1. how to think clearly
about (cyber) security
@alecmuffett
www.alecmuffett.com
green lane security
www.greenlanesecurity.com
v2.0
@alecmuffett www.greenlanesecurity.com
2. how to think clearly about
security
@alecmuffett www.greenlanesecurity.com
3. how to think clearly about
cybersecurity
@alecmuffett www.greenlanesecurity.com
7. 1
there is a word cybersecurity
@alecmuffett www.greenlanesecurity.com
8. 2
this word is both a metaphor
and a model for thinking about
the challenges of information
and network security
@alecmuffett www.greenlanesecurity.com
9. 3
this model, with perhaps one exception,
is unsuited to describe the challenges of
information and network security
@alecmuffett www.greenlanesecurity.com
10. 4
this model has been adopted by
state actors as key to discussion
and/or strategic consideration
of information and network security
@alecmuffett www.greenlanesecurity.com
11. 5
strategy based upon this model
tends to be misconceived, expensive,
and of an illiberal nature
@alecmuffett www.greenlanesecurity.com
12. 6
unless diluted with other perspectives,
this model is a lever for
increased state control of
information and network security
that will harm the evolution of the field
@alecmuffett www.greenlanesecurity.com
72. theft in realspace
• if I steal your phone
• you no longer have it
• it is gone
@alecmuffett www.greenlanesecurity.com
73. theft in cyberspace
• if I steal your data
• you still have it
• unless I also destroy your copies
• assuming you haven’t backed-up your data
• you no longer have secrecy
• not the same as “loss”
@alecmuffett www.greenlanesecurity.com
74. later debate:
is intellectual property theft
actually theft (ie: crime) ...
@alecmuffett www.greenlanesecurity.com
75. ... or is it like copyright infringement
and/or patent infringement
(ie: typically a tort)?
@alecmuffett www.greenlanesecurity.com
76. (ask a lawyer. pay him.)
@alecmuffett www.greenlanesecurity.com
87. On Twitter
everyone is precisely the same size
0 = no twitter account
1 = twitter account
@alecmuffett www.greenlanesecurity.com
88. On Twitter
everyone has equal capability
tweet, or not-tweet, that is the question
@alecmuffett www.greenlanesecurity.com
89. On Twitter
some have much greater reach
which is not the same thing as size*
* especially not “size of Wales”
@alecmuffett www.greenlanesecurity.com
92. graph theory →
euclidean geometry →
twitter
@alecmuffett www.greenlanesecurity.com
93. a node/vertex/twitterer is a point
- ie: of zero dimension -
hence all twitterers are the same size
@alecmuffett www.greenlanesecurity.com
94. a line/edge/follow is that
which joins two nodes/twitterers
@alecmuffett www.greenlanesecurity.com
95. the degree of a twitterer
is the number of followers,
the number of people with whom
you communicate
@alecmuffett www.greenlanesecurity.com
96. the only metrics on twitter
• volume
• number of tweets
• indegree
• number of followers
• outdegree
• number of people you follow
@alecmuffett www.greenlanesecurity.com
97. so which of these three metrics
should trigger state regulation
of your twitterfeed?
@alecmuffett www.greenlanesecurity.com
112. http://www.cpni.gov.uk/threats/cyber-threats/
Cyberspace lies at the heart of modern society; it impacts our personal
lives, our businesses and our essential services. Cyber security embraces
both the public and the private sector and spans a broad range of issues
related to national security, whether through terrorism, crime or industrial
espionage.
E-crime, or cyber-crime, whether relating to theft, hacking or denial of
service to vital systems, has become a fact of life. The risk of industrial
cyber espionage, in which one company makes active attacks on
another, through cyberspace, to acquire high value information is also
very real.
Cyber terrorism presents challenges for the future. We have to be
prepared for terrorists seeking to take advantage of our increasing
internet dependency to attack or disable key systems.
@alecmuffett www.greenlanesecurity.com
113. posit:
internet → communications
@alecmuffett www.greenlanesecurity.com
115. http://dropsafe.crypticide.com/article/4933
Telephoneworld lies at the heart of modern society; it impacts our
personal lives, our businesses and our essential services. Phone security
embraces both the public and the private sector and spans a broad range
of issues related to national security, whether through terrorism, crime or
industrial espionage.
E-crime, or phone-crime, whether relating to theft, hacking or denial of
service to vital systems, has become a fact of life. The risk of industrial
phone espionage, in which one company makes active attacks on
another, through Telephoneworld, to acquire high value information is
also very real.
