My Relevant Background

Transcription

1 Meeting the Cyber Security Challenge Capacity Development Workshop on Public Information Management

2 My Relevant Background Graduate, US Military Academy Year US Army Military Intelligence career Joint Task Force Computer Network Defense, US Department of Defense (DoD) ( ) Director, International Cyber Security, US DoD ( ) Managing Director, Worldwide Public Safety & National Security, Microsoft ( ) Senior Vice President, Global Public Sector, WISeKey (April 2011 present)

3 The Problem Setting the Stage: The Customer Problem

4 The Online Paradigm Shift is Happening Digitalization is disruptively revolutionizing our world at unimaginable speeds Confidentiality and Privacy an increasing concern New disruptive players arrive with new rules Apple has changed the phone, music and media industry forever Virtual social networks empower the consumer to impose their wishes on producers Low costs (hardware, software, networks) help fast adoption by the younger generation forcing companies to adapt at a dramatic pace Interconnectivity can lead to problems Identity theft, corruption and/or total loss of data, and unauthorised transmission of data Cyberspace security landscape is changing Frequency and sophistication of malware attacks are increasing dramatically

5 The Impact of Social Networks

6 The Shifting Center of Gravity Published in The Economist on Sept. 2, 2010 Danger of losing internet s universality due to the emergence of separate digital domains: National restrictions: some countries impose tight controls on the internet links with the rest of the world Companies restrictions: a few powerful companies, such as Facebook or Apple, propose their own web-based services The preference of network operators that will favor content providers prepared to pay up, involving the risk of discrimination

7 Storm Clouds Forming Activity on the Internet and in the Cloud is increasing at an accelerated pace. New security needs become apparent and never-before-considered issues of privacy rights emerge. More reasons to be online and more data stored & transferred means that the ramifications of a security breach are enormous and growing. Source: Gartner

8 Cyberspace Security Issues Rise Malware attacks increased in 2008 by 165% from 2007 Cybercriminals typically profit from reselling stolen data, extorting companies, or committing financial crimes such as identity theft and fraudulent credit card transactions 31% of staff access social networks while at work Causes potential transmission of infected data due to the deemed trust of the members of the social network 450 million corporate smartphones, 300 million corporate laptops and 2.1 billion USB keys with data used by enterprises in ,000 laptops are lost each year at airports 48% of data breaches are the result of lost computers or data storage devices 120 countries are developing warfare divisions capable of launching offensive attacks Sources: Symantec, William Blair & Co, McAfee, Pomenon Institute

9 Every individual is at risk There are : 4.5 billion users of mobile phone in the world today; 6 billion by billion users of internet today; about 4.7 billion by billion device users by million active users of Facebook; 700 billion Facebook minutes per month 70 % of smartphone owners in the USA use mobile financial services Users/consumers are increasingly worried about their privacy Users/ producers want to understand their consumers

10 The Loss is Real & Growing Financial Annual cost of global cybercrime: $114 billion. Value of time lost due to cybercrime experiences: $274 billion. Cybercrime costs the world significantly more than the global black market in marijuana, cocaine and heroin combined annually. Mounting Threats Reports of mobile operating system vulnerabilities increased 42% in 2010, up 163 from 115 in 2009 a sign cybercriminals have shifted their focus to the mobile space. Increased use of social networks and a lack of protection are likely to be some of the main culprits behind the growing number of cybercrime victims. Personal 431 million global adults victims. 14 adults become a victim of cybercrime every second, over 1 million every day. More than 69% of online adults have been a victim of cybercrime. Of adults online, 10% have experienced cybercrime on their mobile phones. Source: 2011 Norton study Source: Symantec Internet Security Threat Report

11 Security Breaches Making Headlines Hacking in Netherlands Points to Weak Spot in Web Security. The New York Times. September 12, Hackers accessed Citigroup customer data. CNet. June 8, PlayStation Hack to Cost Sony $171M. PCMag.com. May 23, RSA Blames Phishing Attack for March Security Breach. PCMag.com. April 5, WikiLeaks supporters attack MasterCard site. CNet. December 8, Gmail Also Nailed by Phishing Attacks, Google Says. PCMag.com. Oct 6,

12 A Military View: Some Inconvenient Truths Information beats kinetics in the 21 st century Our systems, purchased for business and admin, have evolved into warfighting systems We can t function today without the Internet Plus our Millennials expect it and will use it to evolve cyber warfare They are the source of innovation Many put convenience over security Source: VADM H. Denby Starling II Commander, Naval Network Warfare Command 25 March 2009

13 A Military View: The Global Battlespace It is the global info-space You are in it every time you turn your computer on It has no geographic boundaries It is populated with numerous (infinite) players with mobile/portable/cheap technologies some old, some new It is radio frequency, it is social networks, it is computer networks, it is Integrated Air Defense systems, it is leadership networks It is all about information and what we do with it Source: VADM H. Denby Starling II Commander, Naval Network Warfare Command 25 March 2009

14 Cyber Attack as a Dimension of Warfare All warfare is based on deception. Supreme excellence consists in breaking the enemy's resistance without fighting. What is of supreme importance in war is to attack the enemy's strategy. For to win one hundred victories in one hundred battles is not the acme of skill. To subdue the enemy without fighting is the acme of skill. Sun Tzu The Art of War late 6 th Century BC Reinforced by Jomini and Clausewitz centuries later

15 April 26, 2007 Suleyman Anil NATO NCIRC Estonia April/May 2007 Lauri Almann Def Min Jaak Aaviksoo

16 Georgia August 2008 Vice Prime Minister Giorgi Baramidze

17 Timing and Synchronization Russian Cyber Activity Against Georgia Russian Military Forces Fire Intensity Source: Colonel (Ret) Vasili Gogoladze, Republic of Georgia

18 Toughest Collaboration Environment: Disaster Response confusing, agile, uncontrolled and chaotic

19 The Cloud Choices, Choices Public Cloud Private Cloud Hybrid Cloud

20 The Cloud Security Challenge Compliance & Risk Management Identity & Access Management Service Integrity Endpoint Integrity Information Protection Source: Microsoft

21 Conveying Digital Trust Confidentiality is inherent to establishing fruitful partnerships, especially regarding financial transactions Risk of theft, falsification, or manipulation can come from any source (external piracy or internal circle) The gap in security occurs between the physical person and the digital identity, or «the virtual avatar» Avatars have access to information such as online accounts, confidential data and s Digital certification, with high grade authentication and Trust, is key to develop secured personal data management It is on the top of the list of risk management measures It can be used for individuals and for objects Security is not sufficient - Trust is needed to ensure the effectiveness and reliability of digital interactions and transactions

22 WISeKey s Key Competitive Edge Organisation Internationale pour la Sécurité des Transactions Electroniques (OISTE) Unique Trust Model The OISTE Foundation is a non-profit organization for promoting international standards to secure electronic transactions. WISeKey is the trusted operator of the OISTE Common Root. OISTE provides Common Root for Certification Authorities worldwide that comply with the OISTE Trust Model. Swiss Neutrality, Security, and Privacy Laws allow operation without geopolitical or governmental constraints, offering an alternative when U.S.-based certificate sources are under attack.

23 The WebTrust root let users trust you The Webtrust accredited root allows you to trust the site you are using with personal and confidential data, without any risk of leaks.

24 Data Sovereignty Problem of Cloud Computing and SaaS The Perception: "If you run a data center, please be aware that in our great country, the FBI can come into your place of business at any time and take whatever they want, with no reason" Many governments do not have access to infrastructure to implement large e-gov t deployments The alternative of hosting in another country entails big risks to critical infrastructure including loss of data sovereignty Results: projects downsized or eliminated Individuals and companies have similar fears, even if they have nothing to hide Copyright WISeKey

25 Data Sovereignty in the Cloud Legal, policy, technological and infrastructural framework Allows governments to host IT platforms from unique state-of-the-art datacenters in Switzerland As an option, governments apply their own law to servers and data processed in Switzerland (or other designated countries) Provision of identity management, data storage, data hosting and SaaS solutions from the world-renowned privacy, neutral and stability stalwart of Switzerland (also extensible to other jurisdictions) Copyright WISeKey

26 Regional Sovereign Cloud Hubs Copyright WISeKey

27 Online Trust Solutions Trusted Root Signing Secure Electronic Identity Infrastructures Online Site Security and Certification Key Management Service Cyber Security Infrastructure Systems installation and maintenance Cybersecurity policies and audit Identity framework policies Data Sovereignty & cyber security for Cloud Computing Services & Consulting Online Trust Services Operations E-Security Secure dematerialization Data leakage protection Enterprise Mobile Security WISePhone+ WIseSMS WISeID Enterprise e-vault Copyright WISeKey SA 2011

28 Certification Service Provision Operated from high security infrastructures in Switzerland, WISeKey issues certificates for resellers and end-users. Our Reseller Portal extends the reach of our Trust Model. WISeKey provides SSL Certificates for trusted Internet transactions and individual certificates for personal identity authentication. Our certificates, using the highest level 256-bit encryption available, certificates are valid for businesses for 1 or 2 years. The certificates are recognized in more than 99.9% of Internet browsers.

29 CertifyID Managed PKI Platform Designed for Certificate Authorities (CA) who prefer their service hosted and maintained in WISeKey s data center. Shared space increases efficiencies without decreasing security or manageability. No need to install and maintain complicated infrastructure; Reduces time to market in an already tested environment. WISeKey offers this service with or without dedicated CA.

30 Data Leakage Protection

31 Example: e-compliance Services (IATA) Archival or Delivery The digitally signed and times-tamped files are securely stored for retrieval or sent to a designated address. Certified Hardware Security Module (HSM) WISeKey (TSA) Timestamp Authority 3 rd party Locally Accredited (TSA) Timestamp Authority Timestamp Services When required by regulations, WISeSign PDF calls on timestamp services by WISeKey or by a 3 rd party accredited timestamp service in the corresponding jurisdiction. Batch of e-invoice Files Digital Certificates and Cryptographic Keys Issued by Accredited Certification Authorities for compliance with local e-signature and VAT regulations. Mass e-signing Service Based on the destination country the required certificates and cryptographic keys are used to digitally sign the e-invoices in multiple signature formats

32 La Clefs USB

33 By the year billion 6 billion users at 80% of the population 4.7 billion users at 68% of the population 1.7 billion = 1 billion people INTERNET USERS INTERNET USERS MOBILE PHONE USERS GLOBAL POPULATION TODAY 2020 PROJECTIONS

34 Helping Improve Mobile Security Secure Voice over 3G/WiFi RIM/Blackberry, Android, iphone Consumer or Enterprise WISeKey or Customer manages architecture Secure SMS Same deployment and services options as WISePhone Secure data storage on Smart Phones to store usernames, passwords, PINs, credit cards, etc. Protect personally identifiable information (PII) Consumer or Enterprise versions Coming Soon: Secure Chat

35 Questions? Tim Bloechl SVP, Global Public Sector +41 (0)