SlideShare uma empresa Scribd logo

A US Cybersecurity Strategy for 2030

S
Scott Dickson
1 de 8
Baixar para ler offline
AY 2014-2015 US Cyber Strategy for 2030: A Direction LT COL SCOTT A. DICKSON USAF SEMINAR 19 The Dwight D. Eisenhower School for National Security and Resource Strategy National Defense University Fort McNair, Washington, D.C. 20319-5062 The views expressed in this paper are those of the author and do not reflect the official policy or position of the National Defense University, the Department of Defense or the U.S. Government.
Lt Col Dickson/ES/DSR/856-220-3899/6 Oct 14 BULLET BACKGROUND PAPER ON US CYBERSECURITY STRATEGY FOR CY2030 PURPOSE Explain DoD’s comprehensive 2030 US Cybersecurity Strategy to US strategic leaders CONCERNS - Pres Obama’s EO 13636: “one of the most serious national security challenges” - Gen Dempsey’s 2014 QDR: “we will not innovate quickly enough or deeply enough to be prepared for the future for the world we will face two decades from now” - Hard to define; Cyber is “of, relating to, or involving computers or computer networks (as the Internet)” - Unique properties: both a domain and a means, both tangible and non-tangible aspects, & no substitute - As a Domain -- Man-made; “Man can actually change this geography, and anything that happens there actually creates a change in someone’s physical space” (Gen (ret) Michael Hayden, USAF) -- Strengths are also its weaknesses, hence exploitable --- Highly Connected: Interconnected nodes spanning across the entire world --- Easily Accessible: Reachable from any computer or mobile device --- Few Boundaries: Built with minimal restrictions to expedite information flow --- Predictable: Possible pathways configured by humans, real-time selected by computers --- Layered: Complex computer applications executing on operating systems and firmware --- Digitized: All information stored in a common format, easily manipulated and transmitted -- As a Means --- Anonymously conducted via protection software like TOR, a US Navy-developed program --- Five categories of Attack1 ---- Consumption of computer resources: bandwidth, memory, disk space, processor time
3 ---- Disruption of configuration information, such as routing information ---- Disruption of state information, such as unsolicited resetting of TCP sessions ---- Disruption of physical network components ---- Obstructing communication media between intended users and victim --- Focused on disrupting, denying, or destroying capability or communications ---- Trojan malware: static programs hidden on computers and activated to disrupt ---- Botnets: automated programs hidden on computers facilitating other actions ---- Distributed Denial of Service (DDoS): consuming bandwidth to preclude other’s use ---- Permanent Denial of Service (PDoS): overwriting firmware to render hardware useless --- Cyber-espionage considered a non-DoD attack category ACTORS - “The number of mobile-connected devices will exceed the world’s population by 2014.”2 - US Domestic Actors: include US Government agencies, NGOs, industry, and citizens -- Primary Govt Agencies include: --- DoD: responsible for coordinating cyber attack capabilities --- DHS: mandated by EO 13636 to lead US cyber threat identification efforts --- US Attorney General: mandated by EO 13636 to support cyber threat identification efforts --- DNI: mandated by EO 13636 to support cyber threat identification efforts --- Commerce: mandated by EO 13636 to reduce cyber risk to critical infrastructure --- NSA: responsible for increasing US cyber situational awareness --- FBI: Domestic prosecution of cyber crime --- DoJ: Prosecution of cyber crime and offenses - External Actors: -- Cyber Anonymity allows an actor to act like any other actor -- Three main types:
4 --- Organized crime groups: primarily threatening financial services sector, expanding scope --- State sponsors: Interested in pilfering data, intellectual property, research and development data from manufacturers, government agencies, and defense contractors --- Terrorist groups: Use network to disrupt or harm nation’s critical infrastructure CURRENT ENVIRONMENT - Congress --- Introduced S.733, Cybersecurity Act of 2009, 24 Mar 2010, Not Enacted --- Introduced S.2105, Cybersecurity Act of 2012, 15 Feb 2012, Not Enacted --- Introduced S.1353, Cybersecurity Act of 2013, 24 Jul 2013, Not Enacted --- Introduced H.R.624, Cyber Intelligence Sharing and Protection Act Passed House on 18 Apr 2013, Refered in Senate to Select Committee on Intelligence --- Introduced S.2588, Cybersecurity Information Sharing Act (CISA) on 10 Jul 20143 ---- Develop process for classified and declassified cyber threat indicators, to share in real time with private entities; non-federal govt agencies; or state, tribal, or local govts ---- Permits private entities to monitor and operate countermeasures to prevent or mitigate cybersecurity threats or security vulnerabilities on own information systems (IS) and, with written consent, the IS of other entities and federal entities ---- Authorizes entities to monitor information stored on, processed by, or transiting such monitored systems ---- Current Status: Senate has not considered or voted on CISA - President -- Signed Executive Order 13636 on 12 Feb 2013, established US cyber interests -- “To enhance the security and resilience of the Nation's critical infrastructure and to maintain a cyber environment that encourages: efficiency, innovation, and economic prosperity while promoting safety, security, business confidentiality, privacy, and civil liberties”
