Click here to load reader
Jan 20, 2015
Mr. Esam AbulkhiratDeputy General Director NISSA
ـــــــــــــــــــــــــرات. ا دي ابو اخل عصــــــــــــــام امله
ر عـــــــــــــــام ئب مد
الهیئو الوطنیة ألمن وسالمة املعلومات
•Introduction & Overview.
•Why Cybersecurity is Important.
•Kinetics Vs Cyber.
•Challenges & Combating Efforts
•Conclusion.
IntroductionIntroduction::Cybercrime Cybercrime is the fastest growing crime in the world with millions of is the fastest growing crime in the world with millions of people affected every day. The effects of one successful attack on a people affected every day. The effects of one successful attack on a corporation can have farcorporation can have far--reaching implications, including financial reaching implications, including financial losses at the corporate level, to stock losses and money lost for losses at the corporate level, to stock losses and money lost for consumers or stock holders.consumers or stock holders. LawsLaws have been swiftly put into place have been swiftly put into place to halt these types of attacks, but criminals find haven in countries to halt these types of attacks, but criminals find haven in countries with lax cybercrime laws.with lax cybercrime laws.
Crime Space
Security Law
Cyber
The term “cybercrime” is usually referred to as any criminal offense committed against or with the use of a computer or computer network
A set of activities and other measures, technical and non-technical intended to protect data, information and information systems from unauthorized access, use, disclosure, disruption, modification and destruction.
Virtual world of information networks. The global information space. The digital era.
is a term used to describe the legal issues related to use of ICTs, particularly cyberspace
Target
Viruses
DoS
Weapon
IPR
Spam
Accessory
Fraud
Id-Theft
FACTS AND FIGURES: FACTS AND FIGURES:
Almost two thirds of all adult web users globally have fallen victim Almost two thirds of all adult web users globally have fallen victim to some sort of cybercrime, from spam email scams to having their to some sort of cybercrime, from spam email scams to having their credit card details stolen.credit card details stolen. (the (the 2011 2011 Norton Cybercrime Report: The Human Impact studyNorton Cybercrime Report: The Human Impact study))
In In 20102010, China , China had the most cybercrime victims, at had the most cybercrime victims, at 8383% of web % of web users, followed by India and Brazil, at users, followed by India and Brazil, at 7676% each, and then the US, at % each, and then the US, at 7373%.%.
The study, of over The study, of over 77,,000 000 Internet Internet users found users found that that 8080% of people % of people believed the perpetrators would never be brought to justice. Fewer believed the perpetrators would never be brought to justice. Fewer than half ever bother to report the crime to policethan half ever bother to report the crime to police..
FACTS AND FIGURES: FACTS AND FIGURES:
Cybercrime Cybercrime is worth an estimated is worth an estimated 105 105 billion billion dollars and dollars and cybercriminals can earn around cybercriminals can earn around 2323,,000 000 dollars a weekdollars a week. . (rival computer security firm(rival computer security firm McAfee)McAfee)
Several Several computer security consulting firms estimate global computer security consulting firms estimate global financial losses from viruses, worm attacks and other hostile financial losses from viruses, worm attacks and other hostile computercomputer--based attacks to be between $based attacks to be between $13 13 and $and $226 226 billion. billion. ((the Congressional Research Service) the Congressional Research Service)
“One “One botnetbotnet of one million hosts could conservatively of one million hosts could conservatively generate enough traffic to take most Fortune generate enough traffic to take most Fortune 500 500 companies collectively offline”companies collectively offline”,,( Jeffrey Carr writes in his book Inside Cyber Warfare).( Jeffrey Carr writes in his book Inside Cyber Warfare).
FACTS AND FIGURES: FACTS AND FIGURES:
••The growth rate of cyberspace has been enormous, The growth rate of cyberspace has been enormous, roughly doubling every roughly doubling every 100 100 days.days.
••Cybercrime in Africa is growing faster than any Cybercrime in Africa is growing faster than any other continent.other continent.
••Out of the top ten countries in the world with a Out of the top ten countries in the world with a high level of cybercrime prevalence, Africa is host high level of cybercrime prevalence, Africa is host to four of these countries (Nigeria, Cameroon, to four of these countries (Nigeria, Cameroon, Ghana and South Africa).Ghana and South Africa).
