Transcript Slide 1
Cybersecurity o o Threats Risks Vulnerabilities 6 Environments o o o Cyber risks o o o o Competitive Environment Technological Environment Infrastructure Mobile devices Asymetrical SoMe - Social media o NCIS Tue night?? Slide 1 of 48 Cybersecurity October is cybersecurity month Slide 2 of 48 Cybersecurity October cybersecurity month Includes a section on Mobile device and smartphone security Slide 3 of 48 TRV 101 Threats Risks the chance a bad thing can happen, at all is the consequence when that bad thing is very likely to actually happen to you Vulnerabilities is the chances of success of a particular threat against some asset Slide 4 of 48 Cyber Threat trends Top 8 trends Mobile everything Data breaches Malware Usernames and passwords compromised Used to gather personal profile info Malware on mobile devices Social Media hacking Twitter accounts, Facebook pages Slide 5 of 48 Cyber Threat trends Web Server errors Government data breaches Increase in downtime Outsourcing ! Highly specific ID theft of individuals who have “high net worth” Obamacare… healthcare data hacks Slide 6 of 48 Cybersecurity What terms and situations are you familiar with already? Phishing? Domain name hacking Spear Phishing Humint and Teckint Osint !! MacKenzie Institute 2013 Oct Slide 7 of 48 Cybersecurity “regular crime” vs. “cyber crime” Big influencer is “magnitude” More damage can be done On a larger scale In a shorter period of time Slide 8 of 48 Cybersecurity “regular crime” “cyber crime” Prevention Prevention Who – where Detection Detection Reaction Intangible evidence Reaction Countermeasures and deterrence Problem of jurisdiction and enforceability Slide 9 of 48 Six groups of “clear and present danger” Deliberate acts Inadvertant acts Third parties / outsourcing A consequence of the intense Competitive Environment Slide 10 of 48 Six groups of “clear and present danger” Acts of God – weather extremes (the Geographic Environment) Hot weather in GTA 2014… Technical failures Hardware software Management failures Slide 11 of 48 Cybersecurity Deliberate acts on a large scale garner publicity and motivate politicians to react Attacks on cyber structures at the national level 1 min 25 sec MacKenzie Institute 2013 Oct Slide 12 of 48 Influencing environments Competitive Political – Legal – Regulatory (example, Naver in R.O.K.) Economic MacKenzie Institute 2013 Oct Slide 13 of 48 Influencing environments Social – cultural SoMe – Social Media Technological Geographic – weather extremes MacKenzie Institute 2013 Oct Slide 14 of 48 Competitive Environment …intensely competitive Companies are facing competition from other firms Other organizations offering the same product or service now Other organizations offering similar products or services now Other organizations offering a variation on a product or service, that you cannot Organizations that could offer the same or similar products or services in the future Organizations that could remove the need for a product or service we sell MacKenzie Institute 2013 Oct Slide 15 of 48 Competitive Environment Intense competition forces companies to do outsourcing to cut costs MacKenzie Institute 2013 Oct Slide 16 of 48 Competitive Environment - outsourcing “outsourcing the design, implementation and maintenance of ICT across all sectors to thirdparty providers, including developing countries, cloud computing and large data fusion centres, along with the use of off-theshelf commercial technologies, has increased vulnerabilities and risks.” Gendron and Rudner “Assessing Cyber Threats To Canadian Infrastructure 4th party !! MacKenzie Institute 2013 Oct Slide 17 of 48 Competitive Environment and Economic Environment Market Development more than Market Penetration Gaining market share is too hard so you concentrate on making more off each customer CRM, CLV, extending the PLC MacKenzie Institute 2013 Oct Slide 18 of 48 Environments - political Ian MacLeod Aug 14th 2013 Quoting Angela Gendron MacKenzie Institute 2013 Oct Slide 19 of 48 Background papers Written by Prof. Martin Rudner and Prof. Angela Gendron http://www.csis-scrs.gc.ca/pblctns/cdmctrch/20121001_ccsnlpprs-eng.asp MacKenzie Institute 2013 Oct Slide 20 of 48 Future Threats, Risks and Vulnerabilities - Infrastructure MacKenzie Institute 2013 Oct Risks “the industrial control systems governing the operations of utilities, from water storage and purification to nuclear power reactors, pose a growing risk to national security and Canada’s economic and societal well-being. ” Slide 21 of 48 Economic Environment Economic Environment The economics of information MacKenzie Institute 2013 Oct Slide 22 of 48 Technological Environment New inventions being created by new enterprises “Apps” Applications Materials Electronic circuitry Increasing miniaturization of components Increasing connectivity – Bluetooth and WiFi everywhere + A-GPS MacKenzie Institute 2013 Oct Slide 23 of 48 Technological Environment Magnitude of web based information is increasing at a rate which is phenomenal 1,800 Terabytes YouTube Instagram 40 secs MacKenzie Institute 2013 Oct Slide 24 of 48 The growth of the Technological Environment = T.M.I. The problem with T.M.I. is not being able to find things Technological Environment The pace of technological change Very very fast Example Cell phone cameras Most devices GPS enabled A-GPS MacKenzie Institute 2013 Oct Slide 26 of 48 Technological Environment Cell phone cameras Smartphones vs. superphones Smartphones take good pics Superphones take great video Tradecraft eclipsed by “teckint” ? MacKenzie Institute 2013 Oct Slide 27 of 48 Technological Environment Future Trends Web 2.0 Web 3.0 MacKenzie Institute 2013 Oct Slide 28 of 48 Technological Environment Future Trends Web 4.0 Marriage of human biologic capabilities with IT hardware and software MacKenzie Institute 2013 Oct Slide 29 of 48 Social – Cultural Environment Risks Household devices and appliances with IP addresses In condos and apts were there is a centrally wired structure Houses in micro-communities (gated communities or prestigious developments) where there is wired or bluetooth connectivity MacKenzie Institute 2013 Oct Slide 30 of 48 Social – Cultural Environment increasingly demanding and educated customers Demanding Educated Wikipedia Google Everyone is an expert But ppl don’t know how to discriminate MacKenzie Institute 2013 Oct Slide 31 of 48 Future Trends – Influencing Environments Political – Legal – Regulatory Environment Laws as a result of politicians responding to IT isssues Politically motivated cyber crime Challenges of cyber crime being outside the jurisdiction of a police / security agency MacKenzie Institute 2013 Oct Slide 32 of 48 Future Trends – Influencing Environments Political – Legal – Regulatory Environment The “ruling” Government is also the “policies” of the particular political party in power stay in power MacKenzie Institute 2013 Oct Suppress crime Slide 33 of 48 Future Trends – Influencing Environments Political – Legal – Regulatory Environment •National, regional, local •Surveillance technology MacKenzie Institute 2013 Oct Slide 34 of 48 Future Trends – Influencing Environments National Surveillance technology CBC News Wed Oct 9th New CSEC H.Q. in Ottawa One of the key themes is the requirement for massive amounts of CPU power Why? MacKenzie Institute 2013 Oct Slide 35 of 48 Requirements for computing power Mackenzie Institute as a word.doc file = 22 KB Mackenzie Institute as an audio file = 42 KB Mackenzie Institute as a video of someone speaking the words = 6,600 KB MacKenzie Institute 2013 Oct Slide 36 of 48 What does this mean in the context of the classical approach to Security Threat The nature of the threats are changing Who is who and where Example Internal employees also includes your outsourcing IT partners Risk Vulnerability – “who” is changing Not just computers MacKenzie Institute 2013 Oct Slide 37 of 48 Future Threats, Risks and Vulnerabilities Mobile web access Marketing and business MacKenzie Institute 2013 Oct Slide 38 of 48 Asymetric warfare MacKenzie Institute 2013 Oct Slide 39 of 48 Future Threats, Risks and Vulnerabilities Vulnerabilities Highly specific ID theft of individuals who have “high net worth” MacKenzie Institute 2013 Oct Slide 40 of 48 e 911 Trends 70% of calls to 911 in the U.S. are from mobile devices (over 50% in GTA) GPS functionality used for social media GPS, SPS, PPS Relates to marketing where people are “where” people are (victims and “bad guys”) http://www.witiger.com/ecommerce/mcommerceGPS.htm MacKenzie Institute 2013 Oct Slide 41 of 48 Smartphone security 2011 paper on smartphone security http://www.eecg.toronto.edu/ ~lie/papers/au-spsm2011.pdf Prof. David Lie Canada Research Chair in Secure and Reliable Computer Systems Dept. of Electrical and Computer Engineering University of Toronto http://www.eecg.toronto.edu /~lie/papers/au-spsm2011.pdf MacKenzie Institute 2013 Oct Slide 42 of 48 Future Trends – Influencing Environments Political – Legal – Regulatory Environment •Municipal police agencies and cyber crime MacKenzie Institute 2013 Oct Slide 43 of 48 Staff Inspector Bryce Evans Ritesh Kotak TPS http://www.torontopolice.on.ca/socialmedia/ Cyber tools to fight crime Co-operation and co-ordination MacKenzie Institute 2013 Oct Slide 45 of 48 conclusion Cybersecurity lends itself to a focus on teckint Will the solutions be mostly teckint? What role will humint play? Osint? MacKenzie Institute 2013 Oct Slide 46 of 48 Tim Richardson School of Marketing Seneca College [email protected] University of Toronto, CCIT Program, Mississauga and Dept. of Management, Scarborough [email protected] www.witiger.com http://people.senecac.on.ca/tim.richardson/powerpoints/