2. Our Purpose Copyright 2010 Semantech Inc., All Rights
Reserved
- This presentation is designed to highlight both sides of the
Cyber Security story:
-
-
- Side 1 ( The Public View ) The impact of Cyber Security on
society and the current management of information systems.
-
-
- Side 2 ( The Provider View ) The necessary evolution of
Security practices which are emerging as a result of those
impacts.
- We also intend to help clarify concepts and issues by examining
or in some cases redefining key terms
3. The Firstin a Series
- This presentation is the first in a series of issue or concept
focused presentations on various aspects of Cyber Security.
- Future presentations will provide focus on individual topics
such as:
-
-
- Exploits & Vulnerabilities
-
-
- Cyber Security, Privacy & Net Neutrality
-
-
- Cyber Security & the Cloud
-
-
- Cyber Security & Data Protection
-
-
- The Cyber Security Workforce
Copyright 2010 Semantech Inc., All Rights Reserved 4. The Impact
of Cyber Security Copyright 2010, All Rights Reserved 5.
TheCulturalImpact
- Its Personal Cyber Security issues now impact every individual
who uses a computer. Its no longer science fiction millions of
people worldwide are the victims of cyber-crimes.
- Its Business Every business today is dependent on information
and vulnerable to one or more type of Cyber attacks (even those w/o
online sites).
- Its War In fact it is already becoming the next Cold War. Cyber
operations are also becoming increasing integrated into active
conflicts.
Copyright 2010 Semantech Inc., All Rights Reserved 6.
TheOfficialImpact Nations are redefining how they do business and
spending an ever-growing amount of money on security-related
mitigation. But is it working? To date, it only seems as though the
problem is getting worse and Cyber adversaries have a cost
advantage that puts defenders at a permanent disadvantage.Copyright
2010 Semantech Inc., All Rights Reserved 7. TheSolutionImpact
- Its Evolving But at a fairly slow pace compared to the problem
space. This disparity will only grow wider as the pace of change
continues to quicken.
- Its Getting Complicated There is no longer any realistic
expectation of a single solution or even a single family of
solutions that can provide a comprehensive approach to the problem
space.
- A Fresh Perspective Is whats needed. We can either react to
ever-growing complexity and disruption by adding more layers of
complication ourselves orwe can manage the patterns
Copyright 2010 Semantech Inc., All Rights Reserved 8. Defining
Cyber Security Copyright 2010 Semantech Inc., All Rights Reserved
9. Technology& Modern Life
- In 1990 one book tracking future trends failed to include the
following words in its index; Online, Email, Internet, Hacking,
Computer Virus
- Within a few years those technologies and issues have come to
dominate modern society.
- When we address Cyber Security were talking about technology
infrastructure, applications, data and human interaction. These
elements are no longer limited to wired net, they now also
encompass all forms ofconvergedIP-based communications.
Copyright 2010 Semantech Inc., All Rights Reserved 10.
- Cyberspace is unique and ubiquitous; it is both its own domain
as well as a dimension within all other (functional) domains.
- Cyberspace is both the medium and the message in many cases.
Anything that might involve IP data transfer or communications has
a cyber component.
- Cyberspace represents a single point of failure for the Federal
Government. It provides asymmetrical opponents the opportunity to
disrupt and defeat a vastly superior foe.
What isCyberSpace ? Copyright 2010 Semantech Inc., All Rights
Reserved 11. What isCyber Warfare?
- Cyber Warfare is by nature asymmetric, even when conducted by
traditional nation-state opponents.
- Cyber Warfare is non-kinetic only in the most direct sense, if
we view Cyber Operations separate from conventional operations. As
soon as we consider that conventional operations that rely on IT
capability are Cyber Operations then Cyber can become both Kinetic
and Non-Kinetic in nature.
- Cyber Attacks can be real-time events or time-delayed events.
They can originate from anywhere or be triggered from anywhere and
originate from within our perimeters. They occur in multi-dimension
Cyberspace as well as in conventional warfare frames of
reference.
Copyright 2010 Semantech Inc., All Rights Reserved 12. What
isCyber Security ?
- Cyber Security is an all-encompassing domain of information
technology it comprises the entire set of security-related
technologies and issues.
- Without a single perspective for security management, the
hundreds of related yet technically distinct aspects of thisproblem
spacecould become unmanageable (and in fact many would argue thats
exactly what were facing right now).
- Problem Space=A related set of concepts or issues united by
shared challenges and inter-dependencies.
