Hacker Halted 2014 - The Lethal Cyber Threat – The Insider

The  Lethal  Insider  Threat  Dr.  Emma  Garrison-­‐Alexander  

University  of  Maryland  University  College  October  17,  2014  

THE  INSIDER  THREAT    An  insider  threat  is  generally  defined  as  a  current  or  former  employee,  contractor…    Who  has  or  had  authorized  access  to  an  organizaRon’s  network,  system  or  data…  IntenRonally  misused  that  access  to  negaRvely  affect  the  confidenRality,  integrity,  or  availability  of  the  organizaRon’s  informaRon  or  informaRon  systems…..      To  include  sabotage,  theW,  espionage,  fraud…    Carried  out  through  abusing  access  rights,  theW  of  materials  and  mishandling  of  physical  devices.          Source:  Na+onal  Center  for  Cybersecurity  and  Communica+ons  Integra+on  Center  (2014).  Comba+ng  the  Inside  Threat.            

CIOs  &  CISOs  Worst  Nightmare  

THE  EXECUTIVE  

ExecuRves  Are  Deaf,  Make  Them  Listen  

BREACHES  ARE  A  GOOD  THING!  

HOME  DEPOT  SEPTEMBER    2014  

56  MILLION  CUSTOMERS  AFFECTED  

TARGET  CORPORATION    DECEMBER  2013  

70  MILLION  CUSTOMER  AFFECTED  

JP  MORGAN  SEPTEMBER  2014  

76  MILLION  CUSTOMERS  AFFECTED  

THE  EMPLOYEE  CASE  STUDY  –  News  Headlines  –  Douglas  Duchak  

“TSA  Worker  Tried  to  Sabotage  Terror  Database”  (Fox  News,  2009)  “TSA  Worker  Gets  2  Years  for  PlanRng  Logic  Bomb  in  Screening  System”    (WIRED,  2011)  “Douglas,  Duchak,  Ex-­‐TSA  Worker,  Gets  2  Years  For  PlanRng  Malware  In  Screening  System”  (Huffington  Post,  2011)    

WHAT  YOU  DON’T  KNOW  CAN  HURT  YOU  

THE  ENVIRONMENT  INFORMATION  TECHNOLOGY      

THE  GOOD,  THE  BAD,  THE  UGLY  

MicrosoW  Releases  October  2014  Security  BulleRn  

CYBER  DEFENSE  METHODOLOGY  

Applica(on  Support  

Managed  Services  

Basic  Services  

Enterprise  Management  Services  

Physical  Security  

Facility  

Desktop    w    Install    w    Maintenance  

Server    w    Storage    w    Pla?orm  

Monitoring    w    Power    w    Pipe  

Service  Center    w    Asset  Management  

People    w    System    w    Interfaces  

Structure    w    Environmental    w    Power  Se

curity

Personnel & Training Policy

IDS

Focused Operations

Computer

Network

Defense

Network Intrusion Detection

Classification

Management

Patch Management

End-Point Protection

Vulnerability Assessments

Key  Focus  Areas  

1)  Security  OperaRons  Center  

2)  Network  OperaRons  Center  

3)  ConRnuous  Monitoring  

4)  Meta  Data  Management    

5)  Intrusion  DetecRon  

6)  Incident  Response  

Con(nuous  Monitoring  

Meta  Data  Management  •  RBAC  •  PBAC  •  ABAC  

Con(nuous  Monitoring  

 “BUILD  IN  SECURITY”  OR    

“BUILD  IN  VULNERABILITY”    

QUESTIONS???