1. Cybersecurity
Overview
Courtesy of an online course by Center for Information Assurance and
Cybersecurity (CIAC), University of Washington
By Thanuja Seneviratne
2. Agenda
Cybersecurity Landscape
Cybersecurity History (1990s to Present)
Cybersecurity Basics
Cybersecurity Education
International & US Perspective
Legal Perspective (US and non-US)
Cyber Law
Threat Actors and Trends
3. Cybersecurity Landscape
Generations (western/American definition)
Privacy vs Security
Risks vs Cost assessment
Threat spectrum and Information Assurance (IA)
IA Models
6. Cybersecurity History (1990s to Present)
Pre-1990s
Mainframe Computer Security
Desktop information Security
Sneaker-net period
1990s
Information Assurance (IA)
Emergence of Cybersecurity
Sorcerer-Apprentice dilemma
7. Cybersecurity Concepts
National Institute of Standards and Technology (NIST) Framework 2014
CIAC Framework
It is not all about technology!
Revisit IA Models
9. Cybersecurity Education
Poll: What would you expect as the number one thing a person studying
Cybersecurity should learn?
Standardization
In US – NSA and NIST create standards for education
12. International & US Perspective
Estonia vs Russia cyberwar – first ever cyberwar!
DoS attack for the internet
Cyber-breach becomes an act of war?
NATO and US DoD Policies
Tallinn Cyber Warfare Manual 2.0 (2016)
DoD Cyber Strategy (2015)
NATO Cyber definitions
https://ccdcoe.org/cyber-definitions.html
DoD policy document
https://d37djvu3ytnwxt.cloudfront.net/assets/courseware/v1/8c234585bc977d858cfdac646d04
bc21/asset-
v1:UWashingtonX+CYB001x+1T2017+type@asset+block/Final_2015_DoD_CYBER_STRATEGY_for_w
eb.pdf
Cyber Defense
Active or Passive?
13. International & US Perspective
Main threats:
Damage Critical Infrastructure
Disrupting Lines of communication
Growth in Internet of Things
More info:
Films: Die Hard 4 (Live Free or Die Hard)
Documentaries: PBS Frontline “Cyberwar”
TV: Mr. Robot , CSI: Cyber
14. Legal Perspective (US and Non-US)
Complicated!
If “legal context” is the same, each sector will have different laws to complicate things
Strategies implemented for the same law in different sectors could be different and lead
to interpretations
Not enough laws in US or International level
Some laws are legacy; overlapped with other laws
Conflict with international boundaries
Laws are sector specific (healthcare, military etc)
“Black swan” events and the legal basis
2008-09 economic crash
System breaches, hacks are not Black Swan
15. Cyber Law
General Law to IT Law to Cyber Law
Time to lawyer up!
Growing cyber threats, cyber attacks with Internet boom
New wave of cyber security issues with emergence of IoT
Regulators’ dilemma
Reactive measures too costly - governments and companies need to know
IS Risk assessment – minimalist approach or maximize with a lot preventive
strategies
Organic problem solving – C-Suite, middle management, operational management
(IT), lawyers, consultants work together for better strategy
16. Threat Actors and Trends
Human error leading to malicious acts
Main motivations – need for warfare, financial gain, political gain, entertainment,
personal gain, accidental
Data breach patterns – Verizon report 2015
17. Threat Actors and Trends
Less technical skills needed now than before
Digital arms race!
Risk to critical infrastructure: power grids, nuclear power grids, transportation, gas
and oil, banking, finance (wall street)
Editor's Notes
Verizon report: https://drive.google.com/file/d/0B4VR740-MLJVUklqR2JzLWFpVVE/view
Top 9 patterns: http://www.citon.com/top-9-patterns-for-security-incidents-and-breaches/