1.

2. Our Purpose Copyright 2010 Semantech Inc., All Rights Reserved

This presentation is designed to highlight both sides of the Cyber Security story:

• • Side 1 ( The Public View ) The impact of Cyber Security on society and the current management of information systems.

• • Side 2 ( The Provider View ) The necessary evolution of Security practices which are emerging as a result of those impacts.

We also intend to help clarify concepts and issues by examining or in some cases redefining key terms

3. The Firstin a Series

This presentation is the first in a series of issue or concept focused presentations on various aspects of Cyber Security.

Future presentations will provide focus on individual topics such as:

• • Security Architecture

• • Cyber Security Analytics

• • Exploits & Vulnerabilities

• • Cyber Security, Privacy & Net Neutrality

• • Cyber Security & the Cloud

• • Cyber Security & Data Protection

• • The Cyber Security Workforce

Copyright 2010 Semantech Inc., All Rights Reserved 4. The Impact of Cyber Security Copyright 2010, All Rights Reserved 5. TheCulturalImpact

Its Personal Cyber Security issues now impact every individual who uses a computer. Its no longer science fiction millions of people worldwide are the victims of cyber-crimes.

Its Business Every business today is dependent on information and vulnerable to one or more type of Cyber attacks (even those w/o online sites).

Its War In fact it is already becoming the next Cold War. Cyber operations are also becoming increasing integrated into active conflicts.

Copyright 2010 Semantech Inc., All Rights Reserved 6. TheOfficialImpact Nations are redefining how they do business and spending an ever-growing amount of money on security-related mitigation. But is it working? To date, it only seems as though the problem is getting worse and Cyber adversaries have a cost advantage that puts defenders at a permanent disadvantage.Copyright 2010 Semantech Inc., All Rights Reserved 7. TheSolutionImpact

Its Evolving But at a fairly slow pace compared to the problem space. This disparity will only grow wider as the pace of change continues to quicken.

Its Getting Complicated There is no longer any realistic expectation of a single solution or even a single family of solutions that can provide a comprehensive approach to the problem space.

A Fresh Perspective Is whats needed. We can either react to ever-growing complexity and disruption by adding more layers of complication ourselves orwe can manage the patterns

Copyright 2010 Semantech Inc., All Rights Reserved 8. Defining Cyber Security Copyright 2010 Semantech Inc., All Rights Reserved 9. Technology& Modern Life

In 1990 one book tracking future trends failed to include the following words in its index; Online, Email, Internet, Hacking, Computer Virus

Within a few years those technologies and issues have come to dominate modern society.

When we address Cyber Security were talking about technology infrastructure, applications, data and human interaction. These elements are no longer limited to wired net, they now also encompass all forms ofconvergedIP-based communications.

Copyright 2010 Semantech Inc., All Rights Reserved 10.

Cyberspace is unique and ubiquitous; it is both its own domain as well as a dimension within all other (functional) domains.

Cyberspace is both the medium and the message in many cases. Anything that might involve IP data transfer or communications has a cyber component.

Cyberspace represents a single point of failure for the Federal Government. It provides asymmetrical opponents the opportunity to disrupt and defeat a vastly superior foe.

What isCyberSpace ? Copyright 2010 Semantech Inc., All Rights Reserved 11. What isCyber Warfare?

Cyber Warfare is by nature asymmetric, even when conducted by traditional nation-state opponents.

Cyber Warfare is non-kinetic only in the most direct sense, if we view Cyber Operations separate from conventional operations. As soon as we consider that conventional operations that rely on IT capability are Cyber Operations then Cyber can become both Kinetic and Non-Kinetic in nature.

Cyber Attacks can be real-time events or time-delayed events. They can originate from anywhere or be triggered from anywhere and originate from within our perimeters. They occur in multi-dimension Cyberspace as well as in conventional warfare frames of reference.

Copyright 2010 Semantech Inc., All Rights Reserved 12. What isCyber Security ?

Cyber Security is an all-encompassing domain of information technology it comprises the entire set of security-related technologies and issues.

Without a single perspective for security management, the hundreds of related yet technically distinct aspects of thisproblem spacecould become unmanageable (and in fact many would argue thats exactly what were facing right now).

Problem Space=A related set of concepts or issues united by shared challenges and inter-dependencies.

