It's a MAD, MAD, MAD Cyber World

Size: px
Start display at page:

Download "It's a MAD, MAD, MAD Cyber World"

Transcription

1 It's a MAD, MAD, MAD Cyber World Remarks by Rod Beckstrom at the Personal Democracy Forum New York City June 6, 2013 As prepared for delivery EMBARGOED FOR RELEASE AT EST, 06 JUNE 2013 Let s start this discussion with a brief cybersecurity risk assessment: 1. Anything attached to a network can be hacked. 2. Everything is being attached to networks. 3. Everything is vulnerable. This is Beckstrom s Law of Cybersecurity and it shouldn t come as a surprise to anyone. The Internet is history s biggest and most complex system but it wasn t designed for security. It was intended to be open and engaging - a platform for sharing and collaboration that was accessible to everyone everywhere. But the door we ve opened to innovation and sharing comes with unintended consequences, and living with a serious cyber threat is our new global reality. Factor in the dramatic increase in transparency in modern life, whether from so much information being posted online or from the involuntary transparency of being watched without your consent, and you have a major vulnerability to cyber attack. Add in our growing dependence on Internet- based transportation, food, power, water, military and government systems and we have the potential for major cyber disasters. A few years ago, my colleague Ori Brafman and I wrote a book called The Starfish and the Spider: the Unstoppable Power of Leaderless Organizations. It s based on the idea that decentralized networks organizations like al Qaeda that have an amorphous leadership structure are regenerating: when you cut off an arm or eliminate a senior leader they simply grow another one and move on. The book proved popular among U.S. government leaders and that led to a request for me to help them better understand the evolving terror and cyber threats as the 1

2 founding Director of the U.S. National Cybersecurity Center. This incredible job afforded me unique insight into the realities of the growing cyber threat. The center was a coordination point for protecting civilian, military and intelligence networks. And it eventually led me to a leadership role in global Internet governance as CEO of ICANN, helping to keep the global Internet open, resilient and decentralized for the benefit of the world. The Starfish and The Spider introduced a model for thinking about decentralized networks, organizational leadership, strategy, competition and evolution. And it is helpful to consider the growing cyber threat in a comparable framework. So today I would like to present a new cybersecurity model. It relates to what is really going on in our new, more vulnerable world - from a systems perspective, and from a realpolitik perspective. And it starts with a basic fact. Through the impact and reach of the Internet, the world of power and politics has changed forever. We now live in a MAD, MAD, MAD cyber world. What do I mean by this? First, let s look at the classic MAD: nuclear Mutually Assured Destruction. Nuclear MAD evolved from the development and proliferation of nuclear weapons after World War II. It changed the nature of war and geopolitics and helped secure the precarious peace among superpowers that has held for almost seventy years while countless small regional wars have been fought. The second MAD is cyber MAD, or Mutually Assured Disruption. It echoes the underlying concept of nuclear MAD: nation states and others have the ability to cripple each other s power systems, industries and economies through broad- scale cyber attacks. And like nuclear MAD, cyber MAD leads to some level of deterrence among nation states. If one government launches a full- scale cyber attack on another, they or the people in their country are likely to receive the same back. And they know it. But cyber MAD is fundamentally different from nuclear MAD. Nuclear weapons have not been used in war since But cyber weapons are used millions of times every second. Nuclear weapons are discrete, identifiable and easy to detect if detonated. Cyber weapons are pervasive, unidentified and often difficult or impossible to detect and attribute. So some of the lessons the Cold War taught to many of our current government policymakers are radically inapplicable to cyber MAD. The third MAD is Mutually Assured Dependence on the Internet, or simply Internet MAD, reflecting our shared reliance on the Internet, and upon each other through 2

3 the Internet, for communications, commerce, power, travel, shipping, infrastructure in fact, for almost everything we do. That makes Internet MAD a positive force that delivers incredible benefits to mankind. Most individuals and countries could not function very well without it, and our reliance is growing. A recent survey showed that 57 percent of American women would give up sex for a week before they would give up their smartphones. If that s not a sign of Internet addiction, I don t know what is. The Internet benefits all nations, no matter their political orientation, and though they may disagree on some aspects of its use, most of them recognize the importance of keeping it working. Internet MAD helps hold our world together. There are significant implications for nation states and for citizens of the world in this MAD, MAD, MAD cyber world. Governments and societies must evolve to cope with a new reality, just as the world learned to cope with nuclear MAD after World War II. To understand these MAD concepts better, let s consider a scenario using publicly available information to analyze the dynamics of Stuxnet - perhaps the most important malware ever developed. Stuxnet was a by- product of nuclear MAD - an extremely complex computer worm that was unleashed upon Iran in It was the first malware crafted to disrupt nuclear production facilities. It was intended to prevent Iran from refining nuclear fuels that could be used to make a bomb. Nuclear non- proliferation is a great success story and many governments around the world understandably do not wish to see new nations with nuclear weapons enter into this delicate balance of power. The U.S. government decided to interrupt Iran s uranium enrichment program - not with bombs but with a cyber weapon. Stuxnet corrupted the software in the centrifuges industrial controllers so they would spin faster than they were designed for and fail. The operators were fed false data on the spin rates so they would be unable to understand or fix the problem. Stuxnet is a tool of the second MAD: mutually assured disruption. It disrupted and destroyed about 1,000 out of 9,000 centrifuges, and may have provided a temporary setback to Iran s nuclear ambitions. But the Iranians eventually discovered it and so did hackers, who reverse- engineered much of the code and put it on the web for other hackers to use. Iran did not take this lightly. According to reports, they have responded on multiple fronts. Iran has been credited with heavy and escalating denial- of- service attacks on U.S. and European banks, occasionally interrupting operations. 3

