1 / 11

Cyber, A Militarized Domain: What is Means to Texas

Cyber, A Militarized Domain: What is Means to Texas. DuWayne Aikins Information Security Forum May 21, 2015. Objective. Demystify the Cyber Realm so that we can understand it and then do something about it. The threat l andscape. A closer look at China. L essons l earned.

bmcconnell
Download Presentation

Cyber, A Militarized Domain: What is Means to Texas

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Cyber, A Militarized Domain:What is Means to Texas DuWayneAikins Information Security Forum May 21, 2015

  2. Objective Demystify the Cyber Realm so that we can understand itand then do something about it. • The threat landscape • A closer look at China • Lessons learned

  3. Threat landscape new pieces of malwareare discovered... of malicious hacks are for financial gain. of fortune 500 companies have admitted they've been hacked

  4. Threat landscape • Internet of things • Using internet enabled devices to operate our world. • Shift from using the internet to communicate. • With 40 billion new devices connecting to the internet in the next 5 years, devices will be communicating with themselves. • Allows hackers to penetrate further into our lives.

  5. Threat landscape • Cyberspace, a Military Zone? • 100 governments have created military units to fight and win cyber wars • STUXNET • Computer worm designed to attack programmable logic controllers • Reportedly ruined almost one-fifth of Iran's nuclear centrifuges • WIPER: Two destructive threads • Overwrites data • Interrupts execution processes

  6. NSA Director: China can damage US power grid • China along with ‘one or two’ other countries had the capability to successfully launch a cyber attack that could shut down the electric grid in parts of the United States. • U.S. adversaries are performing electronic ‘reconnaissance,’ on a regular basis so that they can be in a position to attack the industrial control systems that run everything from chemical facilities to water treatment plants. • —November 20, 2014 – Admiral Michael Rogers, Director National Security Agency (NSA)

  7. People’s Liberation Army, Unit 61398 May 2014: U.S. Justice Department indicted five members of the People’s Liberation Army (PLA) General Staff Department (GSD), Unit 61398 This unit was "assigned" to deploy a widespread spear-phishing (or "spearfishing") campaign to allegedly hack into leading US companies Unit 61398 requires its personnel to be trained in computer security and computer network operations and also requires its personnel to be proficient in the English language

  8. People’s Liberation Army, Unit 61398 Unit 61398 is partially situated on Datong Road (大同路) in Gaoqiaozhen (高桥镇), which is located in the Pudong New Area (浦东新区) of Shanghai (上海). The central building in this compound is a 130,663 square foot facility that is 12 stories high and was built in early 2007.

  9. People’s Liberation Army, Unit 61398 • Since 2006, Mandiant has observed Unit 61398 compromise 141companiesspanning 20 major industries. • Unit 61398 maintained access to victim networks for an average of 356 days. The longest time period Unit 61398 maintained access to a victim’s network was 1,764 days, or four years and ten months. • Of the 141 APT1 victims, 87% of them are headquartered in countries where English is the native language. • The industries APT1 targets match industries that China has identified as strategic to their growth, including four of the seven strategic emerging industries that China identified in its 12th Five Year Plan. • WHAT DOES THIS INFER?

  10. PLA GSD third department • Located in Xianghongxi community in the western hills of Beijing‘s Haidian District. • Manages a vast communications intercept infrastructure and cyber surveillance system. • Targets foreign diplomatic communications, military activity, economic entities, public education institutions, and individualsof interest. • Responsible for PLA Computer Network Defense (CND).

  11. Lessons learned • Traditional Detection and Incident Response Methods are Proving Ineffective • Organizations cannot stop every attack • What have we learned from 9/11? • What do examples like Target, Home Depot, and Ferguson MO teach us? • Must be able to maneuver through the attacks • We are now operating in a Military Domain • Texas Is and Will be a target, must change the Culture of Blame • Network Defense is Two-Fold: • First line of Defense is focused on Deterrence • Second line of Defense is focused on Incident Response • Change from Remediation to Investigation • Who, What, When, Where, and WHY?

More Related