Introduction to Cyber Security

Our Purpose Copyright 2010 Semantech Inc., All Rights Reserved This presentation is designed to highlight both sides of the Cyber Security story: Side 1 ( The Public View ) – The impact of Cyber Security on society and the current management of information systems. Side 2 ( The Provider View ) – The necessary evolution of Security practices which are emerging as a result of those impacts. We also intend to help clarify concepts and issues by examining or in some cases redefining key terms…

The First in a Series… This presentation is the first in a series of issue or concept focused presentations on various aspects of Cyber Security. Future presentations will provide focus on individual topics such as: Security Architecture Cyber Security Analytics Exploits & Vulnerabilities Cyber Security, Privacy & Net Neutrality Cyber Security & the Cloud Cyber Security & Data Protection The Cyber Security Workforce Copyright 2010 Semantech Inc., All Rights Reserved

The Cultural Impact It’s Personal – Cyber Security issues now impact every individual who uses a computer. It’s no longer science fiction – millions of people worldwide are the victims of cyber-crimes. It’s Business – Every business today is dependent on information and vulnerable to one or more type of Cyber attacks (even those w/o online sites). It’s War – In fact it is already becoming the next Cold War. Cyber operations are also becoming increasing integrated into active conflicts. Copyright 2010 Semantech Inc., All Rights Reserved

The Official Impact Nations are redefining how they do business and spending an ever-growing amount of money on security-related mitigation. But is it working? To date, it only seems as though the problem is getting worse and Cyber adversaries have a cost advantage that puts defenders at a permanent disadvantage. Copyright 2010 Semantech Inc., All Rights Reserved

The Solution Impact It’s Evolving – But at a fairly slow pace compared to the problem space. This disparity will only grow wider as the pace of change continues to quicken. It’s Getting Complicated – There is no longer any realistic expectation of a single solution or even a single family of solutions that can provide a comprehensive approach to the problem space. A Fresh Perspective – Is what’s needed. We can either react to ever-growing complexity and disruption by adding more layers of complication ourselves or we can manage the patterns… Copyright 2010 Semantech Inc., All Rights Reserved

Technology & Modern Life In 1990 one book tracking future trends failed to include the following words in its index; “Online, Email, Internet, Hacking, Computer Virus…” Within a few years those technologies and issues have come to dominate modern society. When we address Cyber Security we’re talking about technology infrastructure, applications, data and human interaction. These elements are no longer limited to “wired” net, they now also encompass all forms of converged IP-based communications. Copyright 2010 Semantech Inc., All Rights Reserved

Cyberspace is unique and ubiquitous; it is both its own domain as well as a dimension within all other (functional) domains. Cyberspace is both the medium and the message in many cases. Anything that might involve IP data transfer or communications has a cyber component. Cyberspace represents a single point of failure for the Federal Government. It provides asymmetrical opponents the opportunity to disrupt and defeat a vastly superior foe. What is CyberSpace ? Copyright 2010 Semantech Inc., All Rights Reserved

What is Cyber Warfare? Cyber Warfare is by nature asymmetric, even when conducted by traditional nation-state opponents. Cyber Warfare is non-kinetic only in the most direct sense, if we view Cyber Operations separate from conventional operations. As soon as we consider that conventional operations that rely on IT capability are Cyber Operations then Cyber can become both Kinetic and Non-Kinetic in nature. Cyber Attacks can be real-time events or time-delayed events. They can originate from anywhere or be triggered from anywhere and originate from within our perimeters. They occur in multi-dimension Cyberspace as well as in conventional warfare frames of reference. Copyright 2010 Semantech Inc., All Rights Reserved

What is Cyber Security ? Cyber Security is an all-encompassing domain of information technology – it comprises the entire set of security-related technologies and issues. Without a single perspective for security management, the hundred’s of related yet technically distinct aspects of this problem space could become unmanageable (and in fact many would argue that’s exactly what we’re facing right now). Problem Space = A related set of concepts or issues united by shared challenges and inter-dependencies. Copyright 2010 Semantech Inc., All Rights Reserved

