Some Thoughts on the Future of Cyber-security

Similar documents
The Comprehensive National Cybersecurity Initiative

Defending Against Data Beaches: Internal Controls for Cybersecurity

DoD Strategy for Defending Networks, Systems, and Data

The Path Ahead for Security Leaders

Cybersecurity Delivering Confidence in the Cyber Domain

Cyber Security. BDS PhantomWorks. Boeing Energy. Copyright 2011 Boeing. All rights reserved.

(U) Appendix D: Evaluation of the Comprehensive National Cybersecurity Initiative

Developing Secure Software in the Age of Advanced Persistent Threats

Cybersecurity: Mission integration to protect your assets

Defense Security Service

Data Center Network Evolution: Increase the Value of IT in Your Organization

Cybersecurity Enhancement Account. FY 2017 President s Budget

ICBA Summary of FFIEC Cybersecurity Assessment Tool

SOLUTION BRIEF. Next Generation APT Defense for Healthcare

Cyber Watch. Written by Peter Buxbaum

Cisco Security Optimization Service

ADVANCED KILL CHAIN DISRUPTION. Enabling deception networks

FFIEC Cybersecurity Assessment Tool

Priority III: A National Cyberspace Security Awareness and Training Program

THE DIGITAL AGE THE DEFINITIVE CYBERSECURITY GUIDE FOR DIRECTORS AND OFFICERS

PASTA Abstract. Process for Attack S imulation & Threat Assessment Abstract. VerSprite, LLC Copyright 2013

Data- centric Security: A New Information Security Perimeter Date: March 2015 Author: Jon Oltsik, Senior Principal Analyst

CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL

ENTERPRISE COMPUTING ENVIRONMENT. Creating connections THROUGH SERVICE & WORKFORCE EXCELLENCE

COUNTERINTELLIGENCE. Protecting Key Assets: A Corporate Counterintelligence Guide

SANS Top 20 Critical Controls for Effective Cyber Defense

Software defined networking. Your path to an agile hybrid cloud network

CYBERSECURITY IN FINANCIAL SERVICES POINT OF VIEW CHALLENGE 1 REGULATORY COMPLIANCE ACROSS GEOGRAPHIES

TOP SECRET//SI//REL TO USA, AUS, CAN, GBR, NZL TOP SECRET//SI//REL TO USA, AUS, CAN, GBR, NZL. (U) SIGINT Strategy February 2012

Network that Know. Rasmus Andersen Lead Security Sales Specialist North & RESE

Technology Blueprint. Protect Your Servers. Guard the data and availability that enable business-critical communications

Transform Your Business. Transformation Data Center

Combating a new generation of cybercriminal with in-depth security monitoring. 1 st Advanced Data Analysis Security Operation Center

NERC CIP VERSION 5 COMPLIANCE

Five Steps For Securing The Data Center: Why Traditional Security May Not Work

CYBER SECURITY TRAINING SAFE AND SECURE

JOINT EXPLANATORY STATEMENT TO ACCOMPANY THE CYBERSECURITY ACT OF 2015

Adaptive Intelligent Firewall - der nächste Entwicklungssprung der NGFW. Jürgen Seitz Systems Engineering Manager

Middle Class Economics: Cybersecurity Updated August 7, 2015

Enterprise Cybersecurity: Building an Effective Defense

Top 20 Critical Security Controls

SITUATIONAL AWARENESS MITIGATE CYBERTHREATS

Advanced Visibility. Moving Beyond a Log Centric View. Matthew Gardiner, RSA & Richard Nichols, RSA

2015 Michigan NASCIO Award Nomination. Cyber Security Initiatives: Michigan Cyber Disruption Response Strategy

Strengthen security with intelligent identity and access management

PENETRATION TESTING GUIDE. 1

Cisco SAFE: A Security Reference Architecture

Advanced Threat Protection with Dell SecureWorks Security Services

Triangle InfoSeCon. Alternative Approaches for Secure Operations in Cyberspace

Certified Identity and Access Manager (CIAM) Overview & Curriculum

NGA Paper. Act and Adjust: A Call to Action for Governors. for cybersecurity;

Mike Smart Cyber Strategist & Enterprise Security Solutions, EMEA. Cyber: The Catalyst to Transform the Security Program