5 INTERESTS - Due to the overlap between external actors in the interest analysis table below, a strategy which addresses Terrorist Groups’ interests should address all external actors United States Organized Crime State Sponsors Terrorist Groups Verifiable Access to Information Unimpeded Access to Information Verifiable Access to Information Unimpeded Access to Information Intellectual Property Rights Intellectual Property Exploitation Depends on State Intellectual Property Exploitation Data Protection Data Exploitation Data Protection Data Exploitation Non-repudiation Anonymity Non-repudiation Anonymity Efficient Infrastructure Efficient Infrastructure Efficient Infrastructure Inefficient/ Ineffective infrastructure Economic Growth Economic Growth Economic Growth Economic Regression Note: Dark/Red shading denotes external interests counter to US interests CY2030 SCENARIO DRIVERS - Active Anti-US Terrorist Groups & Global Polarity selected as primary drivers affecting cyber scenarios - Relevant drivers listed in below table, secondary drivers set as scenario building assumptions Note: Non-selected drivers are scenario assumptions; colored text = assumed values for scenarios Drivers Outcome #1 Outcome #2 Uncertainty Active Anti-US Terrorist Groups Eradicated Exist High Global Polarity Dominant US Multi-Polar Med Persistant Cybermonitoring Technology Developed Non-Developed Med US Economic Type Manufacturing Knowledge Low Privacy/Civil Liberties Concerns None Preventative Low Cyber Sovereignty None Server-based Low
SCENARIOS - Based on Active Anti-US Terrorist Groups & Global Polarity drivers, four potential 2030 scenarios exist - A DoD 2030 cyberstrategy should also hedge against an -- DHS Sec, 24 Jan 2013, "We shouldn't wait until there is a 9/11 in the cyber world. There are things we can and should be doing right now that, if not prevent, would mitigate the extent of damage“ -- Similar to Jul 2014 cyber attacks on Israel where Hamas hacked or targeted: --- Half a million smartphones, sending texts of false chemical attacks --- Systems controlling vital Israeli infrastructure, including Israel Electric Co power desalination plants, traffic lights, and railroads and other transportation systems --- Israel's banking system, including Bank of Israel, one of the country’s largest banks --- Thousands of largely unprotected civilian websi --- Israel's Foreign Affairs and Defense Ministries, Air Force, the office of the president, the Knesset, the Israel Police, and the government's official jobs portal US Terrorist Groups & Global Polarity drivers, four potential 2030 scenarios exist A DoD 2030 cyberstrategy should also hedge against an exogenous Cyber 9/11 scenario "We shouldn't wait until there is a 9/11 in the cyber world. There are things we can and should be doing right now that, if not prevent, would mitigate the extent of damage“ Similar to Jul 2014 cyber attacks on Israel where Hamas hacked or targeted: Half a million smartphones, sending texts of false chemical attacks Systems controlling vital Israeli infrastructure, including Israel Electric Co power desalination plants, traffic lights, and railroads and other transportation systems Israel's banking system, including Bank of Israel, one of the country’s largest banks Thousands of largely unprotected civilian websites via DDoS attacks Israel's Foreign Affairs and Defense Ministries, Air Force, the office of the president, the Knesset, the Israel Police, and the government's official jobs portal 6 US Terrorist Groups & Global Polarity drivers, four potential 2030 scenarios exist exogenous Cyber 9/11 scenario "We shouldn't wait until there is a 9/11 in the cyber world. There are things we can and should be doing right now that, if not prevent, would mitigate the extent of damage“ Systems controlling vital Israeli infrastructure, including Israel Electric Co power stations, water Israel's banking system, including Bank of Israel, one of the country’s largest banks Israel's Foreign Affairs and Defense Ministries, Air Force, the office of the president, the Knesset,
7 ACTIONS - Based on CY2030 & exogenous scenarios, below table lists recommended DoD shaping/hedging actions Type Priority Action Shaping High Establish a Cybersecurity Enforcement Coalition Shaping High Partner w/DoS to develop a Cybersecurity Code of Conduct (or Treaty) to Define Acceptable Cyber Behavior and Enforcement Responsibilities Shaping High Continue to Minimize Anti-US Terrorist Groups (in progress) Shaping High Invest and Implement Persistent Cyber Situational Awareness/Monitoring Technology Shaping Med Develop a Layered Cyber Defense Strategy to Defend National Security Data (in progress) Shaping Med Implement Public Policy Restricting Use of Anonymity Software within United States Shaping Low Implement Public Policy Requiring Minimum Cyber Protection Mechanisms for US Businesses (in progress) Shaping Low Continue Cyber Protection Education Efforts with the Public, National Security Professionals and US Companies (in progress) Hedging High Maintain Resilient and Redundant Storage of Critical National Security Data Hedging High Develop Robust Cyber Attack Capabilities Hedging High Develop and Maintain Capability to Operate in a Degraded Cyber Environment Hedging Med Implement Public Policy requiring Manual or Isolated Networked Capability of Critical National Energy Capabilities Hedging Med Create Emergency Isolation Plan and Develop Necessary Capabilities to Implement Hedging Med Partner with DoS and DHS to Build Positive US Public Opinion Behind Required US Privacy and Monitoring Policies RECOMMENDATIONS - Implement shaping and hedging actions to protect DoD’s cyber capabilities as a force multiplier - Support CISA passage within Congress - Continue DoD’s compliance actions as dictated by President’s EO 13636
8 END NOTES 1 “Denial of Service Attacks”. Accessed on 6 Oct 2014. http://en.wikipedia.org/wiki/Denial-of-service_attack. 2 Cisco Visual Networking Index: Global Mobile Data Traffic Forecast Update, 2013–2018. Accessed on 23 Sep 2014. http://www.cisco.com/c/en//solutions/collateral/service-provider/visual-networking-index- vni/white_paper_c11-520862.html 3 Feinstein. S.2588. Accessed on 29 Sep 2014, https://www.congress.gov/bill/113th-congress/senate-bill/2588

