Cybersecurity 101

What  words  come  to  mind  when  you  hear  cybersecurity  cyber-­‐security    cyber  security?  

 

The Internet enables…

3  

Agenda I.  Threat  Landscape  

II.  Domes;c  Debate    

III.  Interna;onal  Challenges  

IV.  Simula;on  

The Threat Landscape

§  Cyber  Space  &  Secur

ity  

Not all cyber events are “attacks”

Cyber  Intrusion  (Access  &  Persistent  Access):      Cyber  Espionage/  ExploitaAon:      Cyber  ABack:    

 Break  In/Poten;al  to  Break  In  

 Spying  and/or  Stealing  

 Disrup;on  or  Destruc;on  

Cyber Threat Matrix

7  

Na;on  States  

Organized  Crime  

Hacker  Groups  

Terrorist  Groups  

Lone  Hackers  

Computer Network Attack (CNA) v. Computer Network Exploitation (CNE)

Capability  

Intent  

CNE: Russia A  liMle  bit  “too  quiet?”  •  Nashi  •  Russian  Business  Network    U;liza;on:  •  Strategic  Espionage  •  Integrated  Military  Doctrine    Major  Events:  •  Estonia  (2007)  •  Georgia  (2008)  

 

CNE: China

Prolific  Economic  Espionage  •  Comment  Crew/APT1/PLA  61398      U;liza;on:  •  Poli;cal  Intelligence  •  Military  Intelligence  •  Economic  Espionage  

CNA: North Korea

Cost-­‐Effec;ve  Harassment  •  Reconnaissance  General  Bureau  •  DarkSeoul  Gang    Major  Events:  •  South  Korean  Banks    •  South  Korean  GPS  

CNA: Iran Asymmetric  Capabili;es  •  Iranian  Cyber  Army  •  Iranian  Cyber  Police  Force  •  Cudng  Sword  of  Jus;ce  •  Al  Qassam    Major  Events:  •  Shamoon  •  Opera;on  Ababil  

Syrian Electronic Army & Cyber Hizbollah Syrian  Electronic  Army  

§  Pro-­‐Assad  “Hack;vists”  §  Monitor  Syrian  Rebels  §  AMack  Western  Media  

Cyber  Hizbollah  

   §  Mobilize  &  Train  §  Spread  Doctrine  

The Domestic Debate

§  Cyber  Space  &  Secur

ity  

Should  companies  be  required  to  meet  certain  cybersecurity  standards?  

2012/13: The Debate on the Hill

Two  Key  Elements  of  the  debate:  1.  Cri;cal  Infrastructure  2.  Informa;on  Sharing  

16  

Critical Infrastructure Public  Health   Telecommunica;ons   Power  

Banks  Oil/Gas  

Transporta;on  

Water  Supply   Agriculture  

Information Sharing

§  What  are  you  sharing?    

§  Who  are  you  sharing  it  with?  

§  What  can  it  be  used  for?  

 

The Interest Groups Reduce  the  AMack  Surface  Create  a  Na;onal  Picture  

Anonymize  Info  Civilian  Agency  Clear  Defini;ons  

No  Mandates  Legal  Protec;on  

Na;onal  Security  Leaders  

Privacy  &  Civil  Liber;es  

Business  (Chamber  of  Commerce)  

POTUS Responds: Executive Order

Now What?

International Challenges

§  Cyber  Space  &  Secur

ity  

23  

The Onion Router

Messages  are  encrypted  mulAple  Ames  from  delivery  to  receipt  

TOR Stinks? YES  

NO  

Truman Worldview