This document summarizes a presentation on cybersecurity challenges and solutions. The presentation covered: (1) the current cybersecurity landscape and challenges such as volume of emails/data, variety of malware, and vulnerabilities in software; (2) solutions such as frequent software updates, unique passwords, caution online, and routine backups; and (3) areas needing further work like attribution of attacks, developing creative cybersecurity personnel, and securing emerging technologies like electronic flight bags. The presentation concluded by encouraging questions and announcing upcoming related webinars.
2. Today’s Agenda
• Welcome and Introductions—Bill
Gibbs, Webinar Coordinator
• Presentation—Dr. Jon Haass
• Questions and Answers
• Upcoming Webinars and Webinar Plus
Degree Briefing
Bill Gibbs
Director, Campus Outreach
Webinar Coordinator
3. Dr. Jon Haass
• Associate Professor and Program Director for Bachelor of
Science in Cyber Intelligence and Security—Prescott
• Frequent speaker at national conferences
• Two bachelor’s degrees from University of Wyoming
(Mathematics, Physics)
• Ph.D. in Mathematics from Massachusetts Institute of
Technology (MIT)
• Leader or Founder of several software development
companies including Sun Microsystems, OpenTV, and
SoftKrypt
10. Is it safe to click?
Does my SmartTV or DVR have vulnerabilities?
◦ Is it listening?
◦ Is it infected with Mirai “Bot”?
11. Is that email really from HR?
Malicious email borne attacks
Entry into critical networks
Development and Key employees
June 23, 2015 – FBI alerts ISACs of Business e-
mail Compromise attacks that are increasingly
successful, well crafted and malicious fronts
for APT (Advanced Persistent Threats)
12. Dear John,
The bank has notified us of suspicious activity
on your account. As part of the service
provided due to OPM breach, we are notifying
you. Please click to process.
Account Manager
Tel:202-767-1800
US Office of Personnel Management
13. Dear Mary,
The bank has notified us of suspicious activity
on your account. As part of the service
provided due to OPM breach, we are notifying
you. Please click to process.
Account Manager
Tel:202-767-1800
US Office of Personnel Management
https://opm.gov/cybersecurity/contact.aspx
15. National Security / Intellectual Property / Safety
Financial
Services
Energy Manufacturing
NuclearWater
Transportation
16. National Security / Intellectual Property / Safety
Financial
Services
Energy Manufacturing
NuclearWater
Transportation
17. Every network can be
(is) breached
Anything on a computer
can be stolen.
General Keith Alexander (retired)
Former NSA, Cyber Command
now CEO IronNet
18. Invisible
Hard to “see” bits / bytes / network packets
We need forensic tools
and automation
and vigilance
27. Stop more than 95%
Update your software
Keep current anti-malware
Don’t re-use passwords (or use top million!)
Know your emails
Caution where you browse
Set security above low
Routine backups!!!
28. Stop Attacker …
Notice unusual traffic
Deny easy vulnerabilities
Authenticate software
Monitor suspicious connects
Deny access to key data
33. Mining Threat Information
Information Sharing Organizations (ISAO)
Arizona Cyber Threat Response Alliance ACTRA
Actionable Intelligence
Ranking System
Integration
Add in Machine Learning
What’s on your network?
34. Creative, Resilient Personnel
Academic / Industry Collaboration
What is working?
What more is needed?
Streamline?
Re-training in career?
Apprentice / Co-op?
35. Security of EFB /
PED for crew and
passenger
Vulnerabilities in
aircraft systems
36. Security of EFB /
PED for crew and
passenger
Includes the new
Airport of Things
Authentication &
protect defaults
38. Jon C. Haass
Cyber Intelligence and Security
Embry-Riddle Aeronautical University
Jon.Haass@erau.edu
39. Upcoming Webinars:
Jan. 12 Airport Construction Risk Management and Safety
Feb. 9 The Continuing Search for Amelia Earhart
Mar. 9 Cross-Cultural Project Management
Apr. 13 10 Traits Every Leader Should Have
May 11 An Introduction to Human Factors in Aviation
Jun. 22 How to Create a Career Enhancement Toolkit
webinars.erau.edu
40. Join us for a Webinar “Plus” Degree Briefing!
Thursday, Dec. 1 (two weeks from today)
2 p.m. Eastern (USA) (same time as today)
Covering:
• Bachelor of Science in Cyber Intelligence and Security
(Prescott Campus Residential Program)
• Bachelor of Science in Homeland Security
• Master of Science in Cybersecurity Management and
Policy
webinars.erau.edu
Editor's Notes
Good day to you as you join live or listen to this recorded webinar. Thank you Bill for hosting this and spearheading this important way of reaching out to a broad community.
