Every profession, along with education courses, has now been parsed into specialisms - as series of ‘soda straws’ or pipes giving a narrow view and focus with little chance of ‘cross-pollination’. Even IT and Systems Security is now sliced into many different facets spanning coding and encryption through to malware; electronic and physical attacks; technology and people.
Covering all of these specialisms in a single course can be difficult let alone a single lecture. But this lecture attempts to do just that (or at least a large slice of it) in a 3-hour session of two 90min sessions. It is done so against the backdrop of an established set of Security Laws.
The primary objective is to give the student a broad view of the wider threats and how they are perpetrated and linked together. Some technical aspects are not explicitly included, but they are reserved for other detailed sessions.
VIP Model Call Girls Hadapsar ( Pune ) Call ON 9905417584 Starting High Prof...
IT and Systems Security - The Bigger Picture
1. I T a n d S y s t e m s
S E C U R I T Y
T h e B i g g e r P i c t u r e
Prof Peter Cochrane OBE
petercochrane.com
S e n t i e n t S y s t e m s R e s e a r c h
2. A C AT A N D M O U S E G A M E
Attackers have the advantage - Defenders on the back foot
3. what we know for sure
Attacks are escalating
The Dark Side is winning
The attack surface is increasing
Cyber disruption costs are growing
Companies do not collaborate and share
The attackers operate an open market
All our security tools are reactive
Attacker rewards are on the up
People are the biggest risk
There are no silver bullets
It is time to rethink our strategy and solution space
More of the same but
better & faster will not
change the game…
…we have to think anew
-get out of the box
and do something very
different !
4. T H E B I G P I C T U R E
Cyber security is no longer contained
The Dark Side are winning because
they are 100% committed and see
this war as total; a much wider
conflict than CYBER alone…
They are far more integrated and
sharing - than we are and operate
as a virtualised workforce driven
by money and evil intent…
We do not anticipate their innovation,
tactics, tools, attacks, and we don’t think
as they do…we are always on the back foot!
Develop Dark Side technology
Start thinking like the enemy
Develop better radar systems
Build automatic react systems
Cooperate on developments
War game attack scenarios
Anticipate the next attack
Share all data & solutions
We need to:
6. i n f i lt r a t i o n !
Te c h n o l o g y i s n o t t h e o n l y w a y
• External services people
• Visiting trades and repair crews
• Unauthorised info focussed visits
• Hardware/software plants in equipment
• Memory sticks in rest rooms
• +++
Open
Screens
Open
Access
Paper
Notes
Open Desks
Telephone
Numbers
Namers
Contacts
Data Devices
urls
7. • Carless and loud discussions
• Open screens readily visible
• Poor security of devices
• Shoulder surfing
o p p o rt u n i s t i c !
• Careless PIN and PassWord use
• Devices left unguarded
• Open phone and SMS
• Paper notes
12. If we continue to do what we’ve always done our security exposure and
damage sustained accelerate…
Reality 6
13. Laws of security...
1) There is always a threat
2) It is always in a direction you’re not looking
3) Perceived risk/threat never equals reality
4) Nothing is 100% secure
5) People are always the primary risk
6) Resources are deployed inversely proportional to actual risk
14. Laws of security...
7) You need two security groups - defenders & attackers
8) Security & operational requirements are mutually exclusive
9) Legislation is always > X years behind
10) Security standards are an oxymoron
11) Security people are never their own customer
12) Cracking systems is far more fun than defending them
15. Laws of security...
13) Hackers are smarter than you - they are younger!
14) Hackers are not the biggest threat - governments are!
15) As life becomes faster it becomes less secure
16) Connectivity and data half lives are getting shorter too
17) We are most at risk during a time of transition
18) The weakest link generally defines the outcome
16. The entire planet…Mobile Devices, Clouds, IoT
AT TA C K S U R FA C E
“A fully connected planet proffers the duality of the
greatest risk and the biggest security opportunity”
17. “We will need far more
than smarter firewalls and
malware protection… ”
To m o r r ow
“All our defence solutions and
mechanisms will have to be
evolutionary and automated”
18. Where does it generally come from ?
• From a direction you are not looking
• By a mechanism you didn’t contemplate
• At a time that is really inconvenient
D E AT H / D E F E AT/ Fa i l u r e
19. W A R FA R E
Scale of Potential Devastation
Potential Depth
of Penetration
Geographical
Metaphysical
Technological
Psychological
Ecological
Biological
Physical
Virtual
Real
A wider perspective
Land Sea Air Space Cyber Information
???
