CWFI Presentation Version 1

B
Brett L. ScottBrett L. Scott
The Cyber Warfare Initiative the Good, the Bad, and the Ugly LiveSquare Security www.LiveSquare.com
Overview ,[object Object]
Cyber what?
A recent example
The Players
Why Now? ,[object Object]
The Bad
The Ugly
What next?
Resources
Cyber Warfare - Hype? ,[object Object]
” Titan Rain” - started 2003 Titan Rain hackers gained access to many U.S. computer networks, including those at Lockheed Martin, Sandia National Laboratories, Redstone Arsenal, and NASA. China.
Estonia – March 2007, Ukrain – November 2007
Lithuania – June 2008, Georgia – November 2008, Kyrgistan 2008
” GhostNet” – 2008 to present – China, KyLin OS (BSD or ???)
DOD, White House, Congress, Lockheed Martin (F35 fighter)
Dali Lama, Germany, France, India, Australia
Iran
The battle is fought every day. ,[object Object]
Cyber What? ,[object Object]
” Everyone is attacking everyone.”
Country vs. Country, Entity vs. Country, Entity vs. Entitiy, Entity vs. Individual ,[object Object],[object Object]
Political / Military – strategic asset identification. Intelligence, Target optimization. Economic pressure and articulation. Revenge. Combined kinetic and info attack to paralyze enemy, disinform, weaken, force them to expend resources.
Social – why are you targeted? Why did/does Isreal socially map US phone calls? If you own a business, are in IT, or especially if you operate a security consulting practice why does your web site get visited daily by folks in China? Why is Identity Theft so huge? Do you facilitate money laundering?
Cyber war: What to do ,[object Object]
Disrupt and mix up commercial / financial transactions ,[object Object],[object Object]
Cause enemy to expend resources and time on futile tasks
Create crisis of confidence in enemy's currency, leadership, perceived stability, etc
Modify / Destroy information sources, infrastructure, systems – change reality / history
A Recent Example: Iran ,[object Object]
Twitter – stopped regular maintenance to aid coordination of dissent in Iran. Aided by State Dept. and a few others.
1 sur 31

CWFI Presentation Version 1

TechnologieBusiness

Presentation on cyber warfare, recent examples, current capabilities of the major players, and issues relating to the advancement of cyber warfare and cyber security in the United States. The Cyber War Forum Initiative is promoted for its role in solving many elements of the issues facing the US.

B
Brett L. ScottBrett L. Scott

Recommandé

Vol7no2 ball par
Vol7no2 ballVol7no2 ball
Vol7no2 ballMarioEliseo3
7.8K vues23 diapositives
Kenneth geers-sun-tzu-and-cyber-war par
Kenneth geers-sun-tzu-and-cyber-warKenneth geers-sun-tzu-and-cyber-war
Kenneth geers-sun-tzu-and-cyber-warMarioEliseo3
1.9K vues23 diapositives
Cyber war par
Cyber warCyber war
Cyber warPraveen
1.1K vues38 diapositives
Us gov't building hacker army for cyber war yahoo! news par
Us gov't building hacker army for cyber war yahoo! newsUs gov't building hacker army for cyber war yahoo! news
Us gov't building hacker army for cyber war yahoo! newsMarioEliseo3
490 vues2 diapositives
Cyber Warfare - par
Cyber Warfare -Cyber Warfare -
Cyber Warfare -ideaflashed
13K vues67 diapositives
Cyber warfare Threat to Cyber Security by Prashant Mali par
Cyber warfare Threat to Cyber Security by Prashant MaliCyber warfare Threat to Cyber Security by Prashant Mali
Cyber warfare Threat to Cyber Security by Prashant MaliAdv Prashant Mali
1.6K vues21 diapositives

