CYBER DEFENCE SCENARIOS - Part 2: Building The Blue Team

1. CYBER D E F E N C E SCENARIOS p e t e r c o c h r a n e . c o m Prof Pet er Coch rane OBE

2. STUDENT ALERT This Lecture is a primarily a BLUE TEAM exercise where we review the field to then assume the mantle of a defence group engineering a secure environment for fixed and mobile workers Be prepared to exploit the attacker mind-set thinking the unthinkable during the previous RED TEAM exercise! The process will become highly interactive toward the latter half of the lecture and to fully understand you will have to fully engage

3. N O S i l v e r B u l l e t s C o m p l e x p r o b l e m s d e m a n d c o m p l e x s o l u t i o n s - Yo u c a n n o t s o l v e a p r o b l e m f r o m w i t h i n t h e v e r y f r a m e w o r k t h a t c r e a t e d i t ! - T h e e n e r g y t o s o l v e a p r o b l e m i s a l w a y s g r e a t e r t h a n t h a t e x p e n d e d t o c r e a t e i t ! We a r e g o i n g t o n e e d a w i d e r a n g e o f c o n t i n u a l l y e v o l v i n g & i n c r e a s i n g l y s o p h i s t i c a t e d t o o l s i f w e a r e t o s t o p / c o n t r o l t h e g r o w t h o f c y b e r a t t a c k s … - T h e m o r e w e k n o w a b o u t t h e E n e m y / D a r k S i d e / R e d Te a m t h e m o r e l i k e l y w e a r e t o s u c c e e d !

4. T o b e e f f e c t i v e ! C o m p r e h e n s i v e d e f e n c e d e s i g n + G l o b a l M o b i l e M a l l e a b l e A d a p t a b l e A u t o m a t e d C o n c e n t r i c R e s p o n s i v e I n t e l l i g e n t E v o l u t i o n a r y S e l f s u f f i c i e n t W e l l m a i n t a i n e d H i g h l y n e t w o r k e d W h o l l y i n t e g r a t e d F u l l y a n t i c i p a t o r y I S P . n D e c o y s A p p s . n F i b r e . n C l o u d . n R o u t e . n D e c o y s C l o a k i n g B i o m e t r i c s C l o a k i n g S e r v i c e s x n A I A n a l y s i s D a t a S h a r i n g anticipato C o l l a b o r a t o r s M a r k e t W a t c h A I D i a g n o s t i c s 2 4 x 7 x 3 6 5 W a t c h W h i t e H a t Te s t i n g D e v i c e M o n i t o r i n g P e o p l e M o n i t o r i n g T r a f f i c M o n i t o r i n g A t t a c k M o n i t o r i n g N e t w o r k M o n i t o r i n g B e h a v i o u r a l A n a l y s i s S e c u r i t y A d v i s o r y B o a r d E x p e r i e n c e / D a t a N e t w o r k

5. P a s t L e s s o n s F e n c e F e n c e + M o u n d W a l l + M o u n d W a l l + M o u n d + D i t c h W a l l + M o u n d + M o a t W a l l ( s ) + M o u n d + K e e p + M o a t + + + + + + W a l l ( s ) + M o u n d + K e e p + M o a t + H i d d e n D i t c h + O b s t a c l e s + + + + + + C a s t l e i n a C a s t l e !

6. S lo w e vo l u t i o n T h e e n e m y i s m o b i l e & a g i l e I r o n A g e N a p o l e o n E x p o n e n t i a l l y m o r e e x p e n s i v e a n d l o n g e r b u i l d t i m e E f f e c t i v e n e s s o n a s h o r t e r a n d s h o r t e r f u s e !

7. S lo w e vo l u t i o n T h e e n e m y i s m o b i l e & a g i l e I r o n A g e N a p o l e o n E x p o n e n t i a l l y m o r e e x p e n s i v e a n d l o n g e r b u i l d t i m e E f f e c t i v e n e s s o n a s h o r t e r a n d s h o r t e r f u s e ! Does this not look like the recent history of cyber defence w ith layer on layer of fixed/static defences And w e are still building them in the form of bunkers at even vaster expense

8. WA L L S D O N ’ T W O R K B u t w e k e e p b u i l d i n g t h e m ! And after > 2000 years of evolution, what comes next?

