Cybersecurity. Unlocking the Secrets of. Industry experts discuss the challenges of hacking, tracking, and attacking in a virtual world.

Size: px
Start display at page:

Download "Cybersecurity. Unlocking the Secrets of. Industry experts discuss the challenges of hacking, tracking, and attacking in a virtual world."

Transcription

1 Unlocking the Secrets of Cybersecurity Industry experts discuss the challenges of hacking, tracking, and attacking in a virtual world. BY GIL KLEIN ILLUSTRATION BY ADAM NIKLEWICZ PHOTOGRAPHS BY SAM HURD Shortly after Defense Secretary Leon Panetta warned of a cyber Pearl Harbor, three of University of Maryland University College s top advisers on cybersecurity agreed that he was wrong. A cyber Pearl Harbor is not in our future, they said. It already happened as long as 20 years ago. Sneak attacks against the nation s computer infrastructure occur daily from personal identity theft, to hacktivists trashing targeted Web sites, to thieves stealing corporate secrets, to foreign agents probing U.S. security weaknesses. But with these dangers come opportunities. For people willing to get the right education, cybersecurity offers unlimited possibilities for creative employment that will provide essential services to the nation. Speaking were three members of UMUC s Cybersecurity Think Tank, which has helped the university establish undergraduate and graduate programs in cybersecurity education: Retired U.S. Navy Rear Adm. Elizabeth Hight, who was vice director of the Defense Information Systems Agency and deputy director of JTF-Global Network Operations. She is now vice president of the Cybersecurity Solutions Group, U.S. Public Sector, of the Hewlett-Packard Co. Marcus Sachs, vice president of national security policy at Verizon Communications, who coordinates cyber issues with federal, state, and local governments. L. William Varner, president and chief operating officer of Mission, Cyber and Intelligence Solutions at ManTech International Corp. They joined Achiever writer Gil Klein at the National Press Club in Washington, D.C., to probe this unprecedented new security threat. They talked about the possibility of what Panetta meant by a cyber Pearl Harbor an overwhelming attack that shakes the nation s security and economic system and warrants a military response.

2 Achiever

3 A Pearl Harbor is usually painted as an unexpected attack, where the airplanes come in at dawn. Cyberspace is a little different. We re constantly being attacked, we re constantly being penetrated. So, many would say that our cyber Pearl Harbor moment is actually in our past. We just don t recognize it. MARCUS H. SACHS But they were careful to emphasize that the situation is not totally dire. Solutions are available and opportunities abound to expand them to meet the ever-changing danger. As Marcus Sachs said, All is not bad. We may paint a very horrible picture here, but we want to make sure people understand it s not the end of the world. GIL KLEIN: Betsy, what keeps you up at night? ELIZABETH A. HIGHT: The whole host of unknown unknowns, whether they be very well-meaning but poorly educated information security officers, those who believe that the current host of products will keep their systems well defended, or those who have found unique and still undiscovered exploits to get into public, private, or personal systems. All of those things are still unknown unknowns to most of us. GIL KLEIN: And Marc, do you sleep well? MARCUS H. SACHS: Generally, I do, because if you know what bad is out there and what good is out there, you can sleep well. But what bothers a lot of people is that one lucky person. This is one of the problems in cyberspace: Somebody can make a mistake somewhere that we don t know about, and somebody can get lucky an unknown hacker, an unknown terrorist, an unknown criminal can get very lucky and do something very, very bad that s unpredictable, and we only hear about it the next morning. GIL KLEIN: And Bill, how about you? L. WILLIAM VARNER: My real fear is the consequences of a successful cyber attack anywhere in our critical infrastructure. I think we had a little taste last summer of what that might be like with the storms that came through the Washington, D.C., area. Many lost power for several days. I was fortunate to be able to find power sources nearby and keep my phone and laptop charged for the five days I was without power. But what would we have done had the power not come on in five days? What if it hadn t come on for five weeks? I think our behavior as a society would change at that point, and it would be a much different place to live. GIL KLEIN: Defense Secretary Leon Panetta, who probably doesn t sleep at all given all his responsibilities, recently warned of a cyber Pearl Harbor. Now, let s start with Marc. What do you think that would look like? MARCUS H. SACHS: Well, fortunately, Pearl Harbor has already happened, and it probably happened about 20 years ago. The problem is that we don t know what a Pearl Harbor looks like. When was the first intrusion into our networks? When was the first actual loss due to cyber crime? A Pearl Harbor is usually painted as an unexpected attack, where the airplanes come in at dawn. Cyberspace is a little different. We re constantly being attacked; we re constantly being penetrated. So, many would say that our cyber Pearl Harbor moment is actually in our past. We just don t recognize it; we re still waiting for this big event, and we re not paying attention to everything that has already happened. ELIZABETH A. HIGHT: Most people equate Pearl Harbor with the Big Bang. I mean, there were bombs dropping, there were people injured and dying. There was a lot of noise. So when professionals use that reference, we think there s going to be a great big, loud bang somewhere. But that s not the way cyberspace works. A Brief History of cybersecurity By Melissa E. Hathaway, president of Hathaway Global Strategies and a member of UMUC s Cyber Think Tank. Hathaway served in two presidential administrations, spearheading the Cyberspace Policy Review for President Barack Obama and leading the Comprehensive National Cybersecurity Initiative for President George W. Bush ARPANet Transmission 1970 Intel introduces the first 1k DRAM chip 1971 Creeper Worm demonstrates mobility and self-replicating programs on ARPANet 1972 File Transfer and TCP 1973 ARPANet Virtual Communication with Europe 1973 Motorola invents the first cellular portable telephone to be commercialized 1974 Development of the Graphical User Interface (GUI) paves the way for the intuitive design of Mac and Windows OS Timeline content excerpted from a broader presentation and analysis.

4 LEFT TO RIGHT: Gil Klein, Marcus H. Sachs, Elizabeth A. Hight, L. William Varner. So if we think about it that way, everyone will say, Oh, no, no, there ll never be a big Pearl Harbor. But the consequences could be so severe that we would have exactly the same kind of mayhem, if in fact our critical infrastructure were destroyed or even penetrated in some way. L. WILLIAM VARNER: And the worst thing is, we might not know until such an attack is well under way. It might not be the big, explosive, kinetic activity that we think we would immediately recognize. MARCUS H. SACHS: It is, however, a fair analogy, because a lot of what led up to Pearl Harbor, what actually allowed it to happen, was the misinformation sharing and the stove-piping of information. People knew what was going on. We had intelligence, but there was no sharing. And this is exactly what we see today. GIL KLEIN: And in general terms, how is the United States military preparing for a cyber attack? Is it happening quickly enough? L. WILLIAM VARNER: We should look at the responsibilities of the U.S. Cyber Command and the Department of Homeland Security. Even more importantly, look at all of the aspects of our Internet infrastructure that are not protected by either the Cyber Command or Homeland Security. What that means is that a lot of our protection today is left up to private industry. In all honesty, companies like ours are, in large measure, responsible for protecting their own networks. And it s a big challenge. The bad guys only have to be right once. We have to be right 100 percent of the time. GIL KLEIN: Do you think the general public is aware of the threat? What more can be done to prepare the public for the possibility of a major cyber attack? MARCUS H. SACHS: I think the awareness is there that cyberspace has problems. But what s missing is the So what? What do I do about that? In the physical world, we do a pretty good job of teaching people about looking left and right before crossing the street or about not slipping on the ice. We don t do as good a job of teaching people what to do in cyberspace to make themselves secure. That s the education gap. ELIZABETH A. HIGHT: People may be very aware of the threat, but they really don t know how it impacts them personally. Unless they or a close friend or family member have had their identity stolen, for example, they won t know the true impact on their credit report. They won t know how long it will take to recover Emergence of smaller computers 1977 Microsoft forms 1978 TCP-IP becomes universally accepted global standard to supply network layer and transport layer functionality G network (launched by Nippon Telegraph and Telephone in Japan) allows the first cell-to-cell transmission without dropping the call 1979 Intel introduces the 8088 CPU and it is chosen to power IBM personal computers 1981 IBM personal computer 1982 AT&T divestiture in return for the opportunity to go into the computer business 1983 DNS Registry lays foundation for expansion of Internet 1983 DoD begins using MilNet mandates TCP-IP for all unclassified systems 1983 Fred Cohen authors the first computer virus a term coined by his academic advisor, Len Adelman Timeline illustrations by robert neubecker Achiever

