IDENTIFYING THREATS IN A GLOBAL MARKETPLACE IDENTIFYING THREATS IN A GLOBAL MARKETPLACE Ira S. Somerson, BCFE, CPP Ira S. Somerson, BCFE, CPP Loss Management Consultants, Inc. Loss Management Consultants, Inc. stitute for Global Management Stud stitute for Global Management Stud And Temple CIBER And Temple CIBER Global Security Concerns Global Security Concerns October 2 & 3, 2003 October 2 & 3, 2003 The Philadelphia Federal Reserve The Philadelphia Federal Reserve
Transcript
IDENTIFYING THREATS IN A GLOBAL MARKETPLACEIDENTIFYING THREATS IN A GLOBAL MARKETPLACEIra S. Somerson, BCFE, CPPIra S. Somerson, BCFE, CPP
Loss Management Consultants, Inc.Loss Management Consultants, Inc.
Institute for Global Management StudiesInstitute for Global Management StudiesAnd Temple CIBERAnd Temple CIBER
The Philadelphia Federal ReserveThe Philadelphia Federal Reserve
““The regulatory, ethical, and legalThe regulatory, ethical, and legalframework that provide protectionsframework that provide protections
to us and individuals and to ourto us and individuals and to ourbusiness activities at home do notbusiness activities at home do not
apply abroad.” apply abroad.”
Overseas Security Advisory CouncilOverseas Security Advisory Council
LMCLMC™™
Western EuropeWestern Europe 28%28%
Latin AmericaLatin America 22%22%
Far East/Pacific Is.Far East/Pacific Is. 14%14%
Mid East/No AfricaMid East/No Africa 11%11%
Eastern EuropeEastern Europe 9%9%
South/Central AsiaSouth/Central Asia 9%9%
Sub Saharan AfricaSub Saharan Africa 7%7%
THREATS BY REGIONTHREATS BY REGION2003 to Date2003 to Date
LMCLMC™™Overseas Security Advisory Council - 2003Overseas Security Advisory Council - 2003
Fast FoodFast Food 35%35%
ReligiousReligious 17%17%
Soft DrinkSoft Drink 10%10%
OilOil 9%9%
RetailRetail 9%9%
FinancialFinancial 8%8%
HotelHotel 4%4%
AirlineAirline 4%4%
OtherOther 4%4%
THREATS BY INDUSTRY: 2003 to DateTHREATS BY INDUSTRY: 2003 to Date
LMCLMC™™Overseas Security Advisory Council - 2003Overseas Security Advisory Council - 2003
THREATS TO BE CONSIDERED IN ANTHREATS TO BE CONSIDERED IN AN INTERNATIONAL ENVIRONMENT INTERNATIONAL ENVIRONMENT
TERRORISMTERRORISM PERSONAL SECURITYPERSONAL SECURITY PERSONNEL SECURITYPERSONNEL SECURITY PHYSICAL SECURITY OF FACILITYPHYSICAL SECURITY OF FACILITY INFORMATION AND DATA SECURITYINFORMATION AND DATA SECURITY COMMUNICATIONS SECURITYCOMMUNICATIONS SECURITY INFRASTRUCTURE SECURITYINFRASTRUCTURE SECURITY
LMCLMC™™Overseas Security Advisory Council - 2003Overseas Security Advisory Council - 2003
THREATS TO BE CONSIDERED IN ANTHREATS TO BE CONSIDERED IN AN INTERNATIONAL ENVIRONMENT INTERNATIONAL ENVIRONMENT