Contenu connexe

Tendances

About cyber war par
About cyber warAbout cyber war
About cyber wareugenvaleriu
2.3K vues118 diapositives
The Role Of Technology In Modern Terrorism par
The Role Of Technology In Modern TerrorismThe Role Of Technology In Modern Terrorism
The Role Of Technology In Modern TerrorismPierluigi Paganini
6.3K vues29 diapositives
Cyber Warfare - Jamie Reece Moore par
Cyber Warfare - Jamie Reece MooreCyber Warfare - Jamie Reece Moore
Cyber Warfare - Jamie Reece MooreJamie Moore
1.6K vues17 diapositives
Computers as weapons of war par
Computers as weapons of warComputers as weapons of war
Computers as weapons of warMark Johnson
754 vues5 diapositives
Cyber war or business as usual par
Cyber war or business as usualCyber war or business as usual
Cyber war or business as usualEnclaveSecurity
4.3K vues33 diapositives
The National Cyber Security Strategy: Success Through Cooperation par
The National Cyber Security Strategy: Success Through CooperationThe National Cyber Security Strategy: Success Through Cooperation
The National Cyber Security Strategy: Success Through CooperationMark Johnson
1K vues9 diapositives

Tendances(20)

About cyber war par eugenvaleriu
About cyber warAbout cyber war
About cyber war
eugenvaleriu2.3K vues
The Role Of Technology In Modern Terrorism par Pierluigi Paganini
The Role Of Technology In Modern TerrorismThe Role Of Technology In Modern Terrorism
The Role Of Technology In Modern Terrorism
Pierluigi Paganini6.3K vues
Cyber Warfare - Jamie Reece Moore par Jamie Moore
Cyber Warfare - Jamie Reece MooreCyber Warfare - Jamie Reece Moore
Cyber Warfare - Jamie Reece Moore
Jamie Moore1.6K vues
Computers as weapons of war par Mark Johnson
Computers as weapons of warComputers as weapons of war
Computers as weapons of war
Mark Johnson754 vues
Cyber war or business as usual par EnclaveSecurity
Cyber war or business as usualCyber war or business as usual
Cyber war or business as usual
EnclaveSecurity4.3K vues
The National Cyber Security Strategy: Success Through Cooperation par Mark Johnson
The National Cyber Security Strategy: Success Through CooperationThe National Cyber Security Strategy: Success Through Cooperation
The National Cyber Security Strategy: Success Through Cooperation
Mark Johnson1K vues
Cyber warfare ss par Maira Asif
Cyber warfare ssCyber warfare ss
Cyber warfare ss
Maira Asif1.2K vues
Countering the Cyber Espionage Threat from China par Murray Security Services
Countering the Cyber Espionage Threat from ChinaCountering the Cyber Espionage Threat from China
Countering the Cyber Espionage Threat from China
Murray Security Services1.4K vues
Cyberwarfare par Space Defense Newsletter
CyberwarfareCyberwarfare
Cyberwarfare
Space Defense Newsletter647 vues
Privacy in the Information Age par Jordan Peacock
Privacy in the Information AgePrivacy in the Information Age
Privacy in the Information Age
Jordan Peacock581 vues
Privacy in the Information Age [Q3 2015 version] par Jordan Peacock
Privacy in the Information Age [Q3 2015 version]Privacy in the Information Age [Q3 2015 version]
Privacy in the Information Age [Q3 2015 version]
Jordan Peacock347 vues
Terror And Technology par pradhansushil
Terror And TechnologyTerror And Technology
Terror And Technology
pradhansushil8.5K vues
Cyber terrorism fact or fiction - 2011 par hassanzadeh20
Cyber terrorism fact or fiction - 2011Cyber terrorism fact or fiction - 2011
Cyber terrorism fact or fiction - 2011
hassanzadeh201.9K vues
Securing Indian Cyberspace Shojan par Shojan Jacob
Securing Indian Cyberspace ShojanSecuring Indian Cyberspace Shojan
Securing Indian Cyberspace Shojan
Shojan Jacob984 vues
Clt3328fisk par Julesroa
Clt3328fiskClt3328fisk
Clt3328fisk
Julesroa647 vues
CyberSecurity: Intellectual Property dispute fuels Cyberwar par Elyssa Durant
CyberSecurity: Intellectual Property dispute fuels CyberwarCyberSecurity: Intellectual Property dispute fuels Cyberwar
CyberSecurity: Intellectual Property dispute fuels Cyberwar
Elyssa Durant419 vues
2015 Cyber Security Strategy par Mohit Kumar
2015 Cyber Security Strategy 2015 Cyber Security Strategy
2015 Cyber Security Strategy
Mohit Kumar7.5K vues
A US Cybersecurity Strategy for 2030 par Scott Dickson
A US Cybersecurity Strategy for 2030A US Cybersecurity Strategy for 2030
A US Cybersecurity Strategy for 2030
Scott Dickson381 vues
114-116 par IKERIONWU FREDRICK
114-116114-116
114-116
IKERIONWU FREDRICK202 vues
Cybersecurity Awareness- Libya' 1st Cybersecurity Days Conference (CDC) par Esam Abulkhirat
Cybersecurity Awareness- Libya' 1st Cybersecurity Days Conference (CDC)Cybersecurity Awareness- Libya' 1st Cybersecurity Days Conference (CDC)
Cybersecurity Awareness- Libya' 1st Cybersecurity Days Conference (CDC)
Esam Abulkhirat900 vues