We have an audience here are the Prescott Campus of Embry-Riddle joining hundreds of others around the country and the globe.
At the Prescott campus we started the nations first College of Security and Intelligence housing both the Cyber Intelligence Program as well as the flagship Global Security and Intelligence Studies (GSIS) bachelor and masters programs. With over 500 graduates around the world, we can boast or representation at government agencies and corporations of all types.
Landscape – What is the environment we are facing
Why is this so challenging to solve
How are companies, agencies and individuals to deal with these challenges
What are the research areas that hold promise for the future
We will leave time at the end for some questions from the audience
We read about some new even almost daily. A common theme is some large number of records stolen or posted on some internet site. Sometimes we don’t hear of until much later such as Yahoo! User accounts and password loss.
This chart is just a snapshot from an interactive website that allows the user to consider different views of a fraction of the breaches reported publicly in the past 8 years. We see that the pace has increased and the reason is increasingly the result of hackers. We have moved to improve the likelihood due to simple mistakes.
Notice Target, Home Depot and JP Morgan recede into the past!
Breach of companies can threaten intellectual property, personally identifiable information, financial data and other critical data.
We read about attacks almost every day, This is an equal opportunity problem. We know attackers come in many types from criminals to terrorists to nation – states.
IP
PII
PCI
The aviation industry and the government have not been spared. And it is not surprising during this election season that even voting and public trust were brought into question.
We will see that Cyber Security includes – Business Continuity, Disaster Recovery – Items as mundane as backups and redundant systems - Delta Airlines, United and Southwest
IP
PII
PCI
As a user, it can be bewildering to understand let alone protect against the possibilities. We like the latest gadgetry (some of us) and expect security concerns to be addressed.
But companies race to market with cyber security not nearly as high on the list as functionality and time to market.
Recently we see millions of devices attacking using home devices to bring down Twitter and the entire country of Liberia for a period of time by sending enormous traffic from IoT devices including web cameras, digital video recorders and home routers.
https://www.flashpoint-intel.com/mirai-botnet-linked-dyn-dns-ddos-attacks/
Samsung.com/uk/info/privacy-SmartTV.html
If the EFB can be used for both personal and work applications = how is it secured?
Email attacks is one of the leading methods for penetrating a network since the external barriers are getting more and more difficult to penetrate.
Why not ask for the door to be opened rather than picking the lock or breaking in.
SpearPhishing is the electronic equivalent of inviting the perpetrator in.
Hovering over link does in fact show an https://OPM.gov/breach_security/contact.aspx link. However with clever code, it actually takes to a site that immediately attempts to install ransomware, making access to critical files now impossible.
This is part of “Locky” threat actor program that is finding hospitals a lucrative target, willing to pay to get back on-line.
Hovering over link does in fact show an https://OPM.gov/breach_security/contact.aspx link. However with clever code, it actually takes to a site that immediately attempts to install ransomware, making access to critical files now impossible.
This is part of “Locky” threat actor program that is finding hospitals a lucrative target, willing to pay to get back on-line.
What is the board representation for Cyber Security in your organization?
Do you have the advice of an expert with business and cyber guidance?
Are you getting the information you need when something occurs?
16 Critical infrastructure sectors have been identified as a core area to protect and most of it is under the control of private industry.
16 Critical infrastructure sectors have been identified as a core area to protect and most of it is under the control of private industry.
February 2016 – a 3 year probe able to conclude sophisticated attack had ties to Russia and coordinated with physical force imposed in region.
His replacement Admiral Rogers has stated – It is a matter of when not if a nation-state will attack our critical infrastructure, we will need to be prepared with a response.
Is your organization prepared for an attack on your critical infrastructure – power, financials, IP, design plans …
Will the Military consider an attack upon our infrastructure as an act of war?