9. WA L L S D O N ’ T W O R K B u t w e k e e p b u i l d i n g t h e m ! And after > 2000 years of evolution, what comes next? After 1000s of years building them they are still static and unable to adapt as fast as the enemyYou can dig a tunnel cut a hole end run climb over fly over drive/w alk through on false documents

10. Fa s t e r e vo l u t i o n T h e e n e m y i s m o b i l e a n d a g i l e

11. W H At D I D W E L E A R N ! C o n c e n t r i c d e f e n c e l a y e r s w o r k ( i s h ) ? N o t s o i f t h e y a r e : F i x e d U n c h a n g i n g U n r e s p o n s i v e S l o w t o e v o l v e L a c k i n t e l l i g e n c e P o o r l y m a i n t a i n e d O p e r a t e i n i s o l a t i o n N o t w h o l l y i n t e g r a t e d N o t f u l l y a n t i c i p a t o r y H u b L A N S w i t c h C P E H u b L A N S w i t c h C P E I S P C L O U D ( s ) S e c u r i t y a t e v e r y l a y e r h a s t o b e d y n a m i c & a d a p t a b l e V P N s -P N s E n c r y p t i o n

12. E X E M P L A R T h r e a t R e d u c t i o n “ H o n e d i n t h e f a c e o f y e a r s (decades) of ongoing of threat with Carriers, Companies, ISPs Service Providers, Security and I n t e l l i g e n c e a g e n c i e s a c ro s s t o provide a stable (for now) model - but much more is required of the IT industry, Operators & Customers”

13. E X E M P L A R T h r e a t R e d u c t i o n “ H o n e d i n t h e f a c e o f y e a r s (decades) of ongoing of threat with Carriers, Companies, ISPs Service Providers, Security and I n t e l l i g e n c e a g e n c i e s a c ro s s t o provide a stable (for now) model - but much more is required of the IT industry, Operators & Customers” Each segment/ish demands specialised teams and great expertise on r and d FULL TIME

14. P a r o d y ! W e f e e l r e a l i t y S u p p o s e o u r c a r s w e r e l i k e o u r l a p t o p s a n d o t h e r I T k i t - w h a t w o u l d w e t h i n k a n d d o ? T h i s i s a c o m p l e t e p r o d u c t b a s e d o n t h e i n d u s t r i a l d e v e l o p m e n t s s p a n n i n g > 1 3 0 y e a r s

15. R E A L I T Y ! I t c a n b e a p a i n A u t o U p g r a d e P r o b l e m a t i c N o t f u l l s o ! E a c h d e v i c e i s i d i o s y n c r a t i c & n o t i n h e r e n t l y s e c u r e - d e m a n d i n g u s e r s t o b e a l e r t & c a p a b l e ! M u l t i - O S M u l t i - A p p F i x e d / M o b i l e Users lives at work and at home are becoming ever more complex as the number of devices, peripherals, terminals and appliances multiply Husband - Wife H o m e - O f f i c e F i x e d - M o b i l e P e r s o n a l a n d Company Children School-Home Games -Video S o c i a l N e t s S t u d y - F u n

16. R E A L I T Y ! I t c a n b e a p a i n A u t o U p g r a d e P r o b l e m a t i c N o t f u l l s o ! E a c h d e v i c e i s i d i o s y n c r a t i c & n o t i n h e r e n t l y s e c u r e - d e m a n d i n g u s e r s t o b e a l e r t & c a p a b l e ! M u l t i - O S M u l t i - A p p F i x e d / M o b i l e Users lives at work and at home are becoming ever more complex as the number of devices, peripherals, terminals and appliances multiply Husband - Wife H o m e - O f f i c e F i x e d - M o b i l e P e r s o n a l a n d Company Children School-Home Games -Video S o c i a l N e t s S t u d y - F u n All of these products have only been w ith us a very few decades and remain immature

17. T h e i m m a t u r e I o T A N D N E X T ? T h e i n f a n t i l e I o T Conceived, designed, produced off shore with security more or less an afterthought & a last minute kluge! This may be an impending nightmare

18. S tat u s U n t e n a b l e

19. IncreasingRisk S tat u s U n t e n a b l e

20. IncreasingRisk S tat u s U n t e n a b l e

21. IncreasingRisk S tat u s U n t e n a b l e IT Companies need to get a grip anD start supplying complete products IT security is way beyond Joe Public and most of the poPulation

22. S o l u t i o n S p a c e B e h a v i o u r a l A n a l y s i s o f P e o p l e , M a c h i n e s , N e t w o r k s , A p p l i c a t i o n s

23. S o l u t i o n S p a c e A I B e h a v i o u r a l A n a l y s i s o f N e t M a c h i n e s , N e t w o r k s , A p p l i c a t i o n s Pre-Attack Activities

24. S o l u t i o n S p a c e A I B e h a v i o u r a l A n a l y s i s o f N e t M a c h i n e s , N e t w o r k s , A p p l i c a t i o n s Pre-Attack Activities Early days but retrospectively show n to be capable of identifying some cyber and terrorist attacks AI Still in early learning phase and examining many different attack types Grossly underfunded in a start up w ith actual deployment uncertain

