This document summarizes a presentation on cybersecurity challenges and solutions. The presentation covered: (1) the current cybersecurity landscape and challenges such as volume of emails/data, variety of malware, and vulnerabilities in software; (2) solutions such as frequent software updates, unique passwords, caution online, and routine backups; and (3) areas needing further work like attribution of attacks, developing creative cybersecurity personnel, and securing emerging technologies like electronic flight bags. The presentation concluded by encouraging questions and announcing upcoming related webinars.

1. Welcome!

2. Today’s Agenda
• Welcome and Introductions—Bill
Gibbs, Webinar Coordinator
• Presentation—Dr. Jon Haass
• Questions and Answers
• Upcoming Webinars and Webinar Plus
Degree Briefing
Bill Gibbs
Director, Campus Outreach
Webinar Coordinator

3. Dr. Jon Haass
• Associate Professor and Program Director for Bachelor of
Science in Cyber Intelligence and Security—Prescott
• Frequent speaker at national conferences
• Two bachelor’s degrees from University of Wyoming
(Mathematics, Physics)
• Ph.D. in Mathematics from Massachusetts Institute of
Technology (MIT)
• Leader or Founder of several software development
companies including Sun Microsystems, OpenTV, and
SoftKrypt

4. Challenges and Solutions
Jon C. Haass
Cyber Intelligence and Security

5.  The Cyber Security Landscape
 Challenges Faced
 Solutions and Best Practices
 Areas of Research
 Question and Answer

6. Source: Informationisbeautiful.net – updated August 2016

9.  Is it safe to click?

10.  Is it safe to click?
 Does my SmartTV or DVR have vulnerabilities?
◦ Is it listening?
◦ Is it infected with Mirai “Bot”?

11. Is that email really from HR?
Malicious email borne attacks
Entry into critical networks
Development and Key employees
June 23, 2015 – FBI alerts ISACs of Business e-
mail Compromise attacks that are increasingly
successful, well crafted and malicious fronts
for APT (Advanced Persistent Threats)

12. Dear John,
The bank has notified us of suspicious activity
on your account. As part of the service
provided due to OPM breach, we are notifying
you. Please click to process.
Account Manager
Tel:202-767-1800
US Office of Personnel Management

13. Dear Mary,
The bank has notified us of suspicious activity
on your account. As part of the service
provided due to OPM breach, we are notifying
you. Please click to process.
Account Manager
Tel:202-767-1800
US Office of Personnel Management
https://opm.gov/cybersecurity/contact.aspx

14. July 2016

15. National Security / Intellectual Property / Safety
Financial
Services
Energy Manufacturing
NuclearWater
Transportation

16. National Security / Intellectual Property / Safety
Financial
Services
Energy Manufacturing
NuclearWater
Transportation

17. Every network can be
(is) breached
Anything on a computer
can be stolen.
General Keith Alexander (retired)
Former NSA, Cyber Command
now CEO IronNet

18. Invisible
Hard to “see” bits / bytes / network packets
We need forensic tools
and automation
and vigilance

19. Volume
205 Billion emails per day
3.5 Billion Google searches per day
Fiber speeds means
BIG DATA

20. Variety
230,000 new malware variants per day – 2015
Trojans – 51%
Test against
existing
AV - software

21. Vulnerabilities
Flaws in software
Difficult to make
error free systems
iPhone app
90,000 lines code

22. Attribution
Masquerading
Spoofing
Proxy
Rely on mistakes

23. Whack-a-Mole game
Stop one, another pops up
DoD wants to be
more pro-active
Cyber Intel.

24. It’s a $500Bn Industry
GDP of Sweden or Belgium (37)!
On the Dark Net Today
Malware as a Service
Customer support
Malware testing
Money laundering

25. Jurisdiction
Internet is Global
Can we attack back?
Arrest someone?
Fine or Jail someone?

26. Cyber Help Wanted 348,975!
NIST announces CyberSeek

27. Stop more than 95%
Update your software
Keep current anti-malware
Don’t re-use passwords (or use top million!)
Know your emails
Caution where you browse
Set security above low
Routine backups!!!

28. Stop Attacker …
Notice unusual traffic
Deny easy vulnerabilities
Authenticate software
Monitor suspicious connects
Deny access to key data

29. Everyone Matters
Most breaches from some mistake
Insider
SpearPhish
Misconfiguration
Un Patched Vulnerability

30. Risk Management
Not just an IT issue
What is important?
Cost if compromised?
Then…
What to do about it
Annual Review

31. Service Providers
can support

32. Bright ideas needed!
Students & Faculty
Wanted!!

33. Mining Threat Information
Information Sharing Organizations (ISAO)
Arizona Cyber Threat Response Alliance ACTRA
Actionable Intelligence
Ranking System
Integration
Add in Machine Learning
What’s on your network?

34. Creative, Resilient Personnel
Academic / Industry Collaboration
What is working?
What more is needed?
Streamline?
Re-training in career?
Apprentice / Co-op?

35. Security of EFB /
PED for crew and
passenger
Vulnerabilities in
aircraft systems

36. Security of EFB /
PED for crew and
passenger
Includes the new
Airport of Things
Authentication &
protect defaults

37. Future trends becoming clearer

38. Jon C. Haass
Cyber Intelligence and Security
Embry-Riddle Aeronautical University
Jon.Haass@erau.edu

39. Upcoming Webinars:
Jan. 12 Airport Construction Risk Management and Safety
Feb. 9 The Continuing Search for Amelia Earhart
Mar. 9 Cross-Cultural Project Management
Apr. 13 10 Traits Every Leader Should Have
May 11 An Introduction to Human Factors in Aviation
Jun. 22 How to Create a Career Enhancement Toolkit
webinars.erau.edu

40. Join us for a Webinar “Plus” Degree Briefing!
Thursday, Dec. 1 (two weeks from today)
2 p.m. Eastern (USA) (same time as today)
Covering:
• Bachelor of Science in Cyber Intelligence and Security
(Prescott Campus Residential Program)
• Bachelor of Science in Homeland Security
• Master of Science in Cybersecurity Management and
Policy
webinars.erau.edu