Event: George Washington University -- National Security Threat Convergence: Violent Extremism and...

29
SRT Global Commercialization Strategy – September 2010 | © 2010 PRTM Proprietary 7 Ω Chuck Brooks Vice President Sutherland Government Solutions Wed, October 12, 2016 Terrorism and non-state actors The US Critical Infrastructure Sectors as Targets and Recent Examples

Transcript of Event: George Washington University -- National Security Threat Convergence: Violent Extremism and...

Page 1: Event: George Washington University -- National Security Threat Convergence: Violent Extremism and Cybersecurity

Chuck BrooksVice President Sutherland Government SolutionsWed, October 12, 2016

Terrorism and non-state actors The US Critical Infrastructure Sectors as Targets and Recent Examples

Page 2: Event: George Washington University -- National Security Threat Convergence: Violent Extremism and Cybersecurity

• “A few lines of code can wreak more havoc than a bomb.”

Hon. Tom Ridge (Former) Secretary of the U.S. Department of Homeland Security

• “The Internet was not built for security, yet we have made it the backbone of virtually all private-sector and government operations, as well as communications. Pervasive connectivity has brought dramatic gains in productivity and pleasure but has created equally dramatic vulnerabilities. Huge heists of personal information are common, and cybertheft of intellectual property and infrastructure penetrations continue at a frightening pace.”

Joel Brenner, the former counsel to the National Security Agency

The Cyber Threat

Page 3: Event: George Washington University -- National Security Threat Convergence: Violent Extremism and Cybersecurity

Major Threat Actors

Page 4: Event: George Washington University -- National Security Threat Convergence: Violent Extremism and Cybersecurity

Major Threat Actors

• Hacker/Script Kiddies/Hobbyist

• Insider Threat/Disgruntled Employee

• Hacktivist

• Industrial Espionage • Foreign Espionage

• Terrorist

• State Sponsored Attack

Page 5: Event: George Washington University -- National Security Threat Convergence: Violent Extremism and Cybersecurity

Major Threat Actors

• Hacker/Script Kiddies/Hobbyist

• Insider Threat/Disgruntled Employee

• Hacktivist

• Industrial Espionage • Foreign Espionage

• Terrorist

• State Sponsored Attack

Page 6: Event: George Washington University -- National Security Threat Convergence: Violent Extremism and Cybersecurity

Cyber-Threats

• Trojan. A Trojan is one of the most complicated threats among all. Most of the popular banking threats come from the Trojan family such as Zeus and SpyEye.

• Virus. A Virus is a malicious program where it replicates itself and aim to only destroy a computer. The ultimate goal of a virus is to ensure that the victim’s computer will never be able to operate properly or even at all.

• Worms; They can spread from one computer to another computer within a network or even the internet. The computer security risk here is, it will use up your computer hard disk space due to the replication and took up most of your bandwidth due to the spread.

• DDoS (Distributed Denial of Service) sends millions of traffic to a single server to cause the system to down with certain security feature disable so that they can do their data stealing.

• A Zero-day Vulnerability refers to a hole in software that is unknown to the vendor, which can be exploited by hackers before the vendor becomes aware and hurries to patch it up. They are becoming an increasingly powerful weapon of cyber espionage as countries become more connected to the internet

Page 7: Event: George Washington University -- National Security Threat Convergence: Violent Extremism and Cybersecurity

Cyber-Threats

• Spyware Is a Malware which is designed to spy on the victim’s computer

• Botnet. Botnet is something which is installed by a BotMaster to take control of all the computer bots via the Botnet infection

• Phishing. A fake website which is designed to look almost like the actual website is a form of phishing attack. The idea of this attack is to trick the user into entering their username and password into the fake login form which serves the purpose of stealing the identity of the victim

• Ransomware: in which hackers hold computers and even entire networks hostage for electronic cash payments. Ransomware has been around for more than a decade, but attacks have exploded in the past couple of years

Researchers have seen a 3,500% increase in the criminal use of ransomware

.

