Event: George Washington University -- National Security Threat Convergence: Violent Extremism and Cybersecurity
Download as PPTX, PDF1 like310 views
This document discusses cybersecurity threats facing critical US infrastructure sectors. It outlines several major threat actors including hackers, insider threats, hacktivists, foreign and state-sponsored espionage, and terrorists. It then examines specific cyber threats like Trojans, viruses, worms, DDoS attacks, and zero-day vulnerabilities. The document outlines critical infrastructure sectors including government, military, energy, transportation, finance, healthcare, and identifies recent cyber incidents targeting these sectors. It emphasizes the importance of securing critical infrastructure and outlines the roles of government agencies like DHS and initiatives like the CIS critical security controls in improving cybersecurity.
Event: George Washington University -- National Security Threat Convergence: Violent Extremism and Cybersecurity
- 1. Chuck Brooks Vice President Sutherland Government Solutions Wed, October 12, 2016 Terrorism and non-state actors The US Critical Infrastructure Sectors as Targets and Recent Examples
- 2. • “A few lines of code can wreak more havoc than a bomb.” Hon. Tom Ridge (Former) Secretary of the U.S. Department of Homeland Security • “The Internet was not built for security, yet we have made it the backbone of virtually all private-sector and government operations, as well as communications. Pervasive connectivity has brought dramatic gains in productivity and pleasure but has created equally dramatic vulnerabilities. Huge heists of personal information are common, and cybertheft of intellectual property and infrastructure penetrations continue at a frightening pace.” Joel Brenner, the former counsel to the National Security Agency The Cyber Threat
- 4. Major Threat Actors • Hacker/Script Kiddies/Hobbyist • Insider Threat/Disgruntled Employee • Hacktivist • Industrial Espionage • Foreign Espionage • Terrorist • State Sponsored Attack
- 5. Major Threat Actors • Hacker/Script Kiddies/Hobbyist • Insider Threat/Disgruntled Employee • Hacktivist • Industrial Espionage • Foreign Espionage • Terrorist • State Sponsored Attack
- 6. Cyber-Threats • Trojan. A Trojan is one of the most complicated threats among all. Most of the popular banking threats come from the Trojan family such as Zeus and SpyEye. • Virus. A Virus is a malicious program where it replicates itself and aim to only destroy a computer. The ultimate goal of a virus is to ensure that the victim’s computer will never be able to operate properly or even at all. • Worms; They can spread from one computer to another computer within a network or even the internet. The computer security risk here is, it will use up your computer hard disk space due to the replication and took up most of your bandwidth due to the spread. • DDoS (Distributed Denial of Service) sends millions of traffic to a single server to cause the system to down with certain security feature disable so that they can do their data stealing. • A Zero-day Vulnerability refers to a hole in software that is unknown to the vendor, which can be exploited by hackers before the vendor becomes aware and hurries to patch it up. They are becoming an increasingly powerful weapon of cyber espionage as countries become more connected to the internet
- 7. Cyber-Threats • Spyware Is a Malware which is designed to spy on the victim’s computer • Botnet. Botnet is something which is installed by a BotMaster to take control of all the computer bots via the Botnet infection • Phishing. A fake website which is designed to look almost like the actual website is a form of phishing attack. The idea of this attack is to trick the user into entering their username and password into the fake login form which serves the purpose of stealing the identity of the victim • Ransomware: in which hackers hold computers and even entire networks hostage for electronic cash payments. Ransomware has been around for more than a decade, but attacks have exploded in the past couple of years Researchers have seen a 3,500% increase in the criminal use of ransomware .
- 9. Securing Critical Infrastructure • Government • Military: Secrets, tactics, location of forces, tampering • Power Grid: Generator controls, power distribution controls • Telecommunications: Phone, internet connectivity • Transportation: Air traffic control, railway, bridge and highway, radar • Energy/Fuel Supply: Locations of pipelines, types of fuel and amounts • Banking and Finance: Asset protection, stock market • Emergency Services: 911 system, disaster response, first responder coordination, deployment and locations • Food and Water Infrastructure: Food and water distribution, process
- 10. Securing Critical Infrastructure • The number of cyber incidents reported by federal agencies jumped more than 1,300 percent, from 5,503 to 77,183, over the 10 years through fiscal 2015 • Ransomware attacks on government agencies around the world have tripled in the past year • About 4 percent of government agencies had been exposed to Nymaim, and 3 percent to Locky, both ransomware strains • OPM Breach - heist of data on 22 million current and former federal employees • Elections: In Illinois and Kansas registration databases were suspected of being hacked. Illinois hackers managed to download personal data on up to 200,000 state voters • There is only one way to protect the voting system from a nation- state-funded cyberattack," "Use paper."
