BIG DATA AND CYBERSECURITY:

Similar documents
Cyber Diplomacy A New Component of Foreign Policy 6

Keynote. Professor Russ Davis Chairperson IC4MF & Work Shop Coordinator for Coordinator for Technology, Innovation and Exploitation.

GLOBAL BUSINESS DIALOGUE ON ELECTRONIC COMMERCE CYBER SECURITY AND CYBER CRIME SEPTEMBER 26, CEO EDS Corporation

The European Response to the rising Cyber Threat

ESTABLISHING A NATIONAL CYBERSECURITY SYSTEM IN THE CONTEXT OF NATIONAL SECURITY AND DEFENCE SECTOR REFORM

(U) Appendix E: Case for Developing an International Cybersecurity Policy Framework

NATIONAL CYBERSECURITY STRATEGIES: AUSTRALIA AND CANADA

European Commission Per

CYBERSECURITY IN FINANCIAL SERVICES POINT OF VIEW CHALLENGE 1 REGULATORY COMPLIANCE ACROSS GEOGRAPHIES

The battle to contain fraud is as old as

CSR Breach Reporting Service Frequently Asked Questions

Government Decision No. 1139/2013 (21 March) on the National Cyber Security Strategy of Hungary

National Cyber Security Policy -2013

Germany: Report on Developments in the Field of Information and Telecommunications in the Context of International Security (RES 69/28),

Legal Issues / Estonia Cyber Incident

Secure by design: taking a strategic approach to cybersecurity

Cyber Security Recommendations October 29, 2002

A Database Security Management White Paper: Securing the Information Business Relies On. November 2004

Cyber Stability 2015 Geneva, 09 July African Union Perspectives on Cybersecurity and Cybercrime Issues.

Cyber Security Strategy for Germany

Addressing Cyber Risk Building robust cyber governance

How To Write A National Cybersecurity Act

SOMEBODY'S WATCHING YOU! Maritime Cyber Security White Paper. Safeguarding data through increased awareness

ENISA What s On? ENISA as facilitator for enhanced Network and Information Security in Europe. CENTR General Assembly, Brussels October 4, 2012

Surviving the Era of Hack Attacks Cyber Security on a Global Scale

EU-U.S. DECLARATION ON COMBATING TERRORISM DROMOLAND CASTLE, 26 JUNE 2004

Cyber security Building confidence in your digital future

Statement for the Record. Richard Bejtlich. Chief Security Strategist. FireEye, Inc. Before the. U.S. House of Representatives

Establishing and supporting CERTs for Internet security

October 24, Mitigating Legal and Business Risks of Cyber Breaches

Building Blocks of a Cyber Resilience Program. Monika Josi monika.josi@safis.ch

DIGITALEUROPE and European Services Forum (ESF) response to the Draft Supervision Rules on Insurance Institutions Adopting Digitalised Operations

I. CONTEXT II. POLITICAL PRIORITIES IDENTIFIED

CYBER SECURITY AND CYBER DEFENCE IN THE EUROPEAN UNION OPPORTUNITIES, SYNERGIES AND CHALLENGES

WHITE PAPER. Attack the Attacker HOW A MANAGED SECURITY SERVICE IMPROVES EFFICIENCY AND SAVES COST

Government Decision No. 1139/2013 (21 March) on the National Cyber Security Strategy of Hungary

S. ll IN THE SENATE OF THE UNITED STATES

Cybersecurity and internal audit. August 15, 2014

DHS, National Cyber Security Division Overview

Cyber Risk Reduction: Why Automated Threat Verification is key

Bellevue University Cybersecurity Programs & Courses

Cyber Security Operations Centre Reveal Their Secrets - Protect Our Own Defence Signals Directorate

How To Help The War On Terror

A practical guide to IT security

INTELLIGENCE AND CYBERSECURITY SEMINAR SERIES. Transforming Your Research and Analytic Skills

Cyber security. Cyber Security. Digital Employee Experience. Digital Customer Experience. Digital Insight. Payments. Internet of Things

FACEBOOK STATEMENT RICHARD ALLAN NOVEMBER 11, My name is Richard Allan, and I am the Director of Public Policy

Cybersecurity. Are you prepared?

