Slide 1 of 48 Cybersecurity o Threats Risks Vulnerabilities o 6 Environments o Competitive Environment o Technological Environment o Cyber risks o Infrastructure o Mobile devices o Asymetrical o SoMe - Social media o NCIS Tue night??
Slide 1 of 48
Cybersecurity
o Threats Risks Vulnerabilitieso 6 Environments
o Competitive Environmento Technological Environment
o Cyber riskso Infrastructure o Mobile devices
o Asymetricalo SoMe - Social media
oNCIS Tue night??
Slide 3 of 48
Cybersecurity
October cybersecurity month
Includes a section on Mobile device and smartphone security
Slide 4 of 48
TRV 101
Threats the chance a bad thing can happen, at all
Risks is the consequence when that bad thing is
very likely to actually happen to you
Vulnerabilities is the chances of success of a particular
threat against some asset
Slide 5 of 48
Cyber Threat trends
Top 8 trends Mobile everything Data breaches
Usernames and passwords compromised Malware
Used to gather personal profile info Malware on mobile devices
Social Media hacking Twitter accounts, Facebook pages
Slide 6 of 48
Cyber Threat trends
Web Server errors Increase in downtime
Government data breaches Outsourcing !
Highly specific ID theft of individuals who have “high net worth”
Obamacare… healthcare data hacks
MacKenzie Institute 2013 Oct Slide 7 of 48
CybersecurityWhat terms and situations are you familiar with already?
Phishing? Domain name hacking Spear Phishing
Humint and Teckint Osint !!
Slide 8 of 48
Cybersecurity
“regular crime” vs. “cyber crime” Big influencer is “magnitude”
More damage can be done On a larger scale In a shorter period of time
Slide 9 of 48
“regular crime”
Prevention Detection Reaction
“cyber crime” Prevention
Who – where Detection
Intangible evidence Reaction
Countermeasures and deterrence
Problem of jurisdiction and enforceability
Cybersecurity
Slide 10 of 48
Six groups of “clear and present danger”
Deliberate acts Inadvertant acts Third parties / outsourcing
A consequence of the intense Competitive Environment
Slide 11 of 48
Six groups of “clear and present danger”
Acts of God – weather extremes(the Geographic Environment) Hot weather in GTA 2014…
Technical failures Hardware software
Management failures
MacKenzie Institute 2013 Oct Slide 12 of 48
Cybersecurity
Deliberate acts on a large scale garner publicity and motivate politicians to react
Attacks on cyber structures at the national level
1 min 25 sec
MacKenzie Institute 2013 Oct Slide 13 of 48
Influencing environments
Competitive Political – Legal – Regulatory
(example, Naver in R.O.K.) Economic
MacKenzie Institute 2013 Oct Slide 14 of 48
Influencing environments
Social – cultural SoMe – Social Media
Technological Geographic – weather
extremes
MacKenzie Institute 2013 Oct Slide 15 of 48
Competitive Environment …intensely competitiveCompanies are facing competition from
other firms Other organizations offering the same product or service now Other organizations offering similar products or services now Other organizations offering a variation on a product or service, that
you cannot Organizations that could offer the same or similar products or services
in the future Organizations that could remove the need for a product or service
we sell
MacKenzie Institute 2013 Oct Slide 16 of 48
Intense competition forces companies to do outsourcing to cut costs
Competitive Environment
MacKenzie Institute 2013 Oct Slide 17 of 48
“outsourcing the design, implementation and maintenance of ICT across all sectors to third-party providers, including developing countries, cloud computing and large data fusion centres, along with the use of off-the-shelf commercial technologies, has increased vulnerabilities and risks.”
Gendron and Rudner “Assessing Cyber Threats To Canadian Infrastructure
4th party !!
Competitive Environment - outsourcing
MacKenzie Institute 2013 Oct Slide 18 of 48
Competitive Environment and Economic Environment
Market Development more than Market Penetration
Gaining market share is too hard so you concentrate on making more off each customer
CRM, CLV, extending the PLC
MacKenzie Institute 2013 Oct Slide 19 of 48
Ian MacLeod Aug 14th 2013
Quoting Angela Gendron
Environments - political
MacKenzie Institute 2013 Oct Slide 20 of 48
Background papers
http://www.csis-scrs.gc.ca/pblctns/cdmctrch/20121001_ccsnlpprs-eng.asp
Written by
Prof. Martin Rudner
and
Prof. Angela Gendron
MacKenzie Institute 2013 Oct Slide 21 of 48
Future Threats, Risks and Vulnerabilities - Infrastructure
Risks “the industrial control
systems governing the operations of utilities, from water storage and purification to nuclear power reactors, pose a growing risk to national security and Canada’s economic and societal well-being. ”
MacKenzie Institute 2013 Oct Slide 22 of 48
Economic Environment
Economic Environment
The economics of information
MacKenzie Institute 2013 Oct Slide 23 of 48
New inventions being created by new enterprises
“Apps” Applications Materials Electronic circuitry
Increasing miniaturization of components Increasing connectivity – Bluetooth and WiFi
everywhere + A-GPS
Technological Environment
MacKenzie Institute 2013 Oct Slide 24 of 48
Magnitude of web based information is
increasing at a rate which is phenomenal
1,800 Terabytes YouTube Instagram
Technological Environment
40 secs
The growth of the Technological Environment = T.M.I.
