The document discusses how revelations about government surveillance programs are fundamentally changing IT security. It outlines how surveillance by intelligence agencies like the NSA poses a new top threat that is driving a massive increase in security spending by companies to protect themselves and their customers. Trillions will be spent in the coming years on encryption and other security measures to prevent spying and safeguard private information in response to the new risks presented by global government surveillance programs.
4. Scenarios
• Member of Congress contacts with
stock brokers
• Volume of calls between acquirer
and target
• CEO-CFO interactions
• Journalist-whistleblower
interactions
• Petraeus-Broadwell
Guardian image
Wednesday, September 4, 13
5. If only it were just meta data
...the Justice Department has secretly
interpreted federal surveillance law to
permit thousands of low-ranking analysts to
eavesdrop on phone calls.
Wednesday, September 4, 13
8. The Destruction of Trust
• US tech companies will be the victims
• US cloud services already suffering
• Attestations being asked for by EU clients
Wednesday, September 4, 13
9. The New Threat Hierarchy
• Surveillance State
• Information Warfare
• CyberCrime
• Hactivism
• Vandalism
• Experimentation
Wednesday, September 4, 13
10. $652 million Project Genie
Additionally, under an extensive effort code-named GENIE,
U.S. computer specialists break into foreign networks so
that they can be put under surreptitious U.S. control.
Budget documents say the $652 million project has placed
"covert implants," sophisticated malware transmitted from
far away, in computers, routers and firewalls on tens of
thousands of machines every year, with plans to expand
those numbers into the millions. -Washington Post
Wednesday, September 4, 13
11. Implications for security
vendors
• The state as threat actor
• Researching NSA malware
• Defending against NSA surveillance
Wednesday, September 4, 13
12. Enterprise is compromised
• If every employee’s email and phone
conversations are captured what are
breach notification requirements?
• HIPPA?
• GLB?
• SOX?
Wednesday, September 4, 13
13. Re-vamping enterprise security
• A universal threat must be met with
universal security
• Spending on encryption set to double this
year
• Protecting keys will lead to massive
investment in security
Wednesday, September 4, 13
14. Ten fold increase in spending
0
175
350
525
700
2003 2013 2023
IT Security Spending in $billions
hacking
cyber crime
cyber espionage
surveillance state $639 Billion
Wednesday, September 4, 13