Page 8: Event: George Washington University -- National Security Threat Convergence: Violent Extremism and Cybersecurity

Critical Infrastructure

Page 9: Event: George Washington University -- National Security Threat Convergence: Violent Extremism and Cybersecurity

Securing Critical Infrastructure

• Government

• Military: Secrets, tactics, location of forces, tampering • Power Grid: Generator controls, power distribution controls

• Telecommunications: Phone, internet connectivity

• Transportation: Air traffic control, railway, bridge and highway, radar

• Energy/Fuel Supply: Locations of pipelines, types of fuel and amounts

• Banking and Finance: Asset protection, stock market

• Emergency Services: 911 system, disaster response, first responder coordination, deployment and locations

• Food and Water Infrastructure: Food and water distribution, process

Page 10: Event: George Washington University -- National Security Threat Convergence: Violent Extremism and Cybersecurity

Securing Critical Infrastructure

• The number of cyber incidents reported by federal agencies jumped more than 1,300 percent, from 5,503 to 77,183, over the 10 years through fiscal 2015

• Ransomware attacks on government agencies around the world have tripled in the past year

• About 4 percent of government agencies had been exposed to Nymaim, and 3 percent to Locky, both ransomware strains

• OPM Breach - heist of data on 22 million current and former federal employees

• Elections: In Illinois and Kansas registration databases were suspected of being hacked. Illinois hackers managed to download personal data on up to 200,000 state voters

• There is only one way to protect the voting system from a nation-state-funded cyberattack," "Use paper."

Page 11: Event: George Washington University -- National Security Threat Convergence: Violent Extremism and Cybersecurity

• Cybersecurity, information assurance, and resilience has become one of the largest areas of government spending at all agencies and is consistently ranked the top priority among government and industry CIOs in surveys

• In the U.S., most -approximately 85 per cent of the cybersecurity critical infrastructure is owned by the private sector and regulated by the public sector

• In 2013, President Obama issued Executive Order 13636 (“Improving Critical Infrastructure Cyber-security”) called for the establishment of a voluntary risk-based cyber-security framework between the private and public sectors

• Incident response to Industrial Control Systems -Supervisory Control and Data Acquisition (SCADA)

• The leader civilian agency in the government for public/private cooperation in cybersecurity is the Department of Homeland Security (DHS).

Cybersecurity -- Role of Government

Page 12: Event: George Washington University -- National Security Threat Convergence: Violent Extremism and Cybersecurity

Critical Security ControlsThe CIS Critical Security Controls are a recommended set of actions for cyber defense that provide specific and actionable ways to stop today's most pervasive and dangerous attacks (APTs – Advanced Persistent Threats)

1: Inventory of Authorized and Unauthorized Devices2: Inventory of Authorized and Unauthorized Software3: Secure Configurations for Hardware and Software on Mobile Devices, Laptops, Workstations, and Servers4: Continuous Vulnerability Assessment and Remediation5: Malware Defenses6: Application Software Security7: Wireless Access Control8: Data Recovery Capability9: Security Skills Assessment and Appropriate Training to Fill Gaps10: Secure Configurations for Network Devices such as Firewalls, Routers, and Switches11: Limitation and Control of Network Ports, Protocols, and Services12: Controlled Use of Administrative Privileges13: Boundary Defense14: Maintenance, Monitoring, and Analysis of Audit Logs15: Controlled Access Based on the Need to Know16: Account Monitoring and Control17: Data Protection18: Incident Response and Management19: Secure Network Engineering20: Penetration Tests and Red Team Exercises

Page 13: Event: George Washington University -- National Security Threat Convergence: Violent Extremism and Cybersecurity

Cybersecurity -DHS

• DHS is responsible for overseeing the protection of the.gov domain and for providing assistance and expertise to private sector owners and operators. The agency’s work benefits the information technology community and the public at-large.