25. S e g u e D i v e r s i t y Power + Control + Comms Cable Distribution Port Keel Starboard Power Generation + Main Plant + Generator + Batteries I n c r e a s i n g r e l i a b i l i t y , re s i l i e n c e & s u r v i v a b i l i t y

26. S e g u e D i v e r s i t y Power + Control + Comms Cable Distribution Port Keel Starboard Power Generation + Main Plant + Generator + Batteries I n c r e a s i n g r e l i a b i l i t y , re s i l i e n c e & s u r v i v a b i l i t y S a f e t y B e l t , B r a c e s L i f e l i n e

27. D i v e r s i t y F a c e B o o k S e r v e r F a r m F a c i l i t y M i r r o r e d i n a n d o u t M u l t i p l e P o w e r & F i b r e F e e d s C o n t r o l l e d A c c e s s a t a l l l e v e l s S ta n d b y G e n e ra to rs & B a tte rie s ~ 5 0 k m f r o m n e a r e s t A i r p o r t Standby B atteries fo r every rack

28. D i s p e r s e d R i s k & R e d u n d a n c y P e o p l e S k i l l s P h y s i c a l L o c a t i o n s M u l t i p l e E q u i p m e n t s T r a f f i c R o u t i n g D i r e c t i n g

29. D i v e r s i t y R e l i a b i l i t y / R e s i l i e n c e

30. D i v e r s i t y R e l i a b i l i t y / R e s i l i e n c e A single Cloud/Services Provider poses a potential single point of failure All your eggs in one basket with no legal recourse should the provider lose or corrupt your data

31. D i v e r s i t y R e l i a b i l i t y / R e s i l i e n c e

32. D i v e r s i t y R e l i a b i l i t y / R e s i l i e n c e Triplication creates a vast improvement in the overall reliability and security

33. S e c u r e S t o r a g e D o c u m e n t s o p e n , l o c k e d , e n c r y p t e d ? Singular back ups, or multiple co- located Tape, Disc, SS drives on desk, in building, on servers, at ISPs, or on a singular Cloud? Could we create an even greater degree of data security

34. S e c u r e S t o r a g e D o c u m e n t s o p e n , l o c k e d , e n c r y p t e d ? Singular back ups, or multiple co- located Tape, Disc, SS drives on desk, in building, on servers, at ISPs, or on a singular Cloud? Multiple Clouds (at least) triplicated provides a far higher degree of security Why an odd number (3) ? If you only had two copies - and one is corrupted how do you choose the correct one? Could we create an even greater degree of data security

35. S e g u e A e r o S p a c e C o m m o n l y a d o p t t r i p l i c a t e d s e n s o r s , c o m p u t e r s , d i s p l a y s + e l e c t r i c a l a n d h y d r a u l i c s y s t e m s + + +

36. O t h e r s e c t o r s M o s t m i s s i o n / l i f e c r i t i c a l s y s t e m s ! N u c l e a r P o w e r i s o b v i o u s - c a n y o u t h i n k o f m o r e l i k e l y c a n d i d a t e s ?

37. b l o c k C h a i n A v e r y b r i e f o v e r v i e w F o r a f u l l e r t r e a t m e n t G O T O : h t t p s : / / w w w . s l i d e s h a r e . n e t / P e t e r C o c h r a n e / b l o c k - c h a i n - b a s i c s S h o r t F o r m : h t t p s : / / b i t . l y / 2 x s x E J t

38. B l o c k C h a i n A v e r y v e r y b r i e f o v e r v i e w •Self organising •Functionally autonomous •A distributed electronic ledger •2007/2009 saw visible manifestations •No one knows the inventor/origins for sure •Designs, protocols and code are open source •Security agencies suspected to be on a similar tack •Specialised Block Chains dedicated to just one task •Generalised Block Chains are now becoming a platform •A next step in the logical progression toward decentralisation •Inherently more secure than any previously realised transaction system •Sidelines institutions and centralised control making all transactions simpler

39. C a p a b i l i t i e s Great utility spanning all spheres Voting Storage Records R&D data Multi-media Production data Patents/Copyright Licences/permissions Property deeds/ownership Every form of value exchange Ultra secure communications All forms of legal documentation +++++ WTH are Hash Functions and Merkel Trees?

40. C a p a b i l i t i e s Great utility spanning all spheres Voting Storage Records R&D data Multi-media Production data Patents/Copyright Licences/permissions Property deeds/ownership Every form of value exchange Ultra secure communications All forms of legal documentation +++++ WTH are Hash Functions and Merkel Trees? Confirms the validity of data and an agreed transaction beyond all doubt IF you did not study maths you have to take this on trust but there is hidden beauty in all this there has been a widespread hype of this tech and what it can actually do It has been used inappropriately and many have disclosed their architectures

41. A N e w L e d g e R Digital, Encrypted, Highly Complex • Distributed attack virtually impossible • Obscuration through complexity • Impervious to focussed attack • Spread over many machines • Geographically distributed • Address space invisible • Inherently secure • Format variable • Vastly scaleable • Multiple forms • Multi-key No one knows who owns individual machines, where they are, what type they are, which OS and apps they use, when & if they are on-line (No) single point of failure or access Machines can protect themselves and each other Networks are generally conﬁguration dynamic A vast number of app, conﬁg, coding, hash, and design options Keeping the design detail a secret is imperative Concatenated hash checks have never been cracked Operates securely without all members being on-line

42. A S A N E T W O R K Dynamically connected machines via every conceivable topology Thisdiversityalladdstothesecurityequation Open Closed Internet Telephone Broadband L AN WiFi WL AN 3/45G DarkNet

43. A S A N E T W O R K Dynamically connected machines via every conceivable topology Thisdiversityalladdstothesecurityequation Open Closed Internet Telephone Broadband L AN WiFi WL AN 3/45G DarkNet How do I know you are what you say you are where is the validation and evidence of any crosschecks PUBLIC KEY ETAL ARE in use here but it is a prime threat area and a point of attack

44. S E C U R I T Y C o m m u n i c a t i o n s All machine-to-machine/network communications are protected by public and/or private key or some other form of ‘disguising/ hiding/encryption’ If you need a tutorial on this GOTO: https://www.slideshare.net/PeterCochrane/public-key-made-very-easy https://bit.ly/2yp1tep Short Form GOTO:

45. b l o c k c h a i n Perhaps the ultimate solution Ledger(s) Processing Storage A decentralised system of shared ledgers (public or private) across tens/hundreds/ thousands of machines of all kinds capable of processing, storage and peer-to-peer networking

46. b l o c k c h a i n Perhaps the ultimate solution Ledger(s) Processing Storage A decentralised system of shared ledgers (public or private) across tens/hundreds/ thousands of machines of all kinds capable of processing, storage and peer-to-peer networking obviously in the limit not infinitely scalABle connectivity Latency machine memory et Al are all finite

47. S a m p l e F E AT U R E S B y wa y o f s i m p l e b u t s t ro n g a n a l o g i e s • A transaction (a single page) has a hash number (page character type count) • Blocks (concatenated pages) have an accumulated page-on-page, hash-on-hash value • BlockChain - an endless book (of concatenated chapters) has an accumulated running hash We an detect the removal or insertion of a single full stop, or any character, word, sentence, para or page anywhere in this Bible! We therefore know with certainty if it has been Interfered with!

48. boiled down U s i n g p r o v e n a l g o r i t h m s PROOF OF WORK Was a message sent ? Was a transaction completed ? Was everything acknowledged ? How big was the completing hash ? Was everything checked and tested positive ? HASH FUNCTION An apparently simple mathematical operation Uses a complex seed of two (or more) primary numbers This is digitally multiplied by a binary ﬁle to be protected A unique hash is generated to detect the smallest of changes Answers the question: is this the correct ﬁle or has it been tampered with ? Hash Binary Code Number Unique Hash Code Number Input File Input Factors Proof of Work Number

49. M E r k L e T R EE T h e c o n c a t e n a t e d h a s h Each page of a our book is given a hash value used in creating a block hash and then a chain hash by a process of sequential concatenation PAGE 1 PAGE 2 PAGE 3 PAGE 4 HASH OF PAGE 1 + 2 HASH OF PAGE 3 + 4 HASH OF PAGES 1 + 2 + 3 + 4 A change of any one character or space on any page at any time will be detected & ﬂagged immediately HIGH SECURITY

50. File 1 File 2 File 4 File 3 # # # ## # # A four file Block Individual file hashing Grouped hash of hashes A full block hash A fixed size number that will change if just one file has a ‘full stop’ changed N The Block hash value

51. P r o c e s s W a l k T h r o u g h For only one simple set of choices User 1 requests a transaction

52. P r o c e s s W a l k T h r o u g h For only one simple set of choices User 1 requests a transaction Peer computers analyse past blockchain transactions with veriﬁcation through proof of work and/or P2P consensus

53. A different peer group for User 2 ? P r o c e s s W a l k T h r o u g h For only one simple set of choices User 1 requests a transaction IFF all are agree that this is a sound transaction, then & only then:Assets are exchanged Peer computers analyse past blockchain transactions with veriﬁcation through proof of work and/or P2P consensus

54. A different peer group for User 2 ? P r o c e s s W a l k T h r o u g h For only one simple set of choices The entire transaction is recorded in the distributed ledger across many machines User 1 requests a transaction IFF all are agree that this is a sound transaction, then & only then:Assets are exchanged Peer computers analyse past blockchain transactions with veriﬁcation through proof of work and/or P2P consensus

55. A different peer group for User 2 ? P r o c e s s W a l k T h r o u g h For only one simple set of choices The entire transaction is recorded in the distributed ledger across many machines User 1 requests a transaction IFF all are agree that this is a sound transaction, then & only then:Assets are exchanged Peer computers analyse past blockchain transactions with veriﬁcation through proof of work and/or P2P consensus User 2 receives materials

56. M i n i n g Many alternatives Negating all the 5 1 % , i n t r u d e r, & m i m i c a t t a c k scenario(s) Randomly select 3, 5, 7…users as decision arbiters Send them the ‘work functions’ of all users (or a significant slice/sample thereof ) If the select 3, 5, 7… all agree that all user work functions and final hash tally; the transaction is carried This is also a simple way of isolating r o g u e u s e r s a n d c o m p r o m i s e d machines/portions of the network

57. m o r e G O T O W W W Beyond this outline you will ﬁnd many articles, movies and slide sets dealing with speciﬁc cases and i m p l e m e n t a t i o n s available on line T h e d e p i c t i o n opposite is just one example of very many

58. P a r s i n g C l a s s i c P e r s p e c t i v e Used extensively in speech recognition and language translation by machines

59. P a r s i n g C l a s s i c P e r s p e c t i v e Used extensively in speech recognition and language translation by machines W e n eed to ben d th is c o n c ept to a d v a n ta g e in th e c r ea tio n o f super sec ur e sto r a g e o n c lo ud o r o ff

60. P a r s i n g O u r P e r s p e c t i v e We a r e a b o u t t o u s e t h i s t o ‘c h u n k ’ documents pre or post encrypt BUT pre dispersion to multiple clouds or storage locations Parse by Para Encrypt with same/ or different keys

63. P a r s i n g O u r P e r s p e c t i v e We a r e a b o u t t o u s e t h i s t o ‘c h u n k ’ documents pre or post encrypt BUT pre dispersion to multiple clouds or storage locations Parse by Para Encrypt with same/ or different keys D e p o s i t o n the same disc or cloud…or D e p o s i t o n multiple discs or clouds…

64. P a r s i n g O u r P e r s p e c t i v e We a r e a b o u t t o u s e t h i s t o ‘c h u n k ’ documents pre or post encrypt BUT pre dispersion to multiple clouds or storage locations Parse by Para Encrypt with same/ or different keys D e p o s i t o n the same disc or cloud…or D e p o s i t o n multiple discs or clouds… A ll a d d r essin g a n d d o c um en t ID a n d fo r m a t in fo sh o uld be g r o ssly d iffer en t a n d g iv e n o c lues… C o m pleten ess m ust be a c o n d itio n o f th is pr o c ess to en sur e m a x im um sec ur ity n o pa r tia l c lues

65. P a r s i n g O u r P e r s p e c t i v e Can be by letter word, line, group sampling, and by document geographical (variable/fixed) guillotining

66. P a r s i n g O u r P e r s p e c t i v e Can be by letter word, line, group sampling, and by document geographical (variable/fixed) guillotining D e p o s i t o n the same disc or cloud…or

67. P a r s i n g O u r P e r s p e c t i v e Can be by letter word, line, group sampling, and by document geographical (variable/fixed) guillotining D e p o s i t o n the same disc or cloud…or D e p o s i t o n multiple discs or clouds…

68. P a r s i n g O u r P e r s p e c t i v e Can be by letter word, line, group sampling, and by document geographical (variable/fixed) guillotining D e p o s i t o n the same disc or cloud…or D e p o s i t o n multiple discs or clouds… W e c a n ta k e th is m uc h fur th er but so fa r it is th e m o st sec ur e pr o to c o l fo r c lo ud a n d d isc sto r a g e

69. Back to ThePeriphery R e a l i t y C h e c k a s o f 2 0 2 0 Attacks escalating Our exposure is growing Attackers are winning the war Attackers get richer by the year Our defences are not 100% effective We need to collaborate and share all We are largely disorganised and underinvesting People remain our single biggest attack risk All our security tools are reactive & mostly outdated Best market model appears to be the airline industry

70. Back to ThePeriphery R e a l i t y C h e c k a s o f 2 0 2 0 Attacks escalating Our exposure is growing Attackers are winning the war Attackers get richer by the year Our defences are not 100% effective We need to collaborate and share all We are largely disorganised and underinvesting People remain our single biggest attack risk All our security tools are reactive & mostly outdated Best market model appears to be the airline industry We Can present easy and very attractive Opportunities for cyber hackers and/or criminals

71. Collaboration A i r l i n e s m o d e l 2 0 2 0 Safety record is all Embraces entire industry Every accident is investigated All incident reports are open & shared Safety communication is pilot/operator centric Industries, manufacturers, governments all committed Well organised and structured with a high level of accountability Passenger and crew safety is the single biggest concern and success metric

72. Collaboration A i r l i n e s m o d e l 2 0 2 0 Safety record is all Embraces entire industry Every accident is investigated All incident reports are open & shared Safety communication is pilot/operator centric Industries, manufacturers, governments all committed Well organised and structured with a high level of accountability Passenger and crew safety is the single biggest concern and success metric

73. Collaboration A i r l i n e s m o d e l 2 0 2 0 Safety record is all Embraces entire industry Every accident is investigated All incident reports are open & shared Safety communication is pilot/operator centric Industries, manufacturers, governments all committed Well organised and structured with a high level of accountability Passenger and crew safety is the single biggest concern and success metric Flying is generally the safest mode transport globally as a result of this Reinforcing model Cyber security is in need of something very similar if it is ever to migrate out of The victim mode

74. • No transgressions • Work up to the limit • Keep within the spirit & word • Our responsibility to keep up to date • Seek legal advice on latitude • Special dispensations may be possible • National security/intelligence may help • In general the Buck ends with you ! P L E A S E N O T E A t t a c k e r s s u f f e r n o n e o f t h i s Legal system Codes of practice Ethical principles Moral responsibilities The Dark Side is wholly u n c o n s t r a i n e d a n d limited by nothing and no one - they only care about the RoI - and the damage, hurt, they inﬂict - the crimes, and moral outrages they commit - mean nothing to them! This sets us apart from these despicable people and it is the single biggest differentiator in our thinking, actions and mode of operation!

75. EU GDPR https://eugdpr.org/ •Lawfulness, fairness and transparency. •Purpose limitation. •Data minimisation. •Accuracy. •Storage limitation. •Integrity and conﬁdentiality (security) •Accountability. Global Laws https://www.privacypolicies.com/blog/global-privacy-laws-explained/ • COPPA, CalOPPA • Do Not Track • PIPEDA, HIPPA F a s t E v o l v i n g Mostly on the back foot often unworkable!

76. EU GDPR https://eugdpr.org/ •Lawfulness, fairness and transparency. •Purpose limitation. •Data minimisation. •Accuracy. •Storage limitation. •Integrity and conﬁdentiality (security) •Accountability. Global Laws https://www.privacypolicies.com/blog/global-privacy-laws-explained/ • COPPA, CalOPPA • Do Not Track • PIPEDA, HIPPA F a s t E v o l v i n g Mostly on the back foot often unworkable! UK Data Protection act often violated by Gov Depts and their employees and public mostly ignore it

77. OUR COAT OF ARMS W e h a v e c o d e s o f p r a c t i c e ! Do No Harm As Cyber Security Professionals we are the tip of a defence sword; but we cannot wield it as yet! There has to be a national/international decision as we are looking at starting a war that might just expand into a global conﬂagration! Reality is that no nation/country is in a position to sanction such a risk (independent action) as all are suffering inadequate defences and could suffer a societal collapse should a war ensue!

78. OFF THE TABLE FOR NOW W e m u s t n o t a n d d a r e n o t r e t a l i a t e ! We almost certainly have all the tools, and technologies to ‘burn’ all the hackers, hacker groups, criminals, rogue states, military and government agencies! However, MAD prevails! Mutually Assured Destruction We are in a new kind of cold-war but the other side are making a fortune! The extent of National Security retaliation ‘appears’ to be the taking down of offending sites…

79. - r t s a t = o m n o w ust n o t a n d d a r e n o t r e t a l i a t e ! We almost certainly have all the tools, andtechnologies to 'burn' all the hackers,hacker groups, criminals, rogue states, military and government agencies!However, MAD prevails! IJutually ssured estruction We are in a new kind of cold-war but the othe sidearemakinga fortune! Theextent of National Security retaliation 'appears' to be the taking down of offending sites...