Copyright 2010 Semantech Inc., All Rights Reserved 13. Security isSymbiotic Cyber Security as a concept represents a radical departure from the previous view of IT-related security.In the past, security was often viewed as a separate discipline or as an afterthought. Cyber Security acknowledges that IT security must be symbiotic from now onCopyright 2010 Semantech Inc., All Rights Reserved 14. Cyber isnotHype

Cyber Security has gotten a lot of attention and some of it at times appears like other typical IT solution hype cycles.

The attention being given to Cyber Security today is often focused on trying to define the problem and assess the true threat level.

There is no single solution or even a single set of Cyber Security solutions being hyped what there is a recognition that were falling behind the curve and that a concerted effort is needed to manage the problem. Thats different from hype cycles

Copyright 2010 Semantech Inc., All Rights Reserved 15. What Cyber SecurityIsnt

Cyber Security isnt just the most obvious exploits or hacks used to breach perimeter security.The number of DDOS pings or breach attempts is meaningless if the intent of the attacks is not understood.

Cyber Security isnt any one focused solution for a particular security vulnerability or operational defense architecture.It is both its own domain while simultaneously being part of every other IT domain .

Cyber Security isnt something that will or even can go away.As long as our infrastructure remains networked and interdependent Cyber Security will remain critical .

Copyright 2010 Semantech Inc., All Rights Reserved 16. Problem SpaceTaxonomy

Threat Management This represents the ability to characterize, respond to or prevent threats.

Information orCyber Assurance The extension of current security practices and principles into the Cyber realm.

Infrastructure Management Both security architecture and all other architectures.

Cyber Operations Active Defense and Offense.

Cyber Integration Putting it all together

For the purposes of this presentation we will examine Cyber Security from five perspectives: Copyright 2010 Semantech Inc., All Rights Reserved 17. Threat Management Copyright 2010, All Rights Reserved 18. What isThreat Management

Its Analytical Threats must be both defined and identified and later recognized when they occur.

Its Operational Threat Management is an active component of every security architecture already anti-virus software and firewalls have massive data stores of threat related information which they apply. The sources and exploitation of Threat data continues to grow constantly.

Its Part of a Larger Lifecycle Viewing threats outside of either the attack lifecycle or the defense solution lifecycle will provide an incomplete view.

Its both Strategic & Tactical And it must be linked

Copyright 2010 Semantech Inc., All Rights Reserved 19. Understanding CyberThreats Copyright 2010 Semantech Inc., All Rights Reserved 20. CyberThreats are Patterns

Cyber Security shares a similar problem with the rest of information technology information overload .

There is already too much information for operators to analyze rapidly, thus the practice ofForensicsinvolves serious time delays in providing relevant information and most of it isnt actionable.

The key to managing threats is understanding them the key to understanding them is to find a way to map them against specific behaviors or events. The activities which help provide this definition and mapping represents the core of Threat Management.

Copyright 2010 Semantech Inc., All Rights Reserved 21. Information Assurance Copyright 2010, All Rights Reserved 22. Confidentiality- Confidential information must only be accessed, used, copied, or disclosed by users who have been authorized, Integrity- Integrity means data can not be created, changed, or deleted without proper authorization. Authenticity- Authenticity is necessary to ensure that the users or objects (like documents) are genuine (they have not been forged or fabricated). Availability- Availability means that the information, the computing systems used to process the information, and the security controls used to protect the information are all available and functioning correctly when the information is needed. Non-Repudiation- When one party of a transaction cannot deny having received a transaction nor can the other party deny having sent a transaction.Network and System Security capabilities when viewed together map to the core tenants of Information Assurance: Information AssuranceDefined Copyright 2010 Semantech Inc., All Rights Reserved 23. What isCyber Assurance?

Cyber Assurance includes one extremely important differentiation from Information Assurance a focus on theenterprise or multiple domains .

In other words,Cyber Assurance scalesInformation Assurance to whatever scope is needed to provide comprehensive security.

Information Assurance (IA)represents a set of guidelines for managing security related activities and systems. Originally it was developed in the context of individual systems and smaller networks. Adding Cyberscope extends but doesnt replace IA.

Copyright 2010 Semantech Inc., All Rights Reserved 24. MissionAssurance

Security is not an end unto itself, it is a means to ensure facilitation of other ends.

The mission/s of most enterprises or organizations now depend entirely on the availability of information technology. This is fairly well understood what isnt as well understood is the growing symbiosis of those missions and their enabling technologies.