Copyright 2010 Semantech Inc., All Rights Reserved 13. Security
isSymbiotic Cyber Security as a concept represents a radical
departure from the previous view of IT-related security.In the
past, security was often viewed as a separate discipline or as an
afterthought. Cyber Security acknowledges that IT security must be
symbiotic from now onCopyright 2010 Semantech Inc., All Rights
Reserved 14. Cyber isnotHype
- Cyber Security has gotten a lot of attention and some of it at
times appears like other typical IT solution hype cycles.
- The attention being given to Cyber Security today is often
focused on trying to define the problem and assess the true threat
level.
- There is no single solution or even a single set of Cyber
Security solutions being hyped what there is a recognition that
were falling behind the curve and that a concerted effort is needed
to manage the problem. Thats different from hype cycles
Copyright 2010 Semantech Inc., All Rights Reserved 15. What
Cyber SecurityIsnt
- Cyber Security isnt just the most obvious exploits or hacks
used to breach perimeter security.The number of DDOS pings or
breach attempts is meaningless if the intent of the attacks is not
understood.
- Cyber Security isnt any one focused solution for a particular
security vulnerability or operational defense architecture.It is
both its own domain while simultaneously being part of every other
IT domain .
- Cyber Security isnt something that will or even can go away.As
long as our infrastructure remains networked and interdependent
Cyber Security will remain critical .
Copyright 2010 Semantech Inc., All Rights Reserved 16. Problem
SpaceTaxonomy
- Threat Management This represents the ability to characterize,
respond to or prevent threats.
- Information orCyber Assurance The extension of current security
practices and principles into the Cyber realm.
- Infrastructure Management Both security architecture and all
other architectures.
- Cyber Operations Active Defense and Offense.
- Cyber Integration Putting it all together
For the purposes of this presentation we will examine Cyber
Security from five perspectives: Copyright 2010 Semantech Inc., All
Rights Reserved 17. Threat Management Copyright 2010, All Rights
Reserved 18. What isThreat Management
- Its Analytical Threats must be both defined and identified and
later recognized when they occur.
- Its Operational Threat Management is an active component of
every security architecture already anti-virus software and
firewalls have massive data stores of threat related information
which they apply. The sources and exploitation of Threat data
continues to grow constantly.
- Its Part of a Larger Lifecycle Viewing threats outside of
either the attack lifecycle or the defense solution lifecycle will
provide an incomplete view.
- Its both Strategic & Tactical And it must be linked
Copyright 2010 Semantech Inc., All Rights Reserved 19.
Understanding CyberThreats Copyright 2010 Semantech Inc., All
Rights Reserved 20. CyberThreats are Patterns
- Cyber Security shares a similar problem with the rest of
information technology information overload .
- There is already too much information for operators to analyze
rapidly, thus the practice ofForensicsinvolves serious time delays
in providing relevant information and most of it isnt
actionable.
- The key to managing threats is understanding them the key to
understanding them is to find a way to map them against specific
behaviors or events. The activities which help provide this
definition and mapping represents the core of Threat
Management.
Copyright 2010 Semantech Inc., All Rights Reserved 21.
Information Assurance Copyright 2010, All Rights Reserved 22.
Confidentiality- Confidential information must only be accessed,
used, copied, or disclosed by users who have been authorized,
Integrity- Integrity means data can not be created, changed, or
deleted without proper authorization. Authenticity- Authenticity is
necessary to ensure that the users or objects (like documents) are
genuine (they have not been forged or fabricated). Availability-
Availability means that the information, the computing systems used
to process the information, and the security controls used to
protect the information are all available and functioning correctly
when the information is needed. Non-Repudiation- When one party of
a transaction cannot deny having received a transaction nor can the
other party deny having sent a transaction.Network and System
Security capabilities when viewed together map to the core tenants
of Information Assurance: Information AssuranceDefined Copyright
2010 Semantech Inc., All Rights Reserved 23. What isCyber
Assurance?
- Cyber Assurance includes one extremely important
differentiation from Information Assurance a focus on theenterprise
or multiple domains .
- In other words,Cyber Assurance scalesInformation Assurance to
whatever scope is needed to provide comprehensive security.
- Information Assurance (IA)represents a set of guidelines for
managing security related activities and systems. Originally it was
developed in the context of individual systems and smaller
networks. Adding Cyberscope extends but doesnt replace IA.
Copyright 2010 Semantech Inc., All Rights Reserved 24.
MissionAssurance
- Security is not an end unto itself, it is a means to ensure
facilitation of other ends.
- The mission/s of most enterprises or organizations now depend
entirely on the availability of information technology. This is
fairly well understood what isnt as well understood is the growing
symbiosis of those missions and their enabling technologies.