••Estimates say that about Estimates say that about 80 80 percent of PCs in the percent of PCs in the African continent are already infected with viruses African continent are already infected with viruses and other malicious software.and other malicious software.(World Bank Survey)(World Bank Survey)
Platform
Mobile worms on victims’
machines that buy malicious apps and steal
via tap-and-pay NFC Malware that
blocks security updates to
mobile phones
Mobile phone Ransomware
“kits” that allow criminals
without programming skills to extort
payments
Covert and persistent
attacks deep within and
beneath Windows
Rapid development of ways to attack Windows 8 and
HTML5
Large-scale attacks like Stuxnet that attempt to
destroy infrastructure,
rather than make money
Snowshoe spamming of
legitimate products,
spreading out the sources & keeping spam
flowing.
further narrowing of
Zeus-like targeted attacks
using Citadel Trojan, difficult
for security products to
counter
The decline of online
HacktivistsAnonymous, to be replaced by more politically committed or
extremist groups
Malware that renews a
connection even after a botnet
has been taken down, allowing
infections togrow again
services for $.
“Hacking as a Service”:
Anonymous in underground
forums exchange
malware kits & development services for $.
Nation states and armies will
be more frequent sources
and victims of cyberthreats
SMS spam from infected phones.
The Nimitz-class super carriers are a class of 10 nuclear-powered aircraft carriers in service with the US-Navy.
$4.5 billion with operation costs of $22 billion a year
The McDonnell Douglas (now Boeing) F-15 Strike Eagle is an all-weather multirole fighter
$100 million (not including maintenance), 221-US, 69-Saudia and 61-S.Korea
The M1 Abrams tank is a US-third-generation main battle tank (68.4 tons)
M1A2 cost $8.58 million. Total estimated cost of entire M1 tank program to date $40 billion
The Chinese Army (2,285,000 soldiers on active duty) (800,000 on reserve)
The estimated Chinese budget for the Army in 2013 is $114.2 billion.
•The Cary Titan world’s fastest super computer (27 petaflops, 2012).1 petaflop = Thousand Trillion floating point operations per second
•Cost $200 million design and build. Operation cost 6.5 million a year
•High-end password cracking desktop attempt 350 billion PW/Sec
•Custom built desktop PW cracking rig with 25 powerful graphic cards cost $5000.
•MacBook Pro attempt 40 million/hashes/Sec using Nvidia 650M GC
•Properly configured cost $2000 brand new MacBook Pro.
•Jailbreak Smartphone with Back-Track (Free Pen-testing SW); highly mobile hacker platform used by any semi-competent hacker.
•Top of the line Droid (runs Linux) Smartphone cost $600.
Space of conflict largely separate from civilians.
Offensive & Defensive technologies often in rough balance.
Attribution to adversary presumed.
Capabilities of non-state actors relatively small.
Significance of distance large.
National boundaries important.
Clear lines between attacking & spying as security threats.
Effects reasonably predictable.
Usually declared or observed explicitly
There are clear International mechanisms (UN, NATO etc)
Space of conflict is where civilians live and work.
Offensive & Defensive technologies largely OUT of balance.
Attribution hard, slow, uncertain.
Capabilities of non-state actors relatively large.
Significance of distance minimal.
National boundaries irrelevant.
Attacks & spying hard to distinguished; no clear line.
Effects hard to predict or control.
Rarely declared or observed explicitly.
No clear International mechanisms (IG, ICANN, ITU).
Challenges: Challenges:
••lack of understanding, education, training, unclear lack of understanding, education, training, unclear policies of government.policies of government.
••The fact that the vast majority of cyber crime is not The fact that the vast majority of cyber crime is not reported would impact all statistics, as a clear reported would impact all statistics, as a clear picture cannot be given without all the information. picture cannot be given without all the information.
••Explosion of the Internet.Explosion of the Internet.
Efforts: Efforts:
••Creation of National Information Security Authority (NISSA).Creation of National Information Security Authority (NISSA).
••Development of Policies, Legislations & Laws.Development of Policies, Legislations & Laws.
••Building of Computer Security Readiness Team (CERT).Building of Computer Security Readiness Team (CERT).
••Foundation of PKI, CloudFoundation of PKI, Cloud--Sec, MobileSec, Mobile--Sec, NetworkSec, Network--Sec.Sec.
••Cyber security awareness workshops and trainings.Cyber security awareness workshops and trainings.
••International CooperationInternational Cooperation
•Data
•APPLICATIONS
•NETWORK
•HUMAN