Anúncio
Check these out next
Cyber Portents and Precursors
27 de Nov de 2022•0 gostou•45 visualizações
0 gostaram
Seja o primeiro a gostar disto
mostrar mais
visualizações
Vistos totais
0
No Slideshare
0
De incorporações
0
Número de incorporações
0
Baixar para ler offline
Denunciar
Engenharia
In a world of accelerating innovation and increasingly complex digital services, applications, appliances, and devices, it seems unreasonable to expect customers to understand and maintain their own cyber security. We are way past the point where even the well educated can cope with the compounded complexity of an ‘on-line-life’. The reality is, today's products and services are incomplete and sport wholly inadequate cyber defence applications. Perhaps the single biggest problem is that defenders have never been professional attackers - and they don’t share the same level of thinking and deviousness, or indeed, the inventiveness of their enemies. Apart from an education embracing the attack techniques, and in some cases, engaging in war games, the defenders remain on the back foot However, there a number of new, an potentially significant, approaches yet to be addressed, and we care to look at the problem from a new direction. In the maintenance of high-tech equipment and systems across many industries, identifiable precursors are employed to flag impending outages and failures. This realisation prompted a series of experiments to see if it was possible to presage pending cyber attacks. And indeed it was found to be the case! In this presentation we give an overview of our early experimental and observational results, long with our current thinking spanning networks through to individual hackers, and inside actors.
University Professor and Consultant em University of Hertfordshire
Anúncio
Anúncio
Anúncio
Recomendados
The Art of Human Hacking : Social Engineering OWASP Foundation
Artificial Intelligence –
Time Bomb or The Promised Land?Raffael Marty
Due Diligence Considerations for Scientists, Commanders, and Politicians As T...Dr. Lydia Kostopoulos
Insider Threat MitigationRoger Johnston
If you can't beat em, join emJohn Eberhardt
Managing cyber securityUniversity of Hertfordshire
Cyber Portents and Precursors
- C y b e r P o r t e n t s & P r e c u r s o r s Shireen Walton Peter Cochrane OBE, DSc
- https://www.embroker.com/blog/cyber-attack-statistics/ CYBER CRIME Cost to Global Business Source: We Are Losing THE CYBER WAR
- CYBER ATTACKS All originate from human action https://www.embroker.com/blog/cyber-attack-statistics/ Outsiders Outsiders + Insiders Criminal Groups Cyber Security Industry Focus B i g g e s t T h r e a t ? L a r g e l y I n v i s i b l e What About Diverse 45% IoT Elements Wi de Open - U n p r o t e c t e d E x p o n e n t i a l Growing Risk Source: “The Threat Landscapes gets bigger and more complex year-on-year with reactive defenders always behind the wave”
- THERMODYNAMICS “All things in the natural & unnatural worlds, experience failures and death” “Acts of war, terrorism, and criminality wear a cloak of causality that renders them recognisable as unnatural in the schema of failures ” “In general, these exhibit random distributions at scale” “Patterns are thus key in charactering and identifying failure types and likely cause” “The Celestial Ratchet that governs everything in the universe”
- HYPOTHESIS 1 “Everything in the natural world; be it biological, geological, climatic, astronomical, et al, exhibit precursor indicators to major events” Eg Hormonal and Chemical Changes, Tremors, Pressure, Humidity, Temperature, Trajectory Deviations etc
- HYPOTHESIS 2 “Everything in the unnatural world, be it electrical, mechanical, electronic, photonic, mechatronic, robotic, AI et al, exhibit precursor indicators to major failures and events” Eg Excessive Heat, Vibration, Packet Loss, Data Storage, Processing and Decision Failures,
- E l e c t r o - MECHANICAL E x a m p l e Unwanted Resonances Failure Precursors Speci fi c Element in Wear Out Phase Vibration spectrum identi fi es reducing machine performance pending total failure
- Time Machine Conditio n/Funct ion E l e c t r o - MECHANICAL S Y S T E M S Multi-spectrum monitoring quickly identi fi es reducing machine performance pending total failure / a need for preventative maintenance
- Electronic fibre optic E x a m p l e Bit, Byte, Block, Frame, Addressing, Routing, Decision Errors+++
- Commissioning In Service Change Out Low Level Quasi-Constant Accelerating Overall Failure Rate Infant Mortality Random End of Life Failures Cause Timeline Not to Scale Stage Production & Install Inherent Natural Ageing C o n V e n t i o n a l Failure Timing “System fails are generally clustered at the start and end of a systems life, but Cyber Attacks tend to be more evenly spread”
- “Cyber Attacks span the natural and unnatural worlds with people and technology in concert, and precursors are therefore highly likely” “Malware, Spam, Insider/Outsider Activity will exhibit unusual patterns of Physical/MetaPhysical behaviour across all Networks, and Devices” HYPOTHESIS 3
- Key Question 1 “Can we detect deviations from the behavioural norm of Networks, Hubs, Severs, Terminals, Devices (“and people”) with su ffi cient fi delity to identify a pending or ‘in progress’ Cyber Attack?” “There is only one course of action open to us - take a look see”
- Components: people, PC, device, router, switch, hub, fi rewall, network, server, cloud, tra ffi c and data activity Cyber Attack Pre-Emptive Probe + HIT Pre-cursor to full on attack Initial investigation in Vienna of available Interpol Data @ SAIL Labs
- ffi Fourier ? ANALYtics Looking for needles in haystacks - or will it all be blindingly obvious - what/where are the fl ags?
