The big challenge facing cyber security professionals is to think like the enemy, anticipate their next move, and enact measures to combat the exponentially growing number of attacks. Passively monitoring defences in the hope of detecting probes and breaches is insufficient as it is likely that threats are already on the inside in human, machine, or some malware form. And these may be continually active, sporadic, dormant, sleeping, dumb, smart, intelligent, broad or highly focused, and located anywhere in an organisation, machine, device or network. Fortunately, Cloud Technologies and new working practices mitigate agains all this, but only if we leverage new technologies and nurture new behaviours and operating strategies. We are no longer looking for a ‘needle in a haystack’ but bent needles, or even needles prone to bending, in a ‘needle stack’. Layered defences such as multiple firewalls, virus protection, malware scanners, people screening and sporadic checks are insufficient. We have to be more sophisticated and consider the activity traits and sociology of people, machines, networks and malware. Perhaps most importantly this has to be achieved without degrading the performance of systems, networks, individuals and organisations. To achieve effective cyber security solutions we have to migrate to a more organic, globally cooperative, and fully networked model that sees a new detection, reaction and solution sharing regime between companies and countries. And as the technology (good and bad) continues to accelerate and spread the end point will most likely be the realisation of a ‘living cyber immune system’ devoid of human intervention.

1. Finding
Needles
in
Needle Stacks
or
Future aspects of Cyber Security
Peter Cochrane
cochrane.org.uk
ca-global.biz
COCHRANE
a s s o c i a t e s
Thursday, 21 November 13

2. le s
p n
im t i o
s
o lu
n o
re r s
a a
re g u l
e
h in
T s
r
o
Cyber Security
- Attacks are growing and are increasingly sophisticated
- We need to up our game & become more anticipatory
Thursday, 21 November 13

3. Finding the
Bent Needles
or
Needles about to bend
The good majority
The evil minority
The potentially evil
Thursday, 21 November 13

4. Cyber INSecurity
What we know for sure
- There is always a threat
- The threat never sleeps
- The threat evolves rapidly
People are by far the biggest risk factor
The perceived threat
⧣ the actual threat
The biggest threat is always on the inside
Security people are never their own customer
The best defenders have been the best attackers
Cracking systems is far more fun than defending them
The biggest threat is in the direction you are not looking
Resources are generally deployed inversely proportional to actual risk
Thursday, 21 November 13

5. Breaking into
most companies
and institutions
really isn’t all that difficult!
Thursday, 21 November 13

6. big
are
ges
t
Th
e
th
rea
ts
ins
ide
Equipment
Networks
Chips
Code
Ports
People
Lax:
th
e
W
Fi
re
all
Thursday, 21 November 13
Rogue:
People
Visitors
Security
Operations

7. No single solution
can deal with all
forms of attack....
Thursday, 21 November 13

8. Fire Walls and
malware protection
are certainly not enough...
Thursday, 21 November 13

9. Cyber Attacks
Major Country Nodes
Reproduced Courtesy of Akamai 2013
Thursday, 21 November 13

10. Cyber Attacks
M a j o r Tra f fi c Po r t s
Reproduced Courtesy of Akamai 2013
Thursday, 21 November 13

11. P r i m a r y C y b e r T a r g e t s Q4 2012
Government 1.0%
Auctions 2.07%
Classifieds 0.3%
Retail 5.12%
Social Nets 6.0%
Financial 34.4%
Other 6.78%
ISP 9.5%
Gaming 14.7%
Payment Services 32.1%
Thursday, 21 November 13

12. CyberCrime >> CYBER-SECURITY
Not clear which side is spending more on software
$Bn
>200Bn
The cost of
cyber crime
200
150
Cyber
Defence
expenditure
100
50
100Bn
17Bn
0
2004
2005
21Bn
2006
2007
2008
2009
2009
2011
2012
Data Courtesy of Detica 2011
Thursday, 21 November 13

13. Cyber Security
Improvements for free ?
What will we benefit from
if we don nothing ?
Thursday, 21 November 13

14. Increasingly
transient
people &
machine
behaviour
A multi-device, multi-screen,
mobile world, of rapidly
renewed and replaced devices,
new and updated apps
With built-in
security features
automatically
updated
Connecting
on the
move via
wifi, 3G,
4G, LTE,
BlueTooth
Any
Net
Any
where
BYOD = Fewer corporate constrains and greater variabilities
BMOB = Be My Own Boss - shorter assignment periods
Thursday, 21 November 13

15. Many networks
to attack not
just one
3,4,5G,
LTE, WiFi
WiFi WiMax
BlueTooth ++
Thursday, 21 November 13

16. Many OS types
to attack not
just one
Thursday, 21 November 13

17. Many applications
to attack not
just one
Thursday, 21 November 13

18. Huge device
variance
Interface
Boards
Chips
Config
Firmware
Thursday, 21 November 13

19. Huge hardware
and circuit
variance
Circuitry
Layout
Antennas
Analogue
Design
Facilities
Thursday, 21 November 13

20. Far more variable human
and device connection
behaviours
O
rid
nG
On & Off Grid
Off
Thursday, 21 November 13
Grid

21. A fast
spreading
realisation
that this
really isn’t
good
enough!
Thursday, 21 November 13

22. No One
security
technique
is sufficient
Thursday, 21 November 13
The concatenation of multiple
low cost methods rapidly
delivers a very high
level of protection
Habits
Personal
Locations
Networks
Biometrics
Knowledge
++++++++