Recomendados

Understanding the Methods behind Cyber Terrorism
Understanding the Methods behind Cyber TerrorismUnderstanding the Methods behind Cyber Terrorism
Understanding the Methods behind Cyber Terrorism
Maurice Dawson
 
Cyber war
Cyber warCyber war
Cyber war
Praveen
 
Cyber Threats that impact the US Energy Infrastructure
Cyber Threats that impact the US Energy InfrastructureCyber Threats that impact the US Energy Infrastructure
Cyber Threats that impact the US Energy Infrastructure
David Sweigert
 
The Future of National and International Security on the Internet
The Future of National and International Security on the InternetThe Future of National and International Security on the Internet
The Future of National and International Security on the Internet
Maurice Dawson
 
Final national cyber security strategy november 2014
Final national cyber security strategy november 2014Final national cyber security strategy november 2014
Final national cyber security strategy november 2014
vikawotar
 
Cyber Warfare -
Cyber Warfare -Cyber Warfare -
Cyber Warfare -
ideaflashed
 
114-116
114-116114-116
114-116
IKERIONWU FREDRICK
 
The Federal Government's Track Record on Cybersecurity and Critical Infrastru...
The Federal Government's Track Record on Cybersecurity and Critical Infrastru...The Federal Government's Track Record on Cybersecurity and Critical Infrastru...
The Federal Government's Track Record on Cybersecurity and Critical Infrastru...
- Mark - Fullbright
 

Recomendados

Understanding the Methods behind Cyber Terrorism
Understanding the Methods behind Cyber TerrorismUnderstanding the Methods behind Cyber Terrorism
Understanding the Methods behind Cyber Terrorism
Maurice Dawson
 
Cyber war
Cyber warCyber war
Cyber war
Praveen
 
Cyber Threats that impact the US Energy Infrastructure
Cyber Threats that impact the US Energy InfrastructureCyber Threats that impact the US Energy Infrastructure
Cyber Threats that impact the US Energy Infrastructure
David Sweigert
 
The Future of National and International Security on the Internet
The Future of National and International Security on the InternetThe Future of National and International Security on the Internet
The Future of National and International Security on the Internet
Maurice Dawson
 
Final national cyber security strategy november 2014
Final national cyber security strategy november 2014Final national cyber security strategy november 2014
Final national cyber security strategy november 2014
vikawotar
 
Cyber Warfare -
Cyber Warfare -Cyber Warfare -
Cyber Warfare -
ideaflashed
 
114-116
114-116114-116
114-116
IKERIONWU FREDRICK
 
The Federal Government's Track Record on Cybersecurity and Critical Infrastru...
The Federal Government's Track Record on Cybersecurity and Critical Infrastru...The Federal Government's Track Record on Cybersecurity and Critical Infrastru...
The Federal Government's Track Record on Cybersecurity and Critical Infrastru...
- Mark - Fullbright
 
Cyber War ( World War 3 )
Cyber War ( World War 3 )Cyber War ( World War 3 )
Cyber War ( World War 3 )
Sameer Paradia
 
Cyberdefense strategy - Boston Global Forum - 2017
Cyberdefense strategy - Boston Global Forum - 2017Cyberdefense strategy - Boston Global Forum - 2017
Cyberdefense strategy - Boston Global Forum - 2017
NgocHaBui1
 
2015 Cyber Security Strategy
2015 Cyber Security Strategy 2015 Cyber Security Strategy
2015 Cyber Security Strategy
Mohit Kumar
 
The Role Of Technology In Modern Terrorism
The Role Of Technology In Modern TerrorismThe Role Of Technology In Modern Terrorism
The Role Of Technology In Modern Terrorism
Pierluigi Paganini
 
Event: George Washington University -- National Security Threat Convergence: ...
Event: George Washington University -- National Security Threat Convergence: ...Event: George Washington University -- National Security Threat Convergence: ...
Event: George Washington University -- National Security Threat Convergence: ...
Chuck Brooks
 
Clt3328fisk
Clt3328fiskClt3328fisk
Clt3328fisk
Julesroa
 
Self defence & Cyber Terrorism
Self defence & Cyber Terrorism Self defence & Cyber Terrorism
Self defence & Cyber Terrorism
Pranav Gupta
 
Raduenzel_Mark_FinalAssignment_NSEC506_Fall2015
Raduenzel_Mark_FinalAssignment_NSEC506_Fall2015Raduenzel_Mark_FinalAssignment_NSEC506_Fall2015
Raduenzel_Mark_FinalAssignment_NSEC506_Fall2015
Mark Raduenzel
 
CWFI Presentation Version 1
CWFI Presentation Version 1CWFI Presentation Version 1
CWFI Presentation Version 1
Brett L. Scott
 
Computers as weapons of war
Computers as weapons of warComputers as weapons of war
Computers as weapons of war
Mark Johnson
 
The National Cyber Security Strategy: Success Through Cooperation
The National Cyber Security Strategy: Success Through CooperationThe National Cyber Security Strategy: Success Through Cooperation
The National Cyber Security Strategy: Success Through Cooperation
Mark Johnson
 
Cybersecurity Awareness- Libya' 1st Cybersecurity Days Conference (CDC)
Cybersecurity Awareness- Libya' 1st Cybersecurity Days Conference (CDC)Cybersecurity Awareness- Libya' 1st Cybersecurity Days Conference (CDC)
Cybersecurity Awareness- Libya' 1st Cybersecurity Days Conference (CDC)
Esam Abulkhirat
 
Bashar H. Malkawi, The Forum on National Security Law
Bashar H. Malkawi, The Forum on National Security LawBashar H. Malkawi, The Forum on National Security Law
Bashar H. Malkawi, The Forum on National Security Law
Bashar H. Malkawi
 
Privacy in the Information Age
Privacy in the Information AgePrivacy in the Information Age
Privacy in the Information Age
Jordan Peacock
 
Privacy in the Information Age [Q3 2015 version]
Privacy in the Information Age [Q3 2015 version]Privacy in the Information Age [Q3 2015 version]
Privacy in the Information Age [Q3 2015 version]
Jordan Peacock
 
Hacking Municipal Government Best Practices for Protection of Sensitive Loc...
Hacking Municipal Government Best Practices for Protection of Sensitive Loc...Hacking Municipal Government Best Practices for Protection of Sensitive Loc...
Hacking Municipal Government Best Practices for Protection of Sensitive Loc...
Ben Griffith
 
Securing Cyber Space- Eljay Robertson
Securing Cyber Space- Eljay RobertsonSecuring Cyber Space- Eljay Robertson
Securing Cyber Space- Eljay Robertson
Eljay Robertson
 
Cyberwar and Geopolitics
Cyberwar and GeopoliticsCyberwar and Geopolitics
Cyberwar and Geopolitics
tnwac
 
The Security Implications of Foreign Hardware & Software February 2019
The Security Implications of Foreign Hardware & Software February 2019The Security Implications of Foreign Hardware & Software February 2019
The Security Implications of Foreign Hardware & Software February 2019
ChadCogan
 
RESEARCH PAPER
RESEARCH PAPERRESEARCH PAPER
RESEARCH PAPER
Tanvi Jindal
 
Resourcing the US 2030 Cyber Strategy
Resourcing the US 2030 Cyber StrategyResourcing the US 2030 Cyber Strategy
Resourcing the US 2030 Cyber Strategy
Scott Dickson
 
Presentación socialización...
Presentación socialización...Presentación socialización...
Presentación socialización...
GabrielaAssefC
 

Mais conteúdo relacionado

Mais procurados

Raduenzel_Mark_FinalAssignment_NSEC506_Fall2015
Raduenzel_Mark_FinalAssignment_NSEC506_Fall2015Raduenzel_Mark_FinalAssignment_NSEC506_Fall2015
Raduenzel_Mark_FinalAssignment_NSEC506_Fall2015
Mark Raduenzel
 
Computers as weapons of war
Computers as weapons of warComputers as weapons of war
Computers as weapons of war
Mark Johnson
 
Hacking Municipal Government Best Practices for Protection of Sensitive Loc...
Hacking Municipal Government Best Practices for Protection of Sensitive Loc...Hacking Municipal Government Best Practices for Protection of Sensitive Loc...
Hacking Municipal Government Best Practices for Protection of Sensitive Loc...
Ben Griffith
 
Securing Cyber Space- Eljay Robertson
Securing Cyber Space- Eljay RobertsonSecuring Cyber Space- Eljay Robertson
Securing Cyber Space- Eljay Robertson
Eljay Robertson
 

Mais procurados (20)

Cyber War ( World War 3 )
Cyber War ( World War 3 )Cyber War ( World War 3 )
Cyber War ( World War 3 )
 
Cyberdefense strategy - Boston Global Forum - 2017
Cyberdefense strategy - Boston Global Forum - 2017Cyberdefense strategy - Boston Global Forum - 2017
Cyberdefense strategy - Boston Global Forum - 2017
 
2015 Cyber Security Strategy
2015 Cyber Security Strategy 2015 Cyber Security Strategy
2015 Cyber Security Strategy
 
The Role Of Technology In Modern Terrorism
The Role Of Technology In Modern TerrorismThe Role Of Technology In Modern Terrorism
The Role Of Technology In Modern Terrorism
 
Event: George Washington University -- National Security Threat Convergence: ...
Event: George Washington University -- National Security Threat Convergence: ...Event: George Washington University -- National Security Threat Convergence: ...
Event: George Washington University -- National Security Threat Convergence: ...
 
Clt3328fisk
Clt3328fiskClt3328fisk
Clt3328fisk
 
Self defence & Cyber Terrorism
Self defence & Cyber Terrorism Self defence & Cyber Terrorism
Self defence & Cyber Terrorism
 
Raduenzel_Mark_FinalAssignment_NSEC506_Fall2015
Raduenzel_Mark_FinalAssignment_NSEC506_Fall2015Raduenzel_Mark_FinalAssignment_NSEC506_Fall2015
Raduenzel_Mark_FinalAssignment_NSEC506_Fall2015
 
CWFI Presentation Version 1
CWFI Presentation Version 1CWFI Presentation Version 1
CWFI Presentation Version 1
 
Computers as weapons of war
Computers as weapons of warComputers as weapons of war
Computers as weapons of war
 
The National Cyber Security Strategy: Success Through Cooperation
The National Cyber Security Strategy: Success Through CooperationThe National Cyber Security Strategy: Success Through Cooperation
The National Cyber Security Strategy: Success Through Cooperation
 
Cybersecurity Awareness- Libya' 1st Cybersecurity Days Conference (CDC)
Cybersecurity Awareness- Libya' 1st Cybersecurity Days Conference (CDC)Cybersecurity Awareness- Libya' 1st Cybersecurity Days Conference (CDC)
Cybersecurity Awareness- Libya' 1st Cybersecurity Days Conference (CDC)
 
Bashar H. Malkawi, The Forum on National Security Law
Bashar H. Malkawi, The Forum on National Security LawBashar H. Malkawi, The Forum on National Security Law
Bashar H. Malkawi, The Forum on National Security Law
 
Privacy in the Information Age
Privacy in the Information AgePrivacy in the Information Age
Privacy in the Information Age
 
Privacy in the Information Age [Q3 2015 version]
Privacy in the Information Age [Q3 2015 version]Privacy in the Information Age [Q3 2015 version]
Privacy in the Information Age [Q3 2015 version]
 
Hacking Municipal Government Best Practices for Protection of Sensitive Loc...
Hacking Municipal Government Best Practices for Protection of Sensitive Loc...Hacking Municipal Government Best Practices for Protection of Sensitive Loc...
Hacking Municipal Government Best Practices for Protection of Sensitive Loc...
 