- ffi Fourier ? ANALYtics Looking for needles in haystacks - or will it all be blindingly obvious - what/where are the fl ags?
- ffi Fourier ? ANALYtics Looking for needles in haystacks - or will it all be blindingly obvious - what/where are the fl ags?
- ffi Fourier ? ANALYtics Looking for needles in haystacks - or will it all be blindingly obvious - what/where are the fl ags?
- ffi Fourier ? ANALYtics Looking for needles in haystacks - or will it all be blindingly obvious - what/where are the fl ags?
- People Systems Networks Monitoring People Systems Networks All Operations Disabled All Systems Failing Visible Operational Noise Sporadic Outages Multi-System Critical Fails-Unpredictable Up Times Inexplicable Productivity Reductions CYBER ATTACK Undetected Attack Build Up + Hidden Precursors Time IT Systems Conditio n/Funct ion “The attacks to really worry about are the ones you never detected and know nothing about”
- Key Question 2 “Can we establish the behavioural characteristics of individual hackers/ hacks with su ffi cient fi delity to initiate Pre-Emptive action and ward o ff pending Cyber Attacks?” “This demands the behavioural analysis/characterisation of known systems, equipments and individuals across a su ffi ciently large sample!”
- NSA EXEMPLAR A dramatisation of actuality! Edward Snowden - disillusioned & sure he is right, based on a limited perspective of operations
- I n s i d e r T h r e at What has become very evident… They are often: - trusted employees - tend to be lone wolves - have a sense of Justice - abuse access privileges - commit acts of treachery - have an incomplete picture - convinced they are in the right - may have external actor relationships
- Disregarded security policies Social engineering by insiders or outsiders Disgruntled employees sabotage. Financial gain Compliance/policies insufficient or ignored Accidents and errors? Lack of cyber security awareness I n s i d e r T h r e at o p p o r t u n i t i e s Ignorance/unawareness cavalier attitudes Blasé/Ignorant board and/or management
- Yang et al (2018) identified the traits of Edward Snowden and dismisses his claimed motivation as justice, and presents his underlying pathology as narcissistic O v e r S i m p l i f i e d A n a ly s i s ?
- WHISTLEBLOWERS often motivated by : • Hubris • Naive beliefs • Misguided purpose • Distorted perceptions • Incomplete/distorted view of operations AND guilty of: • Laxity when engaging with external threat actors • Positive emotions ‘of above’ amplified post breach O B S E R V A T I O N S
- vulnerable HABITUALITY “Imitating & emulating others can be a powerful attack tool/strategy” “It might even be the highest risk and opportunity space!” “Attackers/Defenders - near impossible to change their operating modes”
- Insider Positive Emotions: Engagement ( Used own strengths) Positive Relationship ( Team worker) Meaning and Purpose Accomplishment (Had a goal) Edward Snowden √ √ √ √ √ Katharine Gun ? ? ? √ ? Chelsea Manning √ √ √ √ √ Julian Assange √ √ √ √ √ I n i t i a l R e v i e w o f s e c o n d a r y d a t a
- H A C K E R S u r v e y Preliminary results from interviews… Motivation Curiosity C a u s e $$ $ Computing Self Educated Loner Refuge Pitiless Remorseless Odd Socially 20 - 40 - 60 - 80 - 100 - 0 - % Scores
- • Secondary data is extremely limited • Organisational integrity, reputation, potential damage • Reluctance to reveal attacks & share insider threat data • Widespread corporate bias and truth distortion in reporting • Insider Threat Management responsibility CISO? CEO? CFO? • Corporate ignorance, inaction, underfunding, fatalistic attitudes • Cognitive bias in reporting and research • Inconsistency across research bodies C H A L L E N G E S
- S o l u t i o n S p a c e ? • Create a balanced behavioural and motivational assessment for individuals • Provide intervention strategies for those who have access to data • Provide behavioural guidelines for those operating in a digital space • Establish the motivations/targets of organised crime and state actors • Create automated early attack warning and defence protocols “Educate people in ‘effective self regulation’ behaviours/actions - this is a team game”
- • Identify hidden themes embedded in much larger secondary data samples • Confirm the statistical significance of key behavioural characteristics • Correlate with published threat surveys – hackers, state actors, et al • Identify primary weaknesses in currently used defence solutions • Evaluate current organisational defence/resilience strategies • Identify key weaknesses and propose new solutions • Estimate the potential cost of ineffective defences B e h a v i o u r s W h at N e x t ?
- • Recruit a PhD student with a good hardware/software/math ability • Confirm the significance of ‘observed’ network attack precursors • Configure ‘honeypot’ machine(s) to attract real device attacks • Identify primary waveform characteristics v attack type • Create an ‘attack alarm’ monitoring strategy • Construct a demonstration prototype A T T A C K P R E D I C T I O N W h at N e x t w i s h l i s t ?
- Thank You www.petercochrane.com
Anúncio