4 Then, on August 15, 2012, tens of thousands of computers at Saudi Aramco, the world s largest oil company, went dark. Employees tried to switch their machines back on but couldn t. Some point to Iran as the perpetrator, while others suspect a circle of dissident hackers. In the last month, according to the May 24 Wall Street Journal, U.S. officials believe that Iran has hacked into many U.S. energy companies and collected sufficient information to create concerns about future possible attacks. From a systems standpoint, the cyber offensive against Iran via Stuxnet has now led to a series of Iranian countermoves. A game of tit- for- tat is playing out that could bring us closer to the edge of mutually assured disruption. This is the very definition of cyber MAD: reciprocally escalating cyber attacks at the nation state level. While it can take decades to develop a nuclear weapons capability, cyber weapons can often be copied immediately or reverse- engineered and deployed by nation states or hackers in just days or weeks. Even highly skilled lone hackers can launch major cyber attacks. This completely changes the dynamic from the precarious but peaceful détente of the nuclear era to a rapidly escalating, often invisible cyber hacking and conflict threat. If it s so easy to launch a serious attack, why haven t there been more? We can t be sure - and they could still come - but one reason is clear. Remember that positive Internet MAD our mutual dependence and shared reliance on the Internet? Most of us need this global system to work to keep our lives running smoothly. There are many motivations for attacking systems: obtaining state secrets, accessing commercially sensitive information, stealing assets, political activism. But even those who hack and attack want the Internet to work. They know that without it, they couldn t achieve their broader goals, whatever they may be. Nonetheless, about 70,000 new strains of malware appear every day. The growth of nuclear weapons was contained first by non- proliferation - limiting the number of nations with weapons - and then by arms negotiations to limit the number of weapons. In cyber space, there are no effective containment policies and the scale, diversity, and growth rate of the Internet mean that none are likely to emerge in the near future. And the current rapid pace of tech development is far beyond that of nuclear development when nuclear MAD was in full play. According to reports, more than 100 nations are investing in offensive cyber capabilities. Relationships among cyber attackers where they even exist - lack trust, engagement and cohesion, and an atmosphere of retaliation prevails. It s like the Wild West - except that it engulfs the planet. 4

5 This produces a very different set of challenges for those who seek to contain the growing cyber threat. As we learn to live in this MAD cyber world, we must work together to create a more stable and secure Internet, because the downside of Internet MAD s positive mutual dependence is that the capacity for destruction at the hands of cyber attackers is immense. Cyber attacks can seriously undermine the security of the Internet and place entire economies at risk. The theoretical loss of life through a significant disruption of infrastructure or through militarization is huge. Militarization may also lead countries to oppose the current multi- stakeholder governance of the Internet, where global non- profit bodies like ICANN, the Internet Engineering Task Force and others work to keep the Internet unified and to prioritize the needs of its three billion users. Some might propose breaking up the Internet to protect their national interests, creating separate and self- contained national networks. But as we move steadily closer to connecting every person in the world, our economic future will depend even more on maintaining a unified global Internet. It is the foundation for continued innovation and economic growth and a platform for communication across cultural borders and political boundaries. Its unity is essential to our collective future. So how do we defend ourselves against cyber attack? It s not easy. And no one has all the answers - we have to work through this new challenge together. I have developed this MAD, MAD, MAD model to provide a meaningful framework for understanding the new cyber reality and to contribute to a more informed discussion about solutions, because you have to understand a problem before you can solve it. And in the spirit of collaboration, I have some ideas to contribute. First, we must develop global definitions, norms and standards for cybersecurity. Right now we are about where nuclear MAD was in the 1950s. We need a common understanding of the threat to begin moving into real diplomatic dialogue. This won t be easy, but it must be done and it needs to start now. Governments are part of the problem and must be part of the solution, but nation state solutions alone won t work. The private sector has a key role in its own right and must also work with governments, including through multi- stakeholder bodies. Second, we must build global trust. That means finding areas where positive steps can be taken together to build some level of confidence. Fighting global terrorism and coordinating law enforcement efforts against global cyber- bank robbers, human traffickers and drug traffickers, for example, are two areas with particular potential for effective collaboration. 5

6 Third, we need to use transparency and economic incentives to drive to a higher level of security. Regulation and strict reporting requirements alone do not work. Penetration testing and other methods of positive security assurance should be the norm in every important system. One of the best ways to determine if a network is secure is to authorize highly skilled parties to try to breach it. This has clear benefits. It identifies actual vulnerabilities - information that can then be used to improve security. It exposes the real- time state of a system, a key tool in assessing risk for potential business partners, contractors or investors. And having the right to test a system provides the evidence to establish trust or not. Lastly, we must build better security into the Internet itself. Greater research and investment are needed to strengthen its technical underpinnings. That includes investment to spread the deployment of more secure technologies like DNSSEC (Domain Name System Security Extensions) and PGP (Pretty Good Privacy), which help stop man- in- the- middle attacks. We also need new research into more secure Internet standards and protocols like DANE (DNS- based Authentication of Named Entities). These ideas are just a beginning, a means of starting this crucial global discussion. I hope many others will contribute, and that Beckstrom s Law of Cybersecurity and the MAD, MAD, MAD model will be a useful framework in considering the way forward. The Internet is one of mankind s greatest collective achievements and protecting it is fundamental to our future. The moment has come to bring sanity back to our MAD, MAD, MAD cyber world. Thank you. Contact information Rod Beckstrom Media inquiries contact@beckstrom.com Phone: Find this speech online at 6

(U) Appendix E: Case for Developing an International Cybersecurity Policy Framework

(U) Appendix E: Case for Developing an International Cybersecurity Policy Framework (U) Appendix E: Case for Developing an International Cybersecurity Policy Framework (U//FOUO) The United States lacks a comprehensive strategic international policy framework and coordinated engagement

More information

www.pwc.co.uk Cyber security Building confidence in your digital future

www.pwc.co.uk Cyber security Building confidence in your digital future www.pwc.co.uk Cyber security Building confidence in your digital future November 2013 Contents 1 Confidence in your digital future 2 Our point of view 3 Building confidence 4 Our services Confidence in

More information

Cyber Security Related Excerpts from the Global Risk Forum Berlin September 25-26, 2013 Draft 10/24/13

Cyber Security Related Excerpts from the Global Risk Forum Berlin September 25-26, 2013 Draft 10/24/13 Cyber Security Related Excerpts from the Global Risk Forum Berlin September 25-26, 2013 Draft 10/24/13 Forwarding an International Public-Private Framework for Cyber Security & Resilience: With Increasing