Securing Cyber Space- Eljay Robertson
Securing Cyber Space- Eljay RobertsonSecuring Cyber Space- Eljay Robertson
Securing Cyber Space- Eljay Robertson
 
Cyberwar and Geopolitics
Cyberwar and GeopoliticsCyberwar and Geopolitics
Cyberwar and Geopolitics
 
The Security Implications of Foreign Hardware & Software February 2019
The Security Implications of Foreign Hardware & Software February 2019The Security Implications of Foreign Hardware & Software February 2019
The Security Implications of Foreign Hardware & Software February 2019
 
RESEARCH PAPER
RESEARCH PAPERRESEARCH PAPER
RESEARCH PAPER
 

Destaque

Resourcing the US 2030 Cyber Strategy
Resourcing the US 2030 Cyber StrategyResourcing the US 2030 Cyber Strategy
Resourcing the US 2030 Cyber Strategy
Scott Dickson
 
Prezentatsia patriotichne vikhovannya
Prezentatsia patriotichne vikhovannyaPrezentatsia patriotichne vikhovannya
Prezentatsia patriotichne vikhovannya
nvk-zosh7
 
Kelly Resume - April 2016
Kelly Resume - April 2016Kelly Resume - April 2016
Kelly Resume - April 2016
Kelly Reynolds
 
Everyone Active Profile
Everyone Active ProfileEveryone Active Profile
Everyone Active Profile
leroy phillips
 

Destaque (20)

Resourcing the US 2030 Cyber Strategy
Resourcing the US 2030 Cyber StrategyResourcing the US 2030 Cyber Strategy
Resourcing the US 2030 Cyber Strategy
 
Presentación socialización...
Presentación socialización...Presentación socialización...
Presentación socialización...
 
Prezentatsia patriotichne vikhovannya
Prezentatsia patriotichne vikhovannyaPrezentatsia patriotichne vikhovannya
Prezentatsia patriotichne vikhovannya
 
Introducción a la informática
Introducción a la informáticaIntroducción a la informática
Introducción a la informática
 
A08 12116 Downey 02-10-08 A
A08 12116 Downey 02-10-08 AA08 12116 Downey 02-10-08 A
A08 12116 Downey 02-10-08 A
 
Lactancia materna en el prematuro
Lactancia materna en el prematuro Lactancia materna en el prematuro
Lactancia materna en el prematuro
 
Introducción a la computación
Introducción a la computación Introducción a la computación
Introducción a la computación
 
Kelly Resume - April 2016
Kelly Resume - April 2016Kelly Resume - April 2016
Kelly Resume - April 2016
 
Nvk seminar
Nvk seminarNvk seminar
Nvk seminar
 
TRABAJO PRACTICO: APRENDIZAJE UBICUO
TRABAJO PRACTICO: APRENDIZAJE UBICUOTRABAJO PRACTICO: APRENDIZAJE UBICUO
TRABAJO PRACTICO: APRENDIZAJE UBICUO
 
Análise guernica 001
Análise guernica 001Análise guernica 001
Análise guernica 001
 
Curso de competencias t.i.c.s.
Curso de competencias t.i.c.s.Curso de competencias t.i.c.s.
Curso de competencias t.i.c.s.
 
Osos de peluches (1)
Osos de peluches (1)Osos de peluches (1)
Osos de peluches (1)
 
SU2C Project
SU2C Project SU2C Project
SU2C Project
 
قانون البناء الموحد
قانون البناء الموحدقانون البناء الموحد
قانون البناء الموحد
 
Prezentatsia1 2
Prezentatsia1 2Prezentatsia1 2
Prezentatsia1 2
 
Prezentatsia1
Prezentatsia1Prezentatsia1
Prezentatsia1
 
Proyecto emisora escolar
Proyecto emisora escolarProyecto emisora escolar
Proyecto emisora escolar
 
أعمال التاكسيات
أعمال التاكسياتأعمال التاكسيات
أعمال التاكسيات
 
Everyone Active Profile
Everyone Active ProfileEveryone Active Profile
Everyone Active Profile
 

Semelhante a A US Cybersecurity Strategy for 2030

Review DNI WTAs for 2015 and 2016 (see attached). Compare and con.docx
Review DNI WTAs for 2015 and 2016 (see attached). Compare and con.docxReview DNI WTAs for 2015 and 2016 (see attached). Compare and con.docx
Review DNI WTAs for 2015 and 2016 (see attached). Compare and con.docx
ronak56
 
ZamanAsad_INFA 670_9041_RPAPER_Cybersecurity-3
ZamanAsad_INFA 670_9041_RPAPER_Cybersecurity-3ZamanAsad_INFA 670_9041_RPAPER_Cybersecurity-3
ZamanAsad_INFA 670_9041_RPAPER_Cybersecurity-3
Asad Zaman
 