Phone terrorism presents challenges for the future. We have to be
prepared for terrorists seeking to take advantage of our increasing
communications dependency to attack or disable key systems.
@alecmuffett www.greenlanesecurity.com
116. The UK must control master
Telephoneworld! Cyberspace!
the Internet!
@alecmuffett www.greenlanesecurity.com
117. If cyberspace is communication...
@alecmuffett www.greenlanesecurity.com
118. to control communication:
• you must define it
• ...and/or...
• you must inhibit it
@alecmuffett www.greenlanesecurity.com
119. to define communication
• propaganda
• a bad word in government lingo
• also marketing & public relations
@alecmuffett www.greenlanesecurity.com
120. to inhibit communication
• censorship
• likewise a bad word
@alecmuffett www.greenlanesecurity.com
121. it’s safest for government to pretend
that cyberspace is a space
filled with bad people
@alecmuffett www.greenlanesecurity.com
127. to achieve mastery
the internet must be widely perceived
as a space which can be policed,
as a battleground in which war
may be prosecuted...
@alecmuffett www.greenlanesecurity.com
128. ...but (first) what are its boundaries?
@alecmuffett www.greenlanesecurity.com
129. “Where are the boundaries of
British (etc) Cyberspace?”
@alecmuffett www.greenlanesecurity.com
130. depends on what you mean by:
“Boundary”
“British”
@alecmuffett www.greenlanesecurity.com
131. is British Cyberspace the union of
every Briton’s ability to communicate?
@alecmuffett www.greenlanesecurity.com
132. ...then Stephen Fry is very large indeed.
@alecmuffett www.greenlanesecurity.com
133. is cyberspace the boundary of storage
of every and all Britons’ data?
@alecmuffett www.greenlanesecurity.com
134. ...then British Cyberspace extends into
GMail and Facebook servers in the USA.
@alecmuffett www.greenlanesecurity.com
135. is British Cyberspace the sum over
digital/cyberactivities of all Britons?
@alecmuffett www.greenlanesecurity.com
136. ...then the state seeks to limit
legal (or, currently non-criminal)
activities and reduce liberties
of only its citizenry
@alecmuffett www.greenlanesecurity.com
137. Government is curiously unwilling
to clarify the matter of boundaries.
@alecmuffett www.greenlanesecurity.com
140. http://goo.gl/MXCsG - computerworld
The cost of cybercrime to the global
economy is estimated at $1 trillion
[US General Keith] Alexander stated and
malware is being introduced at a rate of
55,000 pieces per day,
or one per second.
@alecmuffett www.greenlanesecurity.com
141. http://goo.gl/nGPvW - computerworld
The annual cost of cybercrime is about
$388 billion, including money and time
lost, said Brian Tillett, chief security
strategist at Symantec. That’s about $100
billion more than the global black market
trade in heroin, cocaine and marijuana
combined, he said.
@alecmuffett www.greenlanesecurity.com
143. http://goo.gl/qrmDn - detica
Cabinet Office
“In our most-likely scenario, we estimate
the cost of cyber crime to the UK to be
£27bn per annum”
@alecmuffett www.greenlanesecurity.com
144. http://goo.gl/eQcVS - itpro
ITpro
Cyber criminals will cost the UK economy
an estimated £1.9 billion in 2011,
according to a Symantec report.
@alecmuffett www.greenlanesecurity.com
149. http://goo.gl/vKk3S - detica
The theft of Intellectual Property (IP) from business,
which has the greatest economic impact of any type of
cyber crime is estimated to be £9.2bn per annum. p18
@alecmuffett www.greenlanesecurity.com
150. This gave an overall figure for fiscal fraud by
cyber criminals of £2.2bn. p19
@alecmuffett www.greenlanesecurity.com
151. Our total estimate for industrial espionage
is £7.6bn p20
@alecmuffett www.greenlanesecurity.com
152. Overall, we estimate the most likely impact
[of online theft is] £1.3bn per annum, with the best
and worst case estimates £1.0bn and
£2.7bn respectively. p21
@alecmuffett www.greenlanesecurity.com
156. “The proportion of IP actually stolen
cannot at present be measured with any
degree of confidence” p16
@alecmuffett www.greenlanesecurity.com
157. “It is very hard to determine
what proportion of industrial espionage
is due to cyber crime” p16
@alecmuffett www.greenlanesecurity.com
158. “Our assessments are necessarily based
on assumptions and informed judgements
rather than specific examples of
cybercrime, or from data of a classified
or commercially sensitive origin” p5
@alecmuffett www.greenlanesecurity.com
159. also, do you remember...