DISGRUNTLED INSIDERSDISGRUNTLED INSIDERS CIVIL UNREST AND/OR CULTURAL CIVIL UNREST AND/OR CULTURAL
CONFLICTSCONFLICTS CRIMINAL THREATSCRIMINAL THREATS ECONOMIC COMPETITIONECONOMIC COMPETITION ACTS OF INTELLIGENCE SERVICES ACTS OF INTELLIGENCE SERVICES ACTS OF WARACTS OF WAR
LMCLMC™™Overseas Security Advisory Council - 2003Overseas Security Advisory Council - 2003
LMCLMC™™
LESSONS FROM RECENTLESSONS FROM RECENTCYBER ATTACK CASE STUDIESCYBER ATTACK CASE STUDIES
TERRORIST GROUPSTERRORIST GROUPS TERRORIST SYMPATHIZERS AND ANTI-TERRORIST SYMPATHIZERS AND ANTI-
U.S. HACKERSU.S. HACKERS TARGETED NATION-STATESTARGETED NATION-STATES THRILL SEEKERSTHRILL SEEKERS
INSTITUTE FOR SECURITY TECHNOLOGY STUDIESINSTITUTE FOR SECURITY TECHNOLOGY STUDIESAT DARTMOUTH COLLEGE, 9/22/01AT DARTMOUTH COLLEGE, 9/22/01
LMCLMC™™
CYBER ATTACKERS HAVE RECENTLY:CYBER ATTACKERS HAVE RECENTLY:
DEFACED ELECTRONIC INFORMATION DEFACED ELECTRONIC INFORMATION SITES IN THE UNITED STATES AND SITES IN THE UNITED STATES AND ALLIED COUNTRIES AND SPREAD ALLIED COUNTRIES AND SPREAD DISINFORMATION AND PROPAGANDA.DISINFORMATION AND PROPAGANDA.
INSTITUTE FOR SECURITY TECHNOLOGY STUDIESINSTITUTE FOR SECURITY TECHNOLOGY STUDIESAT DARTMOUTH COLLEGE, 9/22/01AT DARTMOUTH COLLEGE, 9/22/01
LMCLMC™™
CYBER ATTACKERS HAVE RECENTLY:CYBER ATTACKERS HAVE RECENTLY:
INSTITUTE FOR SECURITY TECHNOLOGY STUDIESINSTITUTE FOR SECURITY TECHNOLOGY STUDIESAT DARTMOUTH COLLEGE, 9/22/01AT DARTMOUTH COLLEGE, 9/22/01
DENIED SERVICE TO LEGITIMATE DENIED SERVICE TO LEGITIMATE COMPUTER USERS IN THE U.S. AND COMPUTER USERS IN THE U.S. AND ABROAD BY USE OF:ABROAD BY USE OF: WORMSWORMS VIRUSESVIRUSES OTHER COMPUTER WEAKNESSESOTHER COMPUTER WEAKNESSES
LMCLMC™™
CYBER ATTACKERS HAVE RECENTLY:CYBER ATTACKERS HAVE RECENTLY:
COMMITTED UNAUTHORIZED COMMITTED UNAUTHORIZED INTRUSIONS INTO SYSTEMS AND INTRUSIONS INTO SYSTEMS AND NETWORKS BELONGING TO THE NETWORKS BELONGING TO THE UNITED STATES AND ALLIED UNITED STATES AND ALLIED COUNTRIES, RESULTING IN CRITICAL COUNTRIES, RESULTING IN CRITICAL INFRASTRUCCTURE OUTAGES AND INFRASTRUCCTURE OUTAGES AND CORRUPTION OF VITAL DATA.CORRUPTION OF VITAL DATA.
INSTITUTE FOR SECURITY TECHNOLOGY STUDIESINSTITUTE FOR SECURITY TECHNOLOGY STUDIESAT DARTMOUTH COLLEGE, 9/22/01AT DARTMOUTH COLLEGE, 9/22/01
ONLINE RESOURCESONLINE RESOURCES www.cert.org (The Carnegie Mellon Computer
Emergency Response Team) www.fedcirc.gov (The Federal Computer Incident
Response Center) www.incidents.org (community and business
collaboration of victimization) www.ists.dartmouth.edu (The Institute for Security
Technology Studies at Dartmouth) www.nipe.gov (The National Infrastructure Protection
