1 / 10

CyberPatriot: Introduction to Cyber Security 9/10/10

Joshua White Director of CyOON R&D jwhite@everisinc.com Everis Inc http://www.everisinc.com (315) 370-1535 x4015. CyberPatriot: Introduction to Cyber Security 9/10/10. 1. Agenda. What is Cyber Security? What's the Cyber Threat? What role does the US Government play?. 2.

yuri-dean
Download Presentation

CyberPatriot: Introduction to Cyber Security 9/10/10

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Joshua White Director of CyOON R&D jwhite@everisinc.com Everis Inc http://www.everisinc.com (315) 370-1535 x4015 CyberPatriot: Introduction to Cyber Security 9/10/10 1

  2. Agenda • What is Cyber Security? • What's the Cyber Threat? • What role does the US Government play? 2

  3. What is Cyber Security? • Is a branch of computer technology known as information security as applied to computers and networks • (Definitions: IT Security Architecture. SecurityArchitecture.org, Jan, 2008) • Cyber in the newest term for what used to be called Information • e.g. Information Security, Information Technology • Changing popularity in the market place means that Cyber will most likely be re-coined as something else in a few years 3

  4. What is the Cyber Threat? • Consists of the threat of attack to every level of: • Personal Data • Financial Systems • Governments • Industry • Infrastructure 4

  5. What is the Cyber Threat? (continued) • Personal Data • Theft of personal data is extremely common on the Internet • Phishing Scams convince users to give up personal data • Weak passwords allow attackers to get into accounts • Poor storage of passwords allow users to access accounts • Merchant websites are cracked and databases full of users personal information are compromised • Financial Systems • Financial Institutions are Attacked Continually • Sites such as PayPal and Bank of America report hundreds of unauthorized access attempts a day • Most financial institutions don't report to the general public when an attack is successful 5

  6. What is the Cyber Threat? (continued) • Governments • Are becoming the most highly sought-after targets of Cyber Attacks • Attacks against the US are defined as having a: • “goal is to weaken, disrupt or destroy the U.S. Their sub-goals include espionage for attack purposes, espionage for technology advancement, disruption of infrastructure to attack the US economy, full scale attack of the infrastructure when attacked by the U.S. to damage the ability of the US to continue its attacks.“ • (http://www.us-cert.gov/control_systems/csthreats.html) 6

  7. What is the Cyber Threat? (continued) • Industry • For many years industry has been the number one attacked • In 2005 the FBI reported that 90% of US Companies had suffered from some form of Cyber Attack • In 2005 Cyber Crime Reached an estimated $400 Billion a year industry • (2005, CSI/FBI Computer Security Survey) • In 2010 it is estimated that 50% of all attacks come from within • This is known as the Insider Threat • Companies Spend an average of 400$ per person per year around the world defending there systems/networks. • It's a $100 Billion+ a year Cyber Defense Industry 7

  8. What is the Cyber Threat? (continued) • Infrastructure • Most modern Infrastructure is controlled by computers known as SCADA (Supervisory Control and Acquisition of Data) • These systems are prone to the same threat of attack as any other system. • They were not made with security in mind, they were developed to simply do a task. • Some example attacks: • An insider attack, January of 2000, in Australia on a sewage treatment plant spilled 264,000 gallons of raw sewage into a river, park and hotel • In 2003, the SQL Slammer Worm infected the David-Besse Ohio Nuclear Power Plant. It disabled a safety monitoring system for 5 hours before it was stopped. If the worm had run its course it could have potentially caused an overload in the system and a reactor meltdown may have insued. • (http://www.securityfocus.com/news/6767) 8

  9. What role does the US government play? • Many Roles Including • Defense of the Nations Critical Infrastructure • Policy maker/enforcer • e.g. HIPPA, Sarbanes-Oxley, CALIA • Law maker/enforcer • e.g. Computer Fraud and Abuse act of 1986 • Funding Research • The US government funds research in Cyber Defense through Industry and Academia in the form of BAAs, SBIRs, Grants and more 9

  10. Thanks • Thanks to: • Central NY ISSA for providing time to the CyberPatriot documentation project • www.issa.org • Everis Inc. for hosting, technical support, experienced staff and more • www.everisinc.com • Griffiss Institute for providing space and support • http://www.griffissinstitute.org/ • Rome AFRL for their support of STEM • http://www.wpafb.af.mil/afrl/ri/ 10

More Related