@alecmuffett www.greenlanesecurity.com
160. US: “malware is being introduced
at a rate of 55,000 pieces per day”
@alecmuffett www.greenlanesecurity.com
161. The UK version is...
@alecmuffett www.greenlanesecurity.com
162. http://goo.gl/YwjT0
You just have to look at some of the figures, in
fact over 50%, just about 51% of the malicious
software threats that have been ever identified,
were identified in 2009.
Theresa May, Today Programme, Oct 2010
@alecmuffett www.greenlanesecurity.com
163. http://goo.gl/vK331
Symantec
“Global Internet
Security Threat Report
- Trends for 2009”
@alecmuffett www.greenlanesecurity.com
164. In 2009, Symantec created 2,895,802 new malicious code
signatures (figure 10). This is a 71 percent increase over
2008, when 1,691,323 new malicious code signatures were
added. Although the percentage increase in signatures added
is less than the 139 percent increase from 2007 to 2008, the
overall number of malicious code signatures by the end of
2009 grew to 5,724,106. This means that of all the
malicious code signatures created by Symantec, 51
percent of that total was created in 2009. This is slightly
less than 2008, when approximately 60 percent of all
signatures at the time were created.
@alecmuffett www.greenlanesecurity.com
165. “code signatures” up 51%
therefore “malware” up 51% ?
@alecmuffett www.greenlanesecurity.com
166. it doesn’t work like that.
@alecmuffett www.greenlanesecurity.com
170. Malware Reaches Record Numbers
Malicious code, in its seemingly infinite forms and ever expanding targets, is the largest
threat that McAfee Labs combats daily. We have seen its functionality increase every
year. We have seen its sophistication increase every year. We have seen the platforms
it targets evolve every year with increasingly clever ways of stealing data. In 2010
McAfee Labs identified more than 20 million new pieces of malware.
Stop. We’ll repeat that figure.
More than 20 million new pieces of malware appearing last year means that we
identify nearly 55,000 malware threats every day. That figure is up from 2009. That
figure is up from 2008. That figure is way up from 2007. Of the almost 55 million
pieces of malware McAfee Labs has identified and protected
against, 36 percent of it was written in 2010!
@alecmuffett www.greenlanesecurity.com
171. politicians & generals are using
glossy marketing reports
to bolster strategy?
@alecmuffett www.greenlanesecurity.com
176. “...but the US is spending
$9bn* on cybersecurity;
are we spending enough?”
- Audience Member,
BCS Meeting Cyber Challenges of 2012
* Actually closer to $11bn
@alecmuffett www.greenlanesecurity.com
177. Of the £640m
9% (£58m) goes to cybercrime
65% (£416m) goes to
operational capabilities
@alecmuffett www.greenlanesecurity.com
178. do the proportions reflect
the perceived threats?
@alecmuffett www.greenlanesecurity.com
179. 6
harmful to evolution of network security
@alecmuffett www.greenlanesecurity.com
180. there is clearly some reality
to cybersecurity
@alecmuffett www.greenlanesecurity.com
189. Maybe-CNI Events
• 2007: Estonia
• no banks, services, food
• 2009: Russia/Ukraine Gas
• people freezing
@alecmuffett www.greenlanesecurity.com
190. Non-CNI Events
• 2011: Aurora/GMail
• espionage
• who died?
• what service was lost?
• where did a bomb go off?
@alecmuffett www.greenlanesecurity.com
191. Nonetheless there is clearly
some risk of being blindsided
@alecmuffett www.greenlanesecurity.com
198. You might ask:
where’s the harm in overall
cyberspace/security philosophy?
@alecmuffett www.greenlanesecurity.com
199. If not to the exclusion of all others?
@alecmuffett www.greenlanesecurity.com
200. 1) expansion of the state
@alecmuffett www.greenlanesecurity.com
201. What’s a politician more likely
to tell the public?
1) “you’re on your own”
2) “we’re sorting it out for you”
@alecmuffett www.greenlanesecurity.com
202. Who is better to be responsible
for a family’s cybersecurity?
1) the family members
2) state cyber-police
@alecmuffett www.greenlanesecurity.com
203. 2) interference in evolution/education
@alecmuffett www.greenlanesecurity.com
204. karmic cycle
• technologies change
• people complain
• problems arise
• people complain
• problems get fixed
• people complain
@alecmuffett www.greenlanesecurity.com