This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
SIMO Network 2012 I Foro Profesional TIC de ATI Los nuevos enfoques de la gestión de la Seguridad Madrid, 26 de septiembre de 2012
1. Se habla mucho de Ciberguerra. La Ciberguerra está de moda
2. La ‘moda’ atrae –proporcionalmente- más titulares que la ‘realidad’. La atracción /gravitación depende de muchos intereses (todo es ‘relativo’)
3. Debería interesar más la Ciberpaz
4. Ciberguerra y Ciberpaz se están tratando de forma incompleta. Faltan –al menos- gobernanza y divulgación. Faltan conceptos claros, magnitudes y métricas
5. Falta de consenso. Negacionistas vs objetivistas
guerra (war) [10+ condiciones] (1) organized, (2) armed, and, often, a (3) prolonged conflict that is carried on between states, nations, or other parties typified by (4) extreme aggression, (5) social disruption, and usually (6) high mortality. War should be understood as an (7) actual, (8) intentional and (9) widespread (10) armed conflict between political communities, and therefore is defined as a form of political violence. The set of techniques used by a group to carry out war is known as warfare. An absence of war (and other violence) is usually called peace.
Ciberguerra y Ciberpaz se están tratando de forma incompleta
Conflicts in the following list are currently causing at least 1,000 violent deaths per year, a categorization used by the Uppsala Conflict Data Program[57] and recognized by the United Nations.
Ciberguerra y Ciberpaz se están tratando de forma incompleta
Ciberguerra y Ciberpaz se están tratando de forma incompleta
Ciberguerra y Ciberpaz se están tratando de forma incompleta
Fortaleza/Poder Tecnológico vs. Inercia/Exceso de confianza De la GUERRA ELECTRÓNICA a la CIBERGUERRA La TECNIFICACIÓN como AMENAZA
National Cyber Strength = f(cyberoffensiveness, cyberdependency, cyberdefensiveness) Concienciación Formación Imputabilidad Madurez cívica National Accountability
Like for the cyber-weapon definition, we have to focus on three elements 1. context, 2. aim and 3. losing party (subject/object) to recognise if we are in front of a cyber-warfare or a cyber-terrorism (even state-sponsored) attack. http://www.linkedin.com/groupAnswers?viewQuestionAndAnswers=&discussionID=166883832&gid=1836487&commentID=96507872&trk=view_disc&ut=21C_4C4DGLZBo1 Stefano Mele •
Ciberguerra y Ciberpaz se están tratando de forma incompleta
“… as a doctrinal matter, the Pentagon has formally recognized cyberspace as a new domain in warfare . . . [which] has become just as critical to military operations as land, sea, air, and space.“ William J. Lynn, U.S. Deputy Secretary of Defense http://securityaffairs.co/wordpress/8765/intelligence/state-sponsored-attack-or-not-thats-the-question.html?goback=.gde_1870711_member_165007262
tierra
¿ciberespacio?
aire
mar
espacio
Falta de consenso
LTC Greg Conti, Assistant Professor, USMA-WestPoint
Cyber war threat exaggerated claims security expert http://www.bbc.com/news/technology-12473809
Bruce Schneier claims that emotive rhetoric around the term does not match the reality. He warned that using sensational phrases such as "cyber armageddon" only inflames the situation. Mr Schneier, who is chief security officer for BT, is due to address the RSA security conference in San Francisco this week. His point of view was backed by Howard Schmidt, cyber security co-ordinator for the White House.
Despite what your congressman may tell you, cyber war might never happen, says a researcher in the Department of War Studies at King’s College London. Thomas Rid, also a fellow at Johns Hopkins’ School for Advanced International Studies, writes that “Cyber War Will Not Take Place”, an assessment that contrasts with those of many elected U.S. officials. Rid claims that no online attack to date constitutes cyber war and that it’s “highly unlikely that cyber war will occur in the future.”