More information

Research Note Engaging in Cyber Warfare

Research Note Engaging in Cyber Warfare Research Note Engaging in Cyber Warfare By: Devin Luco Copyright 2013, ASA Institute for Risk & Innovation Keywords: Cyber War, Cyber Warfare, Cyber Attacks, Cyber Threats Abstract This research note defines

More information

Recognize Nefarious Cyber Activity and Catch Those Responsible with IBM InfoSphere Entity Analytic Solutions

Recognize Nefarious Cyber Activity and Catch Those Responsible with IBM InfoSphere Entity Analytic Solutions Building a Smarter Planet with Advanced Cyber Security Solutions Recognize Nefarious Cyber Activity and Catch Those Responsible with Highlights g Cyber Security Solutions from IBM InfoSphere Entity Analytic

More information

Into the cybersecurity breach

Into the cybersecurity breach Into the cybersecurity breach Tim Sanouvong State Sector Cyber Risk Services Deloitte & Touche LLP April 3, 2015 Agenda Setting the stage Cyber risks in state governments Cyber attack vectors Preparing

More information

The Senior Executive s Role in Cybersecurity. By: Andrew Serwin and Ron Plesco.

The Senior Executive s Role in Cybersecurity. By: Andrew Serwin and Ron Plesco. The Senior Executive s Role in Cybersecurity. By: Andrew Serwin and Ron Plesco. 1 Calling All CEOs Are You Ready to Defend the Battlefield of the 21st Century? It is not the norm for corporations to be

More information

GLOBAL BUSINESS DIALOGUE ON ELECTRONIC COMMERCE CYBER SECURITY AND CYBER CRIME SEPTEMBER 26, 2000. CEO EDS Corporation

GLOBAL BUSINESS DIALOGUE ON ELECTRONIC COMMERCE CYBER SECURITY AND CYBER CRIME SEPTEMBER 26, 2000. CEO EDS Corporation GLOBAL BUSINESS DIALOGUE ON ELECTRONIC COMMERCE CYBER SECURITY AND CYBER CRIME SEPTEMBER 26, 2000 Issue Chair: Issue Sherpa: Dick Brown CEO EDS Corporation Bill Poulos EDS Corporation Tel: (202) 637-6708

More information

Application Security in the Software Development Lifecycle

Application Security in the Software Development Lifecycle Application Security in the Software Development Lifecycle Issues, Challenges and Solutions www.quotium.com 1/15 Table of Contents EXECUTIVE SUMMARY... 3 INTRODUCTION... 4 IMPACT OF SECURITY BREACHES TO

More information

How To Protect Your Computer From Attack

How To Protect Your Computer From Attack FREQUENTLY ASKED QUESTIONS on C Y B E R S E C U R I T Y By IEEE USA s Committee on Communications Policy December 2011 This Frequently Asked Questions (FAQs) was prepared by IEEE-USA s Committee on Communications

More information

Evolution of Cyber Security and Cyber Threats with focus on Cloud Computing

Evolution of Cyber Security and Cyber Threats with focus on Cloud Computing Evolution of Cyber Security and Cyber Threats with focus on Cloud Computing Igor Nai Fovino-Head of Research GCSEC The last two years will surely enter in the history of IT Security. 2010 was the year

More information

Cybercrime: risks, penalties and prevention

Cybercrime: risks, penalties and prevention Cybercrime: risks, penalties and prevention Cyber attacks have been appearing in the news with increased frequency and recent victims of cybercrime have included well-known companies such as Sony, LinkedIn,

More information

the Council of Councils initiative

the Council of Councils initiative Author: Andrea Renda, Senior Research Fellow, Centre for European Policy Studies May 3, 2013 Editor's note: This brief is a feature of the Council of Councils initiative, gathering opinions from global

More information

Today s Global Cyber Security Status and Trustworthy Systems That Leverage Distrust Amongst Sovereigns

Today s Global Cyber Security Status and Trustworthy Systems That Leverage Distrust Amongst Sovereigns Today s Global Cyber Security Status and Trustworthy Systems That Leverage Distrust Amongst Sovereigns Benjamin GITTINS Ronald KELSON What is cyberspace and why is it so important? US Government Cyberspace

More information

Vulnerability Risk Management 2.0. Best Practices for Managing Risk in the New Digital War

Vulnerability Risk Management 2.0. Best Practices for Managing Risk in the New Digital War Vulnerability Risk Management 2.0 Best Practices for Managing Risk in the New Digital War In 2015, 17 new security vulnerabilities are identified every day. One nearly every 90 minutes. This consistent

More information

Honourable members of the National Parliaments of the EU member states and candidate countries,

Honourable members of the National Parliaments of the EU member states and candidate countries, Speech by Mr Rudolf Peter ROY, Head of division for Security Policy and Sanctions of the European External Action Service, at the L COSAC Meeting 29 October 2013, Vilnius Honourable members of the National

More information

Toward a Deeper and Broader U.S.-Japan Alliance: Building on 50 Years of Partnership

Toward a Deeper and Broader U.S.-Japan Alliance: Building on 50 Years of Partnership Joint Statement of the Security Consultative Committee Toward a Deeper and Broader U.S.-Japan Alliance: Building on 50 Years of Partnership June 21, 2011 by Secretary of State Clinton Secretary of Defense

More information

working group on foreign policy and grand strategy

working group on foreign policy and grand strategy A GRAND STRATEGY ESSAY Managing the Cyber Security Threat by Abraham Sofaer Working Group on Foreign Policy and Grand Strategy www.hoover.org/taskforces/foreign-policy Cyber insecurity is now well established

More information

White Paper: Cyber Hawk or Digital Dove

White Paper: Cyber Hawk or Digital Dove White Paper: Cyber Hawk or Digital Dove Published By: SkillBridge, LLC September 18, 2013 Today s Modern Warfare With the recent debate over whether or not the United States should take military action

More information

Business Continuity for Cyber Threat

Business Continuity for Cyber Threat Business Continuity for Cyber Threat April 1, 2014 Workshop Session #3 3:00 5:30 PM Susan Rogers, MBCP, MBCI Cyberwise CP S2 What happens when a computer program can activate physical machinery? Between

More information

www.pwc.nl/cybersecurity Cyber security Building confidence in your digital future

www.pwc.nl/cybersecurity Cyber security Building confidence in your digital future www.pwc.nl/cybersecurity Cyber security Building confidence in your digital future 2015 Contents 1 Confidence in your digital future 2 Our point of view 3 Building confidence 4 Our services Confidence

More information

Security & SMEs. An Introduction by Jan Gessin. Introduction to the problem

Security & SMEs. An Introduction by Jan Gessin. Introduction to the problem Security & SMEs An Introduction by Jan Gessin Introduction to the problem SMEs convinced it will never happen to them. In many ways SMEs are more of a target than big business. Harsh realities of the online

More information

Trends in Malware DRAFT OUTLINE. Wednesday, October 10, 12

Trends in Malware DRAFT OUTLINE. Wednesday, October 10, 12 Trends in Malware DRAFT OUTLINE Presentation Synopsis Security is often a game of cat and mouse as security professionals and attackers each vie to stay one step ahead of the other. In this race for dominance,

More information

CORE INSIGHT ENTERPRISE: CSO USE CASES FOR ENTERPRISE SECURITY TESTING AND MEASUREMENT

CORE INSIGHT ENTERPRISE: CSO USE CASES FOR ENTERPRISE SECURITY TESTING AND MEASUREMENT CORE INSIGHT ENTERPRISE: CSO USE CASES FOR ENTERPRISE SECURITY TESTING AND MEASUREMENT How advancements in automated security testing software empower organizations to continuously measure information

More information

What is Really Needed to Secure the Internet of Things?

What is Really Needed to Secure the Internet of Things? What is Really Needed to Secure the Internet of Things? By Alan Grau, Icon Labs alan.grau@iconlabs.com The Internet of Things (IoT) has become a ubiquitous term to describe the tens of billions of devices

More information

Examining the Evolving Cyber Insurance Marketplace

Examining the Evolving Cyber Insurance Marketplace Prepared Testimony and Statement for the Record of Ola Sage Founder and CEO e-management Hearing on Examining the Evolving Cyber Insurance Marketplace Before the Senate Committee on Commerce, Science,

More information

How Do IT Security Professionals Prioritize

How Do IT Security Professionals Prioritize WHITE PAPER How Do IT Security Professionals Prioritize Headlines versus Reality: Survey Report Table of Contents Executive Summary 3 Recommendations 3 Survey Statistics 4 Methodology 6 About BeyondTrust

More information

Addressing the Full Attack Continuum: Before, During, and After an Attack. It s Time for a New Security Model

Addressing the Full Attack Continuum: Before, During, and After an Attack. It s Time for a New Security Model White Paper Addressing the Full Attack Continuum: Before, During, and After an Attack It s Time for a New Security Model Today s threat landscape is nothing like that of just 10 years ago. Simple attacks

More information

CYBERSECURITY RISK RESEARCH CENTRE. http://www.riskgroupllc.com. http://www.riskgroupllc.com info@riskgroupllc.com + (832) 971 8322

CYBERSECURITY RISK RESEARCH CENTRE. http://www.riskgroupllc.com. http://www.riskgroupllc.com info@riskgroupllc.com + (832) 971 8322 CYBERSECURITY RISK RESEARCH CENTRE http://www.riskgroupllc.com http://www.riskgroupllc.com info@riskgroupllc.com + (832) 971 8322 Cyber-Security Risk Research Centre In this era of interconnected and interdependent

More information

Cyber Threats Insights from history and current operations. Prepared by Cognitio May 5, 2015

Cyber Threats Insights from history and current operations. Prepared by Cognitio May 5, 2015 Cyber Threats Insights from history and current operations Prepared by Cognitio May 5, 2015 About Cognitio Cognitio is a strategic consulting and engineering firm led by a team of former senior technology

More information

Cybersecurity: Learn Critical Strategies to Protecting Your Enterprise November 6, 2013 1:00PM EST

Cybersecurity: Learn Critical Strategies to Protecting Your Enterprise November 6, 2013 1:00PM EST Cybersecurity: Learn Critical Strategies to Protecting Your Enterprise November 6, 2013 1:00PM EST November 6, 2013 Copyright 2013 Trusted Computing Group 1 November 6, 2013 Copyright 2013 Trusted Computing

More information

Managing Cyber Attacks

Managing Cyber Attacks Managing Cyber Attacks Regulators and Industry Participants Discuss Ways to Strengthen Defenses By Joanne Morrison June 25, 2015 Cybersecurity risks and testing are a major concern of regulators and market

More information

Managing IT Security with Penetration Testing

Managing IT Security with Penetration Testing Managing IT Security with Penetration Testing Introduction Adequately protecting an organization s information assets is a business imperative one that requires a comprehensive, structured approach to

More information

Cyberterror. Cyberspace computer-mediated communication systems has become a battleground between states and terrorists, and among nation states.

Cyberterror. Cyberspace computer-mediated communication systems has become a battleground between states and terrorists, and among nation states. Cyberterror Cyberspace computer-mediated communication systems has become a battleground between states and terrorists, and among nation states. What are terrorists main uses of cyberspace? How does cyberterror

More information

Cybersecurity. Canisius College

Cybersecurity. Canisius College Cybersecurity Introduction In the year 2013, cybersecurity is a relevant issue on both the most personal level and the global level. Never has humanity had access to such a vast array of information. Never

More information

Testimony of. Before the United States House of Representatives Committee on Oversight and Government Reform And the Committee on Homeland Security

Testimony of. Before the United States House of Representatives Committee on Oversight and Government Reform And the Committee on Homeland Security Testimony of Dr. Phyllis Schneck Deputy Under Secretary for Cybersecurity and Communications National Protection and Programs Directorate United States Department of Homeland Security Before the United

More information

Tuomioja commenced the event by welcoming Mogherini and presenting the theme of the day: Europe and the construction of peace.

