1 / 12

“You’re already in a Cyberwar … You just don’t realize it yet”

“You’re already in a Cyberwar … You just don’t realize it yet”. Network Centric Operations Industry Consortium. Cybersecurity: Between The Sword and the Shield. Mr. Victor Meyer Global Head, Corporate Security and Business Continuity Deutsche Bank.

earlene
Download Presentation

“You’re already in a Cyberwar … You just don’t realize it yet”

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. “You’re already in a Cyberwar … You just don’t realize it yet” Network Centric Operations Industry Consortium Cybersecurity: Between The Swordand the Shield Mr. Victor MeyerGlobal Head, Corporate Security and Business Continuity Deutsche Bank John OsterholzVice President, Advanced Network Systems BAE Systems Information SolutionsNCOIC Technical Council Chair Approved for Public Release NCOIC-NCW09-Cyber-JLO20081218

  2. Precis - • Conducting business in Cyberspace represents an essential and durable component of modern society • Military and civilian network exploitations by a variety of actors have dramaticallyincreased in scale and frequency post Y2K • National authorities and alliances are just now undertaking significant policy, programmatic and operational actions • The defense of Cyberspace has begunto take on international urgency as critical infrastructures have been successfully attacked The implications for mission critical operations are profound and ominous

  3. The Nature Of Our World “Our information infrastructure — including the internet, telecommunications networks,computer systems, and embedded processors and controllers in critical industries — increasingly is beingtargeted for exploitation and potentially for disruption or destruction, by a growing array of state and non-state adversaries.” DNI ANNUAL THREAT ASSESSMENT SENATE SELECT COMMITTTEE ON INTELLIGENCE Feb 5, 2008

  4. Attack And Defense – The Strategic Asymmetry “.com” rules • 1999-2000: Emergent Y2K Infrastructure remediation • 2001: Network Centric Operations comes of age - spurred by 9/11 • 2002: Responsibility to share data becomes a National mantra • 2004 – 2008: Network exploitations are seen to increase dramatically • 2008: Comprehensive National Cybersecurity Initiative (CNCI) established “.gov” rules

  5. Coordinated Warfare Botnets - DDS Websites "Stop all war. Consintrate [sic] on your problems. Nothing was damaged, but we are not telling how we got in." “This may well turn out to be a watershed in terms of widespread awareness of the vulnerability of modern society,” “… Russian tanks rolled into the country's territory, in what experts said Wednesday was an ominous sign that cyber-attacks might foreshadow future armed conflicts.” Hong Kong Daner Duo 2006 Principal DASD for Networks and Information Integration2007 Moscow Times2008 Network Exploitations -What Our Adversaries Have Demonstrated Kosovo… Estonia … Georgia Adversaries are capable of mid-range and high-end coordinated operations incorporating mature, close in collection; network reconnaissance; exfiltration or manipulation of mission critical data; and access, capacity or service denial in coordination with a broader operations plan Nations are responding in various ways to this threat

  6. Cooperative Cyber DefenseAnd Security Melissa HathawayDirector U.S. Joint Interagency Cybersecurity Task ForceOffice Of The Director National Intelligence “Internationally, we should look toward invigorating our traditional alliances and create new ones that share the responsibility for securing cyberspace and enhancing our global competitiveness” Integrating Policies, Programs and Operations –Is The Next Frontier

  7. ACooperativeApproach Key NATO Cyber DefenseOperational Challenges Source: NATO-ACT ID ’09 Brussels, Belgium 1 October 2008 • “Dynamic Situational Awareness” • “Degraded Operations” • “Cyber Defense Information Sharing” "In the very near future many conflicts will not take place just on the open field of battle, but rather in spaces on the Internet, fought with the aid of information soldiers” Nikolai Kuryanovich, former member of the Russian Duma

  8. Setback Provides An Element Of Physical Security Is there an analogous security concept for protecting critical data, applications and systems in cyberspace?

  9. Cybersecurity Setback –What Might It Look Like? • Barrier strength (e.g., mph; psi) • Distance (e.g., 100-400 ft from threat) • Implemented w/in a chain of command DomainEnterprise Focus Metric PhysicalSetback Extend And IntegrateTightly CyberSetback • Knowledge (e.g., attack vector) • Time (e.g., propagation across different networks) • High order automation Extend AndFederateDynamically A Cybersecurity setback must operate in run time

  10. Cybersecurity Setback Key Technologies and PracticesNeeded For Cybersecurity Setback Operational Challenge: Dynamic Situational Awareness Operational Challenge: Degraded Operations Operational Challenge: Cyber Defense Information Sharing • Systems (security) monitoring • Standardized logging • Visualizing cyberspace • Risk Management • Resilient Architecture • Policy based network management • End point detection and protection • Dynamic Incident Containment • Operational Continuity • Diversity As A Strategic Countermeasure • Federated and Interoperable Identity Management • Policy Based Network Management • End point Detection And Protection In 2009, the NCOIC will develop a cybersecurity information sharing pattern for industry – government

  11. Leave Behind - • The Cybersecurity implications for network enabledoperations are profound for nations, their populationsand increasingly global business • A Cybersecurity Setback is anenterprise security concept that responds to multiple requirements for secure operations in cyberspace • The NCOIC will produce the Cybersecurity Information Sharing Pattern for implementation across multiple networks as a government –industry collaboration

  12. www.ncoic.org

More Related