23. SOMETHINGS
What you:
are
were
know
drove
work on
wear
own
use
eat
do
+
Thursday, 21 November 13
Unique to you alone
Why you:
Who you:
work with
live with
manage
mentor
dislike
+++
How you:
talk
type
stand
appear
write
walk
++
like
dislike
prefer
thought
imagined
migrated
assumed
helped
failed
won
++

24. But what
about the
cloud ?
Thursday, 21 November 13

25. FUTURE NETWORKING
The Internet will not Scale
ç or economically
functionally
But Clouds/Cloud working will !
<5Bn People on
(and off) line
2013
Thursday, 21 November 13
2025
9Bn People and >>
50Bn Things on line

26. Thursday, 21 November 13

27. RECENT HEADLINE
Data courtesy of Cisco.
Thursday, 21 November 13

28. Mobile networks
but a minor
player !
Thursday, 21 November 13

29. Cyber Security
ç
Clouds change everything
More degrees of freedom to exploit that make it all
inherently more secure than anything we have seen before
Thursday, 21 November 13

30. Axiom..
1,000,000s
of Clouds
and not 1
Thursday, 21 November 13

31. And they come
in many forms
-
Corporate
Government
Private
Personal
Long term
Sporadic
Thursday, 21 November 13
-
Visible
Invisible
Dynamic
Fixed
Mobile
Wireless
Wired
-
Open
Closed
Secure
Insecure
Regular
Unknown
Unquantified
Experimental

32. Cyber Security
ç
Hidden by multi-hop depth
Corporate/Private
/Government
Cloud
Invisible
Cloud
Invisible
Cloud
Invisible
Cloud
Invisible
Cloud
Public
/Open
Cloud
Corporate/Private
/Government
Cloud
Diverse routing and increasingly hidden
and disguised data storage in depth
Thursday, 21 November 13

33. Cyber Security
ç
In Cloud Gating/Encryption
Every Cloud demands a key and all
routings are hidden - data parsed/coded
Thursday, 21 November 13

34. The
Biggest
Risk
Service providers do not
guarantee your data!
Thursday, 21 November 13

35. we need
SCAlable
network
Solutions
Thursday, 21 November 13

36. This isn’t tenable...
Thursday, 21 November 13

37. This is...
Thursday, 21 November 13

38. Smart car...
Smart gas...
Smart net...
Thursday, 21 November 13

39. Clouds connect
dynamically, driven
by need, location,
work, groups and
associations...
Thursday, 21 November 13

40. THE Security Problem
Even deeper protection required
Thursday, 21 November 13

41. DETECTION
BUILT INTO
EVERY
ELEMENT
OF A DEVICE
Thursday, 21 November 13

42. On Server
On Device
In Network
In Individual Apps
In Hardware
Thursday, 21 November 13

43. Honey pot, and
malware traps,
distributed across
the cloud spectrum
Thursday, 21 November 13

44. Data decimation and
distribution with
individual encryption
Thursday, 21 November 13

45. ing
ss
re ing
d p
d
A
ic rl
m u
a
n
Thursday, 21 November 13
y
D
p
ho

46. Have an alias, be
invisible, don’t be
what you appear, be
there but absent...
Ghost Cloud
Ghost
Device
Thursday, 21 November 13

47. Distributed Attacks
demand a
Distributed Defence
Dynamic Attackers
necessitate
Dynamic Defenders
We c a n a c t a l o n e
or we can unite
and act together
Thursday, 21 November 13

48. MORE CYBER-BENEFITS
Going for free in the default future
Thursday, 21 November 13

49. Fewer full
time people
and less
predictable
corporate/
network/
device/
behavior
Thursday, 21 November 13

50. People job and location Half Life
getting shorter
Thursday, 21 November 13

51. Mean Time to
Destruction
unknown!
Data Half Life
getting shorter
and shorter
Thursday, 21 November 13

52. The Ace
in the
Hole
Global Cooperation
Device, App, Network
Thursday, 21 November 13

53. Finding Those Needles
The sociology and habits of
Applications
Networks
Machines
Software
Malware
People
Bugs
++
Thursday, 21 November 13

54. Things cooperate
inter and extra
community to
defeat attacks
We all own
multiple
clouds
Thursday, 21 November 13
THE END
GAME
AI systems monitor
activities and identify
trends to then
anticipate and
fend off all
attacks
Auto-immune response
systems emerge as
part of the overall
evolving behaviours

55. “Speed is the essence of war.
Take advantage of the enemy's
u n p re p a re d n e s s ; t r ave l b y
unexpected routes and strike
him where he has taken no
precautions”
The Art of War by Sun Tzu, 600 BC
Thursday, 21 November 13

56. Thank You
cochrane.org.uk
ca-global.org
COCHRANE
a s s o c i a t e s
Thursday, 21 November 13