Anúncio
Anúncio

Mais conteúdo relacionado

Apresentações para você(20)

Similar a Cyber Security - Thinking Like The Enemy(20)

Anúncio
Anúncio

Cyber Security - Thinking Like The Enemy

  1. CYBER D E F E N C E THINKING LIKE THE ENEMY p e t e r c o c h r a n e . c o m Prof Peter Cochrane OBE, DSc
  2. OUR ENEMIES Immoral D e v i o u s C o r r u p t I n v i s i b l e C r i m i n a l A d a p t i v e Innovative Re l e n t l e s s U b i q u i t o u s N e t w o r k e d V i r t u a l i s e d C o o p e r a t i v e Opportunistic Everything We are not! “ T h i s i m m e d i a t e l y p l a c e s U S a t s o m e d i s a d v a n t a g e i n u n d e r s t a n d i n g e x a c t l y w h a t w e a r e u p a g a i n s t ”
  3. INVISIBLE NETWORK Criminals T h e D a r k S i d e o f T h e F o rc e D o m a i n s ! Rogue expertise and tools will not allow us to win this war…
  4. INVISIBLE NETWORK Criminals T h e D a r k S i d e o f T h e F o rc e D o m a i n s ! Rogue expertise and tools will not allow us to win this war… W E N EED TO GET IN SIDE a n d M ODEL RELA TION SHIPS
  5. W I S D O M S F r o m ~ 5 5 0 B C “To know your enemy you must become your enemy” “Destroy your enemy from within”” Sun Tzu The Art of War “There is no instance of a nation bene fi tting from prolonged warfare”
  6. D e r i v at i v e Hypothesis “ Yo u c a n n o t b e a g o o d d e f e n d e r u n l e s s yo u h a ve f i r s t b e e n a g o o d a t t a c ke r ”
  7. F U N D A M E N TA L M E M E S P e o p l e a r e b y f a r t h e s i n g l e b i g g e s t r i s k a n d t h e k e r n e l f o r a l l f o r m s o f a t t a c k I t o n l y t a k e s o n e t o m a k e a n e r ro r, b e t e m p t e d , g e t a n g r y , u p s e t , b e c o m e c o r r u p t e d , o r t u r n t o t h e D a r k S i d e + + + ! “ Pe o p l e a re i n h e re n t l y k i n d a n d w i l l h e l p i f t h e y t h i n k yo u a r e h a v i n g d i f f i c u l t y ” “ T h e y a r e g e n e r a l l y g r a t e f u l f o r a n y g u i d a n c e a n d / o r h e l p g i v e n ”
  8. B E Y O N D P E O P L E S e c u r i t y i s w a y b e y o n d e d u c a t i o n I t i s f u n d a m e n t a l l y u n a c c e p t a b l e t o e x p e c t u s e r s t o b e s e c u r i t y s a v v y / s e l f s u f f i c i e n t ! I n d u s t r y m u s t a s s u m e t h a t r e s p o n s i b i l i t y f ro m D a y 1 S e c u r i t y c a n n o t b e j u s t a n a p p e n d a g e , a m e re a f t e r t h o u g h t , i t m u s t b e i n t e g r a l t o t h e b a s i c d e s i g n
  9. S E G U A E The Opportunistic Dropped receipt to a wet floor - I picked it up and this caught my eye
  10. C a r e l e s s There are no safe cities I was working in London and stopped for a coffee break in Soho… Soho
  11. C a r e l e s s There are no safe cities I was working in London and stopped for a coffee break in Soho… Soho A smart young man walked in and I spotted his badge !
  12. C a r e l e s s There are no safe cities I was working in London and stopped for a coffee break in Soho… Soho A smart young man walked in and I spotted his badge ! He sat right in front of me and this is what his boot-up looked like - such a great advert !
  13. C a r e l e s s There are no safe cities I was working in London and stopped for a coffee break in Soho… Soho A smart young man walked in and I spotted his badge ! He sat right in front of me and this is what his boot-up looked like - such a great advert ! Coffee Shop Protocol • Sit as far back from the door as possible ; ideally with no one to the rear or the sides • Check for overhead cameras • Do not wear identifying insignia of any kind • Do not boot up to an identifying company, country, government, agency badge • Check and be aware N, E, S, W
  14. L O U D & R U D E There is always a price to pay !
  15. A stack of papers readable at a glance E X H I B I T I O N I S T S Employees bragging/indiscreet ME Three identical laptops Three Mobiles all the same
  16. A stack of papers readable at a glance E X H I B I T I O N I S T S Employees bragging/indiscreet ME Three identical laptops Three Mobiles all the same In < 1hour of looking & listening I had: All there names Mobile numbers + eMail addresses Unit Codes Postal Drop Building fl oor and room IT Support Number and log in Who was at their meeting Meeting agenda Who said what Decisions made Project Code Name Organisations involved Objectives and progress The name of a ‘Secret Project’ Talked about in euphemisms +++++
  17. L a x s e c u r i t y Unintended revelations/consequences TRUTH ENGINES An End Game Company Dr Peter Cochrane EU Concept Consultant DAY 1: Pass Card for a meeting
  18. L a x s e c u r i t y Unintended revelations/consequences TRUTH ENGINES An End Game Company Dr Peter Cochrane EU Concept Consultant DAY 1: Pass Card for a meeting TRUTH ENGINES An End Game Company Peter Cochrane Internal A ff airs Advisor DAY 2: Pass Card as a member of sta f
  19. H O N E Y P O T S Applies ‘equally’ to both sexes Older man - younger woman Older woman - younger man Careless talk, briefcase, laptop access Access to some informal meetings Eavesdropping telephone calls Listening device planting Geo tracking/bugging Spyware install Corruption Blackmail Collusion Long term investment and strategy most often used by rogue states for .Gov & industrial spying with operations spanning years
  20. A X I O M A t t a c k e r s A d v a n t a g e “A t t a c k s c o m e f ro m u n e x p e c t e d d i r e c t i o n s . . . . b y m e c h a n i s m s y o u d i d n ’t a n t i c i p a t e . . . . a t t i m e s t h a t a r e r e a l l y i n c o n v e n i e n t ”
  21. Paradox “ T h e m i l i t a r y p l a y a l l d a y a n d o c c a s i o n a l l y h a ve a wa r, w h i l s t W E a re a t wa r e ve r y d a y a n d n e v e r p l a y ”
  22. Constraints W e a r e d i s a d v a n t a g e d ! Z i p Z e r o N o n e To t a l F r e e d o m A n y t h i n g G o e s L e g a l M o r a l S o c i a l E t h i c a l Po l i t i c a l M a n a g e r i a l + + + + + + + + + + C o n s t i t u t i o n a l R i s k A p p e t i t e P ro f e s s i o n a l E d u c a t i o n a l Re g u l a t o r y D i v e r s i t y + + + + + + W e c a n p l a y , b u t m u s t n o t s t r a y b e y o n d t h e ‘ b o u n d a r y c o n d i t i o n s ’
  23. O u r w o r l d i s n o l o n g e r s i m p l e “There are no simple solutions to complex problems” “The energy required to solve a problem is always greater than that expended to create it” NOT Understood
  24. D E F E N C E & d E F E AT “You cannot unilaterally defend yourself to victory - and we are 100% defence focused - ergo we can never win” Fortresses, Walls, Bailies, Dykes et al do not deter or repel enemies and attackers for very long! Ditto Firewalls AntiVirus Apps Portal Monitors Activity Scanners VPNs, BlockChain, Encryption, Clouds, Connectivity Scanners ++++
  25. 2025 2015 NEEDLES There are three basic types 2025 2015 “The Dark Side should be a member of the G8” “Nothing we are doing right now will slow this growth” A P P A R E N T P A FA I L U R E C O S T S
  26. W A R F A R E Scale of Potential Devastation Potential Depth of Penetration Geographical Metaphysical Technological Psychological Ecological Biological Physical Virtual Real A wider perspective Land Sea Air Space Cyber Information
  27. Cyber-Info War Nuclear-Warfare Bio-Chemical Warfare W A R F A R E Scale of Potential Devastation Potential Depth of Penetration Geographical Metaphysical Technological Psychological Ecological Biological Physical Virtual Real Total Extinction Trigger Event Catalyst A wider perspective Land Sea Air Space Cyber Information
  28. Cyber-Info War Nuclear-Warfare Bio-Chemical Warfare W A R F A R E Scale of Potential Devastation Potential Depth of Penetration Geographical Metaphysical Technological Psychological Ecological Biological Physical Virtual Real Total Extinction Trigger Event Catalyst A wider perspective Land Sea Air Space Cyber Information THERE IS ONLY W AR AND EVERY DOMAIN IS INTERCONNECTED Governments AND The Military Can no longer protect their citizens
  29. THE BIG PICTURE Cyber security is no longer contained The Dark Side is winning by a 100% commitment & focus They are far more integrated and sharing than we are and ‘driven’ by money/evil intent We do not anticipate attacks or innovations in tactics, tools,…we are always on the back foot! Start thinking like the enemy Develop better radar systems Build automatic react systems Cooperate on developments War game attack scenarios Share all data & solutions We need to:
