪ Led by National Cyber Security Centre ▪ Program elements – Strengthen infrastructure protocols – Secure email – Take down criminal websites – Filter DNS – Strengthen identity authentication Source: National Cyber Security Centre
| 22 | © 2017 The MITRE Corporation. All rights reserved. For Internal MITRE Use. Approved for Public Release; Distribution Unlimited. Case Number 17-2636 ACD Techniques Most Useful Against Advanced Adversaries ▪ Cyber “hygiene” can thwart most criminal activity ▪ ACD requires time and effort and carries risks Source: Lachow and Croom

Recommended

Cardiac Output
Cardiac OutputCardiac Output
Cardiac OutputBlessyThomas39
 
Introduction to psychology
Introduction to psychologyIntroduction to psychology
Introduction to psychologypiyushparashar13
 
Psychology unit VI- Developmental Psycholgy
Psychology unit VI- Developmental PsycholgyPsychology unit VI- Developmental Psycholgy
Psychology unit VI- Developmental PsycholgyAkila anbalagan
 
BODY MIND RELATIONSHIP.pptx
BODY MIND RELATIONSHIP.pptxBODY MIND RELATIONSHIP.pptx
BODY MIND RELATIONSHIP.pptxVivekSingh586414
 
SPECIAL SENSES
SPECIAL SENSESSPECIAL SENSES
SPECIAL SENSESAsra Hameed
 
Blood – anatomy and physio
Blood – anatomy and physioBlood – anatomy and physio
Blood – anatomy and physioAsha damodar
 
Psychology unit III Aptitude
Psychology unit III AptitudePsychology unit III Aptitude
Psychology unit III AptitudeAkila anbalagan
 
Physiology
PhysiologyPhysiology
Physiologyevniksul
 

Recommended

Cardiac Output
Cardiac OutputCardiac Output
Cardiac OutputBlessyThomas39
 
Introduction to psychology
Introduction to psychologyIntroduction to psychology
Introduction to psychologypiyushparashar13
 
Psychology unit VI- Developmental Psycholgy
Psychology unit VI- Developmental PsycholgyPsychology unit VI- Developmental Psycholgy
Psychology unit VI- Developmental PsycholgyAkila anbalagan
 
BODY MIND RELATIONSHIP.pptx
BODY MIND RELATIONSHIP.pptxBODY MIND RELATIONSHIP.pptx
BODY MIND RELATIONSHIP.pptxVivekSingh586414
 
SPECIAL SENSES
SPECIAL SENSESSPECIAL SENSES
SPECIAL SENSESAsra Hameed
 
Blood – anatomy and physio
Blood – anatomy and physioBlood – anatomy and physio
Blood – anatomy and physioAsha damodar
 
Psychology unit III Aptitude
Psychology unit III AptitudePsychology unit III Aptitude
Psychology unit III AptitudeAkila anbalagan
 
Physiology
PhysiologyPhysiology
Physiologyevniksul
 
Cardiac output (The Guyton and Hall Physiology)
Cardiac output (The Guyton and Hall Physiology)Cardiac output (The Guyton and Hall Physiology)
Cardiac output (The Guyton and Hall Physiology)Maryam Fida
 
Endocrine system
Endocrine systemEndocrine system
Endocrine systemDr. Shahbaz Ahmad PT Chaudhary
 
the cardiovascular system and Physiology of heart
the cardiovascular system and Physiology of heartthe cardiovascular system and Physiology of heart
the cardiovascular system and Physiology of heartbhupendra kumar
 
The cardiac cycle new
The cardiac cycle newThe cardiac cycle new
The cardiac cycle newaratimohan
 
Conduction system of heart
Conduction system of heartConduction system of heart
Conduction system of heartNikhil Vaishnav
 
Unit 2 biology of behaviour
Unit 2 biology of behaviourUnit 2 biology of behaviour
Unit 2 biology of behaviourTejal Virola
 
CELL PHYSIOLOGY
CELL PHYSIOLOGYCELL PHYSIOLOGY
CELL PHYSIOLOGYDr Nilesh Kate
 
Physiology of smell
Physiology of smellPhysiology of smell
Physiology of smellphysiology mgmcri
 
Psychology Chapter 7 Motivation & Emotion
Psychology Chapter 7 Motivation & Emotion Psychology Chapter 7 Motivation & Emotion
Psychology Chapter 7 Motivation & Emotion professorjcc
 
Anatomy of Circulatory system and lymphatic system
Anatomy of Circulatory system and lymphatic system Anatomy of Circulatory system and lymphatic system
Anatomy of Circulatory system and lymphatic system DR .PALLAVI PATHANIA
 
Pulse and heart sound
Pulse and heart soundPulse and heart sound
Pulse and heart soundDr. Binu Babu Nursing Lectures Incredibly Easy
 
Medial cubital vein
Medial cubital veinMedial cubital vein
Medial cubital veinSathish Rajamani
 
Heart anatomy
Heart anatomyHeart anatomy
Heart anatomyDr. Waqas Nawaz
 
Intelligence- Cognitive Processes, Psychology
Intelligence- Cognitive Processes, PsychologyIntelligence- Cognitive Processes, Psychology
Intelligence- Cognitive Processes, PsychologySherwood College of Nursing, Barabanki, Uttar Pradesh
 
physiology : Excretion
physiology : Excretionphysiology : Excretion
physiology : ExcretionOsama Rifat
 
Anatomy of Cardiac System
Anatomy of Cardiac SystemAnatomy of Cardiac System
Anatomy of Cardiac SystemDR .PALLAVI PATHANIA
 
Endocrine System Anatomy
Endocrine System AnatomyEndocrine System Anatomy
Endocrine System AnatomyManohar Vishnoi
 
METHODS OF PSYCHOLOGY
METHODS OF PSYCHOLOGYMETHODS OF PSYCHOLOGY
METHODS OF PSYCHOLOGYmpk212395
 
Cognitive process
Cognitive processCognitive process
Cognitive processKarishma Rajput
 
SMALL INTESTINE AND LARGE INTESTINE
SMALL INTESTINE AND LARGE INTESTINESMALL INTESTINE AND LARGE INTESTINE
SMALL INTESTINE AND LARGE INTESTINEDr Nilesh Kate
 
What it Takes to be a CISO in 2017
What it Takes to be a CISO in 2017What it Takes to be a CISO in 2017
What it Takes to be a CISO in 2017Doug Copley
 
What CIOs and CFOs Need to Know About Cyber Security
What CIOs and CFOs Need to Know About Cyber SecurityWhat CIOs and CFOs Need to Know About Cyber Security
What CIOs and CFOs Need to Know About Cyber SecurityPhil Agcaoili
 

More Related Content

What's hot

Cardiac output (The Guyton and Hall Physiology)
Cardiac output (The Guyton and Hall Physiology)Cardiac output (The Guyton and Hall Physiology)
Cardiac output (The Guyton and Hall Physiology)Maryam Fida
 
the cardiovascular system and Physiology of heart
the cardiovascular system and Physiology of heartthe cardiovascular system and Physiology of heart
the cardiovascular system and Physiology of heartbhupendra kumar
 
The cardiac cycle new
The cardiac cycle newThe cardiac cycle new
The cardiac cycle newaratimohan
 
Conduction system of heart
Conduction system of heartConduction system of heart
Conduction system of heartNikhil Vaishnav
 
Unit 2 biology of behaviour
Unit 2 biology of behaviourUnit 2 biology of behaviour
Unit 2 biology of behaviourTejal Virola
 
Psychology Chapter 7 Motivation & Emotion
Psychology Chapter 7 Motivation & Emotion Psychology Chapter 7 Motivation & Emotion
Psychology Chapter 7 Motivation & Emotion professorjcc
 
Anatomy of Circulatory system and lymphatic system
Anatomy of Circulatory system and lymphatic system Anatomy of Circulatory system and lymphatic system
Anatomy of Circulatory system and lymphatic system DR .PALLAVI PATHANIA
 
physiology : Excretion
physiology : Excretionphysiology : Excretion
physiology : ExcretionOsama Rifat
 
Endocrine System Anatomy
Endocrine System AnatomyEndocrine System Anatomy
Endocrine System AnatomyManohar Vishnoi
 
METHODS OF PSYCHOLOGY
METHODS OF PSYCHOLOGYMETHODS OF PSYCHOLOGY
METHODS OF PSYCHOLOGYmpk212395
 
SMALL INTESTINE AND LARGE INTESTINE
SMALL INTESTINE AND LARGE INTESTINESMALL INTESTINE AND LARGE INTESTINE
SMALL INTESTINE AND LARGE INTESTINEDr Nilesh Kate
 

What's hot (20)

Cardiac output (The Guyton and Hall Physiology)
Cardiac output (The Guyton and Hall Physiology)Cardiac output (The Guyton and Hall Physiology)
Cardiac output (The Guyton and Hall Physiology)
 
Endocrine system
Endocrine systemEndocrine system
Endocrine system
 
the cardiovascular system and Physiology of heart
the cardiovascular system and Physiology of heartthe cardiovascular system and Physiology of heart
the cardiovascular system and Physiology of heart
 
The cardiac cycle new
The cardiac cycle newThe cardiac cycle new
The cardiac cycle new
 
Conduction system of heart
Conduction system of heartConduction system of heart
Conduction system of heart
 
Unit 2 biology of behaviour
Unit 2 biology of behaviourUnit 2 biology of behaviour
Unit 2 biology of behaviour
 
CELL PHYSIOLOGY
CELL PHYSIOLOGYCELL PHYSIOLOGY
CELL PHYSIOLOGY
 
Physiology of smell
Physiology of smellPhysiology of smell
Physiology of smell
 
Psychology Chapter 7 Motivation & Emotion
Psychology Chapter 7 Motivation & Emotion Psychology Chapter 7 Motivation & Emotion
Psychology Chapter 7 Motivation & Emotion
 
Anatomy of Circulatory system and lymphatic system
Anatomy of Circulatory system and lymphatic system Anatomy of Circulatory system and lymphatic system
Anatomy of Circulatory system and lymphatic system
 
Pulse and heart sound
Pulse and heart soundPulse and heart sound
Pulse and heart sound
 
Medial cubital vein
Medial cubital veinMedial cubital vein
Medial cubital vein
 
Heart anatomy
Heart anatomyHeart anatomy
Heart anatomy
 
Intelligence- Cognitive Processes, Psychology
Intelligence- Cognitive Processes, PsychologyIntelligence- Cognitive Processes, Psychology
Intelligence- Cognitive Processes, Psychology
 
physiology : Excretion
physiology : Excretionphysiology : Excretion
physiology : Excretion
 
Anatomy of Cardiac System
Anatomy of Cardiac SystemAnatomy of Cardiac System
Anatomy of Cardiac System
 
Endocrine System Anatomy
Endocrine System AnatomyEndocrine System Anatomy
Endocrine System Anatomy
 
METHODS OF PSYCHOLOGY
METHODS OF PSYCHOLOGYMETHODS OF PSYCHOLOGY
METHODS OF PSYCHOLOGY
 
Cognitive process
Cognitive processCognitive process
Cognitive process
 
SMALL INTESTINE AND LARGE INTESTINE
SMALL INTESTINE AND LARGE INTESTINESMALL INTESTINE AND LARGE INTESTINE
SMALL INTESTINE AND LARGE INTESTINE
 

Similar to Pdf lachow anu

What it Takes to be a CISO in 2017
What it Takes to be a CISO in 2017What it Takes to be a CISO in 2017
What it Takes to be a CISO in 2017Doug Copley
 