Similaire à CWFI Presentation Version 1

Systemic cybersecurity risk par
Systemic cybersecurity riskSystemic cybersecurity risk
Systemic cybersecurity riskblogzilla
1.3K vues28 diapositives
Cyber(in)security: systemic risks and responses par
Cyber(in)security: systemic risks and responsesCyber(in)security: systemic risks and responses
Cyber(in)security: systemic risks and responsesblogzilla
1.3K vues28 diapositives
28658043 cyber-terrorism par
28658043 cyber-terrorism28658043 cyber-terrorism
28658043 cyber-terrorismDharani Adusumalli
1.4K vues25 diapositives
The Involvement Of The Cyber Attack par
The Involvement Of The Cyber AttackThe Involvement Of The Cyber Attack
The Involvement Of The Cyber AttackJamie Miller
2 vues41 diapositives
Top Five Security Threats And Infrastructure par
Top Five Security Threats And InfrastructureTop Five Security Threats And Infrastructure
Top Five Security Threats And InfrastructureMelissa Ward
2 vues45 diapositives
Beza belayneh information_warfare_brief par
Beza belayneh information_warfare_briefBeza belayneh information_warfare_brief
Beza belayneh information_warfare_briefBeza Belayneh
448 vues20 diapositives

Similaire à CWFI Presentation Version 1(20)