- 11. • Cybersecurity, information assurance, and resilience has become one of the largest areas of government spending at all agencies and is consistently ranked the top priority among government and industry CIOs in surveys • In the U.S., most -approximately 85 per cent of the cybersecurity critical infrastructure is owned by the private sector and regulated by the public sector • In 2013, President Obama issued Executive Order 13636 (“Improving Critical Infrastructure Cyber-security”) called for the establishment of a voluntary risk-based cyber-security framework between the private and public sectors • Incident response to Industrial Control Systems -Supervisory Control and Data Acquisition (SCADA) • The leader civilian agency in the government for public/private cooperation in cybersecurity is the Department of Homeland Security (DHS). Cybersecurity -- Role of Government
- 12. Critical Security Controls The CIS Critical Security Controls are a recommended set of actions for cyber defense that provide specific and actionable ways to stop today's most pervasive and dangerous attacks (APTs – Advanced Persistent Threats) 1: Inventory of Authorized and Unauthorized Devices 2: Inventory of Authorized and Unauthorized Software 3: Secure Configurations for Hardware and Software on Mobile Devices, Laptops, Workstations, and Servers 4: Continuous Vulnerability Assessment and Remediation 5: Malware Defenses 6: Application Software Security 7: Wireless Access Control 8: Data Recovery Capability 9: Security Skills Assessment and Appropriate Training to Fill Gaps 10: Secure Configurations for Network Devices such as Firewalls, Routers, and Switches 11: Limitation and Control of Network Ports, Protocols, and Services 12: Controlled Use of Administrative Privileges 13: Boundary Defense 14: Maintenance, Monitoring, and Analysis of Audit Logs 15: Controlled Access Based on the Need to Know 16: Account Monitoring and Control 17: Data Protection 18: Incident Response and Management 19: Secure Network Engineering 20: Penetration Tests and Red Team Exercises
- 13. Cybersecurity -DHS • DHS is responsible for overseeing the protection of the.gov domain and for providing assistance and expertise to private sector owners and operators. The agency’s work benefits the information technology community and the public at-large. • DHS plays a key role in securing the federal government's civilian cyber networks and helping to secure the broader cyber ecosystem • US-CERT is responsible for analyzing and reducing cyber threats, vulnerabilities, disseminating cyber threat warning information, and coordinating incident response activities. The division brings advanced network and digital media analysis expertise to bear on malicious activity targeting the networks within the United States and abroad
- 14. Energy • Protecting The Grid • Utilities and Power Plants • Solar Energy • Data Centers • Water Systems • Oil, Gas & Coal (Logistics)
- 15. • “China and one or two other countries have the ability to launch a cyber attack that could shut down the entire U.S. power grid and other critical infrastructure” Admiral Mike Rodgers, head of the National Security Agency (NSA) and U.S. Cyber Command • US Department of Homeland Security’s Cybersecurity Emergency Response Team responded to 295 cyber incidents in the energy sector in 2015 • The frequency, sophistication and costs of data breaches are increasing, says the World Energy Council, and the world’s first publicly- acknowledged power outage caused by hackers has taken place in Ukraine • In South Korea last year hackers targeted Korea Hydro and Nuclear Power Company, trying to cause nuclear reactors to malfunction • An attack on a nuclear plant could lead to a core meltdown and dispersal of radioactivity, says the report, while attacks on other critical energy infrastructure could threaten a country’s economy, public safety and national defense Energy
- 16. • Mobile payments/transactions • Mobile banking • ATMS • Identity Theft: • Identity management Biometric Security: access control facial recognition, voice recognition, iris and retina scanners, fingerprint sensors on tablets and smartphones – pass keys • Retail Commerce • Stock Markets Finance/Commerce
- 17. • A sophisticated hacking scheme targeted the Bangladesh central bank ($81M stolen) in March 2016 • In March 2016, the U.S. Justice Department indicted seven hackers tied to the Iranian regime These hackers staged a coordinated cyber attack that targeted 46 major financial institutions and a dam outside of New York City • According to Websense Security Labs, the average number of attacks against financial services institutions is four times higher than that of companies in other industries • The Federal Bureau of Investigation estimated that more than 500 million financial records were hacked in 2013 • According to the Ponemon Institute, over 43% of companies had breaches last year (including mega companies such as Home Depot, JPMorgan, and Target • According to the Center For Strategic and International Studies (CSIS), cyber related crime now costs the global economy about $445 billion every year Finance/Commerce
- 18. • The cybersecurity healthcare landscape has many facets. These include the information security networks of medical facilities and hospitals, medical equipment and devices, and protection of the sensitive data and privacy of patients • Interconnected Hospital networks with multiple devices • Health- Implantable devices; (bionic eyes, limbs) • Remote sensing tech (Wearables) • Telemedicine • Real-time biomarker tracking and monitoring • Refrigeration and storage Health & Medicine