Tuomioja commenced the event by welcoming Mogherini and presenting the theme of the day: Europe and the construction of peace. EU as a peacebuilder? 5.3.2015 Eurooppasali, Helsinki Tuomioja commenced the event by welcoming Mogherini and presenting the theme of the day: Europe and the construction of peace. Scepticism about the

More information

The UK cyber security strategy: Landscape review. Cross-government

The UK cyber security strategy: Landscape review. Cross-government REPORT BY THE COMPTROLLER AND AUDITOR GENERAL HC 890 SESSION 2012-13 12 FEBRUARY 2013 Cross-government The UK cyber security strategy: Landscape review 4 Key facts The UK cyber security strategy: Landscape

More information

STRATEGIC OBJECTIVE 2.4 OVERCOME GLOBAL SECURITY CHALLENGES THROUGH DIPLOMATIC ENGAGEMENT AND DEVELOPMENT COOPERATION

STRATEGIC OBJECTIVE 2.4 OVERCOME GLOBAL SECURITY CHALLENGES THROUGH DIPLOMATIC ENGAGEMENT AND DEVELOPMENT COOPERATION Performance Goal 2.4.1 By September 30, 2017, achieve key milestones to promote arms control and nonproliferation by implementing the President s Prague Agenda of steps toward a world without nuclear weapons;

More information

CONTROLLING THE GENIE OF EMERGING TECHNOLOGIES SIX STEPS TO MITIGATE RISKS CREATED BY INNOVATION JOHN DRZIK

CONTROLLING THE GENIE OF EMERGING TECHNOLOGIES SIX STEPS TO MITIGATE RISKS CREATED BY INNOVATION JOHN DRZIK CONTROLLING THE GENIE OF EMERGING TECHNOLOGIES SIX STEPS TO MITIGATE RISKS CREATED BY INNOVATION JOHN DRZIK Innovation is vital to progress. Advances in science, and the new technologies flowing from them,

More information

Beyond the Hype: Advanced Persistent Threats

Beyond the Hype: Advanced Persistent Threats Advanced Persistent Threats and Real-Time Threat Management The Essentials Series Beyond the Hype: Advanced Persistent Threats sponsored by Dan Sullivan Introduction to Realtime Publishers by Don Jones,

More information

Australian Government Cyber Security Review

Australian Government Cyber Security Review Australian Government Cyber Security Review The Cisco Response Today, governments are almost universally pursuing a development and modernisation agenda to nurture their society into the digital age, and

More information

WHAT ARE THE BENEFITS OF OUTSOURCING NETWORK SECURITY?

WHAT ARE THE BENEFITS OF OUTSOURCING NETWORK SECURITY? WHAT ARE THE BENEFITS OF OUTSOURCING NETWORK SECURITY? Contents Introduction.... 3 What Types of Network Security Services are Available?... 4 Penetration Testing and Vulnerability Assessment... 4 Cyber

More information

CYBERSECURITY RISK RESEARCH CENTER. http://www.riskgroupllc.com. http://www.riskgroupllc.com info@riskgroupllc.com + (832) 971 8322

CYBERSECURITY RISK RESEARCH CENTER. http://www.riskgroupllc.com. http://www.riskgroupllc.com info@riskgroupllc.com + (832) 971 8322 CYBERSECURITY RISK RESEARCH CENTER http://www.riskgroupllc.com http://www.riskgroupllc.com info@riskgroupllc.com + (832) 971 8322 Cyber-Security Risk Research Centre In this era of interconnected and interdependent

More information

The Comprehensive National Cybersecurity Initiative

The Comprehensive National Cybersecurity Initiative The Comprehensive National Cybersecurity Initiative President Obama has identified cybersecurity as one of the most serious economic and national security challenges we face as a nation, but one that we

More information

How To Write A National Cybersecurity Act

How To Write A National Cybersecurity Act ROCKEFELLER SNOWE CYBERSECURITY ACT SUBSTITUTE AMENDMENT FOR S.773 March 17, 2010 BACKGROUND & WHY THIS LEGISLATION IS IMPORTANT: Our nation is at risk. The networks that American families and businesses

More information

Testimony of PETER J. BESHAR. Executive Vice President and General Counsel. Marsh & McLennan Companies

Testimony of PETER J. BESHAR. Executive Vice President and General Counsel. Marsh & McLennan Companies Marsh & McLennan Companies, Inc. 1166 Avenue of the Americas New York, NY 10036 +1 212 345 5000 Fax +1 212 345 4808 Testimony of PETER J. BESHAR Executive Vice President and General Counsel Marsh & McLennan

More information

The European Security Strategy Austrian Perspective

The European Security Strategy Austrian Perspective Erich Reiter and Johann Frank The European Security Strategy Austrian Perspective The following essay gives the Austrian view on the ESS from a security political perspective and analyses the needs and

More information

The Path Ahead for Security Leaders

The Path Ahead for Security Leaders The Path Ahead for Security Leaders Executive Summary What You Will Learn If you asked security leaders five years ago what their primary focus was, you would likely get a resounding: securing our operations.

More information

Email Security - A Holistic Approach to SMBs

Email Security - A Holistic Approach to SMBs Implementing the latest anti-virus software and security protection systems can prevent many internal and external threats. But these security solutions have to be updated regularly to keep up with new

More information

European Commission Per email: CNECT-H4@ec.europa.eu

European Commission Per email: CNECT-H4@ec.europa.eu Post Bits of Freedom Bank 55 47 06 512 M +31(0)646282693 Postbus 10746 KvK 34 12 12 86 E simone.halink@bof.nl 1001 ES Amsterdam W https://www.bof.nl European Commission Per email: CNECT-H4@ec.europa.eu

More information

Cyber Security Operations Centre Reveal Their Secrets - Protect Our Own Defence Signals Directorate

Cyber Security Operations Centre Reveal Their Secrets - Protect Our Own Defence Signals Directorate Cyber Security Operations Centre Reveal Their Secrets - Protect Our Own Defence Signals Directorate Contents Message from the Director 3 Cyber Security Operations Centre 5 Cyber Security Strategy 7 Conversation