???
???
???
20. Cyber-Info War
Nuclear-Warfare
Bio-Chemical Warfare
W A R FA R E
Scale of Potential Devastation
Potential Depth
of Penetration
Geographical
Metaphysical
Technological
Psychological
Ecological
Biological
Physical
Virtual
Real
Total
Extinction
Trigger
Event
CatalystA wider perspective
Land Sea Air Space Cyber Information
???
???
???
???
21. Cyber-Info War
Nuclear-Warfare
Bio-Chemical Warfare
W A R FA R E
Scale of Potential Devastation
Potential Depth
of Penetration
Geographical
Metaphysical
Technological
Psychological
Ecological
Biological
Physical
Virtual
Real
Total
Extinction
Trigger
Event
CatalystA wider perspective
Land Sea Air Space Cyber Information
THERE IS ONLY
W
AR
AND
EVERY
DOMAIN
IS
INTERCONNECTED Governments
AND
The Military
Can
no
longer
protect their
citizens
???
???
???
???
22. USA LEADING THE WAY ?
Social division, breakdown of law and order
The
Cult of
Trump
23. S U P R E M U M?
B e t t e r t h a n a n y o t h e r
U S P r e s i d e n t e v e r !
T h e ‘ l e a d e r ’ o f
t h e f r e e w o r l d
h a s s e t a n e w
s t a n d a r d t h a t
o t h e r s n o w f e e l
f r e e t o f o l l o w !
We n o w h a v e a
p a n d e m i c o f l i e s
i n p o l i t i c s , m e d i a
a n d b u s i n e s s + + +
24. S U P R E M U M?
B e t t e r t h a n a n y o t h e r
U S P r e s i d e n t e v e r !
T h e ‘ l e a d e r ’ o f
t h e f r e e w o r l d
h a s s e t a n e w
s t a n d a r d t h a t
o t h e r s n o w f e e l
f r e e t o f o l l o w !
We n o w h a v e a
p a n d e m i c o f l i e s
i n p o l i t i c s , m e d i a
a n d b u s i n e s s + + +
Does
anyone
care anym
ore
25. LANDSCAPE of liars
Banks
Media
Moguls
Groups
Criminals
Politicians
Terrorists
Individuals
Institutions
Industrialists
Rogue States
Governments
Political Factions
+++++
Hackers
Despots
Dictators
Reporters
Executives
Extremists
Companies
Conspirators
The Paranoid
The Vulnerable
The Disaffected
The Mischievous
The Disadvantaged
+++++
Elusive
Amoral
Corrupt
Dynamic
Dedicated
Unethical
Disguised
Nefarious
Transient
Relentless
Dedicated
Networked
Distributed
Untraceable
Multi-Media
Evolutionary
Camouflaged
Multi-Faceted
Multi-Dimensional
26. N ot h i n g is is o l at e d
E v e r y t h i n g & e v e r y o n e i s n o w c o n n e c t e d
Ecology
Economics
Technology
Society
Politics
Markets
Industry
Education
Policing
Defence
Commerce
Security Logistics
ing
Co
ies
“In networked and fast moving world simple minded
thinking, approximations, ignorance and lies are
dangerous - they destroy companies and countries”
Trade
“Siloed thinking is
very dangerous -
but the dominant
mode”
28. A Ts u n a m i o f l i es
Rel entles sly gen erated and distributed
“We are overwhelmed by information flows from every
direction and for every purpose - we are long past
the point of being able to cope - and we need
machine help to find, filter, validate what
we actually need to read and watch”
“The process is now being automated aka Malware
fashion - and we have no
effective defence in place”
29. I G N O R A N C E
Unlimited & unbounded
It takes far less thought, effort
and energy to dismiss wisdom
and deny a truth, than to blindly
accepting the ridiculous
Truths are hard won: and often
very difficult to establish and
accept. They can demand deep
thought, energy, and freedom
of thought, an acceptance of
debate, reason and education!