80. THE Potential Nightmare We h a v e n o r e a l e v i d e n c e o f w h o c a n d o w h a t !

81. SO HERE WE ARE ! I n t h e m i d d l e o f a m a j o r w a r

82. The eNemy Innovates fast T h i n g s l i k e t h i s p o p u p a l m o s t w e e k l y !

83. D e f e n c e e s s e n c e S p e e d o f d e t e c t i o n , r e s p o n s e & a d a p t a t i o n 1) Our own passivity is the biggest danger 2) The attacker agility and innovation our biggest challenge 3) Attackers have the ﬁrst mover advantage & get to choose everything 4) Human defenders cannot be vigilant and prepared 24 x 365 year-on-year 5) Situational awareness is key & rooted in Data/Information gathering/analysis 6) Machines, AI, Machine Learning are key to solving (4 & 5) and giving us the edge 7) The application of anticipatory techniques is still in its infancy and needs investment! 8) Disparate companies, groups and government almost all the components we need 9) It is essential that these resources (8) are brought to bear and integrated with (5 -7) 8) We might just win this war, but not without changing the way we think and operate!

84. https://www.varonis.com/blog/cybersecurity-statistics/ A t t a c k C a t a l o g u e W e f a c e a r a p i d l y c h a n g i n g l a n d s c a p e ! “ I t i s e s s e n t i a l t o m a k e a c y b e r t h r e a t r e v i e w a d a i l y r o u t i n e b y c o n t i n u a l l y t a p p i n g t h e r i c h v e i n o f r e p o r t s a n d h e a d l i n e n e w s a v a i l a b l e t o t h e d e f e n c e c o m m u n i t y ” https://go.crowdstrike.com/crowdstrike-global-threat-report-2020.html https://www6.gemalto.com/ppc/dtr/global https://www.accenture.com/gb-en/insights/cyber-security-index https://solutionsreview.com/endpoint-security/key-ﬁndings-the-check- point-2020-cyber-security-report/

85. E X P E R T O V E R V I E W C h e c k P o i n t 2 0 2 0 C y b e r S e c u r i t y R e p o r t Major Takeaways : “2019 presented a complex threat landscape where nation states, cybercrime organisations and private contractors accelerated the cyber arms race, elevating each other’s capabilities at an alarming pace, and this will continue into 2020” “Even if an organisation is equipped with the most comprehensive, state-of-the-art security products, the risk of being breached cannot be completely eliminated” “Beyond detection and remediation, organisations need to adopt a proactive plan to stay ahead of cyber-criminals and prevent attacks. Detecting and automatically blocking the attack at an early stage can prevent damage”

86. https://www.varonis.com/blog/cybersecurity-statistics/ T o d a y ’ s C h o i c e T h e m o s t u p t o d a t e o n t h e p r e p d a y

87. f a c t o i d s J u s t s c e n e s e t t i n g 1 Global cybersecurity spend to reach $133.7 Bn in 2022. (Gartner) 62% of businesses hit by phishing/social engineering attacks in 2018. (Cybint Solutions) 68% of business leaders see cybersecurity risks increasing. (Accenture) Only 5% of companies’ folders are properly protected, on average. (Varonis) Data breaches exposed 4.1 Bn records in the ﬁrst half of 2019. (RiskBased) 71% of breaches ﬁnancially motivated and 25% motivated by espionage. (Verizon) 52% of breaches were hacking, 28% malware, 32–33% phishing social eng. (Verizon) Between Jan 2005 & April 2018 there were 8,854 recorded breaches. (ID Theft Resource Center) Overall ransomware down 52% but enterprise infections up by 12% in 2018. (Symantec) Top malicious email attachment types: doc & .dot = 37%, next is .exe = 19.5%. (Symantec) By 2020 humans & machines passwords globally will be ~300 billion. (Cybersecurity Media)

88. f a c t o i d s J u s t s c e n e s e t t i n g 2 Security breaches have increased by 11% since 2018 and 67% since 2014. (Accenture) Hackers attack every 39 seconds, on average 2,244 times a day. (University of Maryland) The average time to identify a breach in 2019 was 206 days. (IBM) The average lifecycle of a breach was 314 days (from the breach to containment). (IBM) 500M customers (2014 on) information compromised @ Marriott-Starwood made public 2018. 64% of Americans have never checked to see if they were affected by a data breach. (Varonis) 56% of Americans don’t know what steps to take in the event of a data breach. (Varonis) The average cost of a data breach is $3.92 million as of 2019. (Security Intelligence) 83% of enterprise workloads will move to the cloud by the year 2020. (Forbes) In 2016 3 BnYahoo accounts hacked in one of the biggest breaches of all time. (NY Times)