More information

Cybersecurity: Mission integration to protect your assets

Cybersecurity: Mission integration to protect your assets Cybersecurity: Mission integration to protect your assets C Y B E R S O L U T I O N S P O L I C Y O P E R AT I O N S P E O P L E T E C H N O L O G Y M A N A G E M E N T Ready for what s next Cyber solutions

More information

Worm Was Perfect for Sabotaging Centrifuges By WILLIAM J. BROAD and DAVID E. SANGER

Worm Was Perfect for Sabotaging Centrifuges By WILLIAM J. BROAD and DAVID E. SANGER Page 1 of 5 Reprints This copy is for your personal, noncommercial use only. You can order presentation-ready copies for distribution to your colleagues, clients or customers here or use the "Reprints"

More information

OPC & Security Agenda

OPC & Security Agenda OPC & Security Agenda Cyber Security Today Cyber Security for SCADA/IS OPC Security Overview OPC Security Products Questions & Answers 1 Introduction CYBER SECURITY TODAY The Need for Reliable Information

More information

Cyber Warfare. Global Economic Crime Survey. Causes of Cyber Attacks. David Childers, CEO Compli Vivek Krishnamurthy, Foley Hoag LLP. Why Cybercrime?

Cyber Warfare. Global Economic Crime Survey. Causes of Cyber Attacks. David Childers, CEO Compli Vivek Krishnamurthy, Foley Hoag LLP. Why Cybercrime? Cyber Warfare David Childers, CEO Compli Vivek Krishnamurthy, Foley Hoag LLP Global Economic Crime Survey Cyber crime is the fastest growing economic crime up more than 2300% since 2009 1 in 10 companies

More information

Energy Cybersecurity Regulatory Brief

Energy Cybersecurity Regulatory Brief Energy Understand the regulations that impact the energy industry and accelerate information security initiatives. Contents Overview 3 A Highly Vulnerable Energy Industry 4 Key Regulations to Consider

More information

The Five Most Common Cyber-Attack Myths Debunked

The Five Most Common Cyber-Attack Myths Debunked cybereason The Five Most Common Cyber-Attack Myths Debunked 2016 Cybereason. All rights reserved. 1 Cyber attacks show no sign of decreasing any time soon. If anything, hackers have expanded the type of

More information

Threat Intelligence Pty Ltd info@threatintelligence.com 1300 809 437. Specialist Security Training Catalogue

Threat Intelligence Pty Ltd info@threatintelligence.com 1300 809 437. Specialist Security Training Catalogue Threat Intelligence Pty Ltd info@threatintelligence.com 1300 809 437 Specialist Security Training Catalogue Did you know that the faster you detect a security breach, the lesser the impact to the organisation?

More information

Assessing the strength of your security operating model

Assessing the strength of your security operating model www.pwc.com Assessing the strength of your security operating model May 2014 Assessing the strength of your security operating model Retail stores, software companies, the U.S. Federal Reserve it seems

More information

Counterterrorism and Cybersecurity

Counterterrorism and Cybersecurity Newton Lee Counterterrorism and Cybersecurity Total Information Awareness Spri Part I Counterterrorism in Retrospect: Then and Now 1 September 11 Attacks 3 1.1 September 3 Disney's Responses to the Attacks

More information

U.S. POLICY IN THE BLACK SEA REGION

U.S. POLICY IN THE BLACK SEA REGION U.S. POLICY IN THE BLACK SEA REGION From the U.S. point of view, NATO is and will remain the premier provider of security for the Euro-Atlantic region, which includes the Black Sea. Far from seeking to

More information

REMARKS BY US PRESIDENT BARACK OBAMA ON SECURING THE NATION'S CYBER INFRASTRUCTURE

REMARKS BY US PRESIDENT BARACK OBAMA ON SECURING THE NATION'S CYBER INFRASTRUCTURE REMARKS BY US PRESIDENT BARACK OBAMA ON SECURING THE NATION'S CYBER INFRASTRUCTURE 29 May 2009 THE PRESIDENT: Everybody, please be seated. We meet today at a transformational moment -- a moment in history

More information

BRUNEI DARUSSALAM'S SECURITY CONCEPTS AND PERCEPTIONS

BRUNEI DARUSSALAM'S SECURITY CONCEPTS AND PERCEPTIONS ARF WORKSHOP 21-22 JUNE 2005 ULAANBAATAR, MONGOLIA BRUNEI DARUSSALAM'S SECURITY CONCEPTS AND PERCEPTIONS Overall, Brunei Darussalam security assessment remains peaceful and stable. However, the range of

More information

The main object of my research is :

The main object of my research is : The main object of my research is : «War» I try to analyse the mutual impacts between «new wars» and the evolution of the international system More especially my research is about what we call»cyber-war«or»cyber-conflicts«is

More information

Managing cyber risk the global banking perspective

Managing cyber risk the global banking perspective 1 Managing cyber risk the global banking perspective Speech given by Andrew Gracie, Executive Director, Resolution, Bank of England British Bankers Association Cyber Conference, London 10 June 2014 2 I

More information

THE DIGITAL AGE THE DEFINITIVE CYBERSECURITY GUIDE FOR DIRECTORS AND OFFICERS

THE DIGITAL AGE THE DEFINITIVE CYBERSECURITY GUIDE FOR DIRECTORS AND OFFICERS THE DIGITAL AGE THE DEFINITIVE CYBERSECURITY GUIDE FOR DIRECTORS AND OFFICERS Download the entire guide and follow the conversation at SecurityRoundtable.org Collaboration and communication between technical

More information

Cyber Security Strategy

Cyber Security Strategy NEW ZEALAND S Cyber Security Strategy 2015 A secure, resilient and prosperous online New Zealand Ministerial Foreword The internet and technology have become a fundamental element in our lives. We use

More information

FFIEC Cybersecurity Assessment Tool

FFIEC Cybersecurity Assessment Tool Overview In light of the increasing volume and sophistication of cyber threats, the Federal Financial Institutions Examination Council 1 (FFIEC) developed the Cybersecurity Tool (), on behalf of its members,