5 And when you re at UMUC, or in any college environment, that is the time to take your innovative ideas and tinker with them and mature them. And then offer them to the greater good. Because cyberspace is open to all of us. So when you innovate, you re helping all of us. ELIZABETH A. HIGHT They won t know that in fact what they put on social media is open to the world and will be there forever. I tell people all the time that we need to have a cyberspace ethics and civics class in elementary school to help teach our citizens from the very beginning what this cyber thing is. Because children like to reach out and touch things, and they can t do that in cyberspace. GIL KLEIN: What is the need for a trained cybersecurity workforce? Are universities producing the numbers needed? Are there enough students coming out of high school with the skills needed to begin learning this kind of complex information? And, of course, how intense is the competition for these jobs? That s a lot of questions. L. WILLIAM VARNER: Those are easy questions, Gil, because the answer to most everything is no. There are not enough people currently. There are not enough people coming out of high schools or being trained in our colleges. And there are just not enough people in the general STEM science, technology, engineering and math curricula altogether. I know Betsy and Marc and I all share an interest in trying to increase the number of trained cyber professionals in the country, particularly those who are able to obtain the clearances that let them work closely with our government agencies. And we sponsor a lot of training programs. Just because someone graduates from college with a master s degree in electrical engineering or computer science does not necessarily mean he or she is ready to join the ranks of cyber warriors. MARCUS H. SACHS: Cyber education is a lot like health and healthcare. When kids are going through elementary, middle, and high school, we teach basic health principles. But not all kids grow up to be doctors and nurses. Cybersecurity is the same sort of thing. We need to teach the basics of hygiene in cyberspace, the basics of what can go wrong. Some can go on to become the professionals. But I think what we re missing is that early education. We tend to think this is only for the little geeks and wizards. But it should be for everybody, just like health education is for everybody. ELIZABETH A. HIGHT: If ever there was a case for lifelong learning, it is cyberspace. All three of us are digital immigrants; we did not grow up with this technology. Our children and our grandchildren are very comfortable with it. But the technology is so complex and changes so rapidly, there is no one who can sit back and think, Oh, well, I understand it, and I don t need any more education. GIL KLEIN: Are there enough university programs to do this? Or is this an open field for universities? And who do you get to teach this if everybody who knows it has to be working and protecting somebody? MARCUS H. SACHS: There s a lot of opportunity there. L. WILLIAM VARNER: There is. UMUC has a great program. I also work with almost every university in the area, as well as with some that are not local. But to me, one of the most important things is making our career field attractive to people who are of the age where they are thinking about what kinds of careers they want. MARCUS H. SACHS: It applies to all career fields. It s not just for those who get a degree in cybersecurity. If your degree is in education, there needs to be a cybersecurity component, because you re going to be the one talking to kids. You need to understand cyberspace at a level where you can talk about it, just like you talk about American history, just like you teach math Cisco Systems Inc. forms 1985 Microsoft Windows; utility of computer easier for consumer 1985 Generic toplevel domains are officially implemented (.com,.gov,.mil,.edu) 1988 Morris is Internet s first widely propagating worm 1988 After Morris Worm, DEC white paper introduces the concept of firewalls and packet filtering; launches the market for security products 1988 DoD funds Carnegie Mellon CERT-CC as a result of Morris Worm 1989 DoD Corporate Information Management (CIM) Initiative to identify and implement management efficiencies in DoD information systems 1990 CERN develops HTML code and software (World Wide Web is possible) 1990 Rise of Internet innovation 1991 National Academy of Sciences: Computers at Risk Report 1991 First GSM network launches in Finland, giving way to 2G cellular networks 1992 OSD issues Policy Information Warfare G networks make instant messaging possible

6 LEFT TO RIGHT: Marcus H. Sachs, Elizabeth A. Hight, and L. William Varner But other career fields engineering, law are also wide open. It doesn t just have to be focused on technical skills. I think this is where UMUC is really gaining an advantage, because they have a wide course curriculum, a big audience. L. WILLIAM VARNER: And in the position we re in now, I don t think all of the universities and colleges added together could produce enough people to meet the needs that we have today. GIL KLEIN: Talk a little bit about the kinds of attacks that are going on right now. Who is making these attacks? And how much impact do they have? ELIZABETH A. HIGHT: There are basically three types of attackers. There are the hacktivists and the joyriders that we ve seen for years and years. There are the state-sponsored attackers. And there are criminals. So each of them has varying degrees of support and education and training and opportunity. That creates a huge problem for the entire federal, state, and local government environment, because they have to protect against the entire continuum. MARCUS H. SACHS: There are some commonalities. It s not machines that are attacking us; people are attacking us. The conversation we were just having about manpower our adversaries have the same problem. There aren t a lot of smart attackers out there, either. In fact, if I had the choice to work for one of us and have a beautiful, bright career, or to work for a terrorist organization and perhaps get blown up, I might decide that I don t want to be a terrorist. This is an interesting quandary, because our adversaries do face the same problems. Government targets are lucrative, but a government system is no different from a private sector system, or a university system, or a home system. It s the same silicon, the same software, the same vulnerabilities. The information may be different; the value of the information may be different, but that is actually a strength, because lessons that you learn in the government can be applied to industry, to academia, or to home systems. And vice versa. So it s a fairly level playing field in terms of defense. Solutions work in multiple places. And that s a strength we need to play to. GIL KLEIN: Can any of you tell me a story about an attack, how it came about, and what was accomplished? 1993 MILNET becomes NIPRNET 1993 Mosaic Web browser makes the Internet an everyday tool 1994 $10 million stolen from Citibank; Steve Katz becomes the first chief information security officer (CISO) 1994 VCJCS directs IW Joint Warfare Capability assessment 1994 Nokia proof sends data over cell phone (Wi-Fi possible) 1995 AOL phishing attacks for passwords and credit card information 1995 Evident Surprise wargame DEPSECDEF and IC agree to coordinate IW policy 1996 ITU works on standard (H-323) for Voice over Internet Protocol (voice and data over single network reduces infrastructure costs) 1996 Defense Science Board paper: Information Warfare- Defense 1996 OSD Issues Information Operations Broadening the Definition to Engage During Peace 1996 US relaxes export controls on encryption products to foster global electronic commerce 1997 Framework for Electronic Global Commerce policy (known as the Green Paper in the U.S.) encourages international adoption of DNS 1997 President s Commission on Critical Infrastructure Protection leads to formation of ISACs (information sharing and analysis centers) Achiever

7 Companies like ours are, in large measure, responsible for protecting their own networks. And it s a big challenge. The bad guys only have to be right once. We have to be right 100 percent of the time. L. WILLIAM VARNER MARCUS H. SACHS: What we see today usually comes on one of two levels. There is the subversive attack that is very hard to see. The adversary is interested in targeting you because there is information that they want specifically from you. And they will take time to get it. They go in and grab what they want, they take it, and you may not realize that it s gone. Often we see this happen after the fact. We have forensics teams that will go in and investigate, and a company or organization will realize that they have been breached. And it sometimes turns out that the initial entry was more than a year ago and the adversaries have had that much access before they are finally noticed. Then you have the class of attacks that are very noisy, like denial-of-service attacks or flooding attacks. The target may be an organization like a bank or a government, or it may just be anybody who happens to be connected to the Internet. Those are like a flash; here today, gone a few moments later. But they can still be very visible. And we face this all the time, particularly with high profile Web sites. This is the hacktivist problem we re talking about, where in the past you might go up to whomever you didn t like and spray paint your message all over their glass wall. Today, you go online and maybe deface their Web site, or cause a denial-ofservice attack so their customers can t get there. ELIZABETH A. HIGHT: We ve had cases of government organizations dealing with their own bureaucracies. A recent state case involved the lack of a state information security officer for more than a year. The thing that held it up was the bureaucracy of finding someone with these critical skills who would accept the pay of a person in a government bureaucracy. Here in Washington, D.C., especially, I think the unemployment rate for cybersecurity specialists is less than zero. They re in great demand. And that s true not just for government but for industry as well. GIL KLEIN: Bill, do you have a great story here? L. WILLIAM VARNER: When you are attacked you might not even know it; the data is still there. They take a copy of it; they don t take the data. It s a lot different from physically breaking into a building and stealing something, where you notice, Hey, my stereo system is gone. You may not know that somebody has taken your valuable intellectual property. MARCUS H. SACHS: Let me mention a real-world case here. The RSA Corporation, as many of us are aware, is at the top of their game when it comes to cybersecurity. Devices, software, consulting services, they re all over. But yet they got breached. And it kind of reflects back on that very first question: What keeps you up at night? Here you have the best, and they get broken into, even though they re doing everything right. ELIZABETH A. HIGHT: So 10, 15, or 20 years ago, we thought if we could protect the outer perimeter, we could keep all the bad guys out. As a matter of fact, in 2005, the Department of Defense really cracked down on two-factor authentication and required everyone to log on to the network with their CAC cards something that they knew, something that they held in their hands that could not be stolen by someone who was putzing around in a network looking at the password file. So those defenses were developed, and then we went on to phishing. And now we re into spear phishing, and the human 1997 Google search engine invented International Standard agreed upon 1997 Eligible Receiver Exercise focuses DoD and IC on vulnerabilities of U.S. infrastructure and foreign IO programs 1998 Internet Corporation of Assigned Names and Numbers (ICANN) established 1998 PDD-63 Critical Infrastructure Protection Policy 1998 Solar Sunrise DoD penetrations realized 1999 U.S. Space Command assigned military Cyber Offense-Defense Mission responsibility 1999 Melissa Virus sets stage for rapid infections 1999 In-Q-Tel established to help government innovate 1999 DCI agrees to use same definitions signing out DCID HTML accepted as international standard ISO: National Academy of Sciences: Trust in Cyberspace 2000 Y2K 2000 DDoS attacks against e-commerce affect Amazon, Ebay, CNN 2001 Launch of first precommercial trial 3G network (packet-switch) by Nippon Telegraph and Telephone 2001 DoD Quadrennial Defense Review renews focus on information operations 2001 Wikipedia created

8 Cyber-Speak Glossary CAC Card is a common access card issued by the Defense Department that allows entry to government buildings and computer networks. About the size of a credit card, it has an embedded microchip that has a digital image of the cardholder s face, two digital fingerprints, Social Security number, and other identifying data. DARPA is the Defense Advanced Research Projects Agency, an independent research branch of the Department of Defense created in 1958 that funded a project that led to the creation of the Internet. Its mission is to think independently of the rest of the military and to respond quickly and innovatively to national defense challenges. Exfiltration, also known as extrusion, is the unauthorized transfer of data from a computer or network. Hacktivists are people who break into computer systems for politically or socially motivated purposes. Their motives are usually not to steal information but to alter a targeted Web site or hamper the organization s ability to operate online. Spear Phishing is an attempt to gain unauthorized access to an organization s information by targeting specific individuals in that organization. Unlike regular phishing, which is typically carried out by random hackers, spear phishers know exactly what information they want and who can provide access. They send messages that appear to be from authoritative sources asking for passwords and other information that will grant them access to classified information. Stuxnet is a computer worm believed to have been developed by the United States and Israel that was used in to attack the supervisory control and data acquisition systems of Iran s nuclear development program. U.S. Cyber Command was created in 2009 in the Department of Defense to plan, coordinate, integrate, synchronize, and direct activities to operate and defend the department s networks. When directed, the Cyber Command conducts military cyberspace operations to ensure the United States and its allies freedom of action in cyberspace while denying the same to its adversaries. element is so unpredictable. A very well-documented case that involved an effort to hack into an international company was really engineered around calling a system engineer overseas and claiming to be a member of the company. It was very late in the evening, and the system admin overseas said, Sure, I can reset your password. And the hacker actually got into the system that way. GIL KLEIN: Is there a level of cyber attack that you think would warrant a traditional military response? Or could we even figure that out? ELIZABETH A. HIGHT: I think with technology today, there are some who can figure that out. And as a citizen of the United States, if an organization or an individual actually turned off my power, or poisoned my water, or caused an airplane to crash, I certainly hope the United States would respond somehow. MARCUS H. SACHS: That somehow is the question. Is the somehow diplomacy that ultimately finds its way into the military? Or is the somehow trade sanctions? Or is the somehow just a demarche or a public outing? I think that s a public policy problem we have here in Washington. We don t have that answer. L. WILLIAM VARNER: Of course, that brings up the whole issue of attribution, which, in my opinion, is the most difficult problem in cybersecurity. You need to be pretty certain who launched the attack before you strike back. In reality, many attacks originate right here in the United States; they are just routed through other countries. MARCUS H. SACHS: We have a very clear policy about the use of nuclear weapons, for example. There is no ambiguity about what the United States response would be if somebody fired a nuclear weapon at us. We have a very clear policy on invasion. But we don t have a clear national policy that says, It is the policy of the United States to do the following if there is a cyber attack that meets such-and-such a threshold. I think we have to have that Council of Europe, Cybercrime Convention (treaty) 2001 Nuclear Posture Review calls for replacement of nuclear weapons with non-kinetic weapons 2002 Department of Homeland Security assumes Critical Infrastructure Protection Mission 2002 Social networking technology takes off with Friendster 2002 U.S. Strategic Command assigned military Cyber Offense-Defense Mission responsibility 2002 DoD policy is reissued with new definition for Information Operations 2003 CA State Data Breach Law: Businesses must report breach of PII 2003 LinkedIn: Business application of social networking 2003 DoD Transformation Planning Guidance formalizes Net Centric Warfare 2003 Skype (beta) debuts 2004 DoD IO Roadmap programs more than $1 billion in new funds to normalize IO 2004 EW Roadmap to focus DoD s efforts to provide electronic attack options 2005 Choice Point first breach of personal identifiable information (PII) 2005 NERC announces standards for cybersecurity for reliability of bulkpower systems 2006 Facebook forms 2006 Congressional Testimony NSA outlines closer coordination with DHS 2006 Hengchun Earthquake (Taiwan) affects undersea cables and Internet for 49 days Achiever

9 LEFT TO RIGHT: Marcus H. Sachs, Elizabeth A. Hight, and L. William Varner at the National Press Club in Washington, D.C. ELIZABETH A. HIGHT: And I think that is one of the great things about the UMUC curriculum. There are courses where students are challenged to think critically about those policy issues. And that area is ripe with opportunity, whether you re a student, a private citizen, or a member of the legislative or judicial branch. Those discussions need to happen before we actually wake up one day and discover the catastrophic effect of a cyber attack. L. WILLIAM VARNER: And the interesting thing we re all saying here is that cyber technology is more advanced than cyber policy. MARCUS H. SACHS: And of course cyberspace doesn t belong to anybody. It belongs to everybody. It s really a metaphor; it s not really a thing. It s not like dirt or air. It s this made-up and synthetic thing that humans have built. So when we ask the question, What should the military do? it really depends on whom you re asking. Because a network owner and operator would say, The military has no role here, other than perhaps protecting my physical assets. The actual essence of cyberspace is a business; it s not a military battleground. So this is an ongoing debate here in Washington. Maybe we need to just keep talking about this, not wrapping it up behind classified doors, because it is a very serious policy matter that we have to start discussing openly. ELIZABETH A. HIGHT: I think one of the things to consider is the foundation of our own country. I mean, individualism and privacy and all of those concepts that our country was founded on really fly in the face of cyberspace. Because a lot of people would say there is no privacy in cyberspace, and others would say that there is all kinds of privacy, it just depends on how you use cyberspace. MARCUS H. SACHS: If you start with the Constitution, everybody understands the First Amendment. Freedom of speech, we want that; so, okay, we check that off. Then you get to the Second Amendment and things get very awkward. What does it mean to have the right to bear arms in cyberspace? What is an arm? And we re only on the Second Amendment! We haven t even gotten to Three or Four. [Laughter.] So, again, this is the debate we have got to have. What does this stuff mean? 2007 USAF establishes a Cyber Command 2007 Comprehensive National Cybersecurity Initiative (CNCI) 2007 TJ Maxx breach (exploits Wi-Fi) 2007 Estonia DDoS highlights use of force (wartime applications with conscripted computers) 2007 Joint Staff, National Military Strategy for Cyberspace Operations 2008 RBS World Pay $9 million stolen in 30 min., 49 cities 2008 President announces modernization program (Smart Grid, Next Gen FAA, Health-IT, Broadband to America) 2008 Georgia-Russia conflict demonstrates cyber in warfare 2008 Cable cut(s) in Mediterranean dramatically slow down Internet and Egypt affected badly 2008 Conficker Worm requires unprecedented international cooperation and operational response 2009 Heartland Payments breach demonstrates that compliance does not equal security 2009 Cyberspace Policy Review: Cyber is economic and national security priority 2009 Move to cloud computing 2009 National Research Council Report: Cyber Attack Capabilities G offered via WiMAX standard (Sprint) speed improvement of 10-fold 2009 Operation Aurora coordinated attack on many high-profile companies targeting intellectual property

10 We ve pushed the government right now not to regulate us, but to let us innovate. Let us find our way out of this security problem by being creative. That s what Americans do best. We are the world s best innovators. MARCUS H. SACHS GIL KLEIN: The United States and Israel apparently launched a successful cyber attack known as Stuxnet against Iran s nuclear development program. Is that the type of low-level warfare we can expect to see that avoids actual firepower? Do you see an offensive use for the U.S. military? ELIZABETH A. HIGHT: Well, I wouldn t call trying to disable a country s nuclear arsenal low level. I think that as we evolve in this arena, we will continue to see operations of certain types until we have case law or legislation that defines that. I think one of the most important things to realize is that it s not just U.S. citizens that are thinking about conducting defensive or offensive operations. This is a global domain; there is no state line or national border. And these conversations need to be held globally. MARCUS H. SACHS: It s hard for the United States because we ve always been ahead of this game when it comes to technology from airplanes to spaceships to nuclear weapons. But enter cyberspace, and we just assume we re in charge. We assume we have more capabilities than others. That may not be the case. And that s very awkward for us, because now we have worthy adversaries. But they re not necessarily countries like China or Russia. An adversary could be an individual, a corporation, a loosely affiliated group or a terrorist group. It could be a cause. That s what makes cyberspace so interesting. When we say what offensive is, we try to go back to our classic industrial thinking of tanks and planes and ships and invasions. But offensive in cyberspace may be completely different. And I think Stuxnet is a great example, but it s like a biplane compared to a strike fighter. This is so basic, to do a Stuxnet-type thing. And the history books will record this. Play this tape back even 10 years from now. Look at how we will refer to Stuxnet and say, Wow, in its day that was pretty cool. But that s so simple. We issue that capability to our kids; we show them how to do that to each other. [Laughter.] GIL KLEIN: So is this asymmetrical warfare taken to a new level? L. WILLIAM VARNER: That s an excellent question, because it is asymmetrical warfare, and the barriers to entry are small. They re the cost of a laptop or a PC and an Internet subscription; that s all it takes. It s just an inordinate cost to defend against what an attacker can do almost for free. MARCUS H. SACHS: But do you know the good news in all of this? There really are basic, simple things people can do to protect themselves. Oftentimes we do get wrapped up in the, Oh dear, cyberspace is so dangerous; I think I ll just unplug and go farm for the rest of my life. But it turns out there are a lot of very simple things that anybody can do to reasonably protect themselves, much like in the real world. We ve learned that as humans and as part of society. I think that s the piece that we re hunting for with cyberspace: What are those basic things individuals can do? Because you re always going to have threats, and you re always going to have attackers. GIL KLEIN: What is the responsibility of the private sector in providing a level of security? And what is the responsibility of the federal government in making sure that it is meeting that responsibility? ELIZABETH A. HIGHT: I think cybersecurity has moved out of the computer operations center and into the boardroom. The boards and senior management teams who take the time to become educated in the risks associated with cybersecurity realize that there is a real reason to understand cybersecurity. A wonderful SEC guidance came out recently saying that if you have a significant risk to a public company, it has to be reported, and that includes cyber risks. So I think that s a step forward in educating both the boards and the senior management teams of industry. MARCUS H. SACHS: Cybersecurity is now emerging as one of those areas where you re actually better off if you re outsourcing it and using what s emerging as managed security services. This has become so complex and so technical and so specific that it may be better as a business leader not to try to do it all yourself. L. WILLIAM VARNER: This calls for a public/private partnership, along with a way to share information about attacks that may be Intel Corporation SEC Filing Texas bank sues customer over cyber-theft UK Data Protection Law: $500,000 fine for lost protected data Stuxnet Worm strikes Iran s nuclear facilities Standup of U.S. Cyber Command Smokescreen, online virtual reality game, guides teenagers through dangers of social networking Court rules in favor of Comcast; Net Neutrality debate heats up on Internet regulation NATO Strategic Concept Review highlights cyber NATO declares cyber defense a priority Market shift: Proliferation of handheld wireless devices 88 percent of Egyptian Internet cut off from citizens NASDAQ penetrated Libya cuts off Internet and social networking sites from citizens The Netherlands, France, and Germany publish cybersecurity strategies IPV-4 address allocation exhausted Hackers break into Canada s Treasury system UK states that cyberattacks and cybercrime are among its top five security issues Epsilon breach: High profile customers exposed RSA/EMC Corporation SEC filing (SecureID breach) G8 discusses that laws need to apply to the Internet Achiever

11 I use this phrase: Hug an ethical hacker. Start thinking about how to protect your systems by thinking like a bad guy. One of the new industries that has sprung up is ethnical hacking courses for senior government and industry executives. ELIZABETH A. HIGHT occurring so that both government and industry can benefit. In fact, there are activities like that under way that we re all part of, and they are having some success. ELIZABETH A. HIGHT: I think we have been talking about public/ private partnerships for years. But in my view, most of these discussions are just far too general. They are not taken seriously by most people who are in control. Those individuals may like control, but they don t understand that in fact they don t have the expertise to keep up with this incredibly, remarkably dynamic, complex space. GIL KLEIN: Along that line, former CIA Director James Woolsey said hackers are stealing us blind by breaking into company databases and taking secret development plans. How big a threat is this to U.S. business? And how adequate is the response? MARCUS H. SACHS: That s probably the number one threat to our country right now. It s death by a thousand paper cuts. We are leaking what s the estimate? trillions of dollars annually, intellectual property that s just going out the door. We look at our current economy, which is kind of sputtering, and one of the factors we never talk about is cyberspace. What about the leakage of all this intellectual property that s gone to other countries who can now compete against us because they stole all of our know-how? GIL KLEIN: Is it possible to give an example? L. WILLIAM VARNER: One estimate by people who are generally well regarded in the intelligence community is that at least one terabyte per day of U.S. intellectual property is being exfiltrated to other countries. So to put that in perspective, the written material in the Library of Congress comprises about 10 terabytes. General Keith Alexander, the director of NSA and head of the U.S. Cyber Command, has stated publicly that he believes this is the largest wealth transfer in the history of the world. GIL KLEIN: So how much rigorous scientific experimentation is going on now that will lead to security breakthroughs? ELIZABETH A. HIGHT: I think there s a lot going on, both in government and in industry. As a matter of fact, DARPA [the Defense Advanced Research Projects Agency] has recently released a fraud area announcement for some really exquisite defenses. And DARPA has hired some of the best-known hackers in the United States to turn their tradecraft into a defensive mechanism. So this is a well-recognized problem that academia, government, and private industry are all trying to solve. MARCUS H. SACHS: Often when we say cyberspace, we really mean the Internet. But the Internet is just a piece of cyberspace. Air traffic control and interbank transfers don t go over the Internet, for example, but they re part of the communication infrastructure. The Internet today is largely based on the explosion of personal computers back in the 1980s, followed by the explosion in the 1990s of the Internet itself, as everybody became familiar with it and as faster networks and laptops came along. In the past five to 10 years, a new wave known as wireless has come along. We re beginning to see a different type of device, different applications, different ways of thinking. And in fact, that wireless world is now bleeding into home security systems. It s in your car, thanks to Bluetooth. So there s opportunity here. Where the old Internet is largely built on a string of wired PCs and hard drives, we now have a new cyberspace that s coming out, largely Internet-centric, but with pieces that aren t the Internet. And in fact, right behind that is this new thing called cloud computing. So just like any other technology, we have waves of innovation. And what I think some are seeing is that each wave gives us the opportunity to add security that wasn t there in the previous wave. So cyberspace can in fact get more secure as we go forward. Because we tend to build in new resiliency. We build in new safety features. We kind of build on previous mistakes. continued on page 18 Sony PlayStation network breached; initial clean-up, $170 million 65 percent of Syrian Internet removed from routing tables (40/59 networks) Microsoft acquires Skype for $8.5 billion Austria declares cyber defense a national priority New Zealand publishes cybersecurity strategy IMF penetrated and severs connection to World Bank as a precaution EU increases penalties for cybercrime Citigroup breach; 200,000 accounts accessed Syrian Electronic Army (SEA), a pro-government computer attack group, actively targets political opposition and Western Web sites Anonymous targets NATO Federal Financial Institutions Examination Council (FFIEC) issues supplemental guidance on risk management: Authentication in an Internet Banking Environment DigiNotar certificate breached Singapore announces it will stand up a National Cyber Security Centre headed by the Singapore Infocomm Technology Security Authority CERT EU opens International Code of Conduct for Information Security brought to the 66 th UN General Assembly

12 One estimate by people who are generally well regarded in the intelligence community is that at least one terabyte per day of U.S. intellectual property is being exfiltrated to other countries. L. WILLIAM VARNER What I m trying to say is that all is not bad. We may paint a very horrible picture here, but we want to make sure people understand it is not the end of the world. As new technologies come along, new vulnerabilities are introduced don t get me wrong there but we are making some remarkable changes. But for anybody who is interested in this area, the field is wide open for new ideas, new concepts. My company and your companies, we all have open doors for innovators, for new ideas, for fresh concepts and fresh ways of doing things. And to kind of wrap this up, we ve pushed the government right now not to regulate us, but to let us innovate. Let us find our way out of this security problem by being creative. That s what Americans do best. We are the world s best innovators. ELIZABETH A. HIGHT: And when you re at UMUC, or in any college environment, that is the time to take your innovative ideas and tinker with them and mature them. And then offer them to the greater good. Because cyberspace is open to all of us. So when you innovate, you re helping all of us. GIL KLEIN: So if you could get the ear of President Barack Obama or of Congress, what would you tell them? MARCUS H. SACHS: If the president were sitting right here, I would like to know, first, what he does to protect himself as the leader of the most powerful nation in the world. What does he do personally in cyberspace? It may be a bit of an embarrassing question, because it catches a lot of people off guard: What do I do? Because I can pontificate all day long about what everybody else should do, but what do I do? That might lead to a very interesting discussion. Now, the president might get it right, and might actually have a lot of insight. In which case, Mr. President, please stand up in front of the bully pulpit and start preaching. [Laughter.] But we don t know where the president comes down on this. ELIZABETH A. HIGHT: I think what you re really saying is, Be a role model. That s one of the barriers to getting our young people really excited about these careers. I think it would be wonderful to shine a light on some of our heroes in cyberspace. And I think keeping everything behind the classified green door is a mistake. I guess if I were across the table from the president, now that he has won a second term, I would say, Take a chance. Look at the issues that need to be developed. Look at the lack of case law. Let s think about what that means to our economic future and our personal privacy. Let s look at those issues, now that you re in a position to take that risk. And I would say, Go for it! L. WILLIAM VARNER: Right, so we would stress just exactly how important it is to develop that cybersecurity policy to the level of the policy and the doctrine we used to have, for example, in the days of the Cold War. We don t have that for cyberspace. GIL KLEIN: You mentioned cybersecurity heroes. Can you give me a case study or a story? Can you tell me a story about cybersecurity, or is it all still classified? ELIZABETH A. HIGHT: Well, I know a lot of heroes who man network and security operations centers around the world for the United States military and for the Department of Homeland Security, and for some of our industry partners. I know local and state government heroes that are doing that job every day. They re sort of like firefighters and policemen. Until something terrible happens, you just don t know about them. GIL KLEIN: I was hoping you could give me a real name here. MARCUS H. SACHS: There was a book called The Cuckoo s Egg, by Cliff Stoll. Cliff was an astronomer in a university and recognized that there was a problem in one of his computing systems, where the accounting was off by a few pennies. Now, computers are precise. They should be exactly correct. And when he found that they were off by a few pennies, he began to ask questions. Come to find out, there were intruders in there. And the intruders were changing the logs. continued on page 20 ISO formally ratifies ISE/IEC 27035:, an information security best practices process for incident reporting Blackberry outage affects millions of customers NCIX Report: Foreign Spies Stealing U.S. Economic Secrets in Cyberspace SEC guidance to public companies: Cybersecurity Is a Material Risk Kenya launches information security master plan to safeguard public information on the Internet United Kingdom publishes new Cyber Security Strategy EU TLD registry makes it easier for registrars to use Internet security protocol Domain Name System Security Extensions (DNSSEC) Cyclone Dagmar affects power supplies to electronic communication networks in Nordic countries; millions of users left without telephony or Internet for up to two weeks South Korea leads the world in ICT development and peerto-peer botnets WEF ranks cybercrimes as #1 technological risk INTERPOL announces stand up of Global Complex for Innovation in Singapore focused on digital security and cybercrime An Israeli IDF Team launches an attack against a Hamas Web site (qassam.ps), knocking it offlline to protest the site s anti-israeli stance

13 But enter cyberspace, and we just assume we re in charge. We assume we have more capabilities than others. That may not be the case. And that s very awkward for us, because now we have worthy adversaries. But they re not necessarily countries like China or Russia. An adversary could be an individual, a corporation, a loosely affiliated group or a terrorist group. It could be a cause. MARCUS H. SACHS So an entire book has been written about this. It would make a fascinating movie. GIL KLEIN: Bill, have you got any heroes out there? L. WILLIAM VARNER: I think of some of the former directors of some of our major agencies General Kenneth Minahan, for example, the former director of NSA [National Security Agency] and DIA [Defense Intelligence Agency]. He was involved in the very early beginnings of the Internet and working with Microsoft when some of the early vulnerabilities were discovered. Bill Crowell is another cyber hero, I think. He s now a venture capitalist, but he was a former deputy director of the NSA. I think there are numerous people who have taken advantage of the positions that they had to make enormous strides in getting us to where we are today. GIL KLEIN: Just to wrap up here, what I m reading about is the next phase of the Internet; it s so unbelievable, when you get into the cloud and you get into artificial intelligence. Do you see greater threats here? At some point you were saying, No, this could actually be better for us. We ve come through 20 or so years of the Internet and the world s still here. What are we doing right? L. WILLIAM VARNER: In my opinion, Gil, we re in a wonderful position. We have more technology than anybody ever dreamed we would have. We re using it. My car sends me s just to let me know how it s doing. And I do think we have the opportunity to make it even more secure, especially when we move into cloud environments. Because when the Internet was developed, security was just not a consideration; it was about communication and convenience. We have tacitly made the assumption over all of these years that we value the convenience and the efficiency that we get from today s Internet and all of cyberspace, and we re willing to work really hard to develop the security that we need to be able to continue to use it. But I think it s a system that the entire world depends on. It would be very difficult to imagine living without it. So I think we ve made tremendous strides, and we just have to continue to work very, very hard to deal with all the security issues that come up. ELIZABETH A. HIGHT: This is a journey. A secure cyberspace is not necessarily a destination. With technology comes vulnerabilities. Our ability to recognize them is incredibly important. I use this phrase: Hug an ethical hacker. Start thinking about how to protect your systems by thinking like a bad guy. One of the new industries that has sprung up is ethnical hacking courses for senior government and industry executives. This is a continuum that we will be on forever, long after we re no longer here. GIL KLEIN: Marc, do you have any final thoughts? MARCUS H. SACHS: Cyberspace being a metaphor, it is also an extension of the human mind and human society, what we think and what we do. There s opportunity for the bad guys to take advantage of it, and there s opportunity for the good guys to do it right. And there are opportunities for governments, for the private sector, for academics. Right now, we re at the beginning of something really, really cool. And we re the only generation that gets the first bite of the apple. Subsequent generations have to put up with our thinking. When historians look back on our legacy, I hope they will say, These guys got it right. Facing this complex challenge, they got it right. Shame on us if hundreds of years from now they re still fixing the problems that we come up with here. I think that s our challenge. That s a challenge we can meet. But can we lead? Can we cause these changes so that future generations can build on what we ve done? GIL KLEIN: That is a terrific way to end this. Marc, Bill, and Betsy, thank you so much for being here. We certainly appreciate all the time you ve given us. Thank you. G Google announces new privacy policy ISO/IEC publishes international guidelines on cybersecurity Shamoon used against Saudi Aramco and damages some 30,000 computers (attack aimed at stopping oil and gas production at the biggest OPEC exporter) Presidential Policy Directive 20 establishes national guidance for operations in cyberspace Distributed Denial-of- Service against U.S. financial institutions peaks at 60 gigabytes/ second. Hurricane Sandy affects power supplies and communication networks in northeastern U.S. for up to four weeks U.S. Congress releases a report on national security issues posed by Chinese telecom companies Syria shuts off Internet access across the country World Conference on International Telecommunications (WCIT) updates and revises the International Telecommunication Regulations (ITR)

UNIVERSITY OF MARYLAND UNIVERSITY COLLEGE SPRING 2013 UNLOCKING THE SECRETS OF CYBERSECURITY. www.umuc.edu 1 Achiever

UNIVERSITY OF MARYLAND UNIVERSITY COLLEGE SPRING 2013 UNLOCKING THE SECRETS OF CYBERSECURITY. www.umuc.edu 1 Achiever UNIVERSITY OF MARYLAND UNIVERSITY COLLEGE SPRING 2013 UNLOCKING THE SECRETS OF CYBERSECURITY www.umuc.edu 1 Achiever CONTENTS MESSAGE FROM THE GOVERNOR OF MARYLAND Cover Story 6 UNLOCKING THE SECRETS OF

More information

The Senior Executive s Role in Cybersecurity. By: Andrew Serwin and Ron Plesco.

The Senior Executive s Role in Cybersecurity. By: Andrew Serwin and Ron Plesco. The Senior Executive s Role in Cybersecurity. By: Andrew Serwin and Ron Plesco. 1 Calling All CEOs Are You Ready to Defend the Battlefield of the 21st Century? It is not the norm for corporations to be

More information

Statement for the Record. Richard Bejtlich. Chief Security Strategist. FireEye, Inc. Before the. U.S. House of Representatives

Statement for the Record. Richard Bejtlich. Chief Security Strategist. FireEye, Inc. Before the. U.S. House of Representatives Statement for the Record Richard Bejtlich Chief Security Strategist FireEye, Inc. Before the U.S. House of Representatives Committee on Energy and Commerce Subcommittee on Oversight and Investigations

More information

Preface to the Fourth Edition

Preface to the Fourth Edition The frequency of new editions of this book is indicative of the rapid and tremendous changes in the fields of computer and information sciences. First published in 1995, the book has rapidly gone through

More information

How Your Current IT Security System Might Be Leaving You Exposed TAKEAWAYS CHALLENGES WHITE PAPER

How Your Current IT Security System Might Be Leaving You Exposed TAKEAWAYS CHALLENGES WHITE PAPER WHITE PAPER CHALLENGES Protecting company systems and data from costly hacker intrusions Finding tools and training to affordably and effectively enhance IT security Building More Secure Companies (and

More information

Cybersecurity Global status update. Dr. Hamadoun I. Touré Secretary-General, ITU

Cybersecurity Global status update. Dr. Hamadoun I. Touré Secretary-General, ITU Cybersecurity Global status update Dr. Hamadoun I. Touré Secretary-General, ITU Cybercrime takes a toll on the global economy - Online fraud, identity theft, and lost intellectual property; - On governments,

More information

Government Worker Privacy Survey. Improper Exposure of Official Use, Sensitive, and Classified Materials

Government Worker Privacy Survey. Improper Exposure of Official Use, Sensitive, and Classified Materials Government Worker Privacy Survey Improper Exposure of Official Use, Sensitive, and Classified Materials 1 Introduction Data privacy is a growing concern for the US government as employees conduct business

More information

Network security policy issues. Ilias Chantzos, Director EMEA & APJ NIS Summer School 2008, Crete, Greece

Network security policy issues. Ilias Chantzos, Director EMEA & APJ NIS Summer School 2008, Crete, Greece Network security policy issues Ilias Chantzos, Director EMEA & APJ NIS Summer School 2008, Crete, Greece 1 Sample Agenda Slide 1 The current threat landscape 2 IT security and policy leadership 3 The EU

More information

I ve been breached! Now what?

I ve been breached! Now what? I ve been breached! Now what? THE AFTERMATH OF A BREACH & STEPS TO REDUCE RISK The number of data breaches in the United States in 2014 hit a record high. And 2015 is not looking any better. There have

More information

EXTREME CYBER SCENARIO PLANNING & ATTACK TREE ANALYSIS

EXTREME CYBER SCENARIO PLANNING & ATTACK TREE ANALYSIS EXTREME CYBER SCENARIO PLANNING & ATTACK TREE ANALYSIS Ian Green Manager, Cybercrime & Intelligence Commonwealth Bank of Australia Session ID: GRC T17 Session Classification: ADVANCED WHY? What keeps you

More information

the Council of Councils initiative

the Council of Councils initiative Author: Andrea Renda, Senior Research Fellow, Centre for European Policy Studies May 3, 2013 Editor's note: This brief is a feature of the Council of Councils initiative, gathering opinions from global

More information

Cloud and Security (Cloud hacked via Cloud) Lukas Grunwald

Cloud and Security (Cloud hacked via Cloud) Lukas Grunwald Cloud and Security (Cloud hacked via Cloud) Lukas Grunwald About DN-Systems Global Consulting and Technology Services Planning Evaluation Auditing Operates own Security Lab Project Management Integral

More information

Patrick Gray Principal Security Strategist DATA SECURITY CHALLENGES IN THE ALL TOO PUBLIC AND NOT SO PRIVATE SECTORS

Patrick Gray Principal Security Strategist DATA SECURITY CHALLENGES IN THE ALL TOO PUBLIC AND NOT SO PRIVATE SECTORS Patrick Gray Principal Security Strategist DATA SECURITY CHALLENGES IN THE ALL TOO PUBLIC AND NOT SO PRIVATE SECTORS I want you to take home four points Understand Educate Collaborate Prepare It s a great

More information

NETWORK SECURITY, REIMAGINED FPO

NETWORK SECURITY, REIMAGINED FPO FPO NETWORK SECURITY, REIMAGINED by Derek Korte AS TENS OF BILLIONS OF NEW DEVICES GET CONNECTED, BUSINESS AND SOCIETY MUST RETHINK SECURITY, PRIVACY, AND OPPORTUNITY Illustration JUSTIN GABBARD Smart

More information

defending against advanced persistent threats: strategies for a new era of attacks agility made possible

defending against advanced persistent threats: strategies for a new era of attacks agility made possible defending against advanced persistent threats: strategies for a new era of attacks agility made possible security threats as we know them are changing The traditional dangers IT security teams have been

More information

STATEMENT BY DAVID DEVRIES PRINCIPAL DEPUTY DEPARTMENT OF DEFENSE CHIEF INFORMATION OFFICER BEFORE THE

STATEMENT BY DAVID DEVRIES PRINCIPAL DEPUTY DEPARTMENT OF DEFENSE CHIEF INFORMATION OFFICER BEFORE THE STATEMENT BY DAVID DEVRIES PRINCIPAL DEPUTY DEPARTMENT OF DEFENSE CHIEF INFORMATION OFFICER BEFORE THE HOUSE OVERSIGHT AND GOVERNMENT REFORM COMMITTEE S INFORMATION TECHNOLOGY SUBCOMMITTEE AND THE VETERANS

More information

Network Security Landscape

Network Security Landscape Cole p01.tex V3-07/28/2009 3:46pm Page 1 Network Security Landscape COPYRIGHTED MATERIAL IN THIS PART Chapter 1 State of Network Security Chapter 2 New Approaches to Cyber Security Chapter 3 Interfacing

More information

WRITTEN TESTIMONY OF

WRITTEN TESTIMONY OF WRITTEN TESTIMONY OF KEVIN MANDIA CHIEF EXECUTIVE OFFICER MANDIANT CORPORATION BEFORE THE SUBCOMMITTEE ON CRIME AND TERRORISM JUDICIARY COMMITTEE UNITED STATES SENATE May 8, 2013 Introduction Thank you

More information

Trends in Malware DRAFT OUTLINE. Wednesday, October 10, 12

Trends in Malware DRAFT OUTLINE. Wednesday, October 10, 12 Trends in Malware DRAFT OUTLINE Presentation Synopsis Security is often a game of cat and mouse as security professionals and attackers each vie to stay one step ahead of the other. In this race for dominance,

More information

National Cyber Security Month 2015: Daily Security Awareness Tips

National Cyber Security Month 2015: Daily Security Awareness Tips National Cyber Security Month 2015: Daily Security Awareness Tips October 1 New Threats Are Constantly Being Developed. Protect Your Home Computer and Personal Devices by Automatically Installing OS Updates.

More information

The main object of my research is :

The main object of my research is : The main object of my research is : «War» I try to analyse the mutual impacts between «new wars» and the evolution of the international system More especially my research is about what we call»cyber-war«or»cyber-conflicts«is

More information

Cyber Security and Science

Cyber Security and Science Cyber Security and Science Peter Weinberger pjw@googlecom Feb 9, 2011 These opinions are only mine, no one else s and even then, only today They may change at any time Protecting intellectual property

More information

Testimony of PETER J. BESHAR. Executive Vice President and General Counsel. Marsh & McLennan Companies

Testimony of PETER J. BESHAR. Executive Vice President and General Counsel. Marsh & McLennan Companies Marsh & McLennan Companies, Inc. 1166 Avenue of the Americas New York, NY 10036 +1 212 345 5000 Fax +1 212 345 4808 Testimony of PETER J. BESHAR Executive Vice President and General Counsel Marsh & McLennan

More information

The Year 2013 Has Become 1984

The Year 2013 Has Become 1984 The Year 2013 Has Become 1984 Saturday, September 21, 2013 23:33 idiscovery Solutions Tom Matzen The Editor interviews Tom Matzen, Director at idiscovery Solutions, in charge of the firm s International

More information

POTOMAC INSTITUTE FOR POLICY STUDIES. Revolution in Intelligence Affairs: Transforming Intelligence for Emerging Challenges

POTOMAC INSTITUTE FOR POLICY STUDIES. Revolution in Intelligence Affairs: Transforming Intelligence for Emerging Challenges Revolution in Intelligence Affairs: Transforming Intelligence for Emerging Challenges Synopsis Seminar #3 : Domestic Information Challenges and Tactical vs. National Requirements Who Should Do Domestic

More information

Information Security. CS526 Topic 1

Information Security. CS526 Topic 1 Information Security CS 526 Topic 1 Overview of the Course 1 Today s Security News Today: 220 million records stolen, 16 arrested in massive South Korean data breach A number of online gaming & movie ticket

More information

Cybersecurity and United States Policy Issues

Cybersecurity and United States Policy Issues Global Security Studies, Summer 2014, Volume 5, Issue 3 Cybersecurity and United States Policy Issues Cristina Berriz Peace, War and Defense Program University of North Carolina at Chapel Hill Chapel Hill,

More information

A Cyber Security Integrator s perspective and approach

A Cyber Security Integrator s perspective and approach A Cyber Security Integrator s perspective and approach Presentation to Saudi Arabian Monetary Agency March 2014 What is a Cyber Integrator? Security system requirements - Finance Building a specific response

More information

Read this guide and you ll discover:

Read this guide and you ll discover: BUSINESS ADVISOR REPORT Provided as an educational service by: Rick Reynolds, General Manager Read this guide and you ll discover: What remote, offsite, or managed backups are, and why EVERY business should

More information

Cyber Threats Insights from history and current operations. Prepared by Cognitio May 5, 2015

Cyber Threats Insights from history and current operations. Prepared by Cognitio May 5, 2015 Cyber Threats Insights from history and current operations Prepared by Cognitio May 5, 2015 About Cognitio Cognitio is a strategic consulting and engineering firm led by a team of former senior technology

More information

Presidential Summit Reveals Cybersecurity Concerns, Trends

Presidential Summit Reveals Cybersecurity Concerns, Trends Portfolio Media. Inc. 860 Broadway, 6th Floor New York, NY 10003 www.law360.com Phone: +1 646 783 7100 Fax: +1 646 783 7161 customerservice@law360.com Presidential Summit Reveals Cybersecurity Concerns,

More information

Cyber Watch. Written by Peter Buxbaum

Cyber Watch. Written by Peter Buxbaum Cyber Watch Written by Peter Buxbaum Security is a challenge for every agency, said Stanley Tyliszczak, vice president for technology integration at General Dynamics Information Technology. There needs

More information

Cyber Security Related Excerpts from the Global Risk Forum Berlin September 25-26, 2013 Draft 10/24/13

Cyber Security Related Excerpts from the Global Risk Forum Berlin September 25-26, 2013 Draft 10/24/13 Cyber Security Related Excerpts from the Global Risk Forum Berlin September 25-26, 2013 Draft 10/24/13 Forwarding an International Public-Private Framework for Cyber Security & Resilience: With Increasing

More information

TNC is an open architecture for network access control. If you re not sure what NAC is, we ll cover that in a second. For now, the main point here is

TNC is an open architecture for network access control. If you re not sure what NAC is, we ll cover that in a second. For now, the main point here is 1 2 This slide shows the areas where TCG is developing standards. Each image corresponds to a TCG work group. In order to understand Trusted Network Connect, it s best to look at it in context with the

More information

Surviving the Ever Changing Threat Landscape

Surviving the Ever Changing Threat Landscape Surviving the Ever Changing Threat Landscape Kevin Jordan Cyber Security Specialist Dell GLBA FFIEC NCUA PCI HIPAA NERC CIP FISMA 700+ Percentage of U.S. adults who Federal named online and banking state

More information

Christos Douligeris cdoulig at unipi dot gr. Department of Informatics University of Piraeus

Christos Douligeris cdoulig at unipi dot gr. Department of Informatics University of Piraeus cdoulig at unipi dot gr Department of Informatics University of Piraeus Safety & Security in Cyber Space: Building up Trust in the EU Athens, 6-7 March 2014 Cybersecurity: where do we stand? Major Trends

More information

TYPES, PREVALENCE, AND PREVENTION OF CYBERCRIME. Haya Fetais & Mohammed Shabana. Saint Leo University COM- 510

TYPES, PREVALENCE, AND PREVENTION OF CYBERCRIME. Haya Fetais & Mohammed Shabana. Saint Leo University COM- 510 TYPES, PREVALENCE, AND PREVENTION OF CYBERCRIME Haya Fetais & Mohammed Shabana Saint Leo University COM- 510 November 23, 2014 Introduction Globalization and technological developments have infiltrated

More information

"This is a truly remarkable attack, but not. just in its scope hackers successfully. penetrated one of the most secure

This is a truly remarkable attack, but not. just in its scope hackers successfully. penetrated one of the most secure ICPAK ANNUAL FORENSIC AUDIT CONFERENCE Digital Forensics in Fraud & Corruption Investigations 9 October 2014 Leisure Lodge Hotel, Diani Kenya Faith Basiye, CFE Head Group Forensic Services KCB Banking

More information

Capabilities for Cybersecurity Resilience

Capabilities for Cybersecurity Resilience Capabilities for Cybersecurity Resilience In the Homeland Security Enterprise May 2012 DHS Cybersecurity Strategy A cyberspace that: Is Secure and Resilient Enables Innovation Protects Public Advances

More information

Contents. Introduction. What is the Cloud? How does it work? Types of Cloud Service. Cloud Service Providers. Summary

Contents. Introduction. What is the Cloud? How does it work? Types of Cloud Service. Cloud Service Providers. Summary Contents Introduction What is the Cloud? How does it work? Types of Cloud Service Cloud Service Providers Summary Introduction The CLOUD! It seems to be everywhere these days; you can t get away from it!

More information

What Works in Supply Chain and Partner Security: Using BitSight to Assess and Monitor Third-Party Cybersecurity

What Works in Supply Chain and Partner Security: Using BitSight to Assess and Monitor Third-Party Cybersecurity What Works in Supply Chain and Partner Security: Using BitSight to Assess and Monitor Third-Party Cybersecurity SPONSORED BY WhatWorks is a user-to-user program in which security managers who have implemented

More information

White Paper on Financial Industry Regulatory Climate

White Paper on Financial Industry Regulatory Climate White Paper on Financial Industry Regulatory Climate According to a 2014 report on threats to the financial services sector, 45% of financial services organizations polled had suffered economic crime during

More information

Attribution: The Holy Grail or Waste of Time? Billy Leonard Google Should this be the end, our Holy Grail? How s that picture going to help you now? But, the pictures make me safer! We can do better. Our

More information

What is Really Needed to Secure the Internet of Things?

What is Really Needed to Secure the Internet of Things? What is Really Needed to Secure the Internet of Things? By Alan Grau, Icon Labs alan.grau@iconlabs.com The Internet of Things (IoT) has become a ubiquitous term to describe the tens of billions of devices

More information

NSA Surveillance, National Security and Privacy

NSA Surveillance, National Security and Privacy NSA Surveillance, National Security and Privacy Ir Roy Ko Former HKCERT Manager 20 August 2014 HKIE Veneree Club 1 Agenda Background Edward Snowden National Security Agency (NSA) What NSA has done PRISM

More information

April 10, 2009. Ms. Melissa Hathaway Acting Senior Director for Cyberspace National Security and Homeland Security Councils. Dear Ms.

April 10, 2009. Ms. Melissa Hathaway Acting Senior Director for Cyberspace National Security and Homeland Security Councils. Dear Ms. William B. Nelson President & CEO FS-ISAC 20496 Partridge Place Leesburg, VA 20175 703-777-2803 (Direct) 509-278-2412 (Fax) bnelson@fsisac.us www.fsisac.com April 10, 2009 Ms. Melissa Hathaway Acting Senior

More information

What legal aspects are needed to address specific ICT related issues?

What legal aspects are needed to address specific ICT related issues? What legal aspects are needed to address specific ICT related issues? Belhassen ZOUARI CEO, National Agency for Computer Security, Tunisia Head of the Tunisian Cert (tuncert), E-mail : b.zouari@ansi.tn

More information

Cedric Leighton, Colonel, USAF (Ret) Founder & President, Cedric Leighton Associates

Cedric Leighton, Colonel, USAF (Ret) Founder & President, Cedric Leighton Associates Cedric Leighton, Colonel, USAF (Ret) Founder & President, Cedric Leighton Associates What is Cyber Security? The First Cyber Attack The Threat Landscape The Energy Industry as a Target The Legal & Regulatory

More information

Cybersecurity: Protecting Your Business. March 11, 2015

Cybersecurity: Protecting Your Business. March 11, 2015 Cybersecurity: Protecting Your Business March 11, 2015 Grant Thornton. All LLP. rights All reserved. rights reserved. Agenda Introductions Presenters Cybersecurity Cybersecurity Trends Cybersecurity Attacks

More information

Cyber/IT Risk: Threat Intelligence Countering Advanced Adversaries Jeff Lunglhofer, Principal, Booz Allen. 14th Annual Risk Management Convention

Cyber/IT Risk: Threat Intelligence Countering Advanced Adversaries Jeff Lunglhofer, Principal, Booz Allen. 14th Annual Risk Management Convention Cyber/IT Risk: Threat Intelligence Countering Advanced Adversaries Jeff Lunglhofer, Principal, Booz Allen 14th Annual Risk Management Convention New York, New York March 13, 2013 Today s Presentation 1)

More information

Cyber Security. CYBER SECURITY presents a major challenge for businesses of all shapes and sizes. Leaders ignore it at their peril.

Cyber Security. CYBER SECURITY presents a major challenge for businesses of all shapes and sizes. Leaders ignore it at their peril. Cyber Security Personal and commercial information is the new commodity of choice for the virtual thief, argues Adrian Leppard, Commissioner for City of London Police, as he sets out the challenges facing

More information

Data Analytics & Information Security

Data Analytics & Information Security Data Analytics & Information Security About The Speaker Practice Director at ERM M.S. Information Networking and Security CERT Coordination Center - Carnegie Mellon University Carnegie Mellon CyLab Agenda

More information

Internet security: Shutting the doors to keep hackers off your network

Internet security: Shutting the doors to keep hackers off your network Internet security: Shutting the doors to keep hackers off your network A Paralogic Networks Guide www.scholarisintl.com Introduction Like all revolutionary steps in technological development the Internet

More information

REMARKS BY US PRESIDENT BARACK OBAMA ON SECURING THE NATION'S CYBER INFRASTRUCTURE

REMARKS BY US PRESIDENT BARACK OBAMA ON SECURING THE NATION'S CYBER INFRASTRUCTURE REMARKS BY US PRESIDENT BARACK OBAMA ON SECURING THE NATION'S CYBER INFRASTRUCTURE 29 May 2009 THE PRESIDENT: Everybody, please be seated. We meet today at a transformational moment -- a moment in history

More information

Confrontation or Collaboration?

Confrontation or Collaboration? Confrontation or Collaboration? Congress and the Intelligence Community Cyber Security and the Intelligence Community Eric Rosenbach and Aki J. Peritz Cyber Security and the Intelligence Community The

More information

CERT's role in national Cyber Security: policy suggestions

CERT's role in national Cyber Security: policy suggestions CERT's role in national Cyber Security: policy suggestions Subject: Legal Aspect of Cyber Security. Author: Vladimir Chitashvili Lecture: Anna-Maria Osula What is national Cyber Security is? In another

More information

Cybersecurity Strategic Talent Management. March, 2012

Cybersecurity Strategic Talent Management. March, 2012 Cybersecurity Strategic Talent Management March, 2012 Cyber Operations - Starts with People Exploit Intel Attack Cyber Operations Defend Enablers 2 Talent Management Challenge Mission: Attract, Develop,

More information

Keren Elazari Hackers: The Internet s Immune System

Keren Elazari Hackers: The Internet s Immune System Keren Elazari Hackers: The Internet s Immune System For the past three decades, hackers have done a lot of things, but they have also impacted civil liberties, innovation and Internet freedom, so I think

More information

JOINT EXPLANATORY STATEMENT TO ACCOMPANY THE CYBERSECURITY ACT OF 2015

JOINT EXPLANATORY STATEMENT TO ACCOMPANY THE CYBERSECURITY ACT OF 2015 JOINT EXPLANATORY STATEMENT TO ACCOMPANY THE CYBERSECURITY ACT OF 2015 The following consists of the joint explanatory statement to accompany the Cybersecurity Act of 2015. This joint explanatory statement

More information

AUTOMATED PENETRATION TESTING PRODUCTS

AUTOMATED PENETRATION TESTING PRODUCTS AUTOMATED PENETRATION TESTING PRODUCTS Justification and Return on Investment (ROI) EXECUTIVE SUMMARY This paper will help you justify the need for an automated penetration testing product and demonstrate

More information

5 DEADLY MISTAKES THAT BUSINESS OWNERS MAKE WITH THEIR COMPUTER NETWORKS AND HOW TO PROTECT YOUR BUSINESS

5 DEADLY MISTAKES THAT BUSINESS OWNERS MAKE WITH THEIR COMPUTER NETWORKS AND HOW TO PROTECT YOUR BUSINESS 5 DEADLY MISTAKES THAT BUSINESS OWNERS MAKE WITH THEIR COMPUTER NETWORKS AND HOW TO PROTECT YOUR BUSINESS 1 Introduction As small and mid-sized companies rely more heavily on their computer networks to

More information

STATEMENT OF MR. THOMAS ATKIN ACTING ASSISTANT SECRETARY OF DEFENSE FOR HOMELAND DEFENSE AND GLOBAL SECURITY OFFICE OF THE SECRETARY OF DEFENSE;

STATEMENT OF MR. THOMAS ATKIN ACTING ASSISTANT SECRETARY OF DEFENSE FOR HOMELAND DEFENSE AND GLOBAL SECURITY OFFICE OF THE SECRETARY OF DEFENSE; STATEMENT OF MR. THOMAS ATKIN ACTING ASSISTANT SECRETARY OF DEFENSE FOR HOMELAND DEFENSE AND GLOBAL SECURITY OFFICE OF THE SECRETARY OF DEFENSE; LIEUTENANT GENERAL JAMES K. MCLAUGHLIN DEPUTY COMMANDER,

More information

CYBERSECURITY IN HEALTHCARE: A TIME TO ACT

CYBERSECURITY IN HEALTHCARE: A TIME TO ACT share: TM CYBERSECURITY IN HEALTHCARE: A TIME TO ACT Why healthcare is especially vulnerable to cyberattacks, and how it can protect data and mitigate risk At a time of well-publicized incidents of cybersecurity

More information

Presenter: October 14, 2009 Mr. Takanobu Ito Managing Director, Asia Pacific & Middle East Operations

Presenter: October 14, 2009 Mr. Takanobu Ito Managing Director, Asia Pacific & Middle East Operations TeleContinuity The Survivable Cyber Solution Presentation For Presenter: October 14, 2009 Mr. Takanobu Ito Managing Director, Asia Pacific & Middle East Operations 2007 TeleContinuity, Inc.. All Rights

More information

White Paper: Cyber Hawk or Digital Dove

White Paper: Cyber Hawk or Digital Dove White Paper: Cyber Hawk or Digital Dove Published By: SkillBridge, LLC September 18, 2013 Today s Modern Warfare With the recent debate over whether or not the United States should take military action

More information

"This is a truly remarkable attack, but not. just in its scope hackers successfully. penetrated one of the most secure

This is a truly remarkable attack, but not. just in its scope hackers successfully. penetrated one of the most secure ICPAK ANNUAL FORENSIC AUDIT CONFERENCE Digital Forensics in Fraud & Corruption Investigations 9 October 2014 Leisure Lodge Hotel, Diani Kenya Faith Basiye, CFE Head Group Forensic Services KCB Banking

More information

Incident Response. Six Best Practices for Managing Cyber Breaches. www.encase.com

Incident Response. Six Best Practices for Managing Cyber Breaches. www.encase.com Incident Response Six Best Practices for Managing Cyber Breaches www.encase.com What We ll Cover Your Challenges in Incident Response Six Best Practices for Managing a Cyber Breach In Depth: Best Practices

More information

MISSION-ESSENTIAL INTELLIGENCE AND CYBER SOLUTIONS

MISSION-ESSENTIAL INTELLIGENCE AND CYBER SOLUTIONS Presentation to the Cyber Security & Critical Infrastructure Protection Symposium March 20, 2013 PREPARED REMARKS BARBARA ALEXANDER, DIRECTOR OF CYBER INTELLIGENCE TASC INFRASTRUCTURE PROTECTION AND SECURITY

More information

Threats and Attacks. Modifications by Prof. Dong Xuan and Adam C. Champion. Principles of Information Security, 5th Edition 1

Threats and Attacks. Modifications by Prof. Dong Xuan and Adam C. Champion. Principles of Information Security, 5th Edition 1 Threats and Attacks Modifications by Prof. Dong Xuan and Adam C. Champion Principles of Information Security, 5th Edition 1 Learning Objectives Upon completion of this material, you should be able to:

More information

Nine recommendations for alternative funds battling cyber crime. kpmg.ca/cybersecurity

Nine recommendations for alternative funds battling cyber crime. kpmg.ca/cybersecurity Nine recommendations for alternative funds battling cyber crime kpmg.ca/cybersecurity Cyber criminals steal user names and passwords and use it to conduct financial trading activity illicitly. Hackers

More information

CYBERSPACE SECURITY CONTINUUM

CYBERSPACE SECURITY CONTINUUM CYBERSPACE SECURITY CONTINUUM A People, Processes, and Technology Approach to Meeting Cyber Security Challenges in the 21 st Century 1 InterAgency Board 1550 Crystal Drive Suite 601, Arlington VA 22202

More information

Scott Lucas: I m Scott Lucas. I m the Director of Product Marketing for the Branch Solutions Business Unit.

Scott Lucas: I m Scott Lucas. I m the Director of Product Marketing for the Branch Solutions Business Unit. Juniper Networks Next Generation Security for a Cybercrime World Lior Cohen Principal Solutions Architect Scott Lucas Director of Product Marketing, Branch Solutions Service Layer Technologies Business

More information

Topic 1 Lesson 1: Importance of network security

Topic 1 Lesson 1: Importance of network security Topic 1 Lesson 1: Importance of network security 1 Initial list of questions Why is network security so important? Why are today s networks so vulnerable? How does Melissa virus work? How does I love you

More information

Anthony J. Keane, MSc, PhD and Jason Flood, MSc Information Security & Digital Forensics Research Group Institute of Technology Blanchardstown

Anthony J. Keane, MSc, PhD and Jason Flood, MSc Information Security & Digital Forensics Research Group Institute of Technology Blanchardstown Anthony J. Keane, MSc, PhD and Jason Flood, MSc Information Security & Digital Forensics Research Group Institute of Technology Blanchardstown 1 Protected networks are continuously being successfully attacked

More information

Microsoft s cybersecurity commitment

Microsoft s cybersecurity commitment Microsoft s cybersecurity commitment Published January 2015 At Microsoft, we take the security and privacy of our customers data seriously. This focus has been core to our culture for more than a decade

More information

WHAT YOU NEED TO KNOW ABOUT CYBER SECURITY

WHAT YOU NEED TO KNOW ABOUT CYBER SECURITY SMALL BUSINESSES WHAT YOU NEED TO KNOW ABOUT CYBER SECURITY ONE CLICK CAN CHANGE EVERYTHING SMALL BUSINESSES My reputation was ruined by malicious emails ONE CLICK CAN CHANGE EVERYTHING Cybercrime comes

More information

EXIN Information Security Foundation based on ISO/IEC 27002. Sample Exam

EXIN Information Security Foundation based on ISO/IEC 27002. Sample Exam EXIN Information Security Foundation based on ISO/IEC 27002 Sample Exam Edition June 2016 Copyright 2016 EXIN All rights reserved. No part of this publication may be published, reproduced, copied or stored

More information

The Comprehensive National Cybersecurity Initiative

The Comprehensive National Cybersecurity Initiative The Comprehensive National Cybersecurity Initiative President Obama has identified cybersecurity as one of the most serious economic and national security challenges we face as a nation, but one that we

More information

ITAR Compliance Best Practices Guide

ITAR Compliance Best Practices Guide ITAR Compliance Best Practices Guide 1 Table of Contents Executive Summary & Overview 3 Data Security Best Practices 4 About Aurora 10 2 Executive Summary & Overview: International Traffic in Arms Regulations

More information

National Cybersecurity Awareness Campaign

National Cybersecurity Awareness Campaign National Cybersecurity Awareness Campaign About Stop.Think.Connect. In 2009, President Obama issued the Cyberspace Policy Review, which tasked the Department of Homeland Security with creating an ongoing

More information

SentinelOne Labs. Advanced Threat Intelligence Report. 2015 Predictions

SentinelOne Labs. Advanced Threat Intelligence Report. 2015 Predictions SentinelOne Labs Advanced Threat Intelligence Report 2015 Predictions 2014 Rearview More, Better Malware The past 12 months were characterized by the extension of threats that emerged in 2013: more sophisticated,

More information

Diana L. Taylor New York State Banking Superintendent Financial Services O&I Subcommittee 10/20/03

Diana L. Taylor New York State Banking Superintendent Financial Services O&I Subcommittee 10/20/03 Diana L. Taylor New York State Banking Superintendent Financial Services O&I Subcommittee 10/20/03 Thank you Members of the Committee. I welcome the opportunity to submit this testimony on how the New

More information

Understanding Cyber Defense A Systems Architecture Approach

Understanding Cyber Defense A Systems Architecture Approach NDIA 12th Annual Systems Engineering Conference, San Diego, CA, 26-29 Oct 2009 Understanding Cyber Defense A Systems Architecture Approach Tom McDermott Director of Research Georgia Tech Research Institute

More information

CYBERSECURITY: Is Your Business Ready?

CYBERSECURITY: Is Your Business Ready? CYBERSECURITY: Is Your Business Ready? Cybersecurity: Is your business ready? Cyber risk is just like any other corporate risk and it must be managed from the top. An organization will spend time monitoring

More information

Nine Steps to Smart Security for Small Businesses

Nine Steps to Smart Security for Small Businesses Nine Steps to Smart Security for Small Businesses by David Lacey Co-Founder, Jericho Forum Courtesy of TABLE OF CONTENTS INTRODUCTION... 1 WHY SHOULD I BOTHER?... 1 AREN T FIREWALLS AND ANTI-VIRUS ENOUGH?...

More information

ROCKEFELLER SNOWE CYBERSECURITY ACT SUBSTITUTE AMENDMENT FOR S.773

ROCKEFELLER SNOWE CYBERSECURITY ACT SUBSTITUTE AMENDMENT FOR S.773 ROCKEFELLER SNOWE CYBERSECURITY ACT SUBSTITUTE AMENDMENT FOR S.773 March 17, 2010 BACKGROUND & WHY THIS LEGISLATION IS IMPORTANT: Our nation is at risk. The networks that American families and businesses

More information

Cybersecurity Enhancement Account. FY 2017 President s Budget

Cybersecurity Enhancement Account. FY 2017 President s Budget Cybersecurity Enhancement Account FY 2017 President s Budget February 9, 2016 Table of Contents Section 1 Purpose... 3 1A Mission Statement... 3 1.1 Appropriations Detail Table... 3 1B Vision, Priorities

More information

How to Justify Your Security Assessment Budget

How to Justify Your Security Assessment Budget 2BWhite Paper How to Justify Your Security Assessment Budget Building a Business Case For Penetration Testing WHITE PAPER Introduction Penetration testing has been established as a standard security practice

More information

Chairman Johnson, Ranking Member Carper, and Members of the committee:

Chairman Johnson, Ranking Member Carper, and Members of the committee: UNITED STATES OFFICE OF PERSONNEL MANAGEMENT STATEMENT OF THE HONORABLE KATHERINE ARCHULETA DIRECTOR U.S. OFFICE OF PERSONNEL MANAGEMENT before the COMMITTEE ON HOMELAND SECURITY AND GOVERNMENTAL AFFAIRS

More information

Assessing the strength of your security operating model

Assessing the strength of your security operating model www.pwc.com Assessing the strength of your security operating model May 2014 Assessing the strength of your security operating model Retail stores, software companies, the U.S. Federal Reserve it seems

More information

AS PREPARED EMBARGOED UNTIL DELIVERY

AS PREPARED EMBARGOED UNTIL DELIVERY SECRETARY OF DEFENSE LEON E. PANETTA DEFENDING THE NATION FROM CYBER ATTACK BUSINESS EXECUTIVES FOR NATIONAL SECURITY NEW YORK, NY THURSDAY, OCTOBER 11, 2012 Let me begin by extending my deepest gratitude

More information

Cyber Security Beginners Guide to Firewalls A Non-Technical Guide

Cyber Security Beginners Guide to Firewalls A Non-Technical Guide Cyber Security Beginners Guide to Firewalls A Non-Technical Guide Essential for Business Managers Office Managers Operations Managers Multi-State Information Sharing and Analysis Center (MS-ISAC) U.S.

More information

Trends Concerning Cyberspace

Trends Concerning Cyberspace Section 2 Trends Concerning Cyberspace 1 Cyberspace and Security Owing to the information technology (IT) revolution in recent years, information and communication networks such as the Internet are becoming

More information

RETHINKING CYBER SECURITY Changing the Business Conversation

RETHINKING CYBER SECURITY Changing the Business Conversation RETHINKING CYBER SECURITY Changing the Business Conversation October 2015 Introduction: Diane Smith Michigan Delegate Higher Education Conference Speaker Board Member 2 1 1. Historical Review Agenda 2.

More information

AUTOMATED PENETRATION TESTING PRODUCTS

AUTOMATED PENETRATION TESTING PRODUCTS AUTOMATED PENETRATION TESTING PRODUCTS Justification and Return on Investment (ROI) EXECUTIVE SUMMARY This paper will help you justify the need for automated penetration testing software and demonstrate

More information

Cyber Security. BDS PhantomWorks. Boeing Energy. Copyright 2011 Boeing. All rights reserved.

Cyber Security. BDS PhantomWorks. Boeing Energy. Copyright 2011 Boeing. All rights reserved. Cyber Security Automation of energy systems provides attack surfaces that previously did not exist Cyber attacks have matured from teenage hackers to organized crime to nation states Centralized control

More information

A Tipping Point The Fight for our Nation s Cyber Security

A Tipping Point The Fight for our Nation s Cyber Security A Tipping Point The Fight for our Nation s Cyber Security A GTRA Research Brief by Parham Eftekhari Co-Founder & Director of Research, GTRA December 2009 Introduction It is a widely accepted belief that

More information

5 Tips to Secure Small Business Backdoors in the Enterprise Supply Chain

5 Tips to Secure Small Business Backdoors in the Enterprise Supply Chain 5 Tips to Secure Small Business Backdoors in the Enterprise Supply Chain Introduction Cybersecurity for the enterprise. There is no silver bullet. But as business becomes more connected and as data moves

More information

Cyber Security Solutions:

Cyber Security Solutions: ThisIsCable for Business Report Series Cyber Security Solutions: A Sampling of Cyber Security Solutions Designed for the Small Business Community Comparison Report Produced by BizTechReports.com Editorial

More information