- 19. • Last year, a series of hospitals fell victim to ransomware attacks; one, the Hollywood Presbyterian Medical Center, paid the $17,000 ransom to unlock critical medical information • Another US hospital, Boston Children’s Hospital was the target of a series of breaches including distributed denial of service attacks. Medical institutions in Europe and Canada have also been subjected to intrusions. • Healthcare data is highly valuable to hackers because they can sell it for a high price on the black market • In 2015 36% of breaches included medical records Health & Medicine
- 20. • A “connected transportation system,” and more specifically “connected cars” allow for safer and more efficient urban mobility. Connected car technology is evolving rapidly and is now being tested • A group of Virginia-based researchers funded by the Defense Department found that it is relatively easy to remotely hack into a driverless car’s control system Aviation: • LOT Polish Airlines had its flight operations system hacked, resulting in disruption or cancellation of 22 flights • American security researcher Chris Roberts claims to have accessed flight-critical controls through the in-flight entertainment system Transportation
- 21. Securing The Digital Future
- 22. • Cisco predicts that 50 billion devices (including our smartphones, appliances, and office equipment) will be wirelessly connected via a network of sensors to the internet by 2020 • How do we protect cascading interconnectivity? IoT Verticals: • Smart Cities • Facilities & infrastructure management • Industrial applications • Energy (smart grid) • Medical & healthcare • Transportation • Building/construction (smart buildings) • Environment (waste management) • Water resources • Retail and supply chain, • Communications • Education (learning analytics) The Digital age and “The Internet of Things”
- 24. Cybersecurity
- 25. • Defining and monitoring the threat landscape • Risk Management (identifying, assessing and responding to threats- i.e. NIST Framework: Identify, Protect, Detect, Respond, Recover) • Protecting critical infrastructure through rapid proto-typing of technologies and Public/Private cooperation • Modernizing security Architectures • Better encryption and biometrics (quantum encryption, keyless authentication) • Automated network-security correcting systems (self-encrypting drives) Cybersecurity Priorities
- 26. • Technologies for continuous “real time” horizon scanning and monitoring of networks • Access Management and Control • Endpoint protection • Diagnostics, data analytics, and forensics (network traffic analysis, payload analysis, and endpoint behavior analysis) • Advanced defense for framework layers (network, payload, endpoint, firewalls, and anti-virus) • Enterprise and client Network isolation to protect against malware, botnets, insider threats • Forensics Cybersecurity Priorities
- 27. Sutherland Government Solutions, Inc. (SGSI) mission is to ensure government can meet its vision of fully responding to citizen mandates. As a trusted partner, we enable government to succeed by providing smart, affordable and highly responsive customer care processes and solutions. Our Industry experience instills confidence in constituent oriented government operations. SGSI’s capabilities include rapidly deploying major contact centers, integrating citizen-centric IT services, and processing health and insurance benefit claims. SGSI’s technology-enabled services are performance force multipliers for government, especially in times of budget constraint. Sutherland's Services for Government Include: • Multi-Channel Constituent Relations • Veterans Choice: Customer Care • Healthcare & Insurance Claims Processing • Revenue Cycle Management • Analytics • IT Service Desks & Contact Centers • System Integration
- 28. Charles (Chuck) Brooks serves as the Vice President for Government Relations & Marketing for Sutherland Global Services. Chuck leads Federal and State & Local Government relations activities. He is also responsible for the Marketing portfolio (Media, PR, Digital Outreach, Thought Leadership, Strategic Partnering, Branding) for the Federal and State & Local markets. Chuck is Chairman of the CompTIA Emerging Technologies Committee also serves on Boards to several prominent public and private companies and organizations. Chuck has extensive service in Senior Executive Management, Marketing, Government Relations, and Business Development and worked in those capacities for three large public corporations. In government, he served at the Department of Homeland Security as the first Director of Legislative Affairs for the Science & Technology Directorate. He also spent six years on Capitol Hill as a Senior Advisor to the late Senator Arlen Specter where he covered foreign affairs, business, and technology issues. In academia, Chuck was an Adjunct Faculty Member at Johns Hopkins University where he taught graduate level students about homeland security and Congress. He has an MA in International relations from the University of Chicago, and a BA in Political Science from DePauw University, and a Certificate in International Law from The Hague. He is widely published on topics o fhomeland security, cybersecurity, and emerging technologies. Twitter: @ChuckDBrooks Linked in Profile: http://www.linkedin.com/in/chuckbrooks Email: [email protected] Chuck Brooks Bio:
- 29. The problems that exist in the world today cannot be solved by the level of thinking that created them.