More information

Cybercrime Bedrohung, Intervention, Abwehr. Cybersecurity strategic-political aspects of this global challenge

Cybercrime Bedrohung, Intervention, Abwehr. Cybersecurity strategic-political aspects of this global challenge Cybercrime Bedrohung, Intervention, Abwehr BKA-Herbsttagung vom 12. - 13. November 2013 Cybersecurity strategic-political aspects of this global challenge Full version Michael Daniel Special Assistant

More information

Information Governance Software that allows Organizations to Track, Monitor and Classify Data in Real Time

Information Governance Software that allows Organizations to Track, Monitor and Classify Data in Real Time ceocfointerviews.com All rights reserved! Issue: September 7, 2015 The Most Powerful Name in Corporate News Information Governance Software that allows Organizations to Track, Monitor and Classify Data

More information

Cyber Diplomacy A New Component of Foreign Policy 6

Cyber Diplomacy A New Component of Foreign Policy 6 Cyber Diplomacy A New Component of Foreign Policy 6 Assistant Lecturer Dana DANCĂ, PhD. candidate Titu Maiorescu University, Bucharest dana.danca@yahoo.com Abstract Nowadays, the boundary between virtual

More information

WHITE PAPER: Cyber Crime and the Critical Need for Endpoint Security

WHITE PAPER: Cyber Crime and the Critical Need for Endpoint Security WHITE PAPER: Cyber Crime and the Critical Need for Endpoint Security A World of Constant Threat We live in a world on constant threat. Every hour of every day in every country around the globe hackers

More information

SCADA/ICS Security in an. RobertMichael.Lee@Gmail.com Twitter: @RobertMLee

SCADA/ICS Security in an. RobertMichael.Lee@Gmail.com Twitter: @RobertMLee SCADA/ICS Security in an Insecure Domain RobertMichael.Lee@Gmail.com Twitter: @RobertMLee Introduction CYA The opinions held and expressed by Robert M. Lee do not constitute or represent an opinion or

More information

Experience the commitment WHITE PAPER. Information Security Continuous Monitoring. Charting the Right Course. cgi.com 2014 CGI GROUP INC.

Experience the commitment WHITE PAPER. Information Security Continuous Monitoring. Charting the Right Course. cgi.com 2014 CGI GROUP INC. Experience the commitment WHITE PAPER Information Security Continuous Monitoring Charting the Right Course May 2014 cgi.com 2014 CGI GROUP INC. During the last few months of 2013, six federal agencies

More information

White Paper on Financial Industry Regulatory Climate

White Paper on Financial Industry Regulatory Climate White Paper on Financial Industry Regulatory Climate According to a 2014 report on threats to the financial services sector, 45% of financial services organizations polled had suffered economic crime during

More information

5 DEADLY MISTAKES THAT BUSINESS OWNERS MAKE WITH THEIR COMPUTER NETWORKS AND HOW TO PROTECT YOUR BUSINESS

5 DEADLY MISTAKES THAT BUSINESS OWNERS MAKE WITH THEIR COMPUTER NETWORKS AND HOW TO PROTECT YOUR BUSINESS 5 DEADLY MISTAKES THAT BUSINESS OWNERS MAKE WITH THEIR COMPUTER NETWORKS AND HOW TO PROTECT YOUR BUSINESS 1 Introduction As small and mid-sized companies rely more heavily on their computer networks to

More information

Recent cyber-security studies in the U.S. David D. Clark MIT CFP May, 2009

Recent cyber-security studies in the U.S. David D. Clark MIT CFP May, 2009 Recent cyber-security studies in the U.S. David D. Clark MIT CFP May, 2009 Two recent studies National Academies Study: Technology, Policy, Law, and Ethics Regarding U.S. Acquisition and Use of Cyberattack

More information

Data-Centric Security. New imperatives for a new age of data

Data-Centric Security. New imperatives for a new age of data Data-Centric Security New imperatives for a new age of data Out-maneuvered, outnumbered, outgunned Things are not going well. The phones have gotten smarter, the data s gotten bigger, and your teams and

More information

Understanding Cyber Defense A Systems Architecture Approach

Understanding Cyber Defense A Systems Architecture Approach NDIA 12th Annual Systems Engineering Conference, San Diego, CA, 26-29 Oct 2009 Understanding Cyber Defense A Systems Architecture Approach Tom McDermott Director of Research Georgia Tech Research Institute

More information

Statement for the Record. Richard Bejtlich. Chief Security Strategist. FireEye, Inc. Before the. U.S. House of Representatives

Statement for the Record. Richard Bejtlich. Chief Security Strategist. FireEye, Inc. Before the. U.S. House of Representatives Statement for the Record Richard Bejtlich Chief Security Strategist FireEye, Inc. Before the U.S. House of Representatives Committee on Energy and Commerce Subcommittee on Oversight and Investigations

More information

Information Security in Business: Issues and Solutions

Information Security in Business: Issues and Solutions Covenant University Town & Gown Seminar 2015 Information Security in Business: Issues and Solutions A Covenant University Presentation By Favour Femi-Oyewole, BSc, MSc (Computer Science), MSc (Information

More information

FIVE WAYS TO MAKE YOUR SUPPLY CHAIN MORE DYNAMIC

FIVE WAYS TO MAKE YOUR SUPPLY CHAIN MORE DYNAMIC SUPPLY CHAIN WHITE PAPER FIVE WAYS TO MAKE YOUR SUPPLY CHAIN MORE DYNAMIC Keeping tabs on your company s supply chain is no small task when you ve got hundreds, if not thousands, of bits of data whirling

More information

Government + Enterprise + Innovation + Strategy

Government + Enterprise + Innovation + Strategy Government + Enterprise + Innovation + Strategy Australia as Lead Regional Player in Cyber War Greg Rudd CEO Crest Australia Digital Disruption What does this mean for cyber security? Digital Changes Everything