Systemic cybersecurity risk par blogzilla
Systemic cybersecurity riskSystemic cybersecurity risk
Systemic cybersecurity risk
blogzilla1.3K vues
Cyber(in)security: systemic risks and responses par blogzilla
Cyber(in)security: systemic risks and responsesCyber(in)security: systemic risks and responses
Cyber(in)security: systemic risks and responses
blogzilla1.3K vues
28658043 cyber-terrorism par Dharani Adusumalli
28658043 cyber-terrorism28658043 cyber-terrorism
28658043 cyber-terrorism
Dharani Adusumalli1.4K vues
The Involvement Of The Cyber Attack par Jamie Miller
The Involvement Of The Cyber AttackThe Involvement Of The Cyber Attack
The Involvement Of The Cyber Attack
Jamie Miller2 vues
Top Five Security Threats And Infrastructure par Melissa Ward
Top Five Security Threats And InfrastructureTop Five Security Threats And Infrastructure
Top Five Security Threats And Infrastructure
Melissa Ward2 vues
Beza belayneh information_warfare_brief par Beza Belayneh
Beza belayneh information_warfare_briefBeza belayneh information_warfare_brief
Beza belayneh information_warfare_brief
Beza Belayneh448 vues
Worldwide Cyber Threats report to House Permanent Select Committee on Intelli... par David Sweigert
Worldwide Cyber Threats report to House Permanent Select Committee on Intelli...Worldwide Cyber Threats report to House Permanent Select Committee on Intelli...
Worldwide Cyber Threats report to House Permanent Select Committee on Intelli...
David Sweigert304 vues
Cybercrime Is A Serious Issue par Lori Mathers
Cybercrime Is A Serious IssueCybercrime Is A Serious Issue
Cybercrime Is A Serious Issue
Lori Mathers4 vues
Proactive Counterespionage as a Part of Business Continuity and Resiliency par Dr. Lydia Kostopoulos
Proactive Counterespionage as a Part of Business Continuity and ResiliencyProactive Counterespionage as a Part of Business Continuity and Resiliency
Proactive Counterespionage as a Part of Business Continuity and Resiliency
Dr. Lydia Kostopoulos1K vues
The securitization of online activism par jwilso
The securitization of online activismThe securitization of online activism
The securitization of online activism
jwilso375 vues
Online security – an assessment of the new par sunnyjoshi88
Online security – an assessment of the newOnline security – an assessment of the new
Online security – an assessment of the new
sunnyjoshi88237 vues
UN Presentation - 10-17-2018 - Maccaglia par Stefano Maccaglia
UN Presentation - 10-17-2018 - MaccagliaUN Presentation - 10-17-2018 - Maccaglia
UN Presentation - 10-17-2018 - Maccaglia
Stefano Maccaglia268 vues
Francesca Bosco, Le nuove sfide della cyber security par Andrea Rossetti
Francesca Bosco, Le nuove sfide della cyber securityFrancesca Bosco, Le nuove sfide della cyber security
Francesca Bosco, Le nuove sfide della cyber security
Andrea Rossetti1.8K vues
HE Mag_New Cyber Threats_ITSource par Brian Arellanes
HE Mag_New Cyber Threats_ITSourceHE Mag_New Cyber Threats_ITSource
HE Mag_New Cyber Threats_ITSource
Brian Arellanes137 vues
Cyber Terrorism (FBI) Enforces Federal Laws par Laurie Gunlicks
Cyber Terrorism (FBI) Enforces Federal LawsCyber Terrorism (FBI) Enforces Federal Laws
Cyber Terrorism (FBI) Enforces Federal Laws
Laurie Gunlicks2 vues
Power and Leverage in the XXI Century par Jyrki Kasvi
Power and Leverage in the XXI CenturyPower and Leverage in the XXI Century
Power and Leverage in the XXI Century
Jyrki Kasvi382 vues
Stop Cyber Warfare Before It Happens Essay par Sandy Harwell
Stop Cyber Warfare Before It Happens EssayStop Cyber Warfare Before It Happens Essay
Stop Cyber Warfare Before It Happens Essay
Sandy Harwell2 vues
Clinton- Cyber IRT Balto 10_2012 par Don Grauel
Clinton- Cyber IRT Balto 10_2012Clinton- Cyber IRT Balto 10_2012
Clinton- Cyber IRT Balto 10_2012
Don Grauel675 vues
Tech Topic Privacy par netapprad
Tech Topic PrivacyTech Topic Privacy
Tech Topic Privacy
netapprad698 vues
wp-us-cities-exposed par Numaan Huq
wp-us-cities-exposedwp-us-cities-exposed
wp-us-cities-exposed
Numaan Huq975 vues

Dernier

20231123_Camunda Meetup Vienna.pdf par
20231123_Camunda Meetup Vienna.pdf20231123_Camunda Meetup Vienna.pdf
20231123_Camunda Meetup Vienna.pdfPhactum Softwareentwicklung GmbH
41 vues73 diapositives
HTTP headers that make your website go faster - devs.gent November 2023 par
HTTP headers that make your website go faster - devs.gent November 2023HTTP headers that make your website go faster - devs.gent November 2023
HTTP headers that make your website go faster - devs.gent November 2023Thijs Feryn
22 vues151 diapositives
Special_edition_innovator_2023.pdf par
Special_edition_innovator_2023.pdfSpecial_edition_innovator_2023.pdf
Special_edition_innovator_2023.pdfWillDavies22
17 vues6 diapositives
Unit 1_Lecture 2_Physical Design of IoT.pdf par
Unit 1_Lecture 2_Physical Design of IoT.pdfUnit 1_Lecture 2_Physical Design of IoT.pdf
Unit 1_Lecture 2_Physical Design of IoT.pdfStephenTec
12 vues36 diapositives
STKI Israeli Market Study 2023 corrected forecast 2023_24 v3.pdf par
STKI Israeli Market Study 2023 corrected forecast 2023_24 v3.pdfSTKI Israeli Market Study 2023 corrected forecast 2023_24 v3.pdf
STKI Israeli Market Study 2023 corrected forecast 2023_24 v3.pdfDr. Jimmy Schwarzkopf
19 vues29 diapositives
PRODUCT PRESENTATION.pptx par
PRODUCT PRESENTATION.pptxPRODUCT PRESENTATION.pptx
PRODUCT PRESENTATION.pptxangelicacueva6
14 vues1 diapositive