An Overview of Large US Military Cybersecurity Organizations

SPEAR PHISHING UNDERSTANDING THE THREAT

Cybersecurity Kill Chain. William F. Crowe, CISA, CISM, CRISC, CRMA September 2015 ISACA Jacksonville Chapter Meeting August 13, 2015

Practical Threat Intelligence. with Bromium LAVA

Lessons from Defending Cyberspace

Addressing the Full Attack Continuum: Before, During, and After an Attack. It s Time for a New Security Model

Integrating Cybersecurity with Emergency Operations Plans (EOPs) for K-12 Education

A Strategic Approach to Meeting the Demand for Cloud

Breaking the Cyber Attack Lifecycle

BlacKnight. Cyber Security international A BUSINESS / MARKETING PRESENTATION

ADVANCED PERSISTENT THREATS & ZERO DAY ATTACKS

Whitepaper. Advanced Threat Hunting with Carbon Black

Integrating Cybersecurity with Emergency Operations Plans (EOPs) for Institutions of Higher Education (IHEs)

Cybersecurity Report on Small Business: Study Shows Gap between Needs and Actions

State of Security Survey GLOBAL FINDINGS

Technical Testing. Network Testing DATA SHEET

DEFENSE INFORMATION SYSTEMS AGENCY STRATEGIC PLAN UNITED IN SERVICE TO OUR NATION

The Changing IT Risk Landscape Understanding and managing existing and emerging risks

Cyb T er h Threat D f e ense S l o uti tion Moritz Wenz, Lancope 1

Impact of Cybersecurity Innovations in Key Sectors (Technical Insights)

SDN Security Challenges. Anita Nikolich National Science Foundation Program Director, Advanced Cyberinfrastructure July 2015

A New Layer of Security to Protect Critical Infrastructure from Advanced Cyber Attacks. Alex Leemon, Sr. Manager

Utility-Scale Applications of Microgrids: Moving Beyond Pilots Cyber Security

Boosting Business Agility through Software-defined Networking

DYNAMIC DNS: DATA EXFILTRATION

Rethinking Information Security for Advanced Threats. CEB Information Risk Leadership Council

PwC Cybersecurity Briefing

Hillstone Intelligent Next Generation Firewall

CyberNEXS Global Services

Microsoft Services Premier Support. Security Services Catalogue

IMPLEMENTING A SECURITY ANALYTICS ARCHITECTURE

Cyber Threats Insights from history and current operations. Prepared by Cognitio May 5, 2015

Information Technology Risk Management

Transcription:

Some Thoughts on the Future of Cyber-security Mike Thomas Information Assurance Directorate National Security Agency NSI IMPACT April 2015 1

Introduction, or Why are we here? National security missions depend on cyber capabilities. These capabilities and their platforms face serious risks from external and internal threats. The cyber environment continues to expand and change. What will the future environment look like? How must cybersecurity evolve for that environment? NSI IMPACT April 2015 2

Introduction - Particular Challenges 1. Threats are growing, but more importantly, they are diversifying. 2. Operational scale has increased, far beyond the feasible scope for manual operations. 3. Threat actor speed has increased; waiting until after compromise has occurred is no longer viable. Harm Time Defensive operations future Defensive operations today (mostly) NSI IMPACT April 2015 3

Introduction Introduction Outline The future cyber environment Technology environment changes Operational environment changes Evolution of cyber-security & defensive cyber operations Core areas for evolution Area details (6, time permitting) Conclusions NSI IMPACT April 2015 4

The Future Cyber Environment The future environment will include a broader technology base, greater diversity of context, and more dynamic structure. NSI IMPACT April 2015 5

Future Environment Overview Evolving Operational Environment Demand for Mobility & Info Anywhere Cloud and Virtual Everything Rise of Cyber-Physical Systems Cyber- Evolving Network Environment General Trends Increased Scope of Threat Actors Changing practices and structural norms security & defense Traditional IA Services & Products NSI IMPACT April 2015 6

Future Environment Technology Trends Ubiquitous and diverse virtualization servers, networks, storage, applications, desktops, etc. Migration to Clouds all levels, all domains, private and public Mobility and wireless Dynamic network infrastructure Software-Defined Networking (SDN), Automatic Switched Optical Networks (ASON), IPv6, etc. Rise of Cyber-Physical Systems (CPS) & the Internet of Things (IoT) sensors, industrial control, vehicles, buildings, etc. NSI IMPACT April 2015 7

