War Against Terrorism: The Role of Today’s CIO

Ayo Rotibi Managing Director

Forts & Shields Ltd (US, Kenya, Nigeria)

“The Internet is a prime example of how terrorists can behave in a truly transnational way; in response, States need to think and function in an equally transnational manner.”

Ban ki-moon

The Art of War

The Art of War is simple

enough. Find out where

your enemy is. Get at

him as soon as you can.

Strike him as hard as

you can and as often as

you can, and keep

moving on. (Ulysses S. Grant)

18th US President. Led the Union to victory over the Confederacy in the American Civil War

www.terror.net – The Modern Terrorists

Internet-aided terrorism is a dynamic phenomenon and transnational

Terrorist websites target three different audiences: current and potential supporters; international public opinion; and enemy publics

Ways contemporary terrorists use the Internet:

•From conducting psychological warfare to gathering information, from training to fundraising, from propagandizing to recruiting, and from networking to planning and coordinating terrorist acts.

www.terror.net – The Modern Terrorists

Workplace has been the primary target of terrorism

•WTC Building, Garisa University, Westgate Mall

Many workplaces upon which citizens rely to reach work are relatively unprotected

•St Pancreas Underground

"We use Facebook to schedule the protests, Twitter to co-ordinate and YouTube to tell the world.“ An

Egyptian Arab Spring Activist

www.terror.net – The Modern Terrorists

Dateline: September 2013

•Al Qaeda opens first official Twitter account

•@shomokhalislam, issued 29 tweets, followed one account, and attracted 1,532 followers in 24 hours (including several high-profile digital jihadists)

@shomokhalislam

www.terror.net – The Modern Terrorists

Breaking News... Amazon Halts sales of ISIS propaganda Magazine

Darknet – The New Terror Frontier

Adopted platform for direct communication among global jihadi activists •Over 50,000 sites and 300 forums for terrorist

organizations

•Used to distribute material for recruitment, training, and coordination of terrorist

• Informed the travel warning and closure of some US embassies in August 2013

Darknet – The New Terror Frontier

A Course in the Art of Recruiting • https://ia800300.us.archive.org/32/items/ACourseInTheArtOfRecruiting-

RevisedJuly2010/A_Course_in_the_Art_of_Recruiting_-_Revised_July2010.pdf

ISIS and the Lonely Young American • http://www.nytimes.com/2015/06/28/world/americas/isis-online-recruiting-american.html

Kenya’s Global Terrorism Index (GTI)

Year Incidents Fatalities Injuries Properties GTI Rank (out of 162)

2009 1 0 0 0 4.47 27

2010 12 19 159 4 4.81 24

2011 38 37 98 7 5.15 19

2012 73 98 410 34 6.06 14

2013 74 201 442 22 6.58 12

http://www.visionofhumanity.org/#page/indexes/terrorism-index/2013/KEN/FATA

Cyber-threat Barometer: Any Ideas?

Leading Cyber Attack Method

•Social Engineering

Leading Threat

•Insider (with Authorized Access)

Leading Vulnerability

•People

Kenya’s Cyber Goals

Enhance the nation’s cybersecurity posture in a manner that facilitates the country’s growth, safety, and prosperity.

Build national capability by raising cybersecurity awareness and developing Kenya’s workforce to address cybersecurity needs.

Foster information sharing and collaboration among relevant stakeholders to facilitate an information sharing environment focused on achieving the Strategy’s goals and objectives.

Insider threat

Have legitimate access to systems

Often familiar with the organization's data

Abuse privileges to harm the organization

Circumvent security controls of which they are aware

Have physical proximity to data

Harder to defend against than attacks from outsiders

The 58% Theory-The Insider Family

The Rogue Employee

•AKA: Shadow IT, Rogue IT

•Description: They have many aliases, but one definite goal – to take valuable data and leverage it into monetary gain, revenge or even some revolutionary crusade

The 58% Theory-The Insider Family

Fired / Disgruntled Worker

•AKA: Pinch a Penny from a 1 million Transactions

•Description: Think Office Space – where workers on their way out devise a way to rip off the company