89. f a c t o i d s J u s t s c e n e s e t t i n g 3 In 2016, Uber reported hackers stolen info on >57 million riders and drivers. (Uber) In 2017, 412 M user accounts were stolen from Friendﬁnder’s sites. (Wall Street Journal) In 2017, 147.9 M consumers were affected by the Equifax Breach. (Equifax) The Equifax breach cost the company over $4 billion in total. (Time Magazine) In 2018, Under Armor reported “My Fitness Pal” was hacked, affecting 150 M users. Uber tried to pay off hackers to delete the stolen data of 57 million users and keep the breach quiet. (Bloomberg) 18 Russians, 19 Chinese individuals, 11 Iranians and one North Korean were involved in indictments for their alleged state-sponsored espionage against the United States. (Symantec)

90. M e t r i c s W h e r e t o f o c u s

91. P e r s i s t e n t C r i s i s Anti-phase cyclic actions correlate with events Company/Institutions/Gov/Industry Status Surveys remain almost static year- on-year and show little sign of improvement despite the growing number of attacks & reputational damage

92. At ta c k R a n k i n g s W h e r e t o f o c u s a n d t o t r a c k !

93. I n i t i a l A c c e s s D o m i n a n t b r e a k - i n m e t h o d s A l l h u m a n f a l l i b i l i t y m e c h a n i s m s !

94. S P A M H O S T I N G T o p 2 0 C o u n t r y H i t P a r a d e

95. S P O O F E D B R A N D S T o p 1 0 u s e d i n S P A M A t t a c k s

96. M a l w a r e C O D E N e w g e n e t i c c o d e i n c r e a s e

97. M a l w a r e C O D E N e w g e n e t i c c o d e i n c r e a s e TopIndustryTargets SPAM Victims

98. M a l w a r e C O D E N e w g e n e t i c c o d e i n c r e a s e TopIndustryTargets SPAM Victims Bew are 1 w hat this does not show is the potential/ actual roi per category Bew are 2 Nor does it indicate the probability or likelihood of a hit per category

99. P r e d i c t i o n s 2 0 2 0 W h e r e a r e t h e c y b e r t h r e a t s t o b e ?

100. C I S C O P O S I T I O N Protecting customers - taking the pain away https://www.youtube.com/watch?time_continue=130&v=eg_m5jrt1gQ&feature=emb_logo

101. B a c k t o o u r R e a l i t y W e a r e i n a m a j o r w a r a n d l o s i n g f a s t The long term solution rests on 6 (or 7) cornerstones: 1) Taking human DIY out of the security loop 2) Automate the cyber security on every app, device, machine++ 3) Apply the principles of auto-immunity throughout the user domain 4) Change the culture from destructive protectionism to proactive sharing 5) Engage in R&D that allows us to ape and anticipate the Dark Side Attacks 6) Introduce AI learning engines at every level to identify ‘give away’ patterns 7) ?????

102. E t h i c a l H a c k e R H i r e a ‘ w h i t e h a t ’ a t t a c k e r s f i n d h i d d e n v u l n e r a b i l i t i e s

103. F u r t h e r R e a d i n g A selection of relevant reports & studies https://resources.infosecinstitute.com/top-cybersecurity-predictions-for-2020/#gref https://www.ifsecglobal.com/cyber-security/predicting-the-top-five-2020-cyber-security-trends/ https://cybersecurityventures.com/cybersecurity-almanac-2019/ https://www.mimecast.com/the-state-of-email-security-2019/ https://www.cisco.com/c/en_uk/products/security/security-reports.html https://www.forbes.com/sites/daveywinder/2020/02/11/these-ancient-microsoft-security-flaws- are-still-driving-cybercrime-in-2020/#3c3105a6657e https://www.akamai.com/uk/en/resources/our-thinking/state-of-the-internet-report/global-state- of-the-internet-security-ddos-attack-reports.jsp https://www.ibm.com/security/digital-assets/xforce-threat-intelligence-index-map/#/ https://content.fireeye.com/m-trends/rpt-m-trends-2020

104. Things that Think want to Link and Things that Link want to Think F I N - Q & A ? www.petercochrane.com

CYBER DEFENCE SCENARIOS - Part 2: Building The Blue Team

Esté a ler uma amostra.

Confira estes a seguir

CYBER DEFENCE SCENARIOS - Part 2: Building The Blue Team

Mais Conteúdo rRelacionado

Diapositivos para si (20)

Semelhante a CYBER DEFENCE SCENARIOS - Part 2: Building The Blue Team (20)

Mais de University of Hertfordshire (10)

Mais recentes (20)