30. I G N O R A N C E
Unlimited & unbounded
It takes far less thought, effort
and energy to dismiss wisdom
and deny a truth, than to blindly
accepting the ridiculous
Truths are hard won: and often
very difficult to establish and
accept. They can demand deep
thought, energy, and freedom
of thought, an acceptance of
debate, reason and education!
Oh, and by-the-way: man
d i d n o t l a n d o n t h e
m o o n ! I t w a s a l l a
government spoof and it
was filmed in a studio!!
31. Bigger and propagate faster, further,
and deeper than the truth and
validated information….and
now growing in volume,
extremism and span
LIES & FAKE NEWS
32. Bigger and propagate faster, further,
and deeper than the truth and
validated information….and
now growing in volume,
extremism and span
Sim
ple
&
Easy to
Grasp
Plays to DispositionsLIES & FAKE NEWS
Creates social division, social instability, unease,
dissatisfaction, paranoia, extremism, rebellion,
social instability leading to violence…
No Thinking Required
Reinforces Prejudices
33. Bigger and propagate faster, further,
and deeper than the truth and
validated information….and
now growing in volume,
extremism and span
Sim
ple
&
Easy to
Grasp
Plays to DispositionsLIES & FAKE NEWS
Creates social division, social instability, unease,
dissatisfaction, paranoia, extremism, rebellion,
social instability leading to violence…
No Thinking Required
Reinforces Prejudices
A lie can travel round the world and back
again whilst truth is lacing up its boots
MarkTwain 1921
34. I G N O R A N C E & L I ES
T h e b i g g e s t t h r e a t & c h a l l e n g e e v e r ?
38. B E H AV I O U R S
People
Machines
Networks
Human Fallibility
=
Primary Failure Mechanism
Start
Finish
Breaks
Uploads
Browsing
Downloads
Connections
SocialNets
Individuals
Population
Contacts
Mobility
Content
Mobility
Storage
Devices
Apps
+++
Patterns say it
all very early!
39. B E H AV I O U R S
People
Machines
Networks
Human Fallibility
=
Primary Failure Mechanism
Start
Finish
Breaks
Uploads
Browsing
Downloads
Connections
SocialNets
Individuals
Population
Contacts
Mobility
Content
Mobility
Storage
Devices
Apps
+++
Patterns say it
all very early!
Human
Fallibility
=
Primary Failure Mechanism
B
e
h
a
v
i o
u
r
a
l
A
nalysis
is
a
largely
unused
tool
But
A
I Is
A
Gam
e
Changer
Human
Fallibility
=
Primary Failure
t h e
p a
t t e r
n
s
c
r
e a
t e d
o
f t e n
d
e f y
h u m
a
n
a
b i l i t i e s
a
n
d
A
I
i s
e m
p l o
y
e d
40. T H E D A R K S I D E
To defeat them, think as they do!
“Never interrupt your enemy when he is making a mistake.”
― Napoléon
“A wise man gets more use from his enemies than a fool from his friends.”
