+ All Categories
Home > Documents > Ciberespaço, Soberania, Risco Social€¦ · Ciberespaço, Soberania, Risco Social: desafios para...

Ciberespaço, Soberania, Risco Social€¦ · Ciberespaço, Soberania, Risco Social: desafios para...

Date post: 26-Aug-2020
Upload: others
View: 0 times
Download: 0 times
Share this document with a friend
Ciberespaço, Soberania, Risco Social: desafios para Portugal Paulo Esteves - Veríssimo University of Luxembourg, SnT Professor, FNR PEARL Chair [email protected] http:// wwwen.uni.lu/snt/people/ paulo_esteves_verissimo 10º Simp . Int’l “Estratégia Da Informação Nacional”, Academia Militar, Amadora, 29 de Abril 2016
Page 1: Ciberespaço, Soberania, Risco Social€¦ · Ciberespaço, Soberania, Risco Social: desafios para Portugal Paulo Esteves-Veríssimo University of Luxembourg, SnT Professor, FNR PEARL

Ciberespaço, Soberania,

Risco Social: desafios para Portugal

Paulo Esteves-VeríssimoUniversity of Luxembourg, SnT

Professor, FNR PEARL Chair

[email protected]


10º Simp. Int’l “Estratégia Da Informação Nacional”, Academia Militar,

Amadora, 29 de Abril 2016

Page 2: Ciberespaço, Soberania, Risco Social€¦ · Ciberespaço, Soberania, Risco Social: desafios para Portugal Paulo Esteves-Veríssimo University of Luxembourg, SnT Professor, FNR PEARL

Cyberspace today

Page 3: Ciberespaço, Soberania, Risco Social€¦ · Ciberespaço, Soberania, Risco Social: desafios para Portugal Paulo Esteves-Veríssimo University of Luxembourg, SnT Professor, FNR PEARL

The world is becoming an immenseinfrastructure





Page 4: Ciberespaço, Soberania, Risco Social€¦ · Ciberespaço, Soberania, Risco Social: desafios para Portugal Paulo Esteves-Veríssimo University of Luxembourg, SnT Professor, FNR PEARL

Internet minute


Page 5: Ciberespaço, Soberania, Risco Social€¦ · Ciberespaço, Soberania, Risco Social: desafios para Portugal Paulo Esteves-Veríssimo University of Luxembourg, SnT Professor, FNR PEARL


Page 6: Ciberespaço, Soberania, Risco Social€¦ · Ciberespaço, Soberania, Risco Social: desafios para Portugal Paulo Esteves-Veríssimo University of Luxembourg, SnT Professor, FNR PEARL

Vulnerabilidades em Softwaresempre em alta

(Source: IBM xForce)

Number of Vulnerabilities


Page 7: Ciberespaço, Soberania, Risco Social€¦ · Ciberespaço, Soberania, Risco Social: desafios para Portugal Paulo Esteves-Veríssimo University of Luxembourg, SnT Professor, FNR PEARL

Summarizing: Cyberspace today

• immense, interconnected,interdependent infrastructure

• huge amounts of correlatable data

• huge cheap storage capacity

• steadily increasing softwarevulnerabilities

Page 8: Ciberespaço, Soberania, Risco Social€¦ · Ciberespaço, Soberania, Risco Social: desafios para Portugal Paulo Esteves-Veríssimo University of Luxembourg, SnT Professor, FNR PEARL

Threat Landscape (in times of peace)

Page 9: Ciberespaço, Soberania, Risco Social€¦ · Ciberespaço, Soberania, Risco Social: desafios para Portugal Paulo Esteves-Veríssimo University of Luxembourg, SnT Professor, FNR PEARL

How are threats themselves evolving?

