A presentation on the state of cyber security, current threats and opportunities at the national level.
An overview of current readiness analysis for countries, along-with a recommended strategic approach to developing capabilities and partnerships locally, regionally, and globally.
1. CYBER STATE
Threats, Opportunities and the Future of Cyber Strategy at a National Level
Presented for:
the Organization of American States
Caribbean Telecommunications Union
9th Ministerial Strategic Seminar (Cyber Security)
Thursday, December 8, 11
2. Iftach Ian Amit
VP Consulting at Security-Art
16 years in the Security Industry
Cyber Defense at the Israeli Air-Force
Founding member - the Penetration Testing Execution Standard
SME for NATO’s Cyber Commons Strategy 2011 (CCD-COE)
Thursday, December 8, 11
3. Agenda
Review of the current state of Cyber Threats at a national level
Linking criminal efforts to state interests
National readiness - where are we?
Creating Cyber Capabilities - the right way
eGovernance
Partnerships
Public-Private
Thursday, December 8, 11
4. Cyber Threats
Locality
Global
Regional
Local
Thursday, December 8, 11
5. Cyber Threats
Locality Threat Communities
Global Criminals
Regional Hacktivists
Local Terrorists
Thursday, December 8, 11
6. Cyber Threats
Locality Threat Communities Approach Vectors
Global Criminals Public
Internet
Regional Hacktivists Communication
Infrastructure
Local Terrorists Private
Networks
Thursday, December 8, 11
7. Cyber Threats
Locality Threat Communities Approach Vectors
Global Criminals Public
Internet
Regional Hacktivists Communication
Infrastructure
Local Terrorists Private
Networks
Thursday, December 8, 11
8. Cyber Threats
Locality Threat Communities Approach Vectors Assets
Global Criminals Public
Internet
$
Public
Regional Hacktivists Communication
Opinion
Infrastructure
Private Critical
Local Terrorists
Networks Infrastructure
Thursday, December 8, 11
9. Cyber Threats
Locality Threat Communities Approach Vectors Assets
Global Criminals Public
Internet
$
Public
Regional Hacktivists Communication
Opinion
Infrastructure
Private Critical
Local Terrorists
Networks Infrastructure
Thursday, December 8, 11
10. Quick Summary:
Crime and War are
NOT FAIR
Deal with it!
Thursday, December 8, 11
12. A-Symmetrical conflict
Crime enterprises are operating like global businesses
Legislation is behind ==> more freedom to run fraud
Law enforcement success is only at the low-end (small fish)
Defensive mechanisms focus on post-infection
Thursday, December 8, 11
17. Cyber Terrorists
Much more disperse
Local
Regional
International
Focus on recruiting
Both physical actions, as well as Cyber actions
Thursday, December 8, 11
24. Russian
Crime
Government
ESTDomains ESTDom RBN
Atrivo
McColo UkrTeleGroup
HostFresh
13
Thursday, December 8, 11
25. Russian
Crime
Government
ESTDomains ESTDom RBN
Atrivo
McColo UkrTeleGroup
HostFresh
Hosted by
13
Thursday, December 8, 11
26. Russian
Crime
Government
ESTDomains ESTDom RBN
Atrivo
McColo UkrTeleGroup
HostFresh
Hosted by
Customer
13
Thursday, December 8, 11
27. Russian
Crime
Government
ESTDomains ESTDom RBN
Atrivo
McColo UkrTeleGroup
HostFresh
Hosted by
Customer
Network provider
13
Thursday, December 8, 11
28. Russian
Crime
Government
ESTDomains ESTDom RBN
Atrivo
McColo UkrTeleGroup
HostFresh
Hosted by
Customer
Network provider
13
Thursday, December 8, 11
29. National Readiness?
More focus on eGovernance
Financial systems are still exposed
Critical Infrastructure is behind a “feel good” solution
Capability building is lacking a strategic goal!
Lack of Intelligence and correlation of data
Thursday, December 8, 11
30. eGovernance
Developing outreach is great, efficient and transparent
Remember to THREAT MODEL when providing services
Threat communities may surprise you (examples: Mexico,
Colombia, Russia, South Korea)
Thursday, December 8, 11
31. eGovernance
Developing outreach is great, efficient and transparent
Remember to THREAT MODEL when providing services
Threat communities may surprise you (examples: Mexico,
Colombia, Russia, South Korea)
Thursday, December 8, 11
32. eGovernance
Developing outreach is great, efficient and transparent
Remember to THREAT MODEL when providing services
Threat communities may surprise you (examples: Mexico,
Colombia, Russia, South Korea)
Thursday, December 8, 11
33. eGovernance
Developing outreach is great, efficient and transparent
Remember to THREAT MODEL when providing services
Threat communities may surprise you (examples: Mexico,
Colombia, Russia, South Korea)
Thursday, December 8, 11
34. Public-Private Partnerships
You don’t own the Internet
A lot of critical infrastructure and communication is privately
owned or privately operated.
Symbiotic relationships are a MUST! (See US CyberStorm III)
Advantage (state): Access to more raw information, early warning
Advantage (private sector): More accessibility, broadening threat
community detection and intelligence (readiness)
Thursday, December 8, 11
35. Global Partnerships
Model after the CERT community
Global intelligence on threat communities
Early warning
Sample sharing
Proactive defense and incident handling
Helps to bypass legal/political issues
Thursday, December 8, 11
36. Strategic Approach
Start from the basics
No - advanced offensive capabilities come LAST!
Build an intelligence and correlation infrastructure
Early warning, feeds from multiple sources (open and closed)
Remember social media!
Defense is not a reactive practice. Push forward, place yourself in
“enemy” territory
Thursday, December 8, 11
37. Strategic Approach
Offensive capability building
Coupled with the defensive requirements
Focused on what is needed - not what everyone else is using...
Working alone == FAIL. Establish partnerships, work on
international legislation on crime/war treaties
NATO article 5 for the cyber commons?
Thursday, December 8, 11
38. Questions?
Thank you!
Iftach Ian Amit
VP Consulting, Security-Art
iamit@iamit.org
www.iamit.org/blog
Thursday, December 8, 11