• DHS plays a key role in securing the federal government's civilian cyber networks and helping to secure the broader cyber ecosystem

• US-CERT is responsible for analyzing and reducing cyber threats, vulnerabilities, disseminating cyber threat warning information, and coordinating incident response activities. The division brings advanced network and digital media analysis expertise to bear on malicious activity targeting the networks within the United States and abroad

Page 14: Event: George Washington University -- National Security Threat Convergence: Violent Extremism and Cybersecurity

Energy

• Protecting The Grid

• Utilities and Power Plants

• Solar Energy

• Data Centers

• Water Systems

• Oil, Gas & Coal (Logistics)

Page 15: Event: George Washington University -- National Security Threat Convergence: Violent Extremism and Cybersecurity

• “China and one or two other countries have the ability to launch a cyber attack that could shut down the entire U.S. power grid and other critical infrastructure” Admiral Mike Rodgers, head of the National Security Agency (NSA) and U.S. Cyber Command

• US Department of Homeland Security’s Cybersecurity Emergency Response Team responded to 295 cyber incidents in the energy sector in 2015

• The frequency, sophistication and costs of data breaches are increasing, says the World Energy Council, and the world’s first publicly-acknowledged power outage caused by hackers has taken place in Ukraine

• In South Korea last year hackers targeted Korea Hydro and Nuclear Power Company, trying to cause nuclear reactors to malfunction

• An attack on a nuclear plant could lead to a core meltdown and dispersal of radioactivity, says the report, while attacks on other critical energy infrastructure could threaten a country’s economy, public safety and national defense

Energy

Page 16: Event: George Washington University -- National Security Threat Convergence: Violent Extremism and Cybersecurity

 

• Mobile payments/transactions

• Mobile banking

• ATMS

• Identity Theft:

• Identity management Biometric Security: access control facial recognition, voice recognition, iris and retina scanners, fingerprint sensors on tablets and smartphones – pass keys

• Retail Commerce

• Stock Markets

 

Finance/Commerce

Page 17: Event: George Washington University -- National Security Threat Convergence: Violent Extremism and Cybersecurity

• A sophisticated hacking scheme targeted the Bangladesh central bank ($81M stolen) in March 2016

• In March 2016, the U.S. Justice Department indicted seven hackers tied to the Iranian regime These hackers staged a coordinated cyber attack that targeted 46 major financial institutions and a dam outside of New York City

• According to Websense Security Labs, the average number of attacks against financial services institutions is four times higher than that of companies in other industries

• The Federal Bureau of Investigation estimated that more than 500 million financial records were hacked in 2013

• According to the Ponemon Institute, over 43% of companies had breaches last year (including mega companies such as Home Depot, JPMorgan, and Target

• According to the Center For Strategic and International Studies (CSIS), cyber related crime now costs the global economy about $445 billion every year

Finance/Commerce

Page 18: Event: George Washington University -- National Security Threat Convergence: Violent Extremism and Cybersecurity

 

• The cybersecurity healthcare landscape has many facets. These include the information security networks of medical facilities and hospitals, medical equipment and devices, and protection of the sensitive data and privacy of patients

• Interconnected Hospital networks with multiple devices

• Health- Implantable devices; (bionic eyes, limbs)

• Remote sensing tech (Wearables)

• Telemedicine

• Real-time biomarker tracking and monitoring

• Refrigeration and storage

Health & Medicine

Page 19: Event: George Washington University -- National Security Threat Convergence: Violent Extremism and Cybersecurity

• Last year, a series of hospitals fell victim to ransomware attacks; one, the Hollywood Presbyterian Medical Center, paid the $17,000 ransom to unlock critical medical information

• Another US hospital, Boston Children’s Hospital was the target of a series of breaches including distributed denial of service attacks. Medical institutions in Europe and Canada have also been subjected to intrusions.

• Healthcare data is highly valuable to hackers because they can sell it for a high price on the black market

• In 2015 36% of breaches included medical records

Health & Medicine

Page 20: Event: George Washington University -- National Security Threat Convergence: Violent Extremism and Cybersecurity

• A “connected transportation system,” and more specifically “connected cars” allow for safer and more efficient urban mobility. Connected car technology is evolving rapidly and is now being tested

• A group of Virginia-based researchers funded by the Defense Department found that it is relatively easy to remotely hack into a driverless car’s control system

Aviation:

• LOT Polish Airlines had its flight operations system hacked, resulting in disruption or cancellation of 22 flights

• American security researcher Chris Roberts claims to have accessed flight-critical controls through the in-flight entertainment system

Transportation

Page 21: Event: George Washington University -- National Security Threat Convergence: Violent Extremism and Cybersecurity

Securing The Digital Future

Page 22: Event: George Washington University -- National Security Threat Convergence: Violent Extremism and Cybersecurity

• Cisco predicts that 50 billion devices (including our smartphones, appliances, and office equipment) will be wirelessly connected via a network of sensors to the internet by 2020

• How do we protect cascading interconnectivity?