Are we already engaged in the next Cyber Cold War? – With Russia, China and others?
Compare this with physical theft. We see the truck rolling up to the warehouse stealing goods off the dock.
We see the result of the empty space on the wall where they large screen TV used to be
How do we notice the copying of documents or databases?
2015 statistic from Radicati group www.radicati.com/.../Email-Statistics-Report-2015-2019
Google statistics - www.internetlivestats.com/google-search-statistics/
27% of all recorded malware appeared in 2015 – Panda Labs
Graphic describes the millions of lines of code for systems we know.
http://www.informationisbeautiful.net/visualizations/million-lines-of-code/
High end cars include many systems and pieces of software!
MITRE has database of common vulnerabilities –
Shodan site lists vulnerabilities and exploits as well.
Of course adversaries don’t use commercial anonymous servers but solutions like TOR – The Onion Router or they write their own network hiding solutions. This can include using machines that have been infected and acting unknowingly as relays across the internet.
How to defend rather than just responding to the latest incident by sending a team to investigate and “clean up the mess”.
How are they getting in? Who are they? Can we identify their Tactics, Techniques and Practices (TTP)?
https://defensesystems.com/articles/2016/04/21/dod-joint-forces-hq-network-defense.aspx
http://www.eejournal.com/archives/articles/20161027-cyberwarfare/
This is the economy of the 37th largest economy in the world
Larger than Venezuela or Singapore or Austria …
And it is expected to quadruple again in 4 years time
https://en.wikipedia.org/wiki/List_of_countries_by_GDP_(PPP)
https://www.interpol.int/Crime-areas/Cybercrime/Cybercrime
The US FBI has warrants for the arrest of 5 Chinese nationals
Head of Interpol is now a Chinese Security person
China just passed cyber security laws – not really addressing crime
Attackers are LAZY - Most attackers use old and known vulnerabilities. They hope you have not installed the fix. After all a tried and trusted exploit even if it is several years old will find some that are lagging behind.
Anti-malware is constantly updating to protect against the known threats. There are at any time very few totally new – Zero Day – exploits. They are expensive and usually require extra skill.
So many breaches so attackers now have the list of the top million passwords. A modern computer can test quickly against that list. Only need one entry point in the network to get “inside”.
You can setup so that only the email senders you know will get in. Of course you have to check when someone new shows up.
Browsing as we have seen can produce results not expected. Even the most cautious may fall into a trap. Respond quickly, seek assistance to reduce the severity of the threat.
All the popular systems allow you to set the default security.
2013 NIST was asked to create a standard that could be used to help companies and industries grapple with cyber security.
The first version was released in 2014 and now companies are being asked to map their process to this model.
It includes guidance from ISO 27000 series and many large companies have already made progress.
Others are still catching up with the Best Practice – an evolving set of guidelines
2013 NIST was asked to create a standard that could be used to help companies and industries grapple with cyber security.
The first version was released in 2014 and now companies are being asked to map their process to this model.
It includes guidance from ISO 27000 series and many large companies have already made progress.
Others are still catching up with the Best Practice – an evolving set of guidelines
Brilliant –
As a young person enthused, “Just think of all the things that are possible”
And it is true. We will see many ideas and some of them will work and some will be mere fads – like smart forks!
Few areas though are as mission critical as the safety and security of our aircraft as we transport people, property from place to place.
Together with the FAA – we are looking at the issues, threats and best practice solutions for developers and manufacturers.
Some of it will include cyber hygiene training for crew and staff
All of these elements together point to an increasingly connected and interacting network of services, devices, sensors
At Airports on Aircraft and on the ground.
Innovation will continue and new tools are needed to allow developers to create with security included from the start.
If we keep our eyes open, we can be prepared for the future.
And with an open and team approach, what we don’t know will be discovered before it is an expensive surprise.
The future is bright … thank you for inviting me today.
Can someone today take over a plane from on-board or the ground and take control of the plane?
Although there is no indication that it is possible today, the increased use of technology such as EFB particularly Class 3 that can interact with the on-board avionics have the potential for new attacks that could be of concern.
Similarly the full scope of the 2-way communications utilising ADSB are not understood.
Research is needed to remain vigilant.