  30. Fun Fame Notoriety Vandalism Limited Skills Limited Resources Tend to be Sporadic Rogue States Criminals Hacker Groups Hacktivist Amateurs Money Sharing Organic Dispersed Unbounded Huge Effort Progressive Cooperatives Self Organising Vast Resources Massive Market Aggregated Skills Semi-Professional Substantial Networks Skilled Political Idealists Emotional Relentless Dedicated Cause Driven Vast Networks Varied Missions Targeted Attacks Evolving Community Drugs Fraud Global Extreme Extortion Business Unbounded Professional Well Managed Well Organised Ahead of the Curve Orchestrated E ff ort Extremely Pro fi table Syndicated Resources Massive Attack Surface Vast up-to-date Abilities Covert Money WarFare In fl uence Pervasive Disruption Espionage Professional Sophisticated Well Organised Extreme Creativity Orchestrated E ff ort Political In fl uencers ~Unlimited Resources Tech/Thought Leaders Regime Destabilisation Population Manipulation Military and Civil Domains T H R E AT S C A P E ? T h e s p e c t r u m o f A t t a c k e r s Military Nat Defence Intelligence Services Terrorists
  31. Fun Fame Notoriety Vandalism Limited Skills Limited Resources Tend to be Sporadic Rogue States Criminals Hacker Groups Hacktivist Amateurs Money Sharing Organic Dispersed Unbounded Huge Effort Progressive Cooperatives Self Organising Vast Resources Massive Market Aggregated Skills Semi-Professional Substantial Networks Skilled Political Idealists Emotional Relentless Dedicated Cause Driven Vast Networks Varied Missions Targeted Attacks Evolving Community Drugs Fraud Global Extreme Extortion Business Unbounded Professional Well Managed Well Organised Ahead of the Curve Orchestrated E ff ort Extremely Pro fi table Syndicated Resources Massive Attack Surface Vast up-to-date Abilities Covert Money WarFare In fl uence Pervasive Disruption Espionage Professional Sophisticated Well Organised Extreme Creativity Orchestrated E ff ort Political In fl uencers ~Unlimited Resources Tech/Thought Leaders Regime Destabilisation Population Manipulation Military and Civil Domains T H R E AT S C A P E ? T h e s p e c t r u m o f A t t a c k e r s Medium Game Massive Gain Military Nat Defence Intelligence Services Terrorists
  32. Fun Fame Notoriety Vandalism Limited Skills Limited Resources Tend to be Sporadic Rogue States Criminals Hacker Groups Hacktivist Amateurs Money Sharing Organic Dispersed Unbounded Huge Effort Progressive Cooperatives Self Organising Vast Resources Massive Market Aggregated Skills Semi-Professional Substantial Networks Skilled Political Idealists Emotional Relentless Dedicated Cause Driven Vast Networks Varied Missions Targeted Attacks Evolving Community Drugs Fraud Global Extreme Extortion Business Unbounded Professional Well Managed Well Organised Ahead of the Curve Orchestrated E ff ort Extremely Pro fi table Syndicated Resources Massive Attack Surface Vast up-to-date Abilities Covert Money WarFare In fl uence Pervasive Disruption Espionage Professional Sophisticated Well Organised Extreme Creativity Orchestrated E ff ort Political In fl uencers ~Unlimited Resources Tech/Thought Leaders Regime Destabilisation Population Manipulation Military and Civil Domains T H R E AT S C A P E ? T h e s p e c t r u m o f A t t a c k e r s Medium Game Massive Gain Boy In a Bedroom Start Up Small Business Medium Business Large Business Global Business Public Bodies Military Nat Defence Intelligence Services Terrorists
  33. Fun Fame Notoriety Vandalism Limited Skills Limited Resources Tend to be Sporadic Rogue States Criminals Hacker Groups Hacktivist Amateurs Money Sharing Organic Dispersed Unbounded Huge Effort Progressive Cooperatives Self Organising Vast Resources Massive Market Aggregated Skills Semi-Professional Substantial Networks Skilled Political Idealists Emotional Relentless Dedicated Cause Driven Vast Networks Varied Missions Targeted Attacks Evolving Community Drugs Fraud Global Extreme Extortion Business Unbounded Professional Well Managed Well Organised Ahead of the Curve Orchestrated E ff ort Extremely Pro fi table Syndicated Resources Massive Attack Surface Vast up-to-date Abilities Covert Money WarFare In fl uence Pervasive Disruption Espionage Professional Sophisticated Well Organised Extreme Creativity Orchestrated E ff ort Political In fl uencers ~Unlimited Resources Tech/Thought Leaders Regime Destabilisation Population Manipulation Military and Civil Domains T H R E AT S C A P E ? T h e s p e c t r u m o f A t t a c k e r s Medium Game Massive Gain Boy In a Bedroom Start Up Small Business Medium Business Large Business Global Business Public Bodies Military Nat Defence Intelligence Services Terrorists Zip Planning Opportunistic Vision Plan £0 Vision Mission Partners Plan £X MD CEO Board Investors R&A £XX Military Civil Service Fully Funded MD CEO Board Investors Management MD CEO Board Divisions Management
  34. This varies year- on-year tempered by actual events P E R c e i v e d T h r e at s c a L e
  35. This varies year- on-year tempered by actual events P E R c e i v e d T h r e at s c a L e The IOT IS Missing Insider threat Recognised But NOT YET A PRIORITY
  36. what we know for sure Attacks are escalating The Dark Side is winning The attack surface is increasing Cyber disruption costs are growing Companies do not collaborate and share The attackers operate an open market All our security tools are reactive Attacker innovation is on the up People are the biggest risk There are no silver bullets Our mindset is wrong It is time to rethink our strategy and solution space More of the same but better & faster will not change the game… …we have to think anew -get out of the box and do something very different !