• targetedattacksandadvancedpersistentthreats

• weakening andsubversionofcommsandcomputingservices

• threats toprivacy:blanket datacollection

• sophisticated automatedcyberweapons

• organised crime

Page 10: Ciberespaço, Soberania, Risco Social€¦ · Ciberespaço, Soberania, Risco Social: desafios para Portugal Paulo Esteves-Veríssimo University of Luxembourg, SnT Professor, FNR PEARL

(Source: Adapted from Lipson, H. F., Tracking and Tracing Cyber-Attacks: Technical Challenges and Global Policy Issues, Special Report CMS/SEI-2002-SR-009, November 2002. (CERT)



1980 1985 1990 1995 2000

password guessingself-replicating code

password crackingexploiting known vulnerabilities

disabling auditsback doors

hijacking sessions


packet spoofing

GUIautomated probes/scans

denial of service

www attacks


Attackers“stealth” / advanced scanning techniques


network mgmt. diagnostics

DDOS attacks


Bot Nets

Embedded malicious


Attack sophistication vs. attacker expertise


Required Attacker expertise

AvailableAttack sophistication




Page 11: Ciberespaço, Soberania, Risco Social€¦ · Ciberespaço, Soberania, Risco Social: desafios para Portugal Paulo Esteves-Veríssimo University of Luxembourg, SnT Professor, FNR PEARL

Re-identifying de-identified dataOn the reidentifiability of credit card metadata

On the re-identifiability of credit card metadataYves-Alexandre de Montjoye et al., 2015

Page 12: Ciberespaço, Soberania, Risco Social€¦ · Ciberespaço, Soberania, Risco Social: desafios para Portugal Paulo Esteves-Veríssimo University of Luxembourg, SnT Professor, FNR PEARL

The power of metadata ...

Page 13: Ciberespaço, Soberania, Risco Social€¦ · Ciberespaço, Soberania, Risco Social: desafios para Portugal Paulo Esteves-Veríssimo University of Luxembourg, SnT Professor, FNR PEARL

Recent evolution

• thebalanceamongstvulnerabilities,threatsanddependence mustbekept,lesttheriskmayincrease

• buttherecentevolutionhasbeenopposite ofthat:

– dependence of society on ICTis very high

– increase ofthreatshasbeenignored

– increaseofvulnerabilitieshasnotbeenstopped

• societyis adopting cyber risk behaviours

Page 14: Ciberespaço, Soberania, Risco Social€¦ · Ciberespaço, Soberania, Risco Social: desafios para Portugal Paulo Esteves-Veríssimo University of Luxembourg, SnT Professor, FNR PEARL

Summarizing: Threat Landscape

• Powerful adversary actors

• Availabilityofsophisticatedcyberweaponry

• Datacorrelations previously impossible

• Inbig data,meta-datais data

• Elevatedriskinallcybercomponents

Page 15: Ciberespaço, Soberania, Risco Social€¦ · Ciberespaço, Soberania, Risco Social: desafios para Portugal Paulo Esteves-Veríssimo University of Luxembourg, SnT Professor, FNR PEARL


• Generalisedtrendtowardblanketdataand“meta-data”collection

• Deliberateweakeningofcommunicationandcomputingsystemsinfrastructures

• Experimentalsabotage and kinetic cyber attacks• Escalationincyberweapondevelopment,passive


Page 16: Ciberespaço, Soberania, Risco Social€¦ · Ciberespaço, Soberania, Risco Social: desafios para Portugal Paulo Esteves-Veríssimo University of Luxembourg, SnT Professor, FNR PEARL

We live a non-declared low-intensity cyber-war, under a cyber-weapons proliferation ambience.Without proper “cyber-Geneva” and “anti-Proliferation” treaties, this can scale-up unexpectedly

Page 17: Ciberespaço, Soberania, Risco Social€¦ · Ciberespaço, Soberania, Risco Social: desafios para Portugal Paulo Esteves-Veríssimo University of Luxembourg, SnT Professor, FNR PEARL