Honourable members of the National Parliaments of the EU member states and candidate countries,

On the European experience in critical infrastructure protection

The internet and digital technologies play an integral part

Assessing the strength of your security operating model

Data Security: Fight Insider Threats & Protect Your Sensitive Data

2016 Outlook of the Global Security Industry

Jyväskylä Cyber Security Ecosystem

As global mobile internet penetration increases the cybercrime and cyberterrorism vector is extended

Cyber Insurance: How to Investigate the Right Coverage for Your Company

Microsoft s cybersecurity commitment

Combating a new generation of cybercriminal with in-depth security monitoring

Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) 2014: 245 incidents reported

SMALL BUSINESS REPUTATION & THE CYBER RISK

Cyber-Security Risk- IP Theft and Data Breaches Protecting your Crown Jewels Internally and with Your Key Third Parties

Minister Shatter presents Presidency priorities in the JHA area to European Parliament

Hearing before the House Permanent Select Committee on Intelligence. Homeland Security and Intelligence: Next Steps in Evolving the Mission

CFIR - Finance IT 2015 Cyber security September 2015

Presidential Summit Reveals Cybersecurity Concerns, Trends

Anatomy of a Hotel Breach

Managing Cyber Attacks

Security and Services

ISO/IEC Safeguarding Personal Information in the Cloud. Whitepaper

Cyber Security - What Would a Breach Really Mean for your Business?

How To Discuss Cybersecurity In European Parliament

Big Data, Big Risk, Big Rewards. Hussein Syed

Services. Cybersecurity. Capgemini & Sogeti. Guiding enterprises and government through digital transformation while keeping them secure

Reducing Cyber Risk in Your Organization

PCL2\ \1 CYBER RISKS: RISK MANAGEMENT STRATEGIES

Defending Against Data Beaches: Internal Controls for Cybersecurity

Navigating Cyber Risk Exposure and Insurance. Stephen Wares EMEA Cyber Risk Practice Leader Marsh

How To Protect Your Data From Hackers

Cyber Threats Insights from history and current operations. Prepared by Cognitio May 5, 2015

FIVE KEY CONSIDERATIONS FOR ENABLING PRIVACY IN HEALTH INFORMATION EXCHANGES

CYBER SECURITY AND RISK MANAGEMENT. An Executive level responsibility

CONSULTING IMAGE PLACEHOLDER

Business Continuity for Cyber Threat

Transcription:

BIG DATA AND CYBERSECURITY: Multi Stakeholder Threats and Opportunities A US Speakers Program Embassy of the United States, Serbia September 20-25, 2015 Anne C. Bader Founder The International Cybersecurity Dialogue

Internet technology links all earth s activities Its power is unquestioned Its capacity is not fully understood Its essential infrastructure supports security, telecommunication, commerce, energy, finance, transport. It is the newest 21 st century weapon.

THE OPTE PROJECT 2015 An Internet Map by Barrett Lyon The visualization is a collection of programs that collectively output an image of every relationship of every network on the Internet. This award winning representation of the Internet now hangs in the Museum of Modern Art in NYC. http://www.opte.org/ North America (ARIN) Europe (RIPE) Latin America (LACNIC) Asia Pacific (APNIC) Africa (AFRINIC) Backbone (highly connected networks) This work is licensed under a Creative CommonsAttribution Non Commercial 4.0 International License. 2014 by LyonLabs, LLC and Barrett Lyon. Hosted by Defense.Net

Multi Stakeholder Approach: No One Organization Controls the Internet Integrated but Independent

BIG DATA High Volume, High Velocity and/or High Variety information assets that require new forms of processing to enable enhanced decision-making, insight discovery and process optimization. Gartner Glossary I

CYBERSECURITY IS A MANAGEMENT ISSUE

BIG DATA OPPORTUNITIES Information! Innovation! Return on Investment (ROI) Control Competition Cooperation Collaboration Scientific and commercial intelligent systems Systems management and advanced processing. Open source research.

BIG DATA THREATS BECOME OPPORTUNITIES Richard Stiennon Liability- 40 million records of US government employees stored in an Oracle data base becomes a big file system. Adversaries can draw a big picture of intel groups and mix with other files on travel, email to target specific individuals and groups. Assets-It is a huge asset for security. The amount of information, alerts, security events become our Big Data repository. We derive intelligence from who is attacking. Tells me when a packet from Russia comes though and gives us the ability to extract information through Security Analytics. By combining information with an email address of a target and user name and password in another breach a hacker can send an email from some that site that the target knows and gain access to his systems.

CYBERSECURITY THOUGHTS Here is an example of how Data Science software uses consumer buying trends. A woman went to her pharmacy. Shortly afterwards, she began receiving offers for baby products, diapers etc. Based on her buying activity the software was tracking her as pregnant. She was pregnant at the time but did not know until several weeks later when she saw her doctor! Privacy: Ownership: Who owns Data? Do you own your birthday? It is one of your unique identifiers. In the United States it is ambiguous: individuals can protect their health information from other individuals or organizations but in some states the government can sell our health information to third party vendors for commercial use! In Estonia, each individual owns his own identity. Their security is designed to support that across all sectors and locations. Can someone else use your birthday to drive information about you? How about your DNA? Who can use that information about you? Do hospitals have the right to share your DNA tests with third parties such as insurance companies without your permission or knowledge? Doctors, insurance companies, pharmacies, blood test labs, hospitals and middlemen we know nothing about sell our most intimate medical records.

WHAT POLICY CHANGES TO SECURE AND TO PROTECT BIG DATA? Agree on the principles of information sharing between the Public and Private Sector. The proposed EU General Data Protection Regulation is a single set of rules for everyone. The EU Commission on a Digital Single Market seeks to eliminate the roaming charges for using phones, internet. How is this compatible? Governments need to build in Encryption and Information Rights Management into their systems. The bigger the data the better the target. Our most recent example is the breach of the Office of Personnel Management. Government must have the ability to audit and control access in the best way. Most Big Data is run on insecure or inadequately secure systems both in the private and the public sector. Develop legislation and conventions that benefit and protect, the public, private and academic sectors and each individual. White House Report on Privacy and Cybersecurity; EU-US Umbrella Agreement; EU General Protection Regulation. Require universal accountability on compliance with the most up to date security protection. Internet of Things delivers personalized information to each user and gathers newly developed personal information without protecting it. Smart phones, Smart Watches, Fitbits, are some examples.

WHAT ARE THE MOST COMMON SECURITY ISSUES/CONCERNS RELATED TO BIG DATA? Liability- What are your assets that you need to protect? Oversharing of Data-generational divide Personal Identifiable Information -PII Lack of control of your Data Digital Footprint-lack of control how much is given away How to secure all data

WHAT ARE THE MOST COMMON SECURITY ISSUES/CONCERNS RELATED TO BIG DATA? Rationalize your Data Policies 1. Understand the assets you need to protect 2. Educate and evaluate enterprise risk. 3. Consolidate security policy; secure all the data 4. Harmonize uncoordinated and inconsistent policies 5. Who are the stake-holders? 6. What is the business need? 7. What are the data processing needs? 8. Update older equipment and software 9. Training, Incident response teams, regular practices

HOW IS BIG DATA USED TO ADDRESS CYBERSECURITY AND SECURITY THREATS? BIG DATA / BIG ANALYTICS/ BIG SECURITY What do I need? Build a system to collect the threat information Increase the time on Incident Response and practicing (What happens if our data is taken, system collapses etc.) Data Analytics. Huge cost of not using appropriate analysis. Primarily a Return on Investment ( ROI)Issue both in government and business. Biggest shared concerns are Branding and Costs Data analytics companies: I Sight Partners, Digital Shadows, SQRRL Management, Keeping every system up to date Training, Red Team exercises, Incident Response team regular practices

HOW IS BIG DATA USED TO ADDRESS CYBERSECURITY AND SECURITY THREATS? First and foremost, it s a Management Issue Safety in Design Build a system to collect the threat information Concepts and processes important to support riskinformed decision making Threat environment Threat actors Where am I vulnerable? Operating Systems-Up to Date How do you access the data? What am I trying to protect is the most important What are the consequences of Data Loss?

WE ARE MAKING PROGRESS!

FIVE WHITE HOUSE RECOMMENDATIONS BIG DATA ON PRIVACY INITIATIVE Uses Government Policy and Regulations Outcomes Education Take the international lead to convene, cooperate and collaborate Prepared by the Science and Technology Council, Executive Office of the President and the US Department of Energy National Initiative for Technology and Development

Finalisation of the EU-US negotiations on the data protection "Umbrella Agreement" 08-09-2015 " Today, on finalising the negotiations on the EU-US data protection "Umbrella Agreement", Věra Jourová, EU Commissioner for Justice and Consumers made the following statement: "I am very pleased that today we have finalised negotiations with the US on high data protection standards for transatlantic law enforcement cooperation. Robust cooperation between the EU and the US to fight crime and terrorism is crucial to keep Europeans safe. But all exchanges of personal data, such as criminal records, names or addresses, need to be governed by strong data protection rules. This is what the Umbrella Agreement will ensure.

North Atlantic Treaty Organization As cyber threats do not recognise state borders, nor organisational boundaries, cooperation with partners on cyber defence is an important element of the revised NATO policy.. NATO also recognises the importance of harnessing the expertise of the private sector and academia in this complex area where new ideas and new partnerships will be key. http://www.nato.int/cps/en/sid-312c4364-5f166fae/natolive/topics_78170.htm

REPETITION FOR EMPHASIS CYBERSECURITY IS A MANAGEMENT ISSUE

SPECIAL THANKS This report was the result of more than 25 interviews with US and International leaders in technology, government, intelligence, military, academe, international organizations, hackers, non governmental organizations and think tanks and journalists most of whom agreed on the main points I stress. I am happy to expand after the talk.

International Cybersecurity Dialogue Bridging the Gap Between Security Technologist and Policy Makers We believe that national policies and laws governing the new cyber domain must be made with the public and private sector technologists who create and manage the networks and systems. Anne C Bader and Richard Stiennon ACBader@cybersecuritydialogue.org www.cybersecuritydialogue.org

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information