The Cybersecurity-Industrial Complex. The feds erect a bureaucracy to combat a questionable threat. A rough … consensus has emerged that the United States is facing a grave and immediate threat that can only be addressed by more public spending and tighter controls on private network security practices. But there is little clear, publicly verified evidence that cyber attacks are a serious threat. What we are witnessing may be a different sort of danger: the rise of a Cybersecurity - -industrial complex, much like the military-industrial complex of the Cold War, that not only produces expensive weapons to combat the alleged menace but whips up demand for its services by wildly exaggerating our vulnerability.
‘The New Industrial State’ (1967), John Kenneth Galbraith
Andrea Zapparoli Manzoni (20120926, CYBER SECURITY Forum Initiative - CSFI http://www.linkedin.com/groupAnswers?viewQuestionAndAnswers=&discussionID=166883832&gid=1836487&commentID=96645448&trk=view_disc&ut=0WJneMXcjW-Bo1 [acerca de unos ataques DDoS a la Banca de EEUU] - this is definitely not cyber war (simply because such a thing doesn't exist, like the Unicorn)
“Unfortunately too many published assessments have favored sensationalism over careful analysis” “… few single foreseeable cyber-related events have the capacity to propagate onwards and become a full-scale ―global shock”. “A critical feature of any worthwhile analysis is discipline in the use of language”. “Cyber espionage is not ―a few clicks away from cyberwar, it is spying which is not normally thought of as ―war”.
“By the same token a short-term attack by hacktivists is not cyberwar either”. “A pure cyberwar, that is one fought solely with cyber-weapons, is unlikely”. “On the other hand in nearly all future wars as well as the skirmishes that precede them policymakers must expect the use of cyberweaponry”. “… the Internet was designed from the start to be robust so that failures in one part are routed around…”
“In terms of cyber attacks the one overwhelming characteristic is that most of the time it will be impossible for victims to ascertain the identity of the attacker – the problem of attribution. This means that a defense doctrine based on deterrence will not work. The most immediately effective action that governments can take is to improve the security standards of their own critical information systems.
The report addressed web/email attacks. The techniques used bypass both signature and heuristic security means. I. Web 225% increase in web infections in last 6 months. 643/week now. Attacks vary by industry: Healthcare - 100% increase Financial Services - spike in April/May - from Latvia Technology - high volume - stable trend - target is Intellectual Property Energy/Utility - 60% increase - target is smart grid II. Email 56% increase in malicious email in last 6 months Two methods used: malicious links in email and email attachments. Links are growing faster. "Throw away*" domains are being used more - those used 1-10 times and discarded. This is to circumvent filters and black lists by domain. (*also known as Limited Use Domains/Crafted Domains) Attachments: increase in variance by type of attachment. Target vulnerabilities in serving applications. (Example: pdf/Abode)
"FireEye Advanced Threat Report - First Half 2012" Thesis of the report: Advanced attacks bypass traditional security like Firewalls, Intrusion Prevention, and Anti-virus.
III. Files Filter and limit by type. Examine inbound for malicious content. Examine outbound for proprietary information. Many attacks are trying to obtain data more now. Files are being extracted using the HTTP (port:80) protocol - which is usually more open. IV. Some protective moves you can make. #1. User education regarding risks in email (links and attachments) and web sites (links). #2. Defense in depth - key - protecting not only the front door, but internal networks for the proper access controls (users/data paths) #3. Secure coding best practices (never trust user input - audit/examine/test/validate). (Example: a web site that queries a database: if the user enters a "*" and no check is made and the "*" is passed to SQL, the request is to return all rows in the table - a very easy exploit - and most likely not what you want to happen).
“We have met the enemy and he is us” Fuente: Walt Kelly . http://wiki.answers.com/Q/What_is_the_origin_of_the_phrase_'I_have_found_the_enemy_and_it_is_us'#ixzz264CPrYv4
" ... to define a common language for describing IA work and work components, in order to provide commercial certification providers and training vendors with targeted information to enhance their learning offerings.”
Fuente: IT Security EBK: A Competency and Functional Framework for IT Security Workforce Development Section 1. Introduction. http://www.us-cert.gov/ITSecurityEBK/EBK2008.pdf