Security is Symbiotic Cyber Security as a concept represents a radical departure from the previous view of IT-related security. In the past, security was often viewed as a separate discipline or as an afterthought. Cyber Security acknowledges that IT security must be symbiotic from now on… Copyright 2010 Semantech Inc., All Rights Reserved

Cyber is not Hype Cyber Security has gotten a lot of attention and some of it at times appears like other typical IT solution hype cycles. The attention being given to Cyber Security today is often focused on trying to define the problem and assess the true threat level. There is no single solution or even a single set of Cyber Security solutions being hyped – what there is a recognition that we’re falling behind the curve and that a concerted effort is needed to manage the problem. That’s different from hype cycles… Copyright 2010 Semantech Inc., All Rights Reserved

What Cyber Security Isn’t Cyber Security isn’t just the most obvious exploits or hacks used to breach perimeter security. The number of DDOS pings or breach attempts is meaningless if the intent of the attacks is not understood. Cyber Security isn’t any one focused solution for a particular security vulnerability or operational defense architecture. It is both its own domain while simultaneously being part of every other IT domain . Cyber Security isn’t something that will or even can go away. As long as our infrastructure remains networked and interdependent Cyber Security will remain critical . Copyright 2010 Semantech Inc., All Rights Reserved

Problem Space Taxonomy Threat Management – This represents the ability to characterize, respond to or prevent threats. Information or Cyber Assurance – The extension of current security practices and principles into the Cyber realm. Infrastructure Management – Both security architecture and all other architectures. Cyber Operations – Active Defense and Offense. Cyber Integration – Putting it all together… For the purposes of this presentation we will examine Cyber Security from five perspectives: Copyright 2010 Semantech Inc., All Rights Reserved

What is Threat Management It’s Analytical – Threats must be both defined and identified and later – recognized when they occur. It’s Operational – Threat Management is an active component of every security architecture already – anti-virus software and firewalls have massive data stores of threat related information which they apply. The sources and exploitation of Threat data continues to grow constantly. It’s Part of a Larger Lifecycle – Viewing threats outside of either the attack lifecycle or the defense solution lifecycle will provide an incomplete view. It’s both Strategic & Tactical – And it must be linked… Copyright 2010 Semantech Inc., All Rights Reserved

Cyber Threats are Patterns Cyber Security shares a similar problem with the rest of information technology – information overload . There is already too much information for operators to analyze rapidly, thus the practice of Forensics involves serious time delays in providing relevant information – and most of it isn’t actionable. The key to managing threats is understanding them – the key to understanding them is to find a way to map them against specific behaviors or events. The activities which help provide this definition and mapping represents the core of Threat Management. Copyright 2010 Semantech Inc., All Rights Reserved

Confidentiality - Confidential information must only be accessed, used, copied, or disclosed by users who have been authorized, Integrity - Integrity means data can not be created, changed, or deleted without proper authorization. Authenticity - Authenticity is necessary to ensure that the users or objects (like documents) are genuine (they have not been forged or fabricated). Availability - Availability means that the information, the computing systems used to process the information, and the security controls used to protect the information are all available and functioning correctly when the information is needed. Non-Repudiation - When one party of a transaction cannot deny having received a transaction nor can the other party deny having sent a transaction. Network and System Security capabilities when viewed together map to the core tenants of Information Assurance: Information Assurance Defined Copyright 2010 Semantech Inc., All Rights Reserved

What is Cyber Assurance ? Cyber Assurance includes one extremely important differentiation from Information Assurance – a focus on the enterprise or multiple domains . In other words, Cyber Assurance scales Information Assurance to whatever scope is needed to provide comprehensive security. Information Assurance (IA) represents a set of guidelines for managing security related activities and systems. Originally it was developed in the context of individual systems and smaller networks. Adding “ Cyber” scope extends but doesn’t replace IA. Copyright 2010 Semantech Inc., All Rights Reserved

Mission Assurance Security is not an end unto itself, it is a means to ensure facilitation of other ends. The mission/s of most enterprises or organizations now depend entirely on the availability of information technology. This is fairly well understood – what isn’t as well understood is the growing symbiosis of those missions and their enabling technologies. This symbiosis is most critical in the context of security. Cyber Assurance by nature now encompasses mission assurance. Copyright 2010 Semantech Inc., All Rights Reserved

The Data Center The Data Center has evolved quite a bit over the past 20 years. Data Centers have become more centralized, more powerful and generally more secure. Currently, Data Centers are undergoing a Virtualization Revolution which is allowing for better utilization of existing resources. Individuals and organizations which don’t manage their own Data Centers inevitably end up depending on some else’s. Copyright 2010 Semantech Inc., All Rights Reserved

The Network Networks have evolved as well. Internet Protocol or IP has allowed for convergence of many types of networks: The wired backbone (much of which now is fiber optic). The wired telephone backbone. Various wireless telephony networks. Satellite Networks. Smaller, targeted wired and wireless networks (some riding on the larger infrastructure, some not). Security must be considered at all points in every network… Copyright 2010 Semantech Inc., All Rights Reserved

What is Cyber Operations ? In the past, the term Cyber-Operations if used at all tended to refer to operations that exclusively applied Cyber capabilities. In the future, this is likely to change – any operations which require Cyber capabilities to fulfill mission objectives could considered Cyber Operations. Why the emphasis on Cyber as opposed to traditional ops? Because knowing that a once non-Cyber op is now wholly reliant on Cyber capabilities to carry it out changes the nature of the operation as well as how we should manage it… Copyright 2010 Semantech Inc., All Rights Reserved

Principle - Defensive Complexity One of the most important principles associated with Cyber Assurance is the recognition that it is much easier to attack than to defend . An attacker only needs to understand a portion of the technical architecture to compromise it. The Defenders must understand the entire infrastructure to defend it as well as understanding the organizations which manage them and understanding the nature of both internal and external attackers. Becoming an expert in all aspects of IT and Operational Security is quite simply – overwhelming . Copyright 2010 Semantech Inc., All Rights Reserved

Cyber Ops & NETOPS Much of the activity currently associated with the concept of Cyber Security is referred to as NETOPS or Network Operations. As the name implies, NETOPS involves network security but also encompasses aspects of IA, system level security and infrastructure management. The current weakness associated with NETOPS is its focus on perimeter security in limited contexts. Cyber Operations in contrast encompasses all elements in fielded solutions as well as the entire solution lifecycle. Copyright 2010 Semantech Inc., All Rights Reserved

What is Cyber Integration ? Cyber Integration supports both solution development and solution operations. Cyber Integration centers around the ability to pass data from one solution element to another as well as the ability to synchronize related processes. Cyber Integration is a relatively new discipline in that it directly responds to the recent mandate that Cyber Security solutions support both enterprise and multiple domain level scale. Cyber Integration is where the majority of new & intelligent security capabilities will arise from… Copyright 2010 Semantech Inc., All Rights Reserved

Conclusion Any intelligent device that can pass data to one or more other devices (either through a network or not) is encompassed within the scope of Cyber Security – that includes pretty much the entire foundation of modern society . Not viewing security from this scope is the single biggest risk associated with Cyber Terrorism, Cyber Crime or Cyber Warfare. In our following presentations, we will drill down to more specific issues and examples that will help illustrate what direction the practice of Cyber Security must proceed to match the growing threat. Copyright 2010 Semantech Inc., All Rights Reserved

CCS Practice Contact Information CCS Integration Partners… For more information, visit http://www.cyber-ccs.com or contact: Stephen Lahanas [email_address] Copyright 2010 Semantech Inc., All Rights Reserved

Introduction to Cyber Security

More Related Content

What's hot (20)

Viewers also liked (20)

Similar to Introduction to Cyber Security (20)

More from Stephen Lahanas (20)

Introduction to Cyber Security

Editor's Notes