What CIOs and CFOs Need to Know About Cyber Security
What CIOs and CFOs Need to Know About Cyber SecurityWhat CIOs and CFOs Need to Know About Cyber Security
What CIOs and CFOs Need to Know About Cyber SecurityPhil Agcaoili
 
Six Steps to Addressing Data Governance under GDPR and US Privacy Shield Regu...
Six Steps to Addressing Data Governance under GDPR and US Privacy Shield Regu...Six Steps to Addressing Data Governance under GDPR and US Privacy Shield Regu...
Six Steps to Addressing Data Governance under GDPR and US Privacy Shield Regu...DATUM LLC
 
Click here to agree managing intellectual property when crowdsourcing solutions
Click here to agree managing intellectual property when crowdsourcing solutionsClick here to agree managing intellectual property when crowdsourcing solutions
Click here to agree managing intellectual property when crowdsourcing solutionsIan McCarthy
 
“Fairness Cases as an Accelerant and Enabler for Cognitive Assistance Adoption”
“Fairness Cases as an Accelerant and Enabler for Cognitive Assistance Adoption”“Fairness Cases as an Accelerant and Enabler for Cognitive Assistance Adoption”
“Fairness Cases as an Accelerant and Enabler for Cognitive Assistance Adoption”diannepatricia
 
Ntxissacsc5 purple 3-cyber insurance essentials-shawn_tuma.pptx
Ntxissacsc5 purple 3-cyber insurance essentials-shawn_tuma.pptxNtxissacsc5 purple 3-cyber insurance essentials-shawn_tuma.pptx
Ntxissacsc5 purple 3-cyber insurance essentials-shawn_tuma.pptxNorth Texas Chapter of the ISSA
 
The Essentials of Cyber Insurance: A Panel of Industry Experts
The Essentials of Cyber Insurance: A Panel of Industry ExpertsThe Essentials of Cyber Insurance: A Panel of Industry Experts
The Essentials of Cyber Insurance: A Panel of Industry ExpertsShawn Tuma
 
Establishing an insider threat programme: Know your Snowden - Puneet Kukreja,...
Establishing an insider threat programme: Know your Snowden - Puneet Kukreja,...Establishing an insider threat programme: Know your Snowden - Puneet Kukreja,...
Establishing an insider threat programme: Know your Snowden - Puneet Kukreja,...Puneet Kukreja
 
An Inside-Out Approach to Security in Financial Services
An Inside-Out Approach to Security in Financial ServicesAn Inside-Out Approach to Security in Financial Services
An Inside-Out Approach to Security in Financial ServicesForcepoint LLC
 
Gdpr action plan - ISSA
Gdpr action plan - ISSAGdpr action plan - ISSA
Gdpr action plan - ISSAUlf Mattsson
 
Netwatcher Credit Union Tech Talk
Netwatcher Credit Union Tech TalkNetwatcher Credit Union Tech Talk
Netwatcher Credit Union Tech TalkNetWatcher
 
Potential Opportunities for Common Federal Biometric Services
Potential Opportunities for Common Federal Biometric ServicesPotential Opportunities for Common Federal Biometric Services
Potential Opportunities for Common Federal Biometric ServicesDuane Blackburn
 
Best_of_Breed_3-24-2015_How_to_Achieve_ABAC_Today copy
Best_of_Breed_3-24-2015_How_to_Achieve_ABAC_Today copyBest_of_Breed_3-24-2015_How_to_Achieve_ABAC_Today copy
Best_of_Breed_3-24-2015_How_to_Achieve_ABAC_Today copyStephanie McVitty
 
SIAM Annual Meeting - CTeixeira MITRE V4
SIAM Annual Meeting - CTeixeira MITRE V4SIAM Annual Meeting - CTeixeira MITRE V4
SIAM Annual Meeting - CTeixeira MITRE V4Christopher Teixeira
 