Dernier(20)

20231123_Camunda Meetup Vienna.pdf par Phactum Softwareentwicklung GmbH
20231123_Camunda Meetup Vienna.pdf20231123_Camunda Meetup Vienna.pdf
20231123_Camunda Meetup Vienna.pdf
Phactum Softwareentwicklung GmbH41 vues
HTTP headers that make your website go faster - devs.gent November 2023 par Thijs Feryn
HTTP headers that make your website go faster - devs.gent November 2023HTTP headers that make your website go faster - devs.gent November 2023
HTTP headers that make your website go faster - devs.gent November 2023
Thijs Feryn22 vues
Special_edition_innovator_2023.pdf par WillDavies22
Special_edition_innovator_2023.pdfSpecial_edition_innovator_2023.pdf
Special_edition_innovator_2023.pdf
WillDavies2217 vues
Unit 1_Lecture 2_Physical Design of IoT.pdf par StephenTec
Unit 1_Lecture 2_Physical Design of IoT.pdfUnit 1_Lecture 2_Physical Design of IoT.pdf
Unit 1_Lecture 2_Physical Design of IoT.pdf
StephenTec12 vues
STKI Israeli Market Study 2023 corrected forecast 2023_24 v3.pdf par Dr. Jimmy Schwarzkopf
STKI Israeli Market Study 2023 corrected forecast 2023_24 v3.pdfSTKI Israeli Market Study 2023 corrected forecast 2023_24 v3.pdf
STKI Israeli Market Study 2023 corrected forecast 2023_24 v3.pdf
Dr. Jimmy Schwarzkopf19 vues
PRODUCT PRESENTATION.pptx par angelicacueva6
PRODUCT PRESENTATION.pptxPRODUCT PRESENTATION.pptx
PRODUCT PRESENTATION.pptx
angelicacueva614 vues
Melek BEN MAHMOUD.pdf par MelekBenMahmoud
Melek BEN MAHMOUD.pdfMelek BEN MAHMOUD.pdf
Melek BEN MAHMOUD.pdf
MelekBenMahmoud14 vues
Powerful Google developer tools for immediate impact! (2023-24) par wesley chun
Powerful Google developer tools for immediate impact! (2023-24)Powerful Google developer tools for immediate impact! (2023-24)
Powerful Google developer tools for immediate impact! (2023-24)
wesley chun10 vues
Uni Systems for Power Platform.pptx par Uni Systems S.M.S.A.
Uni Systems for Power Platform.pptxUni Systems for Power Platform.pptx
Uni Systems for Power Platform.pptx
Uni Systems S.M.S.A.56 vues
Zero to Automated in Under a Year par Network Automation Forum
Zero to Automated in Under a YearZero to Automated in Under a Year
Zero to Automated in Under a Year
Network Automation Forum15 vues
MVP and prioritization.pdf par rahuldharwal141
MVP and prioritization.pdfMVP and prioritization.pdf
MVP and prioritization.pdf
rahuldharwal14131 vues
PRODUCT LISTING.pptx par angelicacueva6
PRODUCT LISTING.pptxPRODUCT LISTING.pptx
PRODUCT LISTING.pptx
angelicacueva614 vues
Business Analyst Series 2023 - Week 3 Session 5 par DianaGray10
Business Analyst Series 2023 - Week 3 Session 5Business Analyst Series 2023 - Week 3 Session 5
Business Analyst Series 2023 - Week 3 Session 5
DianaGray10248 vues
Network Source of Truth and Infrastructure as Code revisited par Network Automation Forum
Network Source of Truth and Infrastructure as Code revisitedNetwork Source of Truth and Infrastructure as Code revisited
Network Source of Truth and Infrastructure as Code revisited
Network Automation Forum26 vues
PharoJS - Zürich Smalltalk Group Meetup November 2023 par Noury Bouraqadi
PharoJS - Zürich Smalltalk Group Meetup November 2023PharoJS - Zürich Smalltalk Group Meetup November 2023
PharoJS - Zürich Smalltalk Group Meetup November 2023
Noury Bouraqadi127 vues
The Research Portal of Catalonia: Growing more (information) & more (services) par CSUC - Consorci de Serveis Universitaris de Catalunya
The Research Portal of Catalonia: Growing more (information) & more (services)The Research Portal of Catalonia: Growing more (information) & more (services)
The Research Portal of Catalonia: Growing more (information) & more (services)
CSUC - Consorci de Serveis Universitaris de Catalunya80 vues
Design Driven Network Assurance par Network Automation Forum
Design Driven Network AssuranceDesign Driven Network Assurance
Design Driven Network Assurance
Network Automation Forum15 vues
Mini-Track: Challenges to Network Automation Adoption par Network Automation Forum
Mini-Track: Challenges to Network Automation AdoptionMini-Track: Challenges to Network Automation Adoption
Mini-Track: Challenges to Network Automation Adoption
Network Automation Forum12 vues
virtual reality.pptx par G036GaikwadSnehal
virtual reality.pptxvirtual reality.pptx
virtual reality.pptx
G036GaikwadSnehal11 vues
Democratising digital commerce in India-Report par Kapil Khandelwal (KK)
Democratising digital commerce in India-ReportDemocratising digital commerce in India-Report
Democratising digital commerce in India-Report
Kapil Khandelwal (KK)15 vues

