Cybersecurity Threat Analysis: Status and Advanced Tools
1. Cybersecurity Threat Analysis:
Status and Advanced Tools
Santiago Núñez Corrales
Director of Digital Technology
Ministry of Science and Technology
Coordinator of the e-Science Research Program
Costa Rica Institute of Technology
2. Was aber ist deine Pflicht? Die Forderung des
Tages.
What is my task? What the day demands.
Wolfgang von Goethe
3. Cybersecurity: the philosophical
problem
• Deep inside cybersecurity, there is a fundamental
fact of computing that prevents perfect incident
detection
• No computer program can, in principle, acquire
absolute knowledge of what other program will do
with certainty
• Our strategies for combating cybercrime are based
on its phenomenology
• It is a pattern-based discipline
4. Kurt Gödel (1931) showed that
systems based on rules are limited in
the extent to which they can analyze
themselves.
Allan Turing, by constructing the basic
model of a computer found that part
of the latter limitation prevents
programs to calculate many
important properties of other
programs.
Cybersecurity depends therefore heavily upon prompt detection
and artifact inspection procedures.
5. Cybersecurity: the historical
problem
• Market forces computing technology to advance at
ever-increasing rates
• Software/hardware safety and security can be
embedded in the design
• The development pace and complexity of computing
system leave gaps that evolve to become
vulnerabilities
• We use multi-level systems that resemble a
technological swiss cheese
6. In hardware, processor families allow
software to be compatible between
different microprocessor versions. It
also allows small design flaws to be
inherited.
Thus, source code development has
become afflicted by hardware design
problems. But software remains as
the largest source of vulnerabilities,
precisely due to market dynamics and
the complexity involved in its design
and development.
Cyberthreats can occur at any level of the technology ladder, and close
relations to industry are essential.
7. Cybersecurity: the network
problem
• Malware propagation tactics rely heavily on the
properties of data networks
• The Internet is a distributed mechanism, where data
is routed across the globe using many possible paths
• Malware analysis is constantly pushed to the limit
when faced with local information related to an
incident as malware complexity increases
8. Remote control mechanisms, data
encryption and mutant code allow
malware to diversify and evolve in the
types of actions and range of threats
it poses.
Cybersecurity depends on the distributed
nature of the Internet as well as on a
responsible digital culture from the user's
side. The weakest link in the information
security chain is the user.
Programs for Digital Literacy must include training information about
digital rights and duties of citizens.
9. A change of perspective: from
computing to biology
• Malware is becoming more intelligent, harder to
trace
• Virus design now is performed by emulating the
selection, variation and mutation principles of
natural evolution
• Phylogeny becomes a meaningful concept
• Coordination protocols between malware artifacts
also exploit information theoretical limits to provide
resilience
10.
11. A change of perspective: from
computing to biology
Biology Computing
DNA sequences Bit sequences
Chemical signaling Data signaling
Natural selection Artificial selection
DNA recombination Binary reorganization
Many infected cells Many infected files
Hypermutation Random bit flipping
Non-coding regions Dummy machine code
12. A change of perspective: from
computing to biology
• The latest approaches in cybercrime analysis
resemble closely research in systems biology
• Many of the tools already exist and can be readily
applied
– Data
mining
and
pattern
matching
– Superco
13.
14.
15.
16. ARTCA
• An OAS-sponsored collaborative research network
• Involves many significant collaborators
• Hemispheric collaboration as key activity for the
Americas
• The goal: joint research proposals involving multiple
international partners and top-level collaborators
17.
18. Conclusions
• The technological landscape of cybersecurity
changes constantly
• Many of the scientific tools required to analyze
biological systems apply to cybercrime issues
• CoE and OAS provide a solid cooperation platform,
including the possibility to develop regional projects
• Central America is in a great positio n to develop
research in information security using the latest
technological tools