Mass Collaboration [Policy]: What, Why, and Choices
Mass Collaboration [Policy]: What, Why, and ChoicesMass Collaboration [Policy]: What, Why, and Choices
Mass Collaboration [Policy]: What, Why, and ChoicesMike Linksvayer
 
Getting Started with GDPR Compliance
Getting Started with GDPR ComplianceGetting Started with GDPR Compliance
Getting Started with GDPR ComplianceDATAVERSITY
 

Similar to Pdf lachow anu (20)

What it Takes to be a CISO in 2017
What it Takes to be a CISO in 2017What it Takes to be a CISO in 2017
What it Takes to be a CISO in 2017
 
What CIOs and CFOs Need to Know About Cyber Security
What CIOs and CFOs Need to Know About Cyber SecurityWhat CIOs and CFOs Need to Know About Cyber Security
What CIOs and CFOs Need to Know About Cyber Security
 
Six Steps to Addressing Data Governance under GDPR and US Privacy Shield Regu...
Six Steps to Addressing Data Governance under GDPR and US Privacy Shield Regu...Six Steps to Addressing Data Governance under GDPR and US Privacy Shield Regu...
Six Steps to Addressing Data Governance under GDPR and US Privacy Shield Regu...
 
Click here to agree managing intellectual property when crowdsourcing solutions
Click here to agree managing intellectual property when crowdsourcing solutionsClick here to agree managing intellectual property when crowdsourcing solutions
Click here to agree managing intellectual property when crowdsourcing solutions
 
“Fairness Cases as an Accelerant and Enabler for Cognitive Assistance Adoption”
“Fairness Cases as an Accelerant and Enabler for Cognitive Assistance Adoption”“Fairness Cases as an Accelerant and Enabler for Cognitive Assistance Adoption”
“Fairness Cases as an Accelerant and Enabler for Cognitive Assistance Adoption”
 
Ntxissacsc5 purple 3-cyber insurance essentials-shawn_tuma.pptx
Ntxissacsc5 purple 3-cyber insurance essentials-shawn_tuma.pptxNtxissacsc5 purple 3-cyber insurance essentials-shawn_tuma.pptx
Ntxissacsc5 purple 3-cyber insurance essentials-shawn_tuma.pptx
 
The Essentials of Cyber Insurance: A Panel of Industry Experts
The Essentials of Cyber Insurance: A Panel of Industry ExpertsThe Essentials of Cyber Insurance: A Panel of Industry Experts
The Essentials of Cyber Insurance: A Panel of Industry Experts
 
Establishing an insider threat programme: Know your Snowden - Puneet Kukreja,...
Establishing an insider threat programme: Know your Snowden - Puneet Kukreja,...Establishing an insider threat programme: Know your Snowden - Puneet Kukreja,...
Establishing an insider threat programme: Know your Snowden - Puneet Kukreja,...
 
An Inside-Out Approach to Security in Financial Services
An Inside-Out Approach to Security in Financial ServicesAn Inside-Out Approach to Security in Financial Services
An Inside-Out Approach to Security in Financial Services
 
Fixing Intranet Search
Fixing Intranet SearchFixing Intranet Search
Fixing Intranet Search
 
Gdpr action plan - ISSA
Gdpr action plan - ISSAGdpr action plan - ISSA
Gdpr action plan - ISSA
 
Netwatcher Credit Union Tech Talk
Netwatcher Credit Union Tech TalkNetwatcher Credit Union Tech Talk
Netwatcher Credit Union Tech Talk
 
Potential Opportunities for Common Federal Biometric Services
Potential Opportunities for Common Federal Biometric ServicesPotential Opportunities for Common Federal Biometric Services
Potential Opportunities for Common Federal Biometric Services
 
Best_of_Breed_3-24-2015_How_to_Achieve_ABAC_Today copy
Best_of_Breed_3-24-2015_How_to_Achieve_ABAC_Today copyBest_of_Breed_3-24-2015_How_to_Achieve_ABAC_Today copy
Best_of_Breed_3-24-2015_How_to_Achieve_ABAC_Today copy
 
