4. Scenarios
• Member of Congress contacts with
stock brokers
• Volume of calls between acquirer
and target
• CEO-CFO interactions
• Journalist-whistleblower
interactions
• Petraeus-Broadwell
4
Guardian image
Thursday, September 12, 13
5. If Only It Were Just Meta Data
5
...the Justice Department has secretly interpreted
federal surveillance law to permit thousands of low-
ranking analysts to eavesdrop on phone calls.
Thursday, September 12, 13
13. The Old Threat Hierarchy
• Information Warfare
• CyberCrime
• Hactivism
• Vandalism
• Experimentation
13
Thursday, September 12, 13
14. The New Threat Hierarchy
•Surveillance State
• Information Warfare
• CyberCrime
• Hactivism
• Vandalism
• Experimentation
14
Thursday, September 12, 13
15. GENIE is Out Of the Bottle
Additionally, under an extensive effort code-named GENIE,
U.S. computer specialists break into foreign networks so that
they can be put under surreptitious U.S. control. Budget
documents say the $652 million project has placed "covert
implants," sophisticated malware transmitted from far away,
in computers, routers and firewalls on tens of thousands of
machines every year, with plans to expand those numbers
into the millions. -Washington Post
15
Thursday, September 12, 13
16. Implications for the IT Industry
• The state as threat actor
• Researching NSA malware
• Defending against NSA surveillance
16
Thursday, September 12, 13
17. The Enterprise Is Compromised
• If every employee’s email and phone
conversations are captured what are
breach notification requirements?
• HIPPA?
• GLB?
• SOX?
17
Thursday, September 12, 13
18. Good Times For Trusted Computing?
• A universal threat must be met
with universal security
• Spending on encryption set to
double within a year
• Protecting keys will lead to
massive investment in security
18
Thursday, September 12, 13
19. Look For a Ten Fold Increase in Spending
19
0
175
350
525
700
2003 2013 2023
cyber crime
cyber espionage
surveillance state
$639 Billion
Thursday, September 12, 13
20. A Call To Arms
This new threat to Confidentiality, Integrity,
Availability, Privacy, Commerce, Democracy, and
Stability, greater than all others, is what Trusted
Computing was built to counter. Let’s fix this, before it
is too late.
20
Thursday, September 12, 13