CWFI Presentation Version 1

  • 1. The Cyber Warfare Initiative the Good, the Bad, and the Ugly LiveSquare Security www.LiveSquare.com
  • 2.
  • 6.
  • 11.
  • 12. ” Titan Rain” - started 2003 Titan Rain hackers gained access to many U.S. computer networks, including those at Lockheed Martin, Sandia National Laboratories, Redstone Arsenal, and NASA. China.
  • 13. Estonia – March 2007, Ukrain – November 2007
  • 14. Lithuania – June 2008, Georgia – November 2008, Kyrgistan 2008
  • 15. ” GhostNet” – 2008 to present – China, KyLin OS (BSD or ???)
  • 16. DOD, White House, Congress, Lockheed Martin (F35 fighter)
  • 17. Dali Lama, Germany, France, India, Australia
  • 18. Iran
  • 19.
  • 20.
  • 21. ” Everyone is attacking everyone.”
  • 22.
  • 23. Political / Military – strategic asset identification. Intelligence, Target optimization. Economic pressure and articulation. Revenge. Combined kinetic and info attack to paralyze enemy, disinform, weaken, force them to expend resources.
  • 24. Social – why are you targeted? Why did/does Isreal socially map US phone calls? If you own a business, are in IT, or especially if you operate a security consulting practice why does your web site get visited daily by folks in China? Why is Identity Theft so huge? Do you facilitate money laundering?
  • 25.
  • 26.
  • 27. Cause enemy to expend resources and time on futile tasks
  • 28. Create crisis of confidence in enemy's currency, leadership, perceived stability, etc
  • 29. Modify / Destroy information sources, infrastructure, systems – change reality / history
  • 30.
  • 31. Twitter – stopped regular maintenance to aid coordination of dissent in Iran. Aided by State Dept. and a few others.
  • 32.
  • 33. The monitoring capability was provided, at least in part, by a joint venture of Siemens AG, the German conglomerate, and Nokia Corp., the Finnish cellphone company, in the second half of 2008, Ben Roome, a spokesman for the joint venture, confirmed. Source WSJ
  • 34. Iran uses kinetic attack to stop university students from communicating to the outside world. Students killed.
  • 35. Iran plays whack-a-mole with phones, sat phones, ”rogue” Internet connections
  • 36. Bans all foreign media, blocks farsi news sites outside Iran, etc.
  • 37. Iran declares an ”official end” to freedom of expression, people reject this...
  • 38. Using a phone, if you mention the wrong keyword, your line goes dead
  • 39. Pro-iran regime “hacktivists” breach the U of Oregon and leave a message...
  • 40.
  • 41. ” Turning off the Internet” does as much damage as good
  • 42.
  • 43.
  • 44. China – National network configuration enhancing cyber defense, KyLin, ”green dam”, email trojans – known to have penetrated 103 countries, especially email systems. - military value
  • 45. RBN – email malware, identity theft, BOTnets
  • 46. The Brits, Israel (info and kinetic e.g. Gaza), Palestinians, Islamic Jihad, Al Qaeda, Russia to Uzbekistan relating to American Base.
  • 47. Anyone who wants to play
  • 48.
  • 49. The Cyber Warfare Forum Initiative – US and allies
  • 50.
  • 51. Formal and excellent training in hacking / cracking systems
  • 52. Financial funding and rewards for success to anyone
  • 53. Russian Business Network and other organized crime
  • 54. The East has a plan is is doing well
  • 55.
  • 56.
  • 57.
  • 58. Building secure microprocessors with a secure operating system that runs on those chips
  • 59. National connectivity is designed to move through ”gateways”
  • 60.
  • 61.
  • 62. National communications infrastructure a disadvantage – nearly 100% privately owned
  • 63. Capabilities largely from large US security firms that will not cooperate well