  37. Most of the tools required - and ‘dark consultants’ are available if help is needed! Tools: Don’t Build A THING IF YOU CAN BUY Just one of many ‘stores’ on the Dark Web
  38. At tac k To o l s 20 20 A ‘hint’ of what is for sale on the Dark Net ~$50
  39. W e a k P a s s w o r d s F u l l A c c o u n t C a t a l o g u e s a l s o a v a i l a b l e People in companies and at home are inherently careless
  40. G R O w i n g A T T A C K S U R F A C E We are exacerbating our problems by design; and will continue to do so until there is a m i n d s e t c h a n g e a n d a m o v e t o proactive defence (and retaliation?) I N T E R N E T ~ 6 B n M O B I L I T Y ~ 2 0 B n I 4 . 0 + I O T > 3 0 0 B n Po i n t s o f a t t a c k a n d opportunity almost the entire surface of the planet
  41. UNBOUNDED POSSIBILITIES From thermostats to doorbells, toasters to vehicles R E M O T E AT TA C K S
  42. R A P I D M A L W A R E S p e c i a t i o n A r t i f i c i a l L i f e B r e e d i n g M a l w a r e We had this capability 30 years ago but neglected to develop it ! The Dark Side embraced it and now uses it against us! Why don’t we have any breeding programs like this so we can play and create defences and solutions for attacks to come?
  43. Auto-immunity Mirrors biological forebears ICs ISPs WiFi Hubs LANs Cards Traffic Servers Circuits Devices Internet Networks Organisations Companies Platforms Groups People Mobile Fixed Autonomous and evolutionary Relentless everywhere 365 x 24 x 7 Can W E EMULATE THIS IN THE SILICON W ORLD
  44. Broadcasting Malware Responding with updated protection Wider Network Updated Latest Solution Update Dynamic isolation of infected devices and components leading to repair A mix of clean and infected Auto-immunity
  45. A Multiplicity of channels Attack detection/exposure/thwarting using access diversity BlueTooth Short Range Device to Cloud Device to Device WiFi, WiMax Medium Range WLAN/Cloud Integrated and intelligent security systems embedded into all products and components ZigBe/Other ? Car-to-Car Direct Communications Defence opportunities in channel/device/system diversity A wide plurality of channel detection and protection Attacks almost never isolated or single sourced Not restricted to single channel/attempt Secure attack and infection isolation Diverse immunity/support access Distributed info sharing GEO info location 3, 4, 5 G Long Range Device to Net Device to Cloud SatCom Broadcast
  46. Auto-immunity Mirrors biological forebears Applied everywhere 24 x 7 ICs ISPs WiFi Hubs LANs Cards Traffic Servers Circuits Devices Internet Networks Organisations Companies Platforms Groups People Mobile Fixed Auto-immunity Slow-Motion Simulation Network people travel device vehicle Movement
  47. Scale & Complexity Beyond human abilities across too many fronts Physical and Cyber are as one - with dimensionality, dynamics, and non-linearity (complexity) well beyond the human span! “A non-linear stochastic problem”
  48. C Y B E R DEFENCE Outdated Outmoded Outsmarted Confounded Ine ff ective Reactive Isolated Losing Little or no automation dominated by people
  49. Behavioural A N A LY T I C S “The cyber sector has yet to take this seriously, but it is a rich source of all activities, performance metrics spanning all system forms” “It is also pertinent to all forms of cyber attack detection including insider threats” This is the only technique we have for all networks, devices, machines and people
  50. HYPOTHESIS All systems: designed, designoid, evolved, grown and constructed give precursor indicators of an impending failure But you have to know where to look & be capable of identifying their form and function Early changes in performance and behaviour are two forms of pre-cursor pertinent to cyber attacks, crime, and espionage
  51. EXISTENCE T H E O R E M Pro-active failure (trend) detection and maintenance maximises operating time, reduces costs and saves lives
  52. EXISTENCE T H E O R E M Many leading high CAPEX/OPEX sectors have systems capable of predicting future failures through the behavioural analysis of components