― Baltasar Gracián
“To become a good defender you must first become a good attacker”
― Me
“To know your Enemy, you must become your Enemy”
― Sun Tzu
41. C Y B E R C R I M E
A b r i d g e d h i s t o r y a n d c o s t
Banking Malware
Crypto-Currency Attacks
Bitcoin Wallet Stealer
Device & Account Hijacking
RansomeWare
EPoS Attack
Fake News
Propaganda
Social Engineering
DoS, DDoS
Infected eMail
RansomeWare
Identity Theft
DNS Attack
BotNets
Site Sabotage
SQL Attack
Spam
Identity Theft
Phishing
Trojan
Worms
Virus
1997
2004
2007
Estimated
>>1000 Bn
Attacks
Total
> $2000 Bn
Cost of
global
cyber
crime
Today
2013
Almost all attacks/attack-types can be traced back to
the exploiting of individuals who have volunteered
vital info by falling victimto scams, spams and trickery
Social engineering is one of the most powerful tools to be
widely exploited by the ‘Dark Side’ - and the approach
can span to dumb and very obvious to the highly
sophisticated and hard to detect
42. C Y B E R At t a c k
R a p i d l y c h a n g i n g p r o f i l e s
Fun
Fame
Notoriety
Vandalism
Limited Skills
Limited Resources
Tend to be Sporadic
Rogue States
Criminals
Hacker Groups
Hacktivist
Amateurs
Money
Sharing
Organic
Dispersed
Unbounded
Huge Effort
Progressive
Cooperatives
Self Organising
Vast Resources
Massive Market
Aggregated Skills
Semi-Professional
Substantial Networks
Skilled
Political
Idealists
Emotional
Relentless
Dedicated
Cause Driven
Vast Networks
Varied Missions
Targeted Attacks
Evolving Community
Drugs
Fraud
Global
Extreme
Extortion
Business
Unbounded
Professional
Well Managed
Well Organised
Ahead of the Curve
Orchestrated Effort
Extremely Profitable
Syndicated Resources
Massive Attack Surface
Vast up-to-date Abilities
Covert
Money
WarFare
Influence
Pervasive
Disruption
Espionage
Professional
Sophisticated
Well Organised
Extreme Creativity
Orchestrated Effort
Political Influencers
~Unlimited Resources
Tech/Thought Leaders
Regime Destabilisation
Population Manipulation
Military and Civil Domains
Almost all attacks/attack-types can be traced back
to human fallibility and ambition exploitation
43. W H AT W E D E T E C T
P o s s i b l y j u s t t h e t i p o f a n i c e b e r g
We need to start looking below the surface
of obviousness for the hidden sophistication
of the many stealth attacks that we suspect
are happening that we cannot see!
Ransomeware
Phishing
Crypto-WalletDoD/DDoS
SQLi // XSS
Man-in-The Middle
URL Spoofing
Cloaking
Malware
Covert Plant
Visitors
Insiders
Outsiders
Alongsiders
Customers
Contractors
WiFi
Tunnels
Implants
Malware
Networks
Diversions
Brute Force
Decoys
44. PERVERSITY
Irrational situations by design
Our vehicles, white and brown goods are designed to be
reliable - and ‘we’ don’t expect to have to get our tools out
every week to keep them running !
Reliability, resilience, and trouble free longevity
is designed in from concept through design,
production, delivery, and customer use
Customers no longer understand how they
work and certainly do not possess the skills
to service and do repairs!
46. PERVERSITY
Irrational situations by design
I see 7 year old machines that
have never had an OS update
and with no security software
Owners oblivious to bot nets
and their vital contribution to
their global success…
They don’t care because they
have no clue…and why should
they ?
47. PERVERSITY
Irrational situations by design
I see 7 year old machines that
have never had an OS update
and with no security software
Owners oblivious to bot nets
and their vital contribution to
their global success…
They don’t care because they
have no clue…and why should
they ?
Why does industry assume people to be capable of
managing their own PC,
laptop, tablet, mobile;
whilst ensuring they
are also always
secure?
Industry needs to get a grip with fit
for purpose products that have
integrated security - managed for life
as a part of
48. i n c o n v e n i e n C E
FaceBook Cambridge Analytica + GDPR
A month of repetitious chaos trying to get legal,
fix problems and patch security vulnerabilities
Home
Academia
and Lab
Company
on The Road
In just 3 contiguous weeks
4 x OS upgrades over ’N’ widely
distributed devices + 163 App updates
49. T H E I OT
Problem amplifier
Exponentially increasing the Attack Surface and the inherent complexity
- but will be in every home and office, workplace, pocket and vehicle -
not to mention every component, item of clothing and food +++
For The Dark Side this is as good as it gets!
A great dumb question form 2017: “Why would anyone want to attack my toaster” Doh!
50. S H E E R S C A L E
> 1 0 0 - 1 0 0 0 B n t h i n g s
This graphic by Beecham Research really conveys the IoT/M2M complexity to come
51. S H E E R S C A L E
> 1 0 0 - 1 0 0 0 B n t h i n g s
A l w a y s o n l i n e = A l w a y s a t R i s k
G O O D N E W S =
M a j o r i t y o f I o T d e v i c e s
w i l l n e v e r c o n n e c t t o
t h e I n t e r n e t ! !