  • 64. Successes: Trojan hardware, communications intercept
  • 65.
  • 66. The security industry in general sees an opportunity to resolve long standing issues.
  • 67. Members of the security industry got together to form a ”community” driven effort to cross contaminate and share information to induce improvements and knowledge sharing.
  • 68.
  • 69. Debate rages on who should be the top dog: person, agency, budget authority: lots of dialogue and posturing
  • 70. Security vendors see wash of funds and line up with their suits on
  • 71. The security community suddenly sees the need to help people to understand where we are and what is going on.
  • 72.
  • 73. we may have ”the capabilities” we need, but can we mobilize and utilize them? In time?
  • 74. it should be ”self-evident” that we both need and want to improve our footings
  • 75. The US faces a more difficult task in cyber defense than others due to network design, laws, and other issues.
  • 76.
  • 78.
  • 79. Can we define the problems?
  • 80.
  • 81.
  • 82. When can the military ”shut down” domestic ISPs?
  • 83. Does the Constitution allow for the government to ”take control” of the cyber security issue for everyone or just itself?
  • 84.
  • 85.
  • 86. When will I be safe?
  • 87.
  • 88.
  • 89. OWASP - Open Web Application Security Project
  • 92. OpenDNS for small business and consumers
  • 93. Numerous web sites with links to resources... the pieces of the puzzle are out there
  • 94. We are the most innovative people on the planet...
  • 95.
  • 96.
  • 97. China's new wall has limited ex-filtration from the country and therefore, sources of attacks cannot easily be determined as they are aliased. Infiltration is shut down by shutting down the gateways. A comprehensive strategy exists in China. The US, not so much.
  • 98. US law and constitutional issues should prevent the ”solution” from being a government owned and operated entity. However, all seem to be looking to the government for ”the solution”.
  • 99. If the business community / private sector is the solution...
  • 100.
  • 101. The big security companies actively suppress the smaller companies via a multitude of means. This harms innovation. They are also not buying innovation from the smaller companies so they are simply shutting the other guys out.
  • 102. Not Invented Here (NIH) - Anybody else's products are crap.
  • 103. Turtle Complex - all issues within an organization must be concealed to prevent embarrassment or worse... questions.
  • 104. Hollywood Simplex I - if you are a security vendor at a client, you are the only one doing anything of value. The others are there to try to steal your spotlight.
  • 105. The Kids Clubhouse - if you are not a part of the *con speakers and/or attendees club then obviously you know nothing about security. Only people that attend or speak at conferences know anything worth while.
  • 106. Power User Macho - even if you really have little understanding about what is going on: be aggressive. Ignorance is best concealed behind a good offense.
  • 107. Megalomania - with this security product / concept / method - I shall rule the world. All others shall bow to me. Ah ha ha ha ha ha.
  • 108.
  • 109. Little collaboration combined with the stiffling of innovation = bad day for US.
  • 110.
  • 111. If people find out our problems I might lose my job... "So we are fine."
  • 112. We don't do anything with jet fighters, therefore our problems are much smaller and very different.
  • 113. We can't solve every problem, so we will focus on responding to the stuff that hits us. We will react to issues as they come up.