Takeaways from a Simulated Cyber Attack
Takeaways from a Simulated Cyber AttackTakeaways from a Simulated Cyber Attack
Takeaways from a Simulated Cyber Attack
 
SIAM Annual Meeting - CTeixeira MITRE V4
SIAM Annual Meeting - CTeixeira MITRE V4SIAM Annual Meeting - CTeixeira MITRE V4
SIAM Annual Meeting - CTeixeira MITRE V4
 
Mass Collaboration [Policy]: What, Why, and Choices
Mass Collaboration [Policy]: What, Why, and ChoicesMass Collaboration [Policy]: What, Why, and Choices
Mass Collaboration [Policy]: What, Why, and Choices
 
Olaf Kolkman - FIRST Keynote on Collaborative Security
Olaf Kolkman - FIRST Keynote on Collaborative SecurityOlaf Kolkman - FIRST Keynote on Collaborative Security
Olaf Kolkman - FIRST Keynote on Collaborative Security
 
Getting Started with GDPR Compliance
Getting Started with GDPR ComplianceGetting Started with GDPR Compliance
Getting Started with GDPR Compliance
 
Global Talent Management: 6 Keys to Unlocking Success
Global Talent Management: 6 Keys to Unlocking SuccessGlobal Talent Management: 6 Keys to Unlocking Success
Global Talent Management: 6 Keys to Unlocking Success
 

Recently uploaded

Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentationphoebematthew05
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clashcharlottematthew16
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr LapshynFwdays
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsMiki Katsuragi
 

Recently uploaded (20)

Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort ServiceHot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentation
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clash
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering Tips
 