Vision By 2023, the Departme.docx
Vision By 2023, the Departme.docxVision By 2023, the Departme.docx
Vision By 2023, the Departme.docx
jessiehampson
 
The Biggest Cyber and Physical Security Threats to Critical Infrastructure FM...
The Biggest Cyber and Physical Security Threats to Critical Infrastructure FM...The Biggest Cyber and Physical Security Threats to Critical Infrastructure FM...
The Biggest Cyber and Physical Security Threats to Critical Infrastructure FM...
Fas (Feisal) Mosleh
 
wp-us-cities-exposed
wp-us-cities-exposedwp-us-cities-exposed
wp-us-cities-exposed
Numaan Huq
 
Francesca Bosco, Le nuove sfide della cyber security
Francesca Bosco, Le nuove sfide della cyber securityFrancesca Bosco, Le nuove sfide della cyber security
Francesca Bosco, Le nuove sfide della cyber security
Andrea Rossetti
 

Semelhante a A US Cybersecurity Strategy for 2030 (20)

28658043 cyber-terrorism
28658043 cyber-terrorism28658043 cyber-terrorism
28658043 cyber-terrorism
 
Cyber warfare ss
Cyber warfare ssCyber warfare ss
Cyber warfare ss
 
Cyber(in)security: systemic risks and responses
Cyber(in)security: systemic risks and responsesCyber(in)security: systemic risks and responses
Cyber(in)security: systemic risks and responses
 
Systemic cybersecurity risk
Systemic cybersecurity riskSystemic cybersecurity risk
Systemic cybersecurity risk
 
Worldwide Cyber Threats report to House Permanent Select Committee on Intelli...
Worldwide Cyber Threats report to House Permanent Select Committee on Intelli...Worldwide Cyber Threats report to House Permanent Select Committee on Intelli...
Worldwide Cyber Threats report to House Permanent Select Committee on Intelli...
 
Cyber security-in-india-present-status
Cyber security-in-india-present-statusCyber security-in-india-present-status
Cyber security-in-india-present-status
 
Review DNI WTAs for 2015 and 2016 (see attached). Compare and con.docx
Review DNI WTAs for 2015 and 2016 (see attached). Compare and con.docxReview DNI WTAs for 2015 and 2016 (see attached). Compare and con.docx
Review DNI WTAs for 2015 and 2016 (see attached). Compare and con.docx
 
ZamanAsad_INFA 670_9041_RPAPER_Cybersecurity-3
ZamanAsad_INFA 670_9041_RPAPER_Cybersecurity-3ZamanAsad_INFA 670_9041_RPAPER_Cybersecurity-3
ZamanAsad_INFA 670_9041_RPAPER_Cybersecurity-3
 
National Critical Information Infrastructure Protection Centre (NCIIPC): Role...
National Critical Information Infrastructure Protection Centre (NCIIPC): Role...National Critical Information Infrastructure Protection Centre (NCIIPC): Role...
National Critical Information Infrastructure Protection Centre (NCIIPC): Role...
 
Cybersecurity and its impact on your commercial real estate portfolio
Cybersecurity and its impact on your commercial real estate portfolioCybersecurity and its impact on your commercial real estate portfolio
Cybersecurity and its impact on your commercial real estate portfolio
 
Vision By 2023, the Departme.docx
Vision By 2023, the Departme.docxVision By 2023, the Departme.docx
Vision By 2023, the Departme.docx
 
The Biggest Cyber and Physical Security Threats to Critical Infrastructure FM...
The Biggest Cyber and Physical Security Threats to Critical Infrastructure FM...The Biggest Cyber and Physical Security Threats to Critical Infrastructure FM...
The Biggest Cyber and Physical Security Threats to Critical Infrastructure FM...
 
CYBERWAR: THE NEXT THREAT TO NATIONAL SECURITY
CYBERWAR: THE NEXT THREAT TO NATIONAL SECURITYCYBERWAR: THE NEXT THREAT TO NATIONAL SECURITY
CYBERWAR: THE NEXT THREAT TO NATIONAL SECURITY
 
Cyber-what?
Cyber-what?Cyber-what?
Cyber-what?
 
ISIS Cyber Terrorism Analysis
ISIS Cyber Terrorism AnalysisISIS Cyber Terrorism Analysis
ISIS Cyber Terrorism Analysis
 
AECF: A Look into Cyber Crime - Doomsday Preppers for the Naked and Afraid
AECF: A Look into Cyber Crime - Doomsday Preppers for the Naked and AfraidAECF: A Look into Cyber Crime - Doomsday Preppers for the Naked and Afraid
AECF: A Look into Cyber Crime - Doomsday Preppers for the Naked and Afraid
 
wp-us-cities-exposed
wp-us-cities-exposedwp-us-cities-exposed
wp-us-cities-exposed
 
Francesca Bosco, Le nuove sfide della cyber security
Francesca Bosco, Le nuove sfide della cyber securityFrancesca Bosco, Le nuove sfide della cyber security
Francesca Bosco, Le nuove sfide della cyber security
 
Terrorist Cyber Attacks
Terrorist Cyber AttacksTerrorist Cyber Attacks
Terrorist Cyber Attacks
 
Cyber Security Conference - Rethinking cyber-threat
Cyber Security Conference - Rethinking cyber-threatCyber Security Conference - Rethinking cyber-threat
Cyber Security Conference - Rethinking cyber-threat
 