  • 114. We don't want to work with other companies. We want attackers to leave us alone and attack them. Our strategy is displacement.
  • 115. Alphabet-soup - even though the letters and credentials have no track record of success. It is still mandatory. Letters are cool.
  • 116. Job-dutious-abandoness - the more security stuff I/we do, the more likely it is to catch someone's eye and embarrass me/us. Wait for something bad, jump in and be a hero. Leaders are often shot in the back.
  • 117.
  • 118. Most programmers do not know how to secure code.
  • 119. Most companies don't allocate resources to security testing
  • 120. Most ”outsourced and off-shored” projects are never reviewed for security. That ends up biting us in the... e.g. FBI, RNC
  • 121. Controversial Assertion by me: ”Trusted Computing” is a fallacy
  • 122. Public Key / Private Key: PKI failed and has multiple defeats (SHA1)
  • 123.
  • 124. Our enemies are more patient than we are
  • 125.
  • 126. Our business' can see only one year at a time. This limits real or focused results.
  • 127. Cloud computing companies offer outstanding local attack centers.
  • 128. No such thing as an objective measurement or standard.
  • 129. Folks in government ”have to spend to much time and money” to test any new technology. Slows adoption or even sensible change.
  • 130. Breaches are so frequent, coupled with the very real problem of lingering infections from prior breaches, that quantifying and eradication of threats is nearly impossible.
  • 131. The sophistication of the attackers vs. our ability to defend is definitely a knife to a gunfight scenario.
  • 132.
  • 134. More of the same
  • 135. US becomes a distant third, 4th?
  • 136.
  • 137. Better co-operation in the security industry
  • 138. Large coalitions of collaborators (geocentric?)
  • 139. A ”caustic cauldron” for security testing (community based)
  • 140.
  • 141.
  • 142. Needs to be able to order ISP shutdowns, blocking of aggressors, and real time intelligent identification of aggressors in times of emergency / crisis
  • 143. May regulate by sector
  • 144.
  • 145.
  • 146. Small players – collaborate, continue your innovation, evangelize
  • 147. Big players – innovate or buy, stop the stifle, sub-contract
  • 148. Government – national testing labs (caustic cauldron) , don't go to the dark side, open up the gene pool
  • 149.
  • 150. White House Cyberspace Policy Review - http://www.cwfi.us/index.php?option=com_docman&task=doc_download&gid=2&Itemid=92
  • 151. Cyber Attacks Against Georgia: Legal Lessons Identified - http://www.carlisle.army.mil/DIME/documents/Georgia%201%200.pdf
  • 152. OWASP - http://www.owasp.org
  • 153. Dark Reading - http://www.darkreading.com
  • 154. Packet Storm - http://packetstormsecurity.org/
  • 155. Security Lists - http://www.seclists.org
  • 156. Sickurity - http://www.sickurity.com/
  • 157. SANS TOP 25 Most Dangerous Programming Errors - http://www.sans.org/top25errors/
  • 158.
  • 159. 2001 – Report to Congress on Cyber warfare - http://www.fas.org/irp/crs/RL30735.pdf
  • 160. Estonia Cyber Defense Center of Excellence - http://www.ccdcoe.org
  • 161. Searchable NIST Common Vulnerability Enumeration Database - http://www.livesquare.com/portal/cve.asp - FREE
  • 162. Common Attack Pattern Enumeration and Classification - http://capec.mitre.org - FREE
  • 163. LiveSquare's Daily Security Bulletin - http://www.livesquare.com/portal/dsb.asp – FREE to you!
  • 164.
  • 165. Thank you Arizona Security Practitioners Forum
  • 166. Thank you for coming!
  • 167. I thank those of you who have decided to participate moving forward and look forward to your contributions.