Defending Cyberspace Lecture Summary

[Matthew Bretan]

Key Speakers:

                  Debora Plunkett - Dir. Information Assurance Directorate (IAD)

                  William Wansley -  Sr. VP Booz Allen Hamilton

                  Bill Phelps - MD Global Cyber Security Lead Accenture

                  Joanne Martin - VP Information Technology Risk IBM

                 

Debora's Speech:

-        Current State

Ø  Consumers are increasing their adoption of Internet connected devices (2013 = 2x internet devices compared to people)

Ø  Cyber Intrusions on the rise toward large critical companies that have large security programs

Ø  Level of security measures need to be questioned on a constant basis - 1M new malware detected each month

Ø  The more technology that we use the more we need to protect

-        Defining Emerging Threats

Ø  We need to stop just cleaning up bad events and start preventing them from happening

Ø  We learn a lot about how the adversaries work by studying their work

Ø  Everyone that has a reliance in networks and communication is a stakeholder

Ø  Two real categories: Technological & Behavioral

Ø  Technological

§  Customized malware and attacks make simple blacklisting and signature detection much less effective

·       Need to move to reputation/whitelisting services

§  Increasing gadgets and gizmos on the network which allow for easier network attacks and there is little incentive for the "thing" makers to secure them

·       Need to increase the incentive to secure the items and simplify products to meet the requirements

§  IPv6 allows for new attack surfaces and a community that isn’t trained for it

·       We need to train and slowly integrate into enterprise operations

§  Mobile platforms are being used as an attack surface for enterprise networks

·       Need to ensure that there is proper protection for keys & credentials at rest and proper policy enforcement and monitoring for mobile users

·       Looking at virtualization and cloud technology to ensure that if the device is lost the data can be removed

·       Using open standards ensures that anyone can play and increase the effectiveness of the solution

Ø  Behavioral

§  Threat cycles are accelerating and malicious activity coordination is getting tighter

·       Need to automate and use layered/hardened architectures to slow attacks

·       Standardize defensive info exchange to gain speed!!

§  Attackers are backing into earlier stages of security lifecycles to improve scale and utility (supply-chain attacks)

·       Software: use of signed software could help

·       Hardware: some benefit from anti-counterfeiting efforts

§  Attacks are increasingly focused on applications since many developers don’t have the resources to harden their products

·       Need to make it harder for 1 bad app to affect the entire platform

§  Nation state actors are exploiting a very broad spectrum of non-traditional targets

§  The “cloud” concentrates vulnerability/risks at the providers and are using clouds against others

·       Need to extend reputational services into the cloud

-        Future of Cyber Defense

Ø  Public and Private partnership is necessary!