Welcome!
Welcome!
Today’s Agenda• Welcome and Introductions—Bill
Gibbs, Webinar Coordinator• Presentation—Dr. Jon Haass• Questions and Answers• Upcoming Webinars and Webinar Plus
Degree BriefingBill GibbsDirector, Campus OutreachWebinar Coordinator
Dr. Jon Haass
• Associate Professor and Program Director for Bachelor of Science in Cyber Intelligence and Security—Prescott
• Frequent speaker at national conferences• Two bachelor’s degrees from University of Wyoming
(Mathematics, Physics)• Ph.D. in Mathematics from Massachusetts Institute of
Technology (MIT)• Leader or Founder of several software development
companies including Sun Microsystems, OpenTV, and SoftKrypt
Cyber SecurityChallenges and Solutions
Jon C. HaassCyber Intelligence and Security
The Cyber Security Landscape Challenges Faced Solutions and Best Practices Areas of Research Question and Answer
Webinar Overview
Breaches in the news
Source: Informationisbeautiful.net – updated August 2016
Could be any company …
Could be any company …
Is it safe to click?
The_User@Home
Is it safe to click?
Does my SmartTV or DVR have vulnerabilities?
◦ Is it listening?◦ Is it infected with Mirai “Bot”?
The_User@Home
Is that email really from HR?
Malicious email borne attacksEntry into critical networksDevelopment and Key employees
June 23, 2015 – FBI alerts ISACs of Business e-mail Compromise attacks that are increasingly successful, well crafted and malicious fronts for APT (Advanced Persistent Threats)
SpearPhishing@Work
Dear John,
The bank has notified us of suspicious activity on your account. As part of the service provided due to OPM breach, we are notifying you. Please click to process.
Account ManagerTel:202-767-1800US Office of Personnel Management
Ransomware@Hospitals
Dear Mary,
The bank has notified us of suspicious activity on your account. As part of the service provided due to OPM breach, we are notifying you. Please click to process.
Account ManagerTel:202-767-1800US Office of Personnel Management
Ransomware@Hospitals
https://opm.gov/cybersecurity/contact.aspx
July 2016
Cybersecurity threats know no boundaries
Cybersecurity threats know no boundaries
National Security / Intellectual Property / Safety
Critical Infrastructure
FinancialServices
Energy Manufacturing
NuclearWater
Transportation
National Security / Intellectual Property / Safety
Critical Infrastructure
FinancialServices
Energy Manufacturing
NuclearWater
Transportation
Power grid attack in
UkrainePower grid attack in
Ukraine
NSA’s view of the world
Every network can be (is) breached
Anything on a computer can be stolen.
General Keith Alexander (retired) Former NSA, Cyber Command now CEO IronNet
InvisibleHard to “see” bits / bytes / network packets
We need forensic tools
and automation
and vigilance
Challenges in Cyberspace
Volume205 Billion emails per day3.5 Billion Google searches per day
Fiber speeds means
BIG DATA
Adversary hides in traffic
Variety230,000 new malware variants per day – 2015Trojans – 51%
Test againstexisting AV - software
Malware evolving
VulnerabilitiesFlaws in software
Difficult to makeerror free systems
iPhone app90,000 lines code
More Complex Software
AttributionMasquerading SpoofingProxy
Rely on mistakes
Who Done It? - Anonymity
Whack-a-Mole gameStop one, another pops up
DoD wants to bemore pro-active
Cyber Intel.
Army of Adversaries
It’s a $500Bn IndustryGDP of Sweden or Belgium (37)!
On the Dark Net TodayMalware as a ServiceCustomer supportMalware testingMoney laundering
Cyber Crime Pays
JurisdictionInternet is Global
Can we attack back?
Arrest someone?
Fine or Jail someone?
Is it Illegal? And where?
Cyber Help Wanted 348,975!NIST announces CyberSeek
We Need More Skilled People
Stop more than 95%Update your software Keep current anti-malwareDon’t re-use passwords (or use top million!)Know your emailsCaution where you browseSet security above lowRoutine backups!!!
Solutions: Cyber Hygiene
Stop Attacker …Notice unusual trafficDeny easy vulnerabilitiesAuthenticate softwareMonitor suspicious connectsDeny access to key data
Defense in Depth
Everyone MattersMost breaches from some mistake
InsiderSpearPhishMisconfigurationUn Patched Vulnerability
Cyber Security as Team Sport
Risk ManagementNot just an IT issue
What is important?Cost if compromised?Then…What to do about it
Annual Review
Cyber Security Solutions
NIST Cyber “Best Practice”
Service Providers can support
Bright ideas needed!
Students & Faculty Wanted!!
Future Research Outlook
Mining Threat InformationInformation Sharing Organizations (ISAO)Arizona Cyber Threat Response Alliance ACTRA
Actionable IntelligenceRanking SystemIntegration
Add in Machine Learning
Improved Intelligence
What’s on your network?
Creative, Resilient PersonnelAcademic / Industry Collaboration
What is working?What more is needed?Streamline?Re-training in career?Apprentice / Co-op?
Improved Education
BYOD Cyber Security
Security of EFB / PED for crew and passenger
Vulnerabilities in aircraft systems
Internet of Things Security
Security of EFB / PED for crew and passenger
Includes the newAirport of Things
Authentication & protect defaults
What is unseen can hurt!Future trends becoming clearer
Questions and Comments
Jon C. HaassCyber Intelligence and SecurityEmbry-Riddle Aeronautical [email protected]
Upcoming Webinars:Jan. 12 Airport Construction Risk Management and SafetyFeb. 9 The Continuing Search for Amelia EarhartMar. 9 Cross-Cultural Project ManagementApr. 13 10 Traits Every Leader Should HaveMay 11 An Introduction to Human Factors in AviationJun. 22 How to Create a Career Enhancement Toolkit
webinars.erau.edu
Join us for a Webinar “Plus” Degree Briefing!Thursday, Dec. 1 (two weeks from today)
2 p.m. Eastern (USA) (same time as today)
Covering:• Bachelor of Science in Cyber Intelligence and
Security (Prescott Campus Residential Program)
• Bachelor of Science in Homeland Security• Master of Science in Cybersecurity Management
and Policy
webinars.erau.edu