320 likes | 359 Views
CYBER TERRORISM THREATS, ACTIONS AND OPPORTUNITIES. JERRY M. STRIPLIN Confidential and May Not be used without permission 1 609 234 5555. PRESENTATION OBJECTIVES PROVIDE AN OVERVIEW OF E-TERRORISM POSITION SECURITYAS A C-LEVEL ISSUE DETERMINE HOW BEST TO POSITION THE SELL
E N D
CYBER TERRORISM THREATS, ACTIONS AND OPPORTUNITIES JERRY M. STRIPLIN Confidential and May Not be used without permission 1 609 234 5555
PRESENTATION OBJECTIVES • PROVIDE AN OVERVIEW OF E-TERRORISM • POSITION SECURITYAS A C-LEVEL ISSUE • DETERMINE HOW BEST TO POSITION THE SELL • CREATE A POSITIONING STATEMENT • DEVELOP PATH FORWARD TARGET AGENDA - OUTCOME CEO PARTNER TECH $$ BUYERS INFORMATION
THE INTERNET HAS NO BOUNDRIES OR SOVEREIGNTY __________ CYBER TERRORIST NOW HAVE THE CAPABILITY TO UNDERMINE AND DISABLE ENTIRE SOCIETIES WITHOUT A SHOT BEING FIRED
FORTY FOUR HOURS AN ATTACK HOBBLED YAHOO BUY.COM e BAY CNN AMAZON.COM MSN.COM ZDNet E*TRADE OTHERS TURNED DOWN SERVICE AS A PRECAUTIONARY. “EVERYTHING CHANGED”
“THE INTERNET ERA MARKED THE 1ST TIME IN AMERICA’S HISTORY THE FEDERAL GOVERNMENT ALONE CANNOT PROTECT OUR INFRASTRUCTURE”. COMMERCE SECT’Y - WILLIAM DALEY, 18 APR.00 THE US NEWS & WORLD REPORT NOTED THAT: 12 OF THE 30 GROUPS ON THE US DEPARTMENT LIST OF TERRORIST ORGANISATIONS ARE ON THE WEB. IT APPEARS THAT VIRTUALLY … EVERY TERRIOST GROUP IS NOW ON THE WEB.
EVENTS 300,000 CREDIT CARDS STOLEN FROM CD UNIVERSAL MELISSA VIRUS CAUSES ESTIMATED $80MIL IN DAMAGES HACKERS FOR HIRE PLEADED GUILTY TO BREAKING IN TO AT&T, GTE, SPRINT, FOR CREDIT CARD NUMBERS, SOLD TO ORG. CRIME IN ITALY, $2MIL IN DAMAGES 911 VIRUS SCRIPT DISSEMINATED TO SEVERAL 1000 COMPUTERS VIA 4 ISP’s CHINESE HACKER ATTACKED US TARGETS AFTER BOMBING OF EMBASSY IN BELGRADE SPY PLANE RESULTED IN LARGEST ATTACH IN HISTORY
KOSOVO • CHARACTERIZED AS... • THE 1ST WAR ON THE INTERNET • GOVERNMENT AND NON-GOVMT USED THE NET TO: • DISSEMINATE INFORMATION • SPREAD PROPAGANDA • DEMONIZE THE OPPONENT • SOLICIT SUPPORT FOR THEIR POSITION • DISRUPTED GOVMT. COMPUTERS • CAPTURED WEB SITES • IMPACTED POLITICAL DECISIONS AND ALTERED • FORIEGN POLICY • NATO DID NOT BOMB ISP’s OR SHUT DOWN • SATELLITES BRINGING THE INTERNET TO • YUGOSLAVIA.
DEFINITION… TERRORISM, THE CALCULATED USE OF VIOLENCE OR THE THREAT OF VIOLENCE TO CREATE FEAR;INTENDED TO COERCE OR INTIMIDATE GOVMTS OR SOCIETIES IN THE PURSIT OF GOALS THAT ARE POLITICAL, RELIGIOUS OR IDEOLOGICAL.(DoD) CYBER TERRORISM, THE CONVERGENCE OF CYBERSPACE AND TERRORISM. THE PREMEDITATED, POLICALLY MOTIVATED ATTACK AGAINST INFORMATION, COMPUTER SYSTEMS, PROGRAMS, AND DATA WHICH RESULTS IN VIOLENCE, “GRAVE HARM”, SEVERE ECONOMIC DAMAGE AGAINST NONCOMBATANT TARGETS BY SUBNATIONAL GROUPS OR CLANDESTINE AGENTS. CYBER MERCENARIES… HIRED TO CREATE, INSTALL AND OPERATE SECURE SYSTEMS.
THE ESSENCE OF TERRORISM… • IS THE INTENT TO INDUCE FEAR IN SOMEONE • OTHER THAN ITS VICTIMS TO MAKE A GOVMT • (CORPORATION) OR OTHER AUDIENCE (CUSTOMERS) • CHANGE ITS POLITICAL (BUYING-STAYING LOYALITY) • BEHAVIOR. • IT IS … • CALCULATED • SELECTED, PLANNED AND RATIONAL • PRODUCES FEAR • PSYCHOLOGICALLY ALTERING
DRIVERS • RELIGIOUS • VISUAL PLEASURE - DISTRUCTION • DISCREDIT • ECONOMIC • RECONGNITION • GLOBAL POSITIONING • TO PUNISH • FORWARD A CAUSE • TO PROVE A PRODUCT TO SELL TO A 2ND MARKET • ENERGISE • BREAK DOEN NATIONAL BARRIERS - MEDIA • FINANCIAL - FOR PROFIT • INTIMIDATION • TERRITORIAL EXPANSION • DIVERT $$ SPENDING • CHANGE FOREIGN POLICY
INFORMATION WARFARE (IW)… • “NATIONAL SECURITY DATA … 12+ NATIONS ARE WORKING • ON DEVELOPING SOPHISTICATED INFORMATION WARFARE (IW) • TACTICS” AND THAT CHINA IS “REPORTALY CONSIDERING • THE CREATION OF A 4TH BRANCH OF THE MILITARY FOR (IW). • ”Sen. Jon Kyl 24 MAR.00 • IMAGINE THE CONSEQUENCES OF A FULL SCALE ATTACK • AGAINST MANY AT ONCE… • A NATURAL DISASTER, TERRORIST ATTACK AND • INTERNATIONAL CRISIS. • CIA WARNS THAT “IW” IS 1 OF 2 MAIN THREATS... • IW • NUCLEAR, BIOLOGICAL AND CHEMICAL
AREAS OF VULNERABILITY • PRESIDENTS COMMISSION ON ... • