Cedric Leighton, Colonel, USAF (Ret) Founder & President, Cedric Leighton Associates

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "Cedric Leighton, Colonel, USAF (Ret) Founder & President, Cedric Leighton Associates"

Transcription

1 Cedric Leighton, Colonel, USAF (Ret) Founder & President, Cedric Leighton Associates

2 What is Cyber Security? The First Cyber Attack The Threat Landscape The Energy Industry as a Target The Legal & Regulatory Landscape Possible Policy Solutions The Paucity of (Real) Technical Solutions Securing the Energy Infrastructure

3 The effort to secure the Internet from entities that seek to harm it or its users The implementation of standards to protect the Internet and its users A program or programs designed to mitigate the threat posed by hackers against a specific IT network or specific entity using the Internet

4 Not a rigid, dogmatic set of rules Not a panacea Not something the Government can do by itself Not something Private Industry can do by itself But.

5 Requires an All-In approach Government & Private Sector Partnerships based on Trust With Flexible, Evolving Rules, and A workable Cyber Security Strategy

6 When was the First Cyber Attack?

7

8

9

10 Explosion was 1/7 the size of the Atomic Bombs used in Hiroshima & Nagasaki Could be Seen from Space Utterly Destroyed Large Section of Trans-Siberian Oil Pipeline Soviet Union lost $8 Billion in Annual Oil Revenue

11 It began with a Defector codenamed Farewell KGB Colonel Vladimir Vetrov Led KGB section that stole Western Technology Hated Soviet life Gave French Intelligence 4,000 page document detailing Soviet Industrial Espionage in the West French President Mitterrand shared with President Reagan

12 CIA discovered the Soviets wanted Western Computer Technology to run Trans-Siberian Pipeline Automate Pipeline Control Mechanisms Compressors, Valves, Storage Facilities Asked US for Software; Turned Down Bought from Canada, but with Modifications

13 Canadian software to run Pumps, Valves & Turbines Programmed to Fail Reset Pump Speeds & Valve Settings to Raise Pressure far beyond Tolerances Pressure too great for Welds & Joints Result: Monumental Explosion

14

15 In 1982: The Internet hardly existed; negligible Traffic Volume In 1990: 1000 Gigabytes of data travelled via the Internet per month Today s Traffic Volume: 27 Billion Gigabytes per month 5 Billion Different Devices will soon be connected to the Internet And then there s Malware

16 Hacktivists Cyber Criminals Other Non-State Actors State Actors

17

18 Anonymous; Lulzsec Politically Motivated; Anarchic Philosophy Stratfor Hack Ohio Rape Case Visa, MasterCard, PayPal Primary Method: DDoS (Distributed Denial of Service) Attacks Overwhelms Targeted Servers with more Traffic than they can Handle

19

20 Motivation: Financial Russian & East European Criminal Gangs Dominate Credit Card Number Theft Value of a Credit Card Number: $2.50 Identity Theft Cyber Ransoms Cyber Underworld = Criminal Underworld

21

22 Targeted 30 US Banks Using 100 Botnets Botnets: Computers that are taken over by a third party; used to attack other computers Some people participate willingly; most do not All you need to do is download Malware to become a Botnet Goal: Attack US Banks before they implement Two-Factor Authentication Stole at least $5 Million (and that was before Blitzkrieg really started)

23

24

25 Part of the People s Liberation Army s Intelligence Directorate Targets: US and North America; other English-speaking Countries Mission: Get as much Intellectual Property as possible Map Target Networks Find Vulnerabilities in Critical Infrastructure

26 Stole Intellectual Property from Nortel Stayed on Nortel Networks for over 10 years Not noticed at first When discovered, lethargic response Nortel lost out to Chinese competitors Nortel is Bankrupt Stole Blueprints for the F-35 Joint Strike Fighter from Northrop Grumman Stole Plans for Wind Turbines Part of a Broader Chinese Strategy

27 In the US: $500 Billion Annually Globally: $1 Trillion Annually

28 Target: Saudi Aramco, world s largest Oil Company Secondary Target: RasGas Qatar s 2 nd largest Gas Company Perpetrator: Iran Cyber Weapon: Shamoon Malware Result: 30,000 PC Workstations made useless

29 Hackers break into SCADA Systems Key Elements of the Nation s Critical Infrastructure are Sabotaged Large Sections of the Country are without Power Social Chaos & Death result

30 No Comprehensive Cyber Security Legislation Current Legislation not Moving Forward Last Year s Measures Failed Executive Order Designed to Protect Government Cyber Infrastructure NERC and NRC Standards & Rules No Comprehensive National Cyber Security Strategy

31 Develop a Comprehensive National Cyber Strategy Develop Evolving Minimum Cyber Security Standards & Regulations Pass Comprehensive Cyber Security Legislation to forge Partnership between Government & Private Sector Companies need Liability Protections Cyber Threat Information must be shared in Real- Time Private Partnerships with the Intelligence & Law Enforcement Communities

32 Many SCADA Systems are Old Security is an Afterthought (at best) Firewalls First line of defense, but can be breached Two-Factor Authentication Ok, but may not be practical for Utilities Encryption Essential, but can it be cracked? The Key: Understanding the Threat & Developing Responses to it

33 Cannot be done in Isolation Must be a Partnership Federal & State Regulatory Elements Law Enforcement Intelligence Cyber Security Firms Must Incorporate Latest Threat Data in Real- Time We re all on the Front Line now

34 The Cyber Threat is Real & Growing We must have a Proactive Partnership to Counter it Protecting Infrastructure, Businesses & Consumers is the Goal Businesses and Cooperatives that set the highest Cyber Security Standards will be the Gold Standard

35 Now it s Your Turn

Cybersecurity: Learn Critical Strategies to Protecting Your Enterprise November 6, 2013 1:00PM EST

Cybersecurity: Learn Critical Strategies to Protecting Your Enterprise November 6, 2013 1:00PM EST Cybersecurity: Learn Critical Strategies to Protecting Your Enterprise November 6, 2013 1:00PM EST November 6, 2013 Copyright 2013 Trusted Computing Group 1 November 6, 2013 Copyright 2013 Trusted Computing

More information

Agenda. Introduction to SCADA. Importance of SCADA security. Recommended steps

Agenda. Introduction to SCADA. Importance of SCADA security. Recommended steps Agenda Introduction to SCADA Importance of SCADA security Recommended steps SCADA systems are usually highly complex and SCADA systems are used to control complex industries Yet.SCADA systems are actually

More information

A New Layer of Security to Protect Critical Infrastructure from Advanced Cyber Attacks. Alex Leemon, Sr. Manager

A New Layer of Security to Protect Critical Infrastructure from Advanced Cyber Attacks. Alex Leemon, Sr. Manager A New Layer of Security to Protect Critical Infrastructure from Advanced Cyber Attacks Alex Leemon, Sr. Manager 1 The New Cyber Battleground: Inside Your Network Over 90% of organizations have been breached

More information

Trends in Malware DRAFT OUTLINE. Wednesday, October 10, 12

Trends in Malware DRAFT OUTLINE. Wednesday, October 10, 12 Trends in Malware DRAFT OUTLINE Presentation Synopsis Security is often a game of cat and mouse as security professionals and attackers each vie to stay one step ahead of the other. In this race for dominance,

More information

Cyber security Keeping your business resilient

Cyber security Keeping your business resilient Intelligence FIRST helping your business make better decisions Cyber security Keeping your business resilient Cyber security is about keeping your business resilient in the modern technological age. It

More information

Information Protection in Today s Changing Mobile and Cloud Environments

Information Protection in Today s Changing Mobile and Cloud Environments Information Protection in Today s Changing Mobile and Cloud Environments Art Gilliland, Sr. Vice President Symantec, Information Security Group Session ID: SPO1-107 Session Classification: Intermediate

More information

Statement for the Record. Richard Bejtlich. Chief Security Strategist. FireEye, Inc. Before the. U.S. House of Representatives

Statement for the Record. Richard Bejtlich. Chief Security Strategist. FireEye, Inc. Before the. U.S. House of Representatives Statement for the Record Richard Bejtlich Chief Security Strategist FireEye, Inc. Before the U.S. House of Representatives Committee on Energy and Commerce Subcommittee on Oversight and Investigations

More information

September 20, 2013 Senior IT Examiner Gene Lilienthal

September 20, 2013 Senior IT Examiner Gene Lilienthal Cyber Crime September 20, 2013 Senior IT Examiner Gene Lilienthal The following presentation are views and opinions of the speaker and does not necessarily reflect the views of the Federal Reserve Bank

More information

Who s Doing the Hacking?

Who s Doing the Hacking? Who s Doing the Hacking? 1 HACKTIVISTS Although the term hacktivist refers to cyber attacks conducted in the name of political activism, this segment of the cyber threat spectrum covers everything from

More information

Evolving Uses of Technology: Mobility and Cybersecurity

Evolving Uses of Technology: Mobility and Cybersecurity WHITE PAPER Evolving Uses of Technology: Mobility and Cybersecurity March 2012 Conventional security standards and practices cannot keep up with the frequency and sophistication of attacks. EXECUTIVE SUMMARY

More information

Frost & Sullivan s. Aerospace, Defence & Security Practice. Global Industrial Cyber Security Trends

Frost & Sullivan s. Aerospace, Defence & Security Practice. Global Industrial Cyber Security Trends Frost & Sullivan s Aerospace, Defence & Security Practice Global Industrial Cyber Security Trends Presented by Philipp Reuter Director Frost & Sullivan, Turkey 1 Worth over $ 50 Billion globally in 2014

More information

Cyber-security: legal implications for financial institutions. IAPP Europe Data Protection Intensive 2013

Cyber-security: legal implications for financial institutions. IAPP Europe Data Protection Intensive 2013 Cyber-security: legal implications for financial institutions IAPP Europe Data Protection Intensive 2013 Vivienne Artz Managing Director and General Counsel, Citi Cyber threat landscape Kris McConkey Director,

More information

EY Cyber Security Hacktics Center of Excellence

EY Cyber Security Hacktics Center of Excellence EY Cyber Security Hacktics Center of Excellence The Cyber Crime Underground Page 2 The Darknet Page 3 What can we find there? Hit men Page 4 What can we find there? Drug dealers Page 5 What can we find

More information

White Paper on Financial Industry Regulatory Climate

White Paper on Financial Industry Regulatory Climate White Paper on Financial Industry Regulatory Climate According to a 2014 report on threats to the financial services sector, 45% of financial services organizations polled had suffered economic crime during

More information

Internet Safety and Security: Strategies for Building an Internet Safety Wall

Internet Safety and Security: Strategies for Building an Internet Safety Wall Internet Safety and Security: Strategies for Building an Internet Safety Wall Sylvanus A. EHIKIOYA, PhD Director, New Media & Information Security Nigerian Communications Commission Abuja, NIGERIA Internet

More information

The Peak of Chaos Shane D. Shook, PhD 10/31/2012

The Peak of Chaos Shane D. Shook, PhD 10/31/2012 w h a c k e r n a v k n d n h m y a w h o? n r h p e n c n o s a n w s o v y i d u n n n r n m s r k d e a i k o w i r c d i o m u t w e t w s u t s i v i t c a Shane D. Shook, PhD 10/31/2012 Cyber Crime

More information

67% 61% STATE OF CLOUD SECURITY BULLETIN. Information Security in the Energy Sector. Summer 2013 FROM APR SEP 2012

67% 61% STATE OF CLOUD SECURITY BULLETIN. Information Security in the Energy Sector. Summer 2013 FROM APR SEP 2012 STATE OF CLOUD SECURITY BULLETIN Information Security in the Energy Sector Summer 2013 FROM APR SEP 2012 67% of Alert Logic customers in the energy industry experienced BRUTE FORCE ATTACKS 61% of Alert

More information

Security and Privacy

Security and Privacy Security and Privacy Matthew McCormack, CISSP, CSSLP CTO, Global Public Sector, RSA The Security Division of EMC 1 BILLIONS OF USERS MILLIONS/BILLIONS OF APPS 2010 Cloud Big Data Social Mobile Devices

More information

Phone: +44 20 8123 2220 Fax: +44 207 900 3970 office@marketpublishers.com https://marketpublishers.com

Phone: +44 20 8123 2220 Fax: +44 207 900 3970 office@marketpublishers.com https://marketpublishers.com Cyber Security Market by Solution (IAM, Encryption, DLP, Risk and Compliance Management, IDS/IPS, UTM, Firewall, Antivirus/Antimalware, SIEM, Disaster Recovery, DDOS Mitigation, Web Filtering, and Security

More information

Energy Cybersecurity Regulatory Brief

Energy Cybersecurity Regulatory Brief Energy Understand the regulations that impact the energy industry and accelerate information security initiatives. Contents Overview 3 A Highly Vulnerable Energy Industry 4 Key Regulations to Consider

More information

Digital Evidence and Threat Intelligence

Digital Evidence and Threat Intelligence Digital Evidence and Threat Intelligence 09 November 2015 Mark Clancy CEO www.soltra.com @soltraedge External Threats Growing 117,339 incoming attacks every day The total number of security incidents detected

More information

Cyber-Security. FAS Annual Conference September 12, 2014

Cyber-Security. FAS Annual Conference September 12, 2014 Cyber-Security FAS Annual Conference September 12, 2014 Maysar Al-Samadi Vice President, Professional Standards IIROC Cyber-Security IIROC Rule 17.16 BCP The regulatory landscape Canadian Government policy

More information

CYBER4SIGHT TM THREAT INTELLIGENCE SERVICES ANTICIPATORY AND ACTIONABLE INTELLIGENCE TO FIGHT ADVANCED CYBER THREATS

CYBER4SIGHT TM THREAT INTELLIGENCE SERVICES ANTICIPATORY AND ACTIONABLE INTELLIGENCE TO FIGHT ADVANCED CYBER THREATS CYBER4SIGHT TM THREAT INTELLIGENCE SERVICES ANTICIPATORY AND ACTIONABLE INTELLIGENCE TO FIGHT ADVANCED CYBER THREATS PREPARING FOR ADVANCED CYBER THREATS Cyber attacks are evolving faster than organizations

More information

What is Cyber Liability

What is Cyber Liability What is Cyber Liability Ubiquitous Warfare Espionage Media Operational Data Security and Privacy Tech 1 Data Security and Privacy Data Breach Response Costs Privacy Regulatory Action Civil Litigation INSURABLE

More information

Cyber4sight TM Threat. Anticipatory and Actionable Intelligence to Fight Advanced Cyber Threats

Cyber4sight TM Threat. Anticipatory and Actionable Intelligence to Fight Advanced Cyber Threats Cyber4sight TM Threat Intelligence Services Anticipatory and Actionable Intelligence to Fight Advanced Cyber Threats Preparing for Advanced Cyber Threats Cyber attacks are evolving faster than organizations

More information

EFFECTIVE APPROACHES TO CYBERSECURITY FOR UTILITIES TERRY M. JARRETT HEALY & HEALY ATTORNEYS AT LAW, LLC OCTOBER 24, 2013

EFFECTIVE APPROACHES TO CYBERSECURITY FOR UTILITIES TERRY M. JARRETT HEALY & HEALY ATTORNEYS AT LAW, LLC OCTOBER 24, 2013 EFFECTIVE APPROACHES TO CYBERSECURITY FOR UTILITIES TERRY M. JARRETT HEALY & HEALY ATTORNEYS AT LAW, LLC OCTOBER 24, 2013 1 AGENDA Why Cybersecurity? A Few Helpful Cybersecurity Concepts Developing Expertise:

More information

Into the cybersecurity breach

Into the cybersecurity breach Into the cybersecurity breach Tim Sanouvong State Sector Cyber Risk Services Deloitte & Touche LLP April 3, 2015 Agenda Setting the stage Cyber risks in state governments Cyber attack vectors Preparing

More information

Five keys to a more secure data environment

Five keys to a more secure data environment Five keys to a more secure data environment A holistic approach to data infrastructure security Compliance professionals know better than anyone how compromised data can lead to financial and reputational

More information

Beyond the Hype: Advanced Persistent Threats

Beyond the Hype: Advanced Persistent Threats Advanced Persistent Threats and Real-Time Threat Management The Essentials Series Beyond the Hype: Advanced Persistent Threats sponsored by Dan Sullivan Introduction to Realtime Publishers by Don Jones,

More information

Analytic and Predictive Modeling of Cyber Threat Entities J. Wesley Regian, Ph.D.

Analytic and Predictive Modeling of Cyber Threat Entities J. Wesley Regian, Ph.D. 18th Annual Space & Missile Defense Symposium IAMD Evolution and Integration/Key Topic: Predictive Cyber Threat Analysis Analytic and Predictive Modeling of Cyber Threat Entities J. Wesley Regian, Ph.D.

More information

Cybersecurity & International Relations. Assist. Prof. D. ARIKAN AÇAR, Ph.D. Department of International Relations, Yaşar University, Turkey.

Cybersecurity & International Relations. Assist. Prof. D. ARIKAN AÇAR, Ph.D. Department of International Relations, Yaşar University, Turkey. Cybersecurity & International Relations Assist. Prof. D. ARIKAN AÇAR, Ph.D. Department of International Relations, Yaşar University, Turkey. Cybersecurity & IR This part of the IWOSI aims to link the Information

More information

FBI AND CYBER SECURITY

FBI AND CYBER SECURITY FBI AND CYBER SECURITY SSA John Caruthers SSA Ken Schmutz SSA Tom Winterhalter Mission The FBI is the only U.S. agency charged with the authority to investigate both criminal and national security investigations.

More information

Cyber security Time for a new paradigm. Stéphane Hurtaud Partner Information & Technology Risk Deloitte

Cyber security Time for a new paradigm. Stéphane Hurtaud Partner Information & Technology Risk Deloitte Cyber security Time for a new paradigm Stéphane Hurtaud Partner Information & Technology Risk Deloitte 90 More than ever, cyberspace is a land of opportunity but also a dangerous world. As public and private

More information

THE WHITE HOUSE Office of the Press Secretary

THE WHITE HOUSE Office of the Press Secretary FOR IMMEDIATE RELEASE February 13, 2015 THE WHITE HOUSE Office of the Press Secretary FACT SHEET: White House Summit on Cybersecurity and Consumer Protection As a nation, the United States has become highly

More information

The FBI Cyber Program. Bauer Advising Symposium //UNCLASSIFIED

The FBI Cyber Program. Bauer Advising Symposium //UNCLASSIFIED The FBI Cyber Program Bauer Advising Symposium October 11, 2012 Today s Agenda What is the threat? Who are the adversaries? How are they attacking you? What can the FBI do to help? What can you do to stop

More information

Understanding PCI Compliance

Understanding PCI Compliance Understanding PCI Compliance www.cognoscape.com Understanding PCI Compliance What is PCI Compliance? What exactly is PCI compliance? PCI stands for Payment Card Industry, and the compliance component ensures

More information

I ve been breached! Now what?

I ve been breached! Now what? I ve been breached! Now what? THE AFTERMATH OF A BREACH & STEPS TO REDUCE RISK The number of data breaches in the United States in 2014 hit a record high. And 2015 is not looking any better. There have

More information

EXTREME CYBER SCENARIO PLANNING & ATTACK TREE ANALYSIS

EXTREME CYBER SCENARIO PLANNING & ATTACK TREE ANALYSIS EXTREME CYBER SCENARIO PLANNING & ATTACK TREE ANALYSIS Ian Green Manager, Cybercrime & Intelligence Commonwealth Bank of Australia Session ID: GRC T17 Session Classification: ADVANCED WHY? What keeps you

More information

Faculdade de Direito, Lisboa, 02-Jul-2014. The Competitive Advantage of Cybersecurity

Faculdade de Direito, Lisboa, 02-Jul-2014. The Competitive Advantage of Cybersecurity Faculdade de Direito, Lisboa, 02-Jul-2014 The Competitive Advantage of Cybersecurity Thales Key highlights (I) A global company with 65,000 employees and 14,2 billion in revenues, R&D 2,5 billion * We

More information

Cyber and Operational Solutions for a Connected Industrial Era

Cyber and Operational Solutions for a Connected Industrial Era Cyber and Operational Solutions for a Connected Industrial Era OPERATIONAL & SECURITY CHALLENGES IN A HYPER-CONNECTED INDUSTRIAL WORLD In face of increasing operational challenges and cyber threats, and

More information

Secure Software Development Trends in the Oil & Gas Sectors. How the Microsoft Security Development Lifecycle helps protect critical industries

Secure Software Development Trends in the Oil & Gas Sectors. How the Microsoft Security Development Lifecycle helps protect critical industries Secure Software Development Trends in the Oil & Gas Sectors How the Microsoft Security Development Lifecycle helps protect critical industries Secure Software Development Trends in the Oil & Gas Sectors

More information

Is your business at risk? DO YOU NEED TO KNOW?

Is your business at risk? DO YOU NEED TO KNOW? Is your business at risk? DO YOU NEED TO KNOW? Do you need Penetration Testing? The main issues our clients have faced in the operational running of the business Client-side attacks Another growing security

More information

Insurance implications for Cyber Threats

Insurance implications for Cyber Threats Lillehammer Energy Claims Conference Lillehammer March 7, 2014 Insurance implications for Cyber Threats How enterprises need to prepare for the inevitable JLT is one of the world s largest providers of

More information

Protecting Organizations from Cyber Attack

Protecting Organizations from Cyber Attack Protecting Organizations from Cyber Attack Cliff Glantz and Guy Landine Pacific Northwest National Laboratory (PNNL) PO Box 999 Richland, WA 99352 cliff.glantz@pnnl.gov guy.landine@pnnl.gov 1 Key Topics

More information

Four Steps to Defeat a DDoS Attack

Four Steps to Defeat a DDoS Attack WHITE PAPER Four Steps to Defeat a DDoS Attack Millions of computers around the world are controlled by cybercriminals. These computers, infected with bot malware, automatically connect to command and

More information

Cyber Threat Intelligence and Incident Coordination Center (C 3 ) Protecting the Healthcare Industry from Cyber Attacks

Cyber Threat Intelligence and Incident Coordination Center (C 3 ) Protecting the Healthcare Industry from Cyber Attacks Cyber Threat Intelligence and Incident Coordination Center (C 3 ) Protecting the Healthcare Industry from Cyber Attacks July 2014 Cyber Threat Intelligence and Incident Coordination Center: Protecting

More information

Perspectives on Cyber Security Strategies & Tactics

Perspectives on Cyber Security Strategies & Tactics Perspectives on Cyber Security Strategies & Tactics Joshua Schmookler, Passaic County NJ MIS Department Security Administrator Micah Hassinger, Bergen County NJ Communications Director of Information Technology

More information

Practical Steps To Securing Process Control Networks

Practical Steps To Securing Process Control Networks Practical Steps To Securing Process Control Networks Villanova University Seminar Rich Mahler Director, Commercial Cyber Solutions Lockheed Martin Lockheed Martin Corporation 2014. All Rights Reserved.

More information

How do we Police Cyber Crime?

How do we Police Cyber Crime? How do we Police Cyber Crime? Thursday 4 th June 2015 Craig Jones, SEROCU Presentation Content UK policing cyber crime programme Cyber threat landscape and impact Cyber business resilience Future Challenges

More information

Medical Information Breaches: Are Your Records Safe?

Medical Information Breaches: Are Your Records Safe? Medical Information Breaches: Are Your Records Safe? Learning Objectives At the conclusion of this presentation the learner will be able to: Recognize the growing risk of data breaches Assess the potential

More information

Evolving Threats and Attacks: A Cloud Service Provider s viewpoint. John Howie Senior Director Online Services Security and Compliance

Evolving Threats and Attacks: A Cloud Service Provider s viewpoint. John Howie Senior Director Online Services Security and Compliance Evolving Threats and Attacks: A Cloud Service Provider s viewpoint John Howie Senior Director Online Services Security and Compliance Introduction Microsoft s Cloud Infrastructure Evolution of Threats

More information

Federal Bureau of Investigation

Federal Bureau of Investigation Federal Bureau of Investigation SSA John Caruthers Cyber Criminal Section SSA Kenneth Schmutz Cyber National Security Section April 11, 2012 FBI Mission Cyber Threats FBI Response 1. Protect the United

More information

Corporate Spying An Overview

Corporate Spying An Overview Corporate Spying An Overview With the boom in informational and technological advancements in recent years, there comes the good and the bad the bad being more susceptibility to the theft of confidential

More information

The SMB Cyber Security Survival Guide

The SMB Cyber Security Survival Guide The SMB Cyber Security Survival Guide Stephen Cobb, CISSP Security Evangelist The challenge A data security breach can put a business out of business or create serious unbudgeted costs To survive in today

More information

Four Steps to Defeat a DDoS Attack

Four Steps to Defeat a DDoS Attack hite Paper Four Steps to Defeat a DDoS Attack Millions of computers around the world are controlled by cybercriminals. These computers, infected with bot malware, automatically connect to command and control

More information

As appears in: Cybersecurity - more than just a good firewall by Jim Fererro, Senior Vice President, GlobaLogix

As appears in: Cybersecurity - more than just a good firewall by Jim Fererro, Senior Vice President, GlobaLogix As appears in: Cybersecurity - more than just a good firewall by Jim Fererro, Senior Vice President, GlobaLogix (8/4/2013) In seemingly too short a timespan, energy industry cyber threats have escalated

More information

White Paper THE FOUR ATTACK VECTORS TO PREVENT OR DETECT RETAILER BREACHES. By James Christiansen, VP, Information Risk Management

White Paper THE FOUR ATTACK VECTORS TO PREVENT OR DETECT RETAILER BREACHES. By James Christiansen, VP, Information Risk Management White Paper THE FOUR ATTACK VECTORS TO PREVENT OR DETECT RETAILER BREACHES By James Christiansen, VP, Information Risk Management Executive Summary Security breaches in the retail sector are becoming more

More information

Information Security Summit 2005

Information Security Summit 2005 Information Security Summit 2005 Forensically Sound Information Security Management in a Risk Compliance Era Keynote Opening Address by Mr. Howard C Dickson Government Chief Information Officer Government

More information

DENIAL OF SERVICE: HOW BUSINESSES EVALUATE THE THREAT OF DDOS ATTACKS IT SECURITY RISKS SPECIAL REPORT SERIES

DENIAL OF SERVICE: HOW BUSINESSES EVALUATE THE THREAT OF DDOS ATTACKS IT SECURITY RISKS SPECIAL REPORT SERIES DENIAL OF SERVICE: HOW BUSINESSES EVALUATE THE IT SECURITY RISKS SPECIAL REPORT SERIES Kaspersky Lab 2 Corporate IT Security Risks Survey details: More than 5500 companies in 26 countries around the world

More information

Cyber Risk to Help Shape Industry Trends in 2014

Cyber Risk to Help Shape Industry Trends in 2014 Cyber Risk to Help Shape Industry Trends in 2014 Rigzone Staff 12/18/2013 URL: http://www.rigzone.com/news/oil_gas/a/130621/cyber_risk_to_help_shape_industry_trends_i n_2014 The oil and gas industry s

More information

Cyber and Mobile Landscape, Challenges, & Best Practices

Cyber and Mobile Landscape, Challenges, & Best Practices Cyber and Mobile Landscape, Challenges, & Best Practices while increasing efficiencies through automation Cheri McGuire VP, Global Govt. Affairs & Cybersecurity Policy Cyber and Mobility Challenges and

More information

Building The Human Firewall. Andy Sawyer, CISM, C CISO Director of Security Locke Lord

Building The Human Firewall. Andy Sawyer, CISM, C CISO Director of Security Locke Lord Building The Human Firewall Andy Sawyer, CISM, C CISO Director of Security Locke Lord Confidentiality, Integrity, Availability Benchmarks of Cybersecurity: Confidentiality Information is protected against

More information

Cyber- Attacks: The New Frontier for Fraudsters. Daniel Wanjohi, Technology Security Specialist

Cyber- Attacks: The New Frontier for Fraudsters. Daniel Wanjohi, Technology Security Specialist Cyber- Attacks: The New Frontier for Fraudsters Daniel Wanjohi, Technology Security Specialist What is it All about The Cyber Security Agenda ; Protecting computers, networks, programs and data from unintended

More information

WAN security threat landscape and best mitigation practices. Rex Stover Vice President, Americas, Enterprise & ICP Sales

WAN security threat landscape and best mitigation practices. Rex Stover Vice President, Americas, Enterprise & ICP Sales WAN security threat landscape and best mitigation practices. Rex Stover Vice President, Americas, Enterprise & ICP Sales The Cost of Cybercrime Sony $171m PlayStation 3 data breach (April 2011) $3 trillion

More information

How Secure is Your SCADA System?

How Secure is Your SCADA System? How Secure is Your SCADA System? Charles Drobny GlobaLogix, Inc. Houston, TX, USA Our Industry is a Target 40% of cyber attacks on Critical Infrastructure targets are aimed at the Energy Industry The potential

More information

Fighting Off an Advanced Persistent Threat & Defending Infrastructure and Data. Dave Shackleford February, 2012

Fighting Off an Advanced Persistent Threat & Defending Infrastructure and Data. Dave Shackleford February, 2012 Fighting Off an Advanced Persistent Threat & Defending Infrastructure and Data Dave Shackleford February, 2012 Agenda Attacks We ve Seen Advanced Threats what s that mean? A Simple Example What can we

More information

IBM i2 Enterprise Insight Analysis for Cyber Analysis

IBM i2 Enterprise Insight Analysis for Cyber Analysis IBM i2 Enterprise Insight Analysis for Cyber Analysis Protect your organization with cyber intelligence Highlights Quickly identify threats, threat actors and hidden connections with multidimensional analytics

More information

NATO & Cyber Conflict: Background & Challenges

NATO & Cyber Conflict: Background & Challenges NATO & Cyber Conflict: Background & Challenges Dr. Sean Lawson Department of Communication University of Utah [Full citation: Lawson, Sean. (2012) NATO & Cyber Conflict: Background & Challenges. Presented

More information

Computer Incident Response Team

Computer Incident Response Team Computer Incident Response Team Role in Combating Cybercrime Mohamad Sazly B Musa IMPACT 22 nd September 2011 Agenda 1. Overview of Cyber Crime 2. Statistics 3. Fighting Cyber Crime 4. The Role of CIRT

More information

Research Note Engaging in Cyber Warfare

Research Note Engaging in Cyber Warfare Research Note Engaging in Cyber Warfare By: Devin Luco Copyright 2013, ASA Institute for Risk & Innovation Keywords: Cyber War, Cyber Warfare, Cyber Attacks, Cyber Threats Abstract This research note defines

More information

Cybercrime: Protecting Your Digital Assets in Today's Threat Landscape

Cybercrime: Protecting Your Digital Assets in Today's Threat Landscape Cybercrime: Protecting Your Digital Assets in Today's Threat Landscape Presented by Rachel Ratcliff OM03 Saturday, 10/5/2013 9:30 AM - 10:45 AM Cybercrime: Protecting Your Digital Assets in Today s Threat

More information

Cyber Security. CYBER SECURITY presents a major challenge for businesses of all shapes and sizes. Leaders ignore it at their peril.

Cyber Security. CYBER SECURITY presents a major challenge for businesses of all shapes and sizes. Leaders ignore it at their peril. Cyber Security Personal and commercial information is the new commodity of choice for the virtual thief, argues Adrian Leppard, Commissioner for City of London Police, as he sets out the challenges facing

More information

State of Security Survey GLOBAL FINDINGS

State of Security Survey GLOBAL FINDINGS 2011 State of Security Survey GLOBAL FINDINGS CONTENTS Introduction... 4 Methodology... 6 Finding 1: Cybersecurity is important to business... 8 Finding 2: The drivers of security are changing... 10 Finding

More information

Oil & Gas Cybersecurity

Oil & Gas Cybersecurity COurse Oil & Gas Cybersecurity Best Practices & Future Trends Sheraton Pentagon City Hotel Supporting Organization is authorized by IACET to offer 0.6 CEUs for the course. 1 Overview The energy industry

More information

White Paper: Leveraging Web Intelligence to Enhance Cyber Security

White Paper: Leveraging Web Intelligence to Enhance Cyber Security White Paper: Leveraging Web Intelligence to Enhance Cyber Security October 2013 Inside: New context on Web Intelligence The need for external data in enterprise context Making better use of web intelligence

More information

CYBER SECURITY INFORMATION SHARING & COLLABORATION

CYBER SECURITY INFORMATION SHARING & COLLABORATION Corporate Information Security CYBER SECURITY INFORMATION SHARING & COLLABORATION David N. Saul Senior Vice President & Chief Scientist 28 June 2013 Discussion Flow The Evolving Threat Environment Drivers

More information

U. S. Attorney Office Northern District of Texas March 2013

U. S. Attorney Office Northern District of Texas March 2013 U. S. Attorney Office Northern District of Texas March 2013 What Is Cybercrime? Hacking DDOS attacks Domain name hijacking Malware Other computer related offenses, i.e. computer and internet used to facilitate

More information

The Dow Chemical Company. statement for the record. David E. Kepler. before

The Dow Chemical Company. statement for the record. David E. Kepler. before The Dow Chemical Company statement for the record of David E. Kepler Chief Sustainability Officer, Chief Information Officer, Business Services and Executive Vice President before The Senate Committee

More information

Are you prepared to be next? Invensys Cyber Security

Are you prepared to be next? Invensys Cyber Security Defense In Depth Are you prepared to be next? Invensys Cyber Security Sven Grone Critical Controls Solutions Consultant Presenting on behalf of Glen Bounds Global Modernization Consultant Agenda Cyber

More information

Information Security Addressing Your Advanced Threats

Information Security Addressing Your Advanced Threats Information Security Addressing Your Advanced Threats Where We are Going Information Security Landscape The Threats You Face How To Protect Yourself This Will Not Be Boring What Is Information Security?

More information

defending against advanced persistent threats: strategies for a new era of attacks agility made possible

defending against advanced persistent threats: strategies for a new era of attacks agility made possible defending against advanced persistent threats: strategies for a new era of attacks agility made possible security threats as we know them are changing The traditional dangers IT security teams have been

More information

POLICIES TO MITIGATE CYBER RISK

POLICIES TO MITIGATE CYBER RISK POLICIES TO MITIGATE CYBER RISK http://www.tutorialspoint.com/information_security_cyber_law/policies_to_mitigate_cyber_risk.htm Copyright tutorialspoint.com This chapter takes you through the various

More information

2012 Bit9 Cyber Security Research Report

2012 Bit9 Cyber Security Research Report 2012 Bit9 Cyber Security Research Report Table of Contents Executive Summary Survey Participants Conclusion Appendix 3 4 10 11 Executive Summary According to the results of a recent survey conducted by

More information

TLP WHITE. Denial of service attacks: what you need to know

TLP WHITE. Denial of service attacks: what you need to know Denial of service attacks: what you need to know Contents Introduction... 2 What is DOS and how does it work?... 2 DDOS... 4 Why are they used?... 5 Take action... 6 Firewalls, antivirus and updates...

More information

ITAR Compliance Best Practices Guide

ITAR Compliance Best Practices Guide ITAR Compliance Best Practices Guide 1 Table of Contents Executive Summary & Overview 3 Data Security Best Practices 4 About Aurora 10 2 Executive Summary & Overview: International Traffic in Arms Regulations

More information

Incident Response. Proactive Incident Management. Sean Curran Director

Incident Response. Proactive Incident Management. Sean Curran Director Incident Response Proactive Incident Management Sean Curran Director Agenda Incident Response Overview 3 Drivers for Incident Response 5 Incident Response Approach 11 Proactive Incident Response 17 2 2013

More information

Testimony of. Mark Shlanta. Chief Executive Officer. SDN Communications. Confronting the Challenge of Cybersecurity. before the

Testimony of. Mark Shlanta. Chief Executive Officer. SDN Communications. Confronting the Challenge of Cybersecurity. before the Testimony of Mark Shlanta Chief Executive Officer SDN Communications on Confronting the Challenge of Cybersecurity before the U.S. Senate Committee on Commerce, Science, and Transportation September 3,

More information

WHAT EVERY CEO, CIO AND CFO NEEDS TO KNOW ABOUT CYBER SECURITY.

WHAT EVERY CEO, CIO AND CFO NEEDS TO KNOW ABOUT CYBER SECURITY. WHAT EVERY CEO, CIO AND CFO NEEDS TO KNOW ABOUT CYBER SECURITY. A guide for IT security from BIOS The Problem SME s, Enterprises and government agencies are under virtually constant attack today. There

More information

Advanced & Persistent Threat Analysis - I

Advanced & Persistent Threat Analysis - I Advanced & Persistent Threat Analysis - I Burak Ekici ekcburak@hotmail.com Department of Computer Engineering, Yaşar University, Turkey. April 21, 2012 Burak Ekici (Dept. of Comp. Eng.) Advanced & Persistent

More information

COUNTERINTELLIGENCE. Protecting Key Assets: A Corporate Counterintelligence Guide

COUNTERINTELLIGENCE. Protecting Key Assets: A Corporate Counterintelligence Guide COUNTERINTELLIGENCE O F F I C E O F T H E N A T I O N A L C O U N T E R I N T E L L I G E N C E Protecting Key Assets: A Corporate Counterintelligence Guide E X E C U T I V E Counterintelligence for the

More information

Sharing Cybersecurity Threat Info With the Government -- Should You Be Afraid To Do So?

Sharing Cybersecurity Threat Info With the Government -- Should You Be Afraid To Do So? Sharing Cybersecurity Threat Info With the Government -- Should You Be Afraid To Do So? Bruce Heiman K&L Gates September 10, 2015 Bruce.Heiman@klgates.com (202) 661-3935 Why share information? Prevention

More information

Liability Management Evolving Cyber and Physical Security Standards and the SAFETY Act

Liability Management Evolving Cyber and Physical Security Standards and the SAFETY Act Liability Management Evolving Cyber and Physical Security Standards and the SAFETY Act JULY 17, 2014 2013 Venable LLP 1 Agenda 1. Security Risks affecting the Maritime Transportation System (MTS) 2. The

More information

Mobile Security - Mobilidade Bancária e Digital Workers. Américo Alonso, CISSP, CIS LATAM Offering Manager for CyberSecurity

Mobile Security - Mobilidade Bancária e Digital Workers. Américo Alonso, CISSP, CIS LATAM Offering Manager for CyberSecurity Mobile Security - Mobilidade Bancária e Digital Workers Américo Alonso, CISSP, CIS LATAM Offering Manager for CyberSecurity Agenda 1 2 3 4 5 6 7 BANKING SECTOR CHALLENGES FOR 2015+ 1bank ATOS VALUE PROPOSITION

More information

Endpoint & Server Protection. Brent Biernat First Vice President Network Services May 13, 2014

Endpoint & Server Protection. Brent Biernat First Vice President Network Services May 13, 2014 Endpoint & Server Protection Brent Biernat First Vice President Network Services May 13, 2014 The Evolution of Cyber Crime 1878 Bell Telephone Teenage Switchboard Operator Disconnected calls, eavesdropped,

More information

Network Security Landscape

Network Security Landscape Cole p01.tex V3-07/28/2009 3:46pm Page 1 Network Security Landscape COPYRIGHTED MATERIAL IN THIS PART Chapter 1 State of Network Security Chapter 2 New Approaches to Cyber Security Chapter 3 Interfacing

More information

Combatting the Biggest Cyber Threats to the Financial Services Industry. A White Paper Presented by: Lockheed Martin Corporation

Combatting the Biggest Cyber Threats to the Financial Services Industry. A White Paper Presented by: Lockheed Martin Corporation Combatting the Biggest Cyber Threats to the Financial Services Industry A White Paper Presented by: Lockheed Martin Corporation Combatting the Biggest Cyber Threats to the Financial Services Industry Combatting

More information

Managing cyber risks with insurance

Managing cyber risks with insurance www.pwc.com.tr/cybersecurity Managing cyber risks with insurance Key factors to consider when evaluating how cyber insurance can enhance your security program June 2014 Managing cyber risks to sensitive

More information

TECH GUYS. Protect Your Practice with a Security Risk Assessment. HCTechGuys.com. HCTechGuys.com TECH GUYS

TECH GUYS. Protect Your Practice with a Security Risk Assessment. HCTechGuys.com. HCTechGuys.com TECH GUYS Hill Country Protect Your Practice with a Security Risk Assessment Hill Country Protect Your Practice with a Security Risk Assessment Cyber Security in Healthcare is a Growing Problem With more healthcare

More information

Cyber Security for audit committees

Cyber Security for audit committees AUDIT COMMITTEE INSTITUTE Cyber Security for audit committees An introduction kpmg.com/globalaci 2 Audit Committee Institute An introduction to cyber security for audit committees Audit committees have

More information

SMALL BUSINESS PRESENTATION

SMALL BUSINESS PRESENTATION STOP.THINK.CONNECT NATIONAL CYBERSECURITY AWARENESS CAMPAIGN SMALL BUSINESS PRESENTATION ABOUT STOP.THINK.CONNECT. In 2009, President Obama issued the Cyberspace Policy Review, which tasked the Department

More information