Pdf lachow anu

  • 1. © 2017 The MITRE Corporation. All rights reserved. | 1 | Approved for Public Release; Distribution Unlimited. Case Number 17-2636 Dr. Irv Lachow Portfolio Manager, International Cybersecurity, MITRE Visiting Fellow, The Hoover Institution, Stanford University July 13, 2017 The Promise and Peril of Active Cyber Defense
  • 2. | 2 | © 2017 The MITRE Corporation. All rights reserved. For Internal MITRE Use. Approved for Public Release; Distribution Unlimited. Case Number 17-2636 Disclaimer ▪ The author's affiliation with The MITRE Corporation is provided for identification purposes only, and is not intended to convey or imply MITRE's concurrence with, or support for, the positions, opinions, or viewpoints expressed by the author.
  • 3. | 3 | © 2017 The MITRE Corporation. All rights reserved. For Internal MITRE Use. Approved for Public Release; Distribution Unlimited. Case Number 17-2636 Agenda ▪ Active Cyber Defense Primer ▪ Policy Issues ▪ References ▪ Discussion
  • 4. | 4 | © 2017 The MITRE Corporation. All rights reserved. For Internal MITRE Use. Approved for Public Release; Distribution Unlimited. Case Number 17-2636 Why Is Active Cyber Defense Important? ▪ Governments alone cannot protect the private sector ▪ Companies are increasingly capable of taking active steps to defend themselves—and are doing so ▪ Current legal and policy guidance is "absent, vague or difficult to operationalize." – Governments are effectively blocking companies from taking action ▪ Two most likely outcomes are undesirable: – Companies do nothing – Wild West
  • 5. | 5 | © 2017 The MITRE Corporation. All rights reserved. For Internal MITRE Use. Approved for Public Release; Distribution Unlimited. Case Number 17-2636 What Does “Active Cyber Defense” Mean? ▪ Center for Cyber and Homeland Security – Active defense is a term that captures a spectrum of proactive cybersecurity measures that fall between traditional passive defense and offensive….the term is NOT synonymous with “hacking back.” (Emphasis added.) ▪ Hoffman and Levite (from Robert Dewar) – An approach to achieving cybersecurity predicated upon the deployment of measures to detect, analyze, identify and mitigate threats…combined with the capability and resources to take proactive or offensive action against threats… ▪ DARPA – DARPA’s Active Cyber Defense (ACD) program is designed to…[provide] cyber defenders a “home field” advantage: the ability to perform defensive operations that involve direct engagement with sophisticated adversaries in DoD-controlled cyberspace.
  • 6. | 6 | © 2017 The MITRE Corporation. All rights reserved. For Internal MITRE Use. Approved for Public Release; Distribution Unlimited. Case Number 17-2636 Examples of ACD Actions Source: CCHS
  • 7. | 7 | © 2017 The MITRE Corporation. All rights reserved. For Internal MITRE Use. Approved for Public Release; Distribution Unlimited. Case Number 17-2636 Benefits and Risks of ACD Actions Source: Hoffman and Levite
  • 8. | 8 | © 2017 The MITRE Corporation. All rights reserved. For Internal MITRE Use. Approved for Public Release; Distribution Unlimited. Case Number 17-2636 ACD Activities Involve Risk Tradeoffs Source: Hoffman and Levite
  • 9. | 9 | © 2017 The MITRE Corporation. All rights reserved. For Internal MITRE Use. Approved for Public Release; Distribution Unlimited. Case Number 17-2636 In Theory ACD Risks Can be Quantified Source: Hoffman and Levite
  • 10. | 10 | © 2017 The MITRE Corporation. All rights reserved. For Internal MITRE Use. Approved for Public Release; Distribution Unlimited. Case Number 17-2636 Agenda ▪ Active Cyber Defense Primer ▪ Policy Issues ▪ References ▪ Discussion
  • 11. | 11 | © 2017 The MITRE Corporation. All rights reserved. For Internal MITRE Use. Approved for Public Release; Distribution Unlimited. Case Number 17-2636 Key Policy and Legal Questions ▪ Who can do ACD? ▪ What can they do? ▪ When can they do ACD? ▪ Who is help responsible when…? ▪ How address int’l aspects? ▪ How address technical developments?
  • 12. | 12 | © 2017 The MITRE Corporation. All rights reserved. For Internal MITRE Use. Approved for Public Release; Distribution Unlimited. Case Number 17-2636 Legal Frameworks: Not Much Help ▪ National Laws vary considerably but most prevent the bulk of ACD activities – Example: United States' Computer Fraud and Abuse Act ▪ International Laws – "Formal international treaties have no apparent direct application to the [ACD] questions being considered." ▪ Which legal models are most applicable? ▪ This lack of guidance needs to be addressed… Source: Lachow, CCHS, Rosenzweig