More information

2 Gabi Siboni, 1 Senior Research Fellow and Director,

2 Gabi Siboni, 1 Senior Research Fellow and Director, Cyber Security Build-up of India s National Force 2 Gabi Siboni, 1 Senior Research Fellow and Director, Military and Strategic Affairs and Cyber Security Programs, Institute for National Security Studies,

More information

Risk Nexus: Overcome by cyber risks? Tom Bossert CDS Risk Management

Risk Nexus: Overcome by cyber risks? Tom Bossert CDS Risk Management Risk Nexus: Overcome by cyber risks? Tom Bossert CDS Risk Management 1 The Cyber Risk Trend Each year sees: More data breaches More disclosures of critical vulnerabilities More nations building and employing

More information

Active Engagement, Modern Defence

Active Engagement, Modern Defence Strategic Concept For the Defence and Security of The Members of the North Atlantic Treaty Organisation Adopted by Heads of State and Government in Lisbon Active Engagement, Modern Defence Preface We,

More information

National Cyber Security Policy -2013

National Cyber Security Policy -2013 National Cyber Security Policy -2013 Preamble 1. Cyberspace 1 is a complex environment consisting of interactions between people, software and services, supported by worldwide distribution of information

More information

WHITE PAPER. Running. Windows Server 2003. in a Post-Support World. By Nick Cavalancia

WHITE PAPER. Running. Windows Server 2003. in a Post-Support World. By Nick Cavalancia Running Windows Server 2003 in a Post-Support World By Nick Cavalancia TABLE OF CONTENTS Introduction 1 The Challenge of Staying on Windows Server 2003 2 Building a Vulnerability Mitigation Strategy 4

More information

Capabilities for Cybersecurity Resilience

Capabilities for Cybersecurity Resilience Capabilities for Cybersecurity Resilience In the Homeland Security Enterprise May 2012 DHS Cybersecurity Strategy A cyberspace that: Is Secure and Resilient Enables Innovation Protects Public Advances

More information

Protecting against cyber threats and security breaches

Protecting against cyber threats and security breaches Protecting against cyber threats and security breaches IBM APT Survival Kit Alberto Benavente Martínez abenaventem@es.ibm.com IBM Security Services Jun 11, 2015 (Madrid, Spain) 12015 IBM Corporation So

More information

CYBER SECURITY: NAVIGATING THE THREAT LANDSCAPE

CYBER SECURITY: NAVIGATING THE THREAT LANDSCAPE CYBER SECURITY: NAVIGATING THE THREAT LANDSCAPE WHITE PAPER www.cibecs.com 2 Table of ontents 01 02 03 04 05 EXECUTIVE SUMMARY: CYBER SECURITY MANAGING YOUR ATTACK SURFACE DATA VULNERABILITY 1 THE ENDPOINT

More information

ITU National Cybersecurity/CIIP Self-Assessment Tool

ITU National Cybersecurity/CIIP Self-Assessment Tool ITU National Cybersecurity/CIIP Self-Assessment Tool ICT Applications and Cybersecurity Division Policies and Strategies Department ITU Telecommunication Development Sector April 2009 Revised Draft For

More information

Today s Cybersecurity Technology: Is Your Business Getting Full Protection?

Today s Cybersecurity Technology: Is Your Business Getting Full Protection? A WHITE PAPER SDX Technologies Today s Cybersecurity Technology: Is Your Business Getting Full Protection? 1 Today s Cybersecurity Technology EXECUTIVE SUMMARY Information technology has benefited virtually

More information

NCS 330. Information Assurance Policies, Ethics and Disaster Recovery. NYC University Polices and Standards 4/15/15.

NCS 330. Information Assurance Policies, Ethics and Disaster Recovery. NYC University Polices and Standards 4/15/15. NCS 330 Information Assurance Policies, Ethics and Disaster Recovery NYC University Polices and Standards 4/15/15 Jess Yanarella Table of Contents: Introduction: Part One: Risk Analysis Threats Vulnerabilities

More information

EY Cyber Security Hacktics Center of Excellence

EY Cyber Security Hacktics Center of Excellence EY Cyber Security Hacktics Center of Excellence The Cyber Crime Underground Page 2 The Darknet Page 3 What can we find there? Hit men Page 4 What can we find there? Drug dealers Page 5 What can we find

More information

CONSULTING IMAGE PLACEHOLDER

CONSULTING IMAGE PLACEHOLDER CONSULTING IMAGE PLACEHOLDER KUDELSKI SECURITY CONSULTING SERVICES CYBERCRIME MACHINE LEARNING ECOSYSTEM & INTRUSION DETECTION: CYBERCRIME OR REALITY? ECOSYSTEM COSTS BENEFITS BIG BOSS Criminal Organization

More information

CSIS Security Research and Intelligence Research paper: Threats when using Online Social Networks Date: 16/05-2007

CSIS Security Research and Intelligence Research paper: Threats when using Online Social Networks Date: 16/05-2007 CSIS Security Research and Intelligence Research paper: Threats when using Online Social Networks Date: 16/05-2007 Written by Dennis Rand rand@csis.dk http://www.csis.dk Table of contents Table of contents...

More information

An Introduction to Cyber Liability Insurance. Catherine Berry Senior Underwriter

An Introduction to Cyber Liability Insurance. Catherine Berry Senior Underwriter An Introduction to Cyber Liability Insurance Catherine Berry Senior Underwriter What is cyber risk? Exposures emanating from computer networks and the internet The Cyber Risk Phenomenon The incredible

More information

COMMUNIQUÉ ON PRINCIPLES FOR INTERNET POLICY-MAKING OECD HIGH LEVEL MEETING ON THE INTERNET ECONOMY,

COMMUNIQUÉ ON PRINCIPLES FOR INTERNET POLICY-MAKING OECD HIGH LEVEL MEETING ON THE INTERNET ECONOMY, COMMUNIQUÉ ON PRINCIPLES FOR INTERNET POLICY-MAKING OECD HIGH LEVEL MEETING ON THE INTERNET ECONOMY, 28-29 JUNE 2011 The Seoul Declaration on the Future of the Internet Economy adopted at the 2008 OECD

More information