The problem with T.M.I. is not being able to find things
MacKenzie Institute 2013 Oct Slide 26 of 48
The pace of technological change Very very fast Example
Cell phone cameras Most devices GPS enabled A-GPS
Technological Environment
MacKenzie Institute 2013 Oct Slide 27 of 48
Cell phone cameras Smartphones vs. superphones
Smartphones take good pics Superphones take great video
Tradecraft eclipsed by “teckint” ?
Technological Environment
MacKenzie Institute 2013 Oct Slide 29 of 48
Technological EnvironmentFuture Trends
Web 4.0 Marriage of human biologic
capabilities with IT hardware and software
MacKenzie Institute 2013 Oct Slide 30 of 48
Social – Cultural Environment
Risks Household devices and appliances
with IP addresses In condos and apts were there is a
centrally wired structure Houses in micro-communities (gated
communities or prestigious developments) where there is wired or bluetooth connectivity
MacKenzie Institute 2013 Oct Slide 31 of 48
increasingly demanding and educated customers Demanding Educated
Wikipedia Google Everyone is an expert But ppl don’t know how to discriminate
Social – Cultural Environment
MacKenzie Institute 2013 Oct Slide 32 of 48
Future Trends – Influencing Environments
Political – Legal – Regulatory Environment Laws as a result of politicians
responding to IT isssues Politically motivated cyber crime Challenges of cyber crime being
outside the jurisdiction of a police / security agency
MacKenzie Institute 2013 Oct Slide 33 of 48
Future Trends – Influencing Environments
Political – Legal – Regulatory Environment The “ruling” Government is also
the “policies” of the particular political party in power
stay in power Suppress crime
MacKenzie Institute 2013 Oct Slide 34 of 48
Future Trends – Influencing Environments
Political – Legal – Regulatory Environment
•National, regional, local•Surveillance technology
MacKenzie Institute 2013 Oct Slide 35 of 48
Future Trends – Influencing EnvironmentsNational Surveillance technology
CBC News Wed Oct 9th
New CSEC H.Q. in Ottawa
One of the key themes is the requirement for massive amounts of CPU power
Why?
MacKenzie Institute 2013 Oct Slide 36 of 48
Requirements for computing power
Mackenzie Institute as a word.doc file = 22 KB
Mackenzie Institute as an audio file = 42 KB
Mackenzie Institute as a video of someone speaking the words = 6,600 KB
MacKenzie Institute 2013 Oct Slide 37 of 48
What does this mean in the context of the classical approach to Security Threat
The nature of the threats are changing Who is who and where Example Internal employees also includes your
outsourcing IT partners Risk Vulnerability – “who” is changing
Not just computers
MacKenzie Institute 2013 Oct Slide 38 of 48
Mobile web access Marketing and business
Future Threats, Risks and Vulnerabilities
MacKenzie Institute 2013 Oct Slide 40 of 48
Future Threats, Risks and Vulnerabilities
Vulnerabilities Highly specific ID theft of individuals
who have “high net worth”
MacKenzie Institute 2013 Oct Slide 41 of 48
e 911
Trends 70% of calls to 911 in the U.S. are
from mobile devices (over 50% in GTA)
GPS functionality used for social media GPS, SPS, PPS Relates to marketing where people are
“where” people are (victims and “bad guys”) http://www.witiger.com/ecommerce/mcommerceGPS.htm
MacKenzie Institute 2013 Oct Slide 42 of 48
Smartphone security
2011 paper on smartphone securityhttp://www.eecg.toronto.edu/~lie/papers/au-spsm2011.pdf
Prof. David LieCanada Research Chair in Secure and
Reliable Computer Systems Dept. of Electrical and Computer EngineeringUniversity of Torontohttp://www.eecg.toronto.edu/~lie/papers/au-spsm2011.pdf
MacKenzie Institute 2013 Oct Slide 43 of 48
Future Trends – Influencing Environments
Political – Legal – Regulatory Environment
•Municipal police agencies and cyber crime
Staff Inspector Bryce Evans
Ritesh KotakTPS
http://www.torontopolice.on.ca/socialmedia/
MacKenzie Institute 2013 Oct Slide 45 of 48
Cyber tools to fight crime
Co-operation and co-ordination
MacKenzie Institute 2013 Oct Slide 46 of 48
conclusionCybersecurity lends itself to a focus on teckint
Will the solutions be mostly teckint?
What role will humint play?
Osint?
Tim Richardson
School of MarketingSeneca [email protected]
University of Toronto,
CCIT Program, MississaugaandDept. of Management, [email protected]
www.witiger.comhttp://people.senecac.on.ca/tim.richardson/powerpoints/