A US Cybersecurity Strategy for 2030

  • 1. AY 2014-2015 US Cyber Strategy for 2030: A Direction LT COL SCOTT A. DICKSON USAF SEMINAR 19 The Dwight D. Eisenhower School for National Security and Resource Strategy National Defense University Fort McNair, Washington, D.C. 20319-5062 The views expressed in this paper are those of the author and do not reflect the official policy or position of the National Defense University, the Department of Defense or the U.S. Government.
  • 2. Lt Col Dickson/ES/DSR/856-220-3899/6 Oct 14 BULLET BACKGROUND PAPER ON US CYBERSECURITY STRATEGY FOR CY2030 PURPOSE Explain DoD’s comprehensive 2030 US Cybersecurity Strategy to US strategic leaders CONCERNS - Pres Obama’s EO 13636: “one of the most serious national security challenges” - Gen Dempsey’s 2014 QDR: “we will not innovate quickly enough or deeply enough to be prepared for the future for the world we will face two decades from now” - Hard to define; Cyber is “of, relating to, or involving computers or computer networks (as the Internet)” - Unique properties: both a domain and a means, both tangible and non-tangible aspects, & no substitute - As a Domain -- Man-made; “Man can actually change this geography, and anything that happens there actually creates a change in someone’s physical space” (Gen (ret) Michael Hayden, USAF) -- Strengths are also its weaknesses, hence exploitable --- Highly Connected: Interconnected nodes spanning across the entire world --- Easily Accessible: Reachable from any computer or mobile device --- Few Boundaries: Built with minimal restrictions to expedite information flow --- Predictable: Possible pathways configured by humans, real-time selected by computers --- Layered: Complex computer applications executing on operating systems and firmware --- Digitized: All information stored in a common format, easily manipulated and transmitted -- As a Means --- Anonymously conducted via protection software like TOR, a US Navy-developed program --- Five categories of Attack1 ---- Consumption of computer resources: bandwidth, memory, disk space, processor time
  • 3. 3 ---- Disruption of configuration information, such as routing information ---- Disruption of state information, such as unsolicited resetting of TCP sessions ---- Disruption of physical network components ---- Obstructing communication media between intended users and victim --- Focused on disrupting, denying, or destroying capability or communications ---- Trojan malware: static programs hidden on computers and activated to disrupt ---- Botnets: automated programs hidden on computers facilitating other actions ---- Distributed Denial of Service (DDoS): consuming bandwidth to preclude other’s use ---- Permanent Denial of Service (PDoS): overwriting firmware to render hardware useless --- Cyber-espionage considered a non-DoD attack category ACTORS - “The number of mobile-connected devices will exceed the world’s population by 2014.”2 - US Domestic Actors: include US Government agencies, NGOs, industry, and citizens -- Primary Govt Agencies include: --- DoD: responsible for coordinating cyber attack capabilities --- DHS: mandated by EO 13636 to lead US cyber threat identification efforts --- US Attorney General: mandated by EO 13636 to support cyber threat identification efforts --- DNI: mandated by EO 13636 to support cyber threat identification efforts --- Commerce: mandated by EO 13636 to reduce cyber risk to critical infrastructure --- NSA: responsible for increasing US cyber situational awareness --- FBI: Domestic prosecution of cyber crime --- DoJ: Prosecution of cyber crime and offenses - External Actors: -- Cyber Anonymity allows an actor to act like any other actor -- Three main types:
  • 4. 4 --- Organized crime groups: primarily threatening financial services sector, expanding scope --- State sponsors: Interested in pilfering data, intellectual property, research and development data from manufacturers, government agencies, and defense contractors --- Terrorist groups: Use network to disrupt or harm nation’s critical infrastructure CURRENT ENVIRONMENT - Congress --- Introduced S.733, Cybersecurity Act of 2009, 24 Mar 2010, Not Enacted --- Introduced S.2105, Cybersecurity Act of 2012, 15 Feb 2012, Not Enacted --- Introduced S.1353, Cybersecurity Act of 2013, 24 Jul 2013, Not Enacted --- Introduced H.R.624, Cyber Intelligence Sharing and Protection Act Passed House on 18 Apr 2013, Refered in Senate to Select Committee on Intelligence --- Introduced S.2588, Cybersecurity Information Sharing Act (CISA) on 10 Jul 20143 ---- Develop process for classified and declassified cyber threat indicators, to share in real time with private entities; non-federal govt agencies; or state, tribal, or local govts ---- Permits private entities to monitor and operate countermeasures to prevent or mitigate cybersecurity threats or security vulnerabilities on own information systems (IS) and, with written consent, the IS of other entities and federal entities ---- Authorizes entities to monitor information stored on, processed by, or transiting such monitored systems ---- Current Status: Senate has not considered or voted on CISA - President -- Signed Executive Order 13636 on 12 Feb 2013, established US cyber interests -- “To enhance the security and resilience of the Nation's critical infrastructure and to maintain a cyber environment that encourages: efficiency, innovation, and economic prosperity while promoting safety, security, business confidentiality, privacy, and civil liberties”
