Presentation on cyber warfare, recent examples, current capabilities of the major players, and issues relating to the advancement of cyber warfare and cyber security in the United States. The Cyber War Forum Initiative is promoted for its role in solving many elements of the issues facing the US.
12. ” Titan Rain” - started 2003 Titan Rain hackers gained access to many U.S. computer networks, including those at Lockheed Martin, Sandia National Laboratories, Redstone Arsenal, and NASA. China.
23. Political / Military – strategic asset identification. Intelligence, Target optimization. Economic pressure and articulation. Revenge. Combined kinetic and info attack to paralyze enemy, disinform, weaken, force them to expend resources.
24. Social – why are you targeted? Why did/does Isreal socially map US phone calls? If you own a business, are in IT, or especially if you operate a security consulting practice why does your web site get visited daily by folks in China? Why is Identity Theft so huge? Do you facilitate money laundering?
25.
26.
27. Cause enemy to expend resources and time on futile tasks
28. Create crisis of confidence in enemy's currency, leadership, perceived stability, etc
29. Modify / Destroy information sources, infrastructure, systems – change reality / history
30.
31. Twitter – stopped regular maintenance to aid coordination of dissent in Iran. Aided by State Dept. and a few others.
32.
33. The monitoring capability was provided, at least in part, by a joint venture of Siemens AG, the German conglomerate, and Nokia Corp., the Finnish cellphone company, in the second half of 2008, Ben Roome, a spokesman for the joint venture, confirmed. Source WSJ
34. Iran uses kinetic attack to stop university students from communicating to the outside world. Students killed.
41. ” Turning off the Internet” does as much damage as good
42.
43.
44. China – National network configuration enhancing cyber defense, KyLin, ”green dam”, email trojans – known to have penetrated 103 countries, especially email systems. - military value
66. The security industry in general sees an opportunity to resolve long standing issues.
67. Members of the security industry got together to form a ”community” driven effort to cross contaminate and share information to induce improvements and knowledge sharing.
68.
69. Debate rages on who should be the top dog: person, agency, budget authority: lots of dialogue and posturing
93. Numerous web sites with links to resources... the pieces of the puzzle are out there
94. We are the most innovative people on the planet...
95.
96.
97. China's new wall has limited ex-filtration from the country and therefore, sources of attacks cannot easily be determined as they are aliased. Infiltration is shut down by shutting down the gateways. A comprehensive strategy exists in China. The US, not so much.
98. US law and constitutional issues should prevent the ”solution” from being a government owned and operated entity. However, all seem to be looking to the government for ”the solution”.
99. If the business community / private sector is the solution...
100.
101. The big security companies actively suppress the smaller companies via a multitude of means. This harms innovation. They are also not buying innovation from the smaller companies so they are simply shutting the other guys out.
103. Turtle Complex - all issues within an organization must be concealed to prevent embarrassment or worse... questions.
104. Hollywood Simplex I - if you are a security vendor at a client, you are the only one doing anything of value. The others are there to try to steal your spotlight.
105. The Kids Clubhouse - if you are not a part of the *con speakers and/or attendees club then obviously you know nothing about security. Only people that attend or speak at conferences know anything worth while.
106. Power User Macho - even if you really have little understanding about what is going on: be aggressive. Ignorance is best concealed behind a good offense.
107. Megalomania - with this security product / concept / method - I shall rule the world. All others shall bow to me. Ah ha ha ha ha ha.
111. If people find out our problems I might lose my job... "So we are fine."
112. We don't do anything with jet fighters, therefore our problems are much smaller and very different.
113. We can't solve every problem, so we will focus on responding to the stuff that hits us. We will react to issues as they come up.
114. We don't want to work with other companies. We want attackers to leave us alone and attack them. Our strategy is displacement.
115. Alphabet-soup - even though the letters and credentials have no track record of success. It is still mandatory. Letters are cool.
116. Job-dutious-abandoness - the more security stuff I/we do, the more likely it is to catch someone's eye and embarrass me/us. Wait for something bad, jump in and be a hero. Leaders are often shot in the back.
128. No such thing as an objective measurement or standard.
129. Folks in government ”have to spend to much time and money” to test any new technology. Slows adoption or even sensible change.
130. Breaches are so frequent, coupled with the very real problem of lingering infections from prior breaches, that quantifying and eradication of threats is nearly impossible.
131. The sophistication of the attackers vs. our ability to defend is definitely a knife to a gunfight scenario.
142. Needs to be able to order ISP shutdowns, blocking of aggressors, and real time intelligent identification of aggressors in times of emergency / crisis