  53. MECHANICAL S Y S T E M S Unwanted Resonances Failure Precursors Speci fi c Element in Wear Out Phase Vibration spectrum identi fi es reducing machine performance pending total failure
  54. Time Machine Conditio n/Funct ion MECHANICAL S Y S T E M S
  55. Components: people, PC, device, router, switch, hub, fi rewall, network, cloud, tra ffi c and data activity C Y B E R SYSTEMS Pre-cursor to full on attack
  56. People Systems Networks Monitoring People Systems Networks All Operations Disabled All Systems Failing Visible Operational Noise Sporadic Outages Multi-System Critical Fails-Unpredictable Up Times Inexplicable Productivity Reductions CYBER ATTACK Undetected Attack Build Up + Hidden Precursors Time IT Systems Conditio n/Funct ion
  57. C Y B E R SYSTEMS Monitor everyone + all devices personal and company + network looking for deviations from the historically established norm EXPERIMENTAL STARTER FOR 10
  58. C Y B E R SYSTEMS Monitor every connected PC, device, router, switch, hub, fi rewall, network, cloud, and all tra ffi c for unusual activity “At this juncture we can only guess which are the mission critical nodes - but we need know for certain ”
  59. HOW DOES THIS APPLY TO PEOPLE It is amazing how extremely dumb big organisations & people can be ! Edward Snowden
  60. WHO, WHAT, Why Patterns ? A re a n y b e h a v i o u r s a b n o r m a l a n d w h a t i s t h e i n t e n t ?
  61. PEOPLE FAIl: SOCIAL ENGINEERING This is way more convincing and devious than the Indian call centre
  62. FINALE It really doesn’t seem to be a ‘technology’ problem !
  63. FINALE It really doesn’t seem to be a ‘technology’ problem ! Oh NO! It is a people issue and I have to get them all to collaborate: share attack info and data; experiences, plus common workable solutions ! This is a really difficult and big problem, but we have to tackle it head on, this more or less the only option available to us……..
  64. RESPONSIBILITY EMPOWERMENT ETHICS & TRUST WE have to gather real data to test and prove all of this - and address the issue of letting machines potentially operate with full autonomy ! “When the machines make far fewer errors than we do, then it will be game over”
  65. WHAT WE NOW NEED ? An essentials shopping list is reasonably short Global monitoring and shared situational awareness Cooperative environments on attacks and solutions Universal sharing of identified attacks/developments Address cloaking & decoy customer sites/net nodes Behavioural analysis of networks, devices, people To continue and expand all established efforts Auto-Immunity for all devices including IoT Fast, rehearsed, automated, tested responses
  66. M e t r i c s W h e r e t o f o c u s ? T h e r e a r e 1 0 0 s o f r e p o r t s a n d a c r e s o f s t a t s o f e v e r y a s p e c t o f t h i s w a r a n d t h e y a r e a l l d y n a m i c - f r a n k l y , a n a l y s i s i s w a y b e y o n d h u m a n a b i l i t y a n d w e n e e d m a c h i n e h e l p !
  67. Complexity, scale, and speed place this problem well beyond any human span! “Beyond real time observation and historical data recording, it is pattern recognition that is core to a workable solution - and AI is supreme in this respect” The only technology we have that has the inherent abilities we need is AI A T i m e ly Reminder Continuing to do what we have always done will only see even more losses
  68. Our enemies appear to have poor defences They are not expecting expect us to attack We could cause them to attack each other We could employ their tools & weapons We know who and where they are We know their weaknesses We know their networks We have the resources BUT this would be war WE Cannot engage in this, only governments can give sanction THE FIGHT BACK STARTING A WAR?
  69. WE Cannot engage in this, only governments can give sanction ARE WE SEEING THE S TA R T o f A W A R ?
  70. Th e fu ture belongs to th e most adaptable and th ose who dare ! Th ank You petercochrane.com
Anúncio