This symbiosis is most critical in the context of security. Cyber Assurance by nature now encompasses mission assurance.

Copyright 2010 Semantech Inc., All Rights Reserved 25. Infrastructure Management Copyright 2010 Semantech Inc., All Rights Reserved 26. TheData Center

The Data Center has evolved quite a bit over the past 20 years. Data Centers have become more centralized, more powerful and generally more secure.

Currently, Data Centers are undergoing a Virtualization Revolution which is allowing for better utilization of existing resources.

Individuals and organizations which dont manage their own Data Centers inevitably end up depending on some elses.

Copyright 2010 Semantech Inc., All Rights Reserved 27. TheNetwork

Networks have evolved as well. Internet Protocol or IP has allowed for convergence of many types of networks:

• • The wired backbone (much of which now is fiber optic).

• • The wired telephone backbone.

• • Various wireless telephony networks.

• • Satellite Networks.

• • Smaller, targeted wired and wireless networks (some riding on the larger infrastructure, some not).

Security must be considered at all points in every network

Copyright 2010 Semantech Inc., All Rights Reserved 28. Today &Tomorrow Infrastructure will becomeintelligent Copyright 2010 Semantech Inc., All Rights Reserved 29. Cyber Operations Copyright 2010 Semantech Inc., All Rights Reserved 30. What is CyberOperations?

In the past, the term Cyber-Operations if used at all tended to refer to operations that exclusively applied Cyber capabilities.

In the future, this is likely to change any operations which require Cyber capabilities to fulfill mission objectives could considered Cyber Operations.

Why the emphasis on Cyber as opposed to traditional ops? Because knowing that a once non-Cyber op is now wholly reliant on Cyber capabilities to carry it out changes the nature of the operation as well as how we should manage it

Copyright 2010 Semantech Inc., All Rights Reserved 31. Principle -Defensive Complexity

One of the most important principles associated with Cyber Assurance is the recognition that it is mucheasier to attack than to defend .

An attacker only needs to understand a portion of the technical architecture to compromise it. The Defenders must understand the entire infrastructure to defend it as well as understanding the organizations which manage them and understanding the nature of both internal and external attackers.

Becoming an expert in all aspects of IT and Operational Security is quite simply overwhelming .

Copyright 2010 Semantech Inc., All Rights Reserved 32. Cyber Ops &NETOPS

Much of the activity currently associated with the concept of Cyber Security is referred to as NETOPS or Network Operations.

As the name implies, NETOPS involves network security but also encompasses aspects of IA, system level security and infrastructure management.

The current weakness associated with NETOPS is its focus on perimeter security in limited contexts. Cyber Operations in contrast encompasses all elements in fielded solutions as well as theentire solution lifecycle.

Copyright 2010 Semantech Inc., All Rights Reserved 33. Cyber Integration Copyright 2010 Semantech Inc., All Rights Reserved 34. Cyber Integration inContext Copyright 2010 Semantech Inc., All Rights Reserved 35. What isCyber Integration?

Cyber Integration supportsbothsolution development and solution operations.

Cyber Integration centers around the ability to pass data from one solution element to another as well as the ability to synchronize related processes.

Cyber Integration is a relatively new discipline in that it directly responds to the recent mandate that Cyber Security solutions support both enterprise and multiple domain level scale.

Cyber Integration is where the majority of new &intelligentsecurity capabilities will arise from

Copyright 2010 Semantech Inc., All Rights Reserved 36. We must redefine how we managecomplexity CyberSemantics Copyright 2010 Semantech Inc., All Rights Reserved 37. Conclusion

Any intelligent device that can pass data to one or more other devices (either through a network or not) is encompassed within the scope of Cyber Security that includes pretty much the entire foundation of modern society .

Not viewing security from this scope is the single biggest risk associated with Cyber Terrorism, Cyber Crime or Cyber Warfare.

In our following presentations, we will drill down to more specific issues and examples that will help illustrate what direction the practice of Cyber Security must proceed to match the growing threat.

Copyright 2010 Semantech Inc., All Rights Reserved 38. CCS Practice Contact Information CCS Integration Partners For more information, visithttp://www.cyber-ccs.com or contact: Stephen Lahanas [email_address] Copyright 2010 Semantech Inc., All Rights Reserved