This graphic by Beecham Research really conveys the IoT/M2M complexity to come
52. Iot NIGHTMare
Food & toasters to vehicles
https://www.youtube.com/watch?v=RZVYTJarPFs
54. A Multiplicity of channels
Attack detection/exposure/thwarting using access diversity
BlueTooth
Short Range
Device to Cloud
Device to Device
WiFi, WiMax
Medium Range
WLAN/Cloud
Integrated and intelligent
security systems embedded
into all products and components
ZigBe/Other ??
Car-to-Car Direct
Communications
Defence opportunities in channel/device/system diversity
A wide plurality of channel detection and protection
Attacks almost never isolated or single sourced
Not restricted to single channel/attempt
Secure attack and infection isolation
Diverse immunity/support access
Distributed info sharing
GEO info location
3, 4, 5 G
Long Range
Device to Net
Device to Cloud
SatCom
Broadcast
55. Auto-immunity
Mirrors biological forebears
Applied everywhere 24 x 7
ICs
ISPs
WiFi
Hubs
LANs
Cards
Traffic
Servers
Circuits
Devices
Internet
Networks
Organisations
Companies
Platforms
Groups
People
Mobile
Fixed
56. A uto - i m m u n ity
F i g h t i n g f i r e w i t h f i r e
57. A va s t s p e c t r u m
The Dark Side is involved in every space
Main Event ?
Decoy ?
Masking ?
Diversion ?
Tunnel set up ?
Infiltration ?
Intel Ops ?
Implant ?
Theft ?
Tests ?
+++
https://www.youtube.com/watch?v=1wq6LIjPHkk
59. Get our act together
The essentials shopping list is reasonably short
Global monitoring and shared situational awareness
Cooperative environments on attacks and solutions
Universal sharing of identified attacks/developments
Address cloaking & decoy customer sites/net nodes
Behavioural analysis of networks, devices, people
To continue and expand all established efforts
Auto-Immunity for all devices including IoT
Secure wireless channels - invisible signals
60. Get our act together
The essentials shopping list is reasonably short
Global monitoring and shared situational awareness
Cooperative environments on attacks and solutions
Universal sharing of identified attacks/developments
Address cloaking & decoy customer sites/net nodes
Behavioural analysis of networks, devices, people
To continue and expand all established efforts
Auto-Immunity for all devices including IoT
Secure wireless channels - invisible signals
GDPR FALLS FAR SHORT
• It involves manual processes
• It is far too slow
• It is not automated
• No effective a responses
• A hinderance not a gain
• Advantageous to the Dark Side
61. WHEN WE FIX THE TECH
A r e w e t h e n c l o s e t o b e i n g s a f e ?
63. PEOPLE THE PROBLEM
I m p o s s i b l e t o c o n t r o l - c h a n g e t o o s l o w
64. S P A N O F H U M A N I T Y
Impossible to fully define/understand predispositions
Honest
Dishonest
Opportunist
Hacker
Black Hat
White Hat
Silly
Extreme
Careless
Helpful
Hapless
Naive
Arrogant
Ignorant
Unthinking
Emotional
Analytical
Hacktivist
Old
Tired
Distressed
Confused
Technophobe
Technophile
Depressed
ill
Nervous
Professional
Young
Blue Collar
Unemployed
Employed
Educated
Uneducated
Poor
Rich
Caring
Uncaring
BiasedAccepting
Unaccepting
loner
Team Player
Social
Networker
Insider
Outsider
Untidy
Reckless
Careful
Good
Bad
Evil
65. Hobbies !
W e i r d / C r a z y ?
- A i r l i n e s e c u r i t y
- P u b l i c t a r g e t s
- B r e a k i n g i n
- S o c i a l d a t a
+ + + +
66. C a r e l ess
London is a safe city !
I was working in London
and stopped for a coffee
break in Soho…
Soho
A smart young man walked
in and I spotted his badge !
67. C a r e l ess
London is a safe city !