Future Environment Operational Context Demand for information anywhere, anytime Assumptions about data bound to geography no longer apply Expansion of threat actor goals Theft/espionage still important, but disruptive and destructive attacks are growing Threat actors leverage increasingly diverse trust relationships Explosion of security needs for Non-Person Entities Diffusion of perimeters and boundaries As boundaries lose definition, we can rely less on boundary-focused defenses; visibility and control must extend inward and outward Increased awareness of insider threats Technical and non-technical measures must include mitigations for risks posed by malicious and mis-guided insiders Modern networks blur definitions of insider and outsider NSI IMPACT April 2015 8

Evolution of cyber-security and defensive operations To be successful at securing and defending future environments, we must embrace dramatic changes. Incremental improvements to current strategies and practices will not be sufficient. NSI IMPACT April 2015 9

Evolution Overview Some core areas for evolution: 1. Strengthen fundamentals ( cyber discipline ) 2. Apply mitigation across system lifecycle and threat actor scope 3. Drive operations with data & analytics 4. Automate, automate, automate 5. Build & leverage skilled workforce 6. Integrate defensive cyber operations and counter-intelligence operations NSI IMPACT April 2015 10

Evolution 1. Strengthen Fundamentals Build systems to be visible: Incorporate instrumentation to drive visibility Apply strong integrity mechanisms that can be validated Use virtualization system to monitor virtualized assets Build systems to be defensible: Use dynamic networking technologies to give defenders control of communication & connectivity Incorporate mechanisms for recovery Maintain strong identity for people, systems, and services Defend data by tagging and enforcing access control Know your critical assets ( crown jewels ) and track them! NSI IMPACT April 2015 11

Evolution 2. Broaden Scope Threat actors can pursue their missions anywhere in the system lifecycle à we must consider and prioritize defense at the same breadth of scope System Lifecycle Development Integration Production Deployment Operation Retirement Reconnaissance Threat Actor Kill Chain Delivery Exploitation Installation & Propagation Command & Control Potential Mitigation Scope Typical Mitigation Focus Accomplish Mission Objectives including Left of Boom NSI IMPACT April 2015 12

Evolution 3. Become Data-Driven Effective and actionable cyber situational awareness depends on: Accurate, timely system, actor, and activity data Data spanning relevant contexts (localà enterpriseà global, host & network, historical & current) Directed analysis analytics that combine diverse data sources into usable blue and red force representations Partnership & sharing are essential no single organization or group has sufficient visibility Defensive actions must be informed by context, current state, and threat actor intelligence NSI IMPACT April 2015 13

Evolution 4. Automate Multiple factors are driving need for automation of cyber-security and defense operations. Challenge factor Size of opera6onal IT/network systems Speed of threat actor opera6ons Complexity of response ac6ons Automation need Automate visibility and control across large #s of assets Execute courses of ac6on at machine speed Orchestrate complex mul6- step responses across many elements Messaging/C&C Awareness Control Defenders NSI IMPACT April 2015 14

Evolution 5. Leverage Skilled People Skilled and empowered cyber personnel are essential for success today, and will be even more in the future environment. Some elements of that workforce: Skills will be needed across a wide range of platforms and technologies (breadth doesn t just happen, it has to be crafted) Operators will need to understand defense and offense Sustained development will be necessary to keep up with technological and threat actor change National security cyber operations won t happen in a vacuum our staff must be prepared to operate joint all the time Experience is critical operators must be given hands-on practice before a crisis, and regularly over their careers NSI IMPACT April 2015 15

Evolution 6. Integrate DCO & CI Mitigating insider threats requires analysis and response in both people (counter-intel) and technical (cyber) domains. Deter Prevent Detect Respond Anomaly detection, characterization, and response selection must be informed by both CI and cyber situational awareness. Cyber attacks can involve co-opting of insider identities there s no simple division between insider and other threats. Core cyber fundamentals make a clearer field for insider mitigation: Network visibility Data tagging and access control Strong identity NSI IMPACT April 2015 16

Conclusions We have the all the necessary elements for success, but integrating and adopting them will require hard work. NSI IMPACT April 2015 17

Conclusions Last bit before Q&A We can see the environment changes coming: All the trends are already well underway. All of them apply to National Security systems and missions we are not exempt! Threat actors are busy as each new model/ technology gains adoption, they exploit it. Our community possesses the building blocks for successful evolution. We have to assemble them together. Success is only possible as a community. NSI IMPACT April 2015 18

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information