  • 5. 5 INTERESTS - Due to the overlap between external actors in the interest analysis table below, a strategy which addresses Terrorist Groups’ interests should address all external actors United States Organized Crime State Sponsors Terrorist Groups Verifiable Access to Information Unimpeded Access to Information Verifiable Access to Information Unimpeded Access to Information Intellectual Property Rights Intellectual Property Exploitation Depends on State Intellectual Property Exploitation Data Protection Data Exploitation Data Protection Data Exploitation Non-repudiation Anonymity Non-repudiation Anonymity Efficient Infrastructure Efficient Infrastructure Efficient Infrastructure Inefficient/ Ineffective infrastructure Economic Growth Economic Growth Economic Growth Economic Regression Note: Dark/Red shading denotes external interests counter to US interests CY2030 SCENARIO DRIVERS - Active Anti-US Terrorist Groups & Global Polarity selected as primary drivers affecting cyber scenarios - Relevant drivers listed in below table, secondary drivers set as scenario building assumptions Note: Non-selected drivers are scenario assumptions; colored text = assumed values for scenarios Drivers Outcome #1 Outcome #2 Uncertainty Active Anti-US Terrorist Groups Eradicated Exist High Global Polarity Dominant US Multi-Polar Med Persistant Cybermonitoring Technology Developed Non-Developed Med US Economic Type Manufacturing Knowledge Low Privacy/Civil Liberties Concerns None Preventative Low Cyber Sovereignty None Server-based Low
  • 6. SCENARIOS - Based on Active Anti-US Terrorist Groups & Global Polarity drivers, four potential 2030 scenarios exist - A DoD 2030 cyberstrategy should also hedge against an -- DHS Sec, 24 Jan 2013, "We shouldn't wait until there is a 9/11 in the cyber world. There are things we can and should be doing right now that, if not prevent, would mitigate the extent of damage“ -- Similar to Jul 2014 cyber attacks on Israel where Hamas hacked or targeted: --- Half a million smartphones, sending texts of false chemical attacks --- Systems controlling vital Israeli infrastructure, including Israel Electric Co power desalination plants, traffic lights, and railroads and other transportation systems --- Israel's banking system, including Bank of Israel, one of the country’s largest banks --- Thousands of largely unprotected civilian websi --- Israel's Foreign Affairs and Defense Ministries, Air Force, the office of the president, the Knesset, the Israel Police, and the government's official jobs portal US Terrorist Groups & Global Polarity drivers, four potential 2030 scenarios exist A DoD 2030 cyberstrategy should also hedge against an exogenous Cyber 9/11 scenario "We shouldn't wait until there is a 9/11 in the cyber world. There are things we can and should be doing right now that, if not prevent, would mitigate the extent of damage“ Similar to Jul 2014 cyber attacks on Israel where Hamas hacked or targeted: Half a million smartphones, sending texts of false chemical attacks Systems controlling vital Israeli infrastructure, including Israel Electric Co power desalination plants, traffic lights, and railroads and other transportation systems Israel's banking system, including Bank of Israel, one of the country’s largest banks Thousands of largely unprotected civilian websites via DDoS attacks Israel's Foreign Affairs and Defense Ministries, Air Force, the office of the president, the Knesset, the Israel Police, and the government's official jobs portal 6 US Terrorist Groups & Global Polarity drivers, four potential 2030 scenarios exist exogenous Cyber 9/11 scenario "We shouldn't wait until there is a 9/11 in the cyber world. There are things we can and should be doing right now that, if not prevent, would mitigate the extent of damage“ Systems controlling vital Israeli infrastructure, including Israel Electric Co power stations, water Israel's banking system, including Bank of Israel, one of the country’s largest banks Israel's Foreign Affairs and Defense Ministries, Air Force, the office of the president, the Knesset,
  • 7. 7 ACTIONS - Based on CY2030 & exogenous scenarios, below table lists recommended DoD shaping/hedging actions Type Priority Action Shaping High Establish a Cybersecurity Enforcement Coalition Shaping High Partner w/DoS to develop a Cybersecurity Code of Conduct (or Treaty) to Define Acceptable Cyber Behavior and Enforcement Responsibilities Shaping High Continue to Minimize Anti-US Terrorist Groups (in progress) Shaping High Invest and Implement Persistent Cyber Situational Awareness/Monitoring Technology Shaping Med Develop a Layered Cyber Defense Strategy to Defend National Security Data (in progress) Shaping Med Implement Public Policy Restricting Use of Anonymity Software within United States Shaping Low Implement Public Policy Requiring Minimum Cyber Protection Mechanisms for US Businesses (in progress) Shaping Low Continue Cyber Protection Education Efforts with the Public, National Security Professionals and US Companies (in progress) Hedging High Maintain Resilient and Redundant Storage of Critical National Security Data Hedging High Develop Robust Cyber Attack Capabilities Hedging High Develop and Maintain Capability to Operate in a Degraded Cyber Environment Hedging Med Implement Public Policy requiring Manual or Isolated Networked Capability of Critical National Energy Capabilities Hedging Med Create Emergency Isolation Plan and Develop Necessary Capabilities to Implement Hedging Med Partner with DoS and DHS to Build Positive US Public Opinion Behind Required US Privacy and Monitoring Policies RECOMMENDATIONS - Implement shaping and hedging actions to protect DoD’s cyber capabilities as a force multiplier - Support CISA passage within Congress - Continue DoD’s compliance actions as dictated by President’s EO 13636
  • 8. 8 END NOTES 1 “Denial of Service Attacks”. Accessed on 6 Oct 2014. http://en.wikipedia.org/wiki/Denial-of-service_attack. 2 Cisco Visual Networking Index: Global Mobile Data Traffic Forecast Update, 2013–2018. Accessed on 23 Sep 2014. http://www.cisco.com/c/en//solutions/collateral/service-provider/visual-networking-index- vni/white_paper_c11-520862.html 3 Feinstein. S.2588. Accessed on 29 Sep 2014, https://www.congress.gov/bill/113th-congress/senate-bill/2588