The 58% Theory-The Insider Family

3rd Party and Outside Insider

•AKA: The Ulterior Motivator

•Description: Your temporary contractor or third-party vendor is around so much that your office is almost his second home. He may fraternize with employees and gain the trust of your crew – but who is really watching over

The 58% Theory-The Insider Family

Inadvertent Users

•AKA: Not the Brightest Crayon in the Box

•Description: Believe it not, inadvertent insider threats make up a good portion of data breaches– thanks to the consumerization of IT, the mobility of data and the smartphone trend, it is easier for company data to move beyond traditional firewalls

The 58% Theory-The Insider Family

Personalization Guru

•AKA: The Guy Who Brings Home to Work

•Description: This guy is a disaster waiting to happen. They are the ones who want their workstation to be a basic clone of their personal laptop. They want to have all the applications, tools and software –to bypass admin rights

The 58% Theory-The Insider Family

The Night Janitor

•AKA: The Unsuspecting Pirate

•Description: The support staff is in your office at strange hours with no supervision really at all. Don't let the false characterizations and stereotypes fool you – criminals and social engineers would not lose a sweat getting employed as a janitor just to have your server room to themselves.

Exposure in the Workplace

Types of Sensitive Corporate Information Employees Access (http://www.ponemon.org/blog/the-security-impact-of-mobile-device-use-by-employees)

Exposure in the Workplace

Types of Personal Tasks Employees Do in the Workplace (http://www.ponemon.org/blog/the-security-impact-of-mobile-device-use-by-employees)

Exposure in the Workplace

Content Accessed on Mobile Devices As Permitted By Enterprise (http://www.ponemon.org/blog/the-security-impact-of-mobile-device-use-by-employees)

Food For Thought

What Will You Do If You Knew You

Were Under Surveillance?

4 Cyber-Breach Questions

What: •Happened? Was Stolen? Was Compromised?

How:

•Did They Do It? To Prevent Reoccurrence?

Who:

•Did It? Is Affected?

When:

•Did They Do It? Can Recovery Begin?

CIOs must leverage this singular advantage and take a stand on the new encryption regime introduced by FB, Google and Apple

Nothing is Hidden Under the Hood

Every online activity leaves a Digital Footprint

The Role of The CIO

Due Care: Conduct a reasonable person would exercise in a particular situation

•Security is Good Business

•Security is Everybody’s Business

Due Diligence: Gathers facts to make an informed decision

•Additional Internal Control procedure – Network Forensics

Threat awareness, assessment, and perception

Efficient information flow within corporations, between corporations, and between corporations and local and federal government agencies

National Domestic Communication Assistance Center

Core functions: • Law Enforcement

Coordination

• Industry Relations

• Technology Sharing

• CALEA Implementation

Government's first ever attempt to develop a centre for electronic surveillance knowledge management, and facilitate the sharing of technical solutions and know-how among law enforcement agencies

What if...

...we all work together for a common purpose?

...we aspire to build a Regional NDCAC to foster stronger collaboration and complement Kenya CIRT/CERT?

...we foster stronger collective relationship with LEA and Government

...we leave this conference with a resolution to make SOMETING happen?

...we...?

Proposed Initiatives

Initiate targeted knowledge dissemination programs

Provide real time knowledge dissemination to corporate members

Develop lessons learned from corporate incidences

Modify existing Users and Internet Usage Policies to include Internal Surveillance

Establish a Regional NDCAC

A Little Story

Breaking News

Eiffel Tower for Sale!

Moral Lesson:

Share Information

Conclusion

CIOs have been dragged into the War Against Terrorism

The Enterprise landscape has changed forever – FACT

The Internet offers us opportunity to prevent, detect and deter acts of terrorism

CIOs have a responsibility to secure their enterprise

CIOs need to know about human psychology and behavioural attitude

Real-time Digital Forensics will become a major tool in identifying these threat agents

CIO must determine that their enterprise network does not become a recruitment ground or a conduit for fund-raising and propaganda

For Further Information and Demo:

•Email: arotibi@isecureconsulting.com

•Phone: +254-786-834-158, +254-772-299-802

•Skype: arotibi

•Forts & Shields, 63 Mandera Rd, Kileleshwa, Nairobi, Kenya

•www.fortsandshields.com

•www.isecureconsulting.com

Questions