  • 13. | 13 | © 2017 The MITRE Corporation. All rights reserved. For Internal MITRE Use. Approved for Public Release; Distribution Unlimited. Case Number 17-2636 Principles-Based Approach (Market Driven) ▪ The Concept – Create normative principles for ACD behaviors ▪ Risk-based ▪ Formalized via industry-driven code of conduct – Use market-based mechanisms to enforce desired behaviors ▪ Insurance industry ▪ Civil torts ▪ Advantages – Relies on incentives to drive behavior – Balances risks – Adaptable to dynamic environment ▪ Challenges – Legal authority is still needed – Actions can have global consequences – Markets sometimes fail Source: Hoffman and Levite
  • 14. | 14 | © 2017 The MITRE Corporation. All rights reserved. For Internal MITRE Use. Approved for Public Release; Distribution Unlimited. Case Number 17-2636 Government-Licensed Private Security ▪ The Concept: – Only authorized firms are allowed to conduct ACD – Licensing requirements set by each country – Allowed actions would fall short of most aggressive ACD techniques – Close cooperation with gov’t authorities ▪ Advantages – Clear limits about allowable actions – Lower risk of collateral damage and escalation – Improved public-private cooperation ▪ Challenges – Licensing process – Oversight process – Coordination across nations – State-sanctioned activity Source: Rosenzeig
  • 15. | 15 | © 2017 The MITRE Corporation. All rights reserved. For Internal MITRE Use. Approved for Public Release; Distribution Unlimited. Case Number 17-2636 “ACD Policy Framework” ▪ Fifteen recommended steps for U.S. industry, Executive Branch, and Congress ▪ Key themes – Define range of acceptable actions that balance efficacy and risk – Update legal instruments to reflect balanced approach – Work towards global standards across nations – Strengthen public-private cooperation – Create set of best practices that are promulgated across industry Source: CCHS
  • 16. | 16 | © 2017 The MITRE Corporation. All rights reserved. For Internal MITRE Use. Approved for Public Release; Distribution Unlimited. Case Number 17-2636 Consensus Findings ▪ Private sector needs to be given more authority to act ▪ ACD actions need to balance benefits and risks ▪ Legal clarity is necessary if not sufficient ▪ International aspects may be most challenging ▪ Government and industry cooperation is essential
  • 17. | 17 | © 2017 The MITRE Corporation. All rights reserved. For Internal MITRE Use. Approved for Public Release; Distribution Unlimited. Case Number 17-2636 Agenda ▪ Active Cyber Defense Primer ▪ Policy Issues ▪ References ▪ Discussion
  • 18. | 18 | © 2017 The MITRE Corporation. All rights reserved. For Internal MITRE Use. Approved for Public Release; Distribution Unlimited. Case Number 17-2636 Key References ▪ Center for Cyber & Homeland Security (CCHS). Into the Grey Zone: The Private Sector and Active Defense Against Cyber Threats: Washington, DC, The George Washington University, 2016. ▪ Croom, Charles, “The Cyber Kill Chain: A Foundation for a New Cyber Security Strategy,” High Frontier 6, No. 4 (2010): 52-56. ▪ Hoffman, Wyatt and Ariel E. Levite. Private Sector Cyber Defense: Can Active Measures Help Stablize Cyberspace: Washington, DC, Carnegie Endowment for International Peace, 2017. ▪ Lachow, Irving. Active Cyber Defense: A Framework for Policymakers: Washington, DC, Center for a New American Security, 2013. ▪ Rosenzweig, Paul, Steven P. Bucci and David Inserra. Next Steps for U.S. Cybersecurity in the Trump Administration: Active Cyber Defense, Backgrounder, No 3188: Washington, DC, The Heritage Foundation, 2017.
  • 19. | 19 | © 2017 The MITRE Corporation. All rights reserved. For Internal MITRE Use. Approved for Public Release; Distribution Unlimited. Case Number 17-2636 Agenda ▪ Active Cyber Defense Primer ▪ Policy Issues ▪ References ▪ Discussion
  • 20. | 20 | © 2017 The MITRE Corporation. All rights reserved. For Internal MITRE Use. Approved for Public Release; Distribution Unlimited. Case Number 17-2636 Questions? Comments? Ideas?
  • 21. | 21 | © 2017 The MITRE Corporation. All rights reserved. For Internal MITRE Use. Approved for Public Release; Distribution Unlimited. Case Number 17-2636 UK’s Government ACD Program ▪ Goal: “tackle, in [an] automated way, a significant proportion of the cyber attacks that hit the UK.” ▪ Led by National Cyber Security Centre ▪ Program elements – Strengthen infrastructure protocols – Secure email – Take down criminal websites – Filter DNS – Strengthen identity authentication Source: National Cyber Security Centre
  • 22. | 22 | © 2017 The MITRE Corporation. All rights reserved. For Internal MITRE Use. Approved for Public Release; Distribution Unlimited. Case Number 17-2636 ACD Techniques Most Useful Against Advanced Adversaries ▪ Cyber “hygiene” can thwart most criminal activity ▪ ACD requires time and effort and carries risks Source: Lachow and Croom