IoT Verticals:• Smart Cities• Facilities & infrastructure management• Industrial applications• Energy (smart grid) • Medical & healthcare• Transportation• Building/construction (smart buildings)• Environment (waste management)• Water resources • Retail and supply chain, • Communications• Education (learning analytics)

   

The Digital age and “The Internet of Things”

Page 23: Event: George Washington University -- National Security Threat Convergence: Violent Extremism and Cybersecurity
Page 24: Event: George Washington University -- National Security Threat Convergence: Violent Extremism and Cybersecurity

Cybersecurity

Page 25: Event: George Washington University -- National Security Threat Convergence: Violent Extremism and Cybersecurity

• Defining and monitoring the threat landscape

• Risk Management (identifying, assessing and responding to threats- i.e. NIST Framework: Identify, Protect, Detect, Respond, Recover)

• Protecting critical infrastructure through rapid proto-typing of technologies and Public/Private cooperation

• Modernizing security Architectures

• Better encryption and biometrics (quantum encryption, keyless authentication)

• Automated network-security correcting systems (self-encrypting drives)

Cybersecurity Priorities

Page 26: Event: George Washington University -- National Security Threat Convergence: Violent Extremism and Cybersecurity

• Technologies for continuous “real time” horizon scanning and monitoring of networks

• Access Management and Control

• Endpoint protection

• Diagnostics, data analytics, and forensics (network traffic analysis, payload analysis, and endpoint behavior analysis)

• Advanced defense for framework layers (network, payload, endpoint, firewalls, and anti-virus)

• Enterprise and client Network isolation to protect against malware, botnets, insider threats

• Forensics

Cybersecurity Priorities

Page 27: Event: George Washington University -- National Security Threat Convergence: Violent Extremism and Cybersecurity

Sutherland Government Solutions, Inc. (SGSI) mission is to ensure government can meet its vision of fully responding to citizen mandates. As a trusted partner, we enable government to succeed by providing smart, affordable and highly responsive customer care processes and solutions. Our Industry experience instills confidence in constituent oriented government operations. SGSI’s capabilities include rapidly deploying major contact centers, integrating citizen-centric IT services, and processing health and insurance benefit claims. SGSI’s technology-enabled services are performance force multipliers for government, especially in times of budget constraint.

Sutherland's Services for Government Include:• Multi-Channel Constituent Relations• Veterans Choice: Customer Care• Healthcare & Insurance Claims Processing• Revenue Cycle Management• Analytics• IT Service Desks & Contact Centers• System Integration

Page 28: Event: George Washington University -- National Security Threat Convergence: Violent Extremism and Cybersecurity

Charles (Chuck) Brooks serves as the Vice President for Government Relations & Marketing for Sutherland Global Services. Chuck leads Federal and State & Local Government relations activities. He is also responsible for the Marketing portfolio (Media, PR, Digital Outreach, Thought Leadership, Strategic Partnering, Branding) for the Federal and State & Local markets. Chuck is Chairman of the CompTIA Emerging Technologies Committee also serves on Boards to several prominent public and private companies and organizations. Chuck has extensive service in Senior Executive Management, Marketing, Government Relations, and Business Development and worked in those capacities for three large public corporations. In government, he served at the Department of Homeland Security as the first Director of Legislative Affairs for the Science & Technology Directorate. He also spent six years on Capitol Hill as a Senior Advisor to the late Senator Arlen Specter where he covered foreign affairs, business, and technology issues. In academia, Chuck was an Adjunct Faculty Member at Johns Hopkins University where he taught graduate level students about homeland security and Congress. He has an MA in International relations from the University of Chicago, and a BA in Political Science from DePauw University, and a Certificate in International Law from The Hague. He is widely published on topics o fhomeland security, cybersecurity, and emerging technologies.

Twitter: @ChuckDBrooksLinked in Profile: http://www.linkedin.com/in/chuckbrooksEmail: [email protected]

Chuck Brooks Bio: