Information Assurance and Computer Security. OVERVIEW Threat defined Categories of threats Specific types of threats Historical turncoats Your responsibilities.

Information Assurance

andComputer Security

OVERVIEW

• Threat defined

• Categories of threats

• Specific types of threats

• Historical turncoats

• Your responsibilities

What is a threat?

• Any circumstance or event with the potential to cause harm to an information system in the form of destruction, disclosure, adverse modification of data, and/or denial of service

• Current and perceived capability, intention, or attack directed to cause denial of service, corruption, compromise, or fraud, waste, and abuse to an information system

Categories of Threats

• Technical- hardware, software, or

design deficiency… often vulnerable right out

of the box

• Administrative- inadequate or incorrect

implementation of existing security features- not a design flaw but rather poor policy, process or procedure

What are the types of threats?• Unintentional Threats

- spilled food or liquid

- downloaded game or software

- disabled anti-virus software

- unattended computer

with no locked keyboards

or screensavers

- accidental deletion or modification of files

Types of Threats…cont’d

• Intentional Threats -

- Social engineering

- Elicitation

- Computer network attack

- The insider threat

Types of Threats...cont’d

• Intentional Threats- Social engineering

- Elicitation

- Computer network attack

- The insider threat

Types of Threats...cont’d

• Intentional Threats- Social engineering

- Elicitation

- Computer network attack

How are they attacked?

- The insider threat

Intentional Threats …cont’d

- Computer network attacks

The Internet…perhaps our largest daily threat

--Cookies

--Mobile code, malicious code & spy-ware

--Use of home internet service provider

--OPSEC…or lack of it

--Distributed denial of service

--Hoaxes

--Spam

Types of Threats...cont’d

• Intentional Threats- Social engineering

- Elicitation

- Computer network attack

- The insider threat

Would insiders really steal information?

Famous Turncoats

• Benedict Arnold

-Appointed by George Washington to a position in the Continental Congress…a trusted position.

- He was caught trying to smuggle classified documents to the British in 1780.

Famous Turncoats• The Rosenburgs (Ethel and Julius)

Controversial case; convicted of spying for the Soviet Union

• Passed secret of the “A” bomb to the Soviets (from the Manhattan Project)

• Judge Irving Kaufman found them guilty of espionage and said “ they contributed to the communist aggression and 50,000 deaths of the Korean War.”

Famous Turncoats• Both were executed in 1953 for

Conspiracy to Commit Espionage. • In 1995 NSA released de-crypted

evidence of their involvement.

• In his memoirs posthumously published in 1990 Nitkita Khrushchev praised both of them for their “very significant help in the production of the atomic bomb.”

Famous Turncoats

• Aldrich Ames…The Chief of Counterintelligence in Eastern Europe and the Soviet Union

• CIA employee for 31 years

• Sold the names of all his co-worker spies to the Soviet Union for $50,000

• “The most damaging spy case in the history of this country”…….NSI, 1995… NSI . org

Famous Turncoats

• Ultimately betrayed more than 100 operations and received $3 million.

• His betrayal led to the execution of 10 KGB (Soviet) double agents and 11 US agents.

CIA IG report 1994

Famous Turncoats A little close to home…….

• Brian P. Regan…worked for the

super-secret National Reconnaissance Office; they design and operate spy satellites…Top Secret information

• Arrested Aug 23, 2002, with classified information in his possession

• Stole, copied, and buried over 20,000 pages of documents classified as Top Secret or higher…

Brian Regan• Buried documents in 19 locations including state parks…detailed information on satellites, early warning systems, missile site coordinates, and WMD

• Wrote letter to Saddam Hussein…offered to sell Top Secret information for $13 million …also had identical letters on his computer to China, Iran, and Libya

• Regan was bitter over “the small pension received for years of service”…..who was the service with?

A little close to home………………

Brian P. Regan

Master Sergeant, USAF, Retired

38 year-old, father of four, deeply in debt and in 2003 sentenced to life in

prison…lost his “small pension”

What can I do to help?What are my Responsibilities?

• Fight the insider threat

- protect your access to

information (physical access)…keys/doors, personnel rosters ...physical security

-protect your electronic access…don’t share passwords, access cards, codes, etc.

-report shoulder surfers or suspicious activity

What are my Responsibilities?

• Use your virus software– Run on start-up and weekly minimum– Use it on your home computer too– Scan all removable media (disks,

DVDs,CDs) before each use– Save and scan attachments (especially all high risk)

What Are My Responsibilities?• Don’t load software

or programs on

government computers

without permission.

-including freeware

• Don’t talk about official

business in open

chat rooms or forums.

What are my Responsibilities?

• Don’t post your email address in chat rooms, forums, or message boards.

• Report violations or suspicious activity.

-pornography

-loading personal software

-revealing sensitive

information

-failure to take security measures

SUMMARY

• Threat defined

• Categories of threats

• Specific types of threats

• Historical turncoats

• Your responsibilities

“ The truth is that there’s an enemy that still lurks out there. And we must continue to work together to protect our country…the most solemn duty of government is to protect American people.”George W. Bush, January 23, 2004