Some reflections on cyberspace strategy

Page 18: Ciberespaço, Soberania, Risco Social€¦ · Ciberespaço, Soberania, Risco Social: desafios para Portugal Paulo Esteves-Veríssimo University of Luxembourg, SnT Professor, FNR PEARL

On the asymmetric nature of cyberspace

• Risk is directly proportional tonation development• CIIcentralisation and interdependence induces

escalation and threat amplification• Cyber attack capability is not directly proportional

tonation development or wealth• Kinetic cyber attacks (e.g.SCADArelated)within

potential reach of otherwise weak actors• Highpotentialdisturbancemomentumof


Page 19: Ciberespaço, Soberania, Risco Social€¦ · Ciberespaço, Soberania, Risco Social: desafios para Portugal Paulo Esteves-Veríssimo University of Luxembourg, SnT Professor, FNR PEARL

Fundamental principles of a winning strategy for protection of the society

• CybersecurityandCyberdefense, twocomplementaryandsymbioticinstancesofsocietyprotection

• SecurityandPrivacy,twofacesofthesamecoin

Page 20: Ciberespaço, Soberania, Risco Social€¦ · Ciberespaço, Soberania, Risco Social: desafios para Portugal Paulo Esteves-Veríssimo University of Luxembourg, SnT Professor, FNR PEARL

Cybersecurity = Cyberdefense: dangerous equation• cybersecurity coversmostlymediateandproactive

concepts,adequatetotimesofpeace• (inclusiveofcivilsociety,prevention,earlywarning,trainingand


• cyberdefense coversmostlyimmediateandreactiveconcepts,adequatetotimesofdisturbance/damage

• (drasticand/orkineticdefenceand/orcounterattack/offenseactions)

• noreasonforconsideringthatcyberspaceshouldescapedemocraticruleoflawprinciples,or,forthatmatter,generalwarfareprinciples

Page 21: Ciberespaço, Soberania, Risco Social€¦ · Ciberespaço, Soberania, Risco Social: desafios para Portugal Paulo Esteves-Veríssimo University of Luxembourg, SnT Professor, FNR PEARL

Security vs. Privacy: wrong equation

• Privacyis securityfromtheperspectiveofanindividualorcollectiveperson,orcollectionthereof.

• Blanketsacrificeofprivacymeansdestroyingvalue (ofhugesetsofindividuals,organisations,orevennation’sbusinesssectors)

• Thesentencesomanytimespronouncedbypoliticiansactuallymeansacontradictioninterms:– “wemustunderminethesecurityoftheindividualsand

organisations ofawholenationtopreservethesecurityofthenation”(!)

Page 22: Ciberespaço, Soberania, Risco Social€¦ · Ciberespaço, Soberania, Risco Social: desafios para Portugal Paulo Esteves-Veríssimo University of Luxembourg, SnT Professor, FNR PEARL

Epilogue: key strategic measures for global détente

threats became global,persistent,and perpetrated by powerful,motivated,competent and non-regulated adversaries

it is impossible todopervasive and blanket datacollection withoutdamaging society and democracy asawhole

underminingintegrityand trustworthiness of theinfosocietyandinfrastructurecanbe disastrous

Before it is toolate,we must:setclearmissionsforcybersecurityandcyberdefense

redefineprivacyasaformofsecuritygobacktotargetedsurveillanceunderdemocraticruleoflawregulate the commercial rights foracquisition of private info

regulate international trade in ICT

Page 23: Ciberespaço, Soberania, Risco Social€¦ · Ciberespaço, Soberania, Risco Social: desafios para Portugal Paulo Esteves-Veríssimo University of Luxembourg, SnT Professor, FNR PEARL


PauloEsteves-VeríssimoUniversity of Luxembourg Faculty of Science,Technology and Communication _

andSnT,theInterdisciplinary CentreforSecurity,Reliability andTrustPEARLChairsponsored bytheLuxembourgNationalResearchFund(FNR)

[email protected] http://wwwen.uni.lu/snt/people/paulo_esteves_verissimo