- This symbiosis is most critical in the context of security.
Cyber Assurance by nature now encompasses mission assurance.
Copyright 2010 Semantech Inc., All Rights Reserved 25.
Infrastructure Management Copyright 2010 Semantech Inc., All Rights
Reserved 26. TheData Center
- The Data Center has evolved quite a bit over the past 20 years.
Data Centers have become more centralized, more powerful and
generally more secure.
- Currently, Data Centers are undergoing a Virtualization
Revolution which is allowing for better utilization of existing
resources.
- Individuals and organizations which dont manage their own Data
Centers inevitably end up depending on some elses.
Copyright 2010 Semantech Inc., All Rights Reserved 27.
TheNetwork
- Networks have evolved as well. Internet Protocol or IP has
allowed for convergence of many types of networks:
-
-
- The wired backbone (much of which now is fiber optic).
-
-
- The wired telephone backbone.
-
-
- Various wireless telephony networks.
-
-
- Smaller, targeted wired and wireless networks (some riding on
the larger infrastructure, some not).
- Security must be considered at all points in every network
Copyright 2010 Semantech Inc., All Rights Reserved 28. Today
&Tomorrow Infrastructure will becomeintelligent Copyright 2010
Semantech Inc., All Rights Reserved 29. Cyber Operations Copyright
2010 Semantech Inc., All Rights Reserved 30. What is
CyberOperations?
- In the past, the term Cyber-Operations if used at all tended to
refer to operations that exclusively applied Cyber
capabilities.
- In the future, this is likely to change any operations which
require Cyber capabilities to fulfill mission objectives could
considered Cyber Operations.
- Why the emphasis on Cyber as opposed to traditional ops?
Because knowing that a once non-Cyber op is now wholly reliant on
Cyber capabilities to carry it out changes the nature of the
operation as well as how we should manage it
Copyright 2010 Semantech Inc., All Rights Reserved 31. Principle
-Defensive Complexity
- One of the most important principles associated with Cyber
Assurance is the recognition that it is mucheasier to attack than
to defend .
- An attacker only needs to understand a portion of the technical
architecture to compromise it. The Defenders must understand the
entire infrastructure to defend it as well as understanding the
organizations which manage them and understanding the nature of
both internal and external attackers.
- Becoming an expert in all aspects of IT and Operational
Security is quite simply overwhelming .
Copyright 2010 Semantech Inc., All Rights Reserved 32. Cyber Ops
&NETOPS
- Much of the activity currently associated with the concept of
Cyber Security is referred to as NETOPS or Network Operations.
- As the name implies, NETOPS involves network security but also
encompasses aspects of IA, system level security and infrastructure
management.
- The current weakness associated with NETOPS is its focus on
perimeter security in limited contexts. Cyber Operations in
contrast encompasses all elements in fielded solutions as well as
theentire solution lifecycle.
Copyright 2010 Semantech Inc., All Rights Reserved 33. Cyber
Integration Copyright 2010 Semantech Inc., All Rights Reserved 34.
Cyber Integration inContext Copyright 2010 Semantech Inc., All
Rights Reserved 35. What isCyber Integration?
- Cyber Integration supportsbothsolution development and solution
operations.
- Cyber Integration centers around the ability to pass data from
one solution element to another as well as the ability to
synchronize related processes.
- Cyber Integration is a relatively new discipline in that it
directly responds to the recent mandate that Cyber Security
solutions support both enterprise and multiple domain level
scale.
- Cyber Integration is where the majority of new
&intelligentsecurity capabilities will arise from
Copyright 2010 Semantech Inc., All Rights Reserved 36. We must
redefine how we managecomplexity CyberSemantics Copyright 2010
Semantech Inc., All Rights Reserved 37. Conclusion
- Any intelligent device that can pass data to one or more other
devices (either through a network or not) is encompassed within the
scope of Cyber Security that includes pretty much the entire
foundation of modern society .
- Not viewing security from this scope is the single biggest risk
associated with Cyber Terrorism, Cyber Crime or Cyber Warfare.
- In our following presentations, we will drill down to more
specific issues and examples that will help illustrate what
direction the practice of Cyber Security must proceed to match the
growing threat.
Copyright 2010 Semantech Inc., All Rights Reserved 38. CCS
Practice Contact Information CCS Integration Partners For more
information, visithttp://www.cyber-ccs.com or contact: Stephen
Lahanas [email_address] Copyright 2010 Semantech Inc., All Rights
Reserved