I was working in London
and stopped for a coffee
break in Soho…
Soho
A smart young man walked
in and I spotted his badge !
He sat right in front of me and this is what my
mobile phone could see as he booted up !
68. C a r e l ess
London is a safe city !
I was working in London
and stopped for a coffee
break in Soho…
Soho
A smart young man walked
in and I spotted his badge !
He sat right in front of me and this is what my
mobile phone could see as he booted up !
Coffee Shop Protocol
• Sit as far back from the door as possible ;
ideally with no one to the rear or the sides
• Check for overhead cameras
• Do not wear identifying insignia of any kind
• Do not boot up to an identifying company,
country, government, agency badge
• Check and be aware N, E, S, W
69. L O U D & RU D E
There is always a price to pay !
The group next to my colleague
had just chanced upon the perfect
name for their new company.
So he bought the domain name and
all the variants before they had
completed their meeting!
71. U n t i dy
L i t t e r B u g : - )
Dropped receipt to a wet
floor - I picked it up and
this caught my eye
And then the fun started !
I Followed to a Coffee Shop
A few minutes listening and observing aided
by Goole and FaceBook and I had:
Full name & address
Telephone Number
eMail Address
Date of Birth
Some History
+++
My final act was to explain to this gentleman
just how expensive litter might be…and he
really ought to take care!
I Followed to a Coffee Shop
A few minutes listening and observing aided
by Goole and FaceBook and I had:
Full name & address
Telephone Number
eMail Address
Date of Birth
Some History
+++
My final act was to explain to this gentleman
just how expensive litter might be…and he
really ought to take care!
72. A stack of papers
readable at a glance
EXHIBITIONISTS
Government employees bragging
ME
Three identical laptops
Three
Mobiles
all the
same
73. A stack of papers
readable at a glance
EXHIBITIONISTS
Government employees bragging
ME
Three identical laptops
Three
Mobiles
all the
same
In < 1hour of looking & listening I had:
All there names
Mobile numbers + eMail addresses
Unit Codes
Postal Drop
Building floor and room
IT Support Number and log in
Who was at their meeting
Meeting agenda
Who said what
Decisions made
Project Code Name
Organisations involved
Objectives and progress
The name of a ‘Secret Project’
Talked about in euphemisms
+++++
74. OpPortunistic
Unintended revelations & consequences
TRUTH ENGINES
An End Game Company
Dr Peter Cochrane
EU Concept Consultant
DAY 1: Pass Card for an undefined meeting
75. OpPortunistic
Unintended revelations & consequences
TRUTH ENGINES
An End Game Company
Dr Peter Cochrane
EU Concept Consultant
DAY 1: Pass Card for an undefined meeting
TRUTH ENGINES
An End Game Company
Peter Cochrane
Internal Affairs Advisor
DAY 2: Pass Card as a member of staff
76. OpPortunistic
Unintended revelations & consequences
TRUTH ENGINES
An End Game Company
Dr Peter Cochrane
EU Concept Consultant
DAY 1: Pass Card for an undefined meeting
TRUTH ENGINES
An End Game Company
Peter Cochrane
Internal Affairs Advisor
DAY 2: Pass Card as a member of staff
I Was Invited to Test a
Companies Revised Security
My way in was to simply massage my security
pass from visitor to employee
I then played the role of an old boy not really
up to the modern world of IT and so many
wonderfully kind people came forward to help
me access networks, rooms and facilities
My secret? Wear a suite and a tie & look very
respectable…everyone knows that hackers
wear hoodies!
77. THE KIND & HELPFUL
S o p h i s t i c a t e d p h i s h i n g a t t a c k s
https://www.youtube.com/watch?v=lc7scxvKQOo
78. T H E G O O D N E W S
Habitualities are near impossible to hide
We have so very many individually identifiable
idiosyncrasies and routines that they define who and
what we are to a high very degree of accuracy -
especially when combined with biometrics
79. D evi c e t h e ft
Or is their something more here
This is a high risk crime with a good
chance of getting caught in the act
of getting caught on camera.
Why would anyone do this for a few ££
an hour, or is there hidden value add
that we are not seeing?
https://www.youtube.com/watch?v=TWilMUpEMEk
https://www.youtube.com/watch?v=tSKXZnfOe60
80. UP THE VALUE
100s of hack tutorials on-line
A naked mobile device is one price
A live mobile device with all the log-in
and personal data accessible is a much
better deal !
81. B E H a V I O U R A L A N A LYS I S
Might just be the ‘king pin’ that holds together our security
Just as we can be identified by where and what we eat, say, do; and how we walk, talk, type,
behave; the friends and colleagues we meet; there is an equivalency for us and all our devices !
Sociology
of People
Sociology
of Things
82. R E A LT I M E R E C O G N I T I O N
China leading the way with social grooming as a first step
83. WO RT H R EA D I N G
Strategy without tactics is the slowest
route to victory
Tactics without strategy is the noise
before defeat
Be so subtle that you are invisible
Be so mysterious you are intangible
Then you will control your rivals’ fate
Supreme Art of War applicable today
~5C BC
84. They just love our habitual nature…weak and repeated
passwords….singular storage, OS and apps.…
...but Clouds presents opportunities
to break it all up to provide
super security !
..recognisable and repeated patterns
of behaviour are there bread and
butter…
T H E D A R K S I D E
Loves and exploits our mono-cultures
86. C L O U D P OT E N T I A L
Far more than apps, storage and backup
Clouds of all sizes can form and
dissipate by demand ...with the
clustering of people & devices +
87. B i g g e s t R i s k
Service providers do not guarantee your data!
89. P a rs e d d ata
Incredibly difficult to intercept and
locate, and reassemble…
Routed to diverse/dispersed clouds
90. P a rs e d &EC RY PT E D
R a n d o m i s e d P a r s i n g &
E n c r y p t i o n + C l o u d
A l l o c a t i o n p o s s i b l y t h e
highest degree of security
available!
91. O BS C U RAT I O N
Getting cheaper and easier
Volume
False Files
Encryption
File Coding
Block Chain
Parsed Files
Multi-Format
Multi-Channel
Embedded Files
Distributed Files
Embedded Coding
Distributed Storage
Multi-Service Providers
Obscure Addressing
A priori Knowledge
Multiple Networks
Multiple Devices
False Addressing
Multi OS/Apps
Multi Couds
Decoy Files
Biometrics
Multi-HDs
Data Path
Cloaking
+++++
92. Many networks
to attack not
just one
3,4,5G,
LTE, WiFi
WiFi WiMax
BlueTooth ++
A dva ntag e 1
97. On Grid/Cloud
On & Off Grid/Cloud
Off Grid/Cloud
A dva ntag e 6
Fixed
Mobile
Irregular:
Use
Needs
Habits
Devices
Working
Locations
Requirements
Connectivity
Suppliers
Facilities
Projects
Clouds
Teams
+++
98. On Grid/Cloud
On & Off Grid/Cloud
Off Grid/Cloud
C o n f o u n d i n g b e h a v i o u r s
A dva ntag e 6
Fixed
Mobile
Irregular:
Use
Needs
Habits
Devices
Working
Locations
Requirements
Connectivity
Suppliers
Facilities
Projects
Clouds
Teams
+++
LAN
DSL
WiFi
Fibre
3,4,5G
BlueTooth
99. The Cloud offers the most potent defence
and the most creative options for data storage
100. Live fire & Education
Make it real, make it effective and up to date
War Games - Spoof Attacks
Rewards for the Alert
Regular Briefings
Constant Watch
101. Live fire & Education
Make it real, make it effective and up to date
War Games - Spoof Attacks
Rewards for the Alert
Regular Briefings
Constant Watch
The military play all
day and go into war
now and again
We are in a war every
day but never play !
102. The Art of War by Sun Tzu, 600 BC
“Speed is the essence of war. Take advantage of the
enemy's unpreparedness; travel by unexpected routes
and strike him where he has taken no precautions”
“It is fatal to enter any war
without the will to win it”
General Douglas McArthur
103. T h a n k Y o u
petercochrane.com
We posses superior
technology, networks
and brains - if we lose
this war it is down to
our organisational
inabilities …and the
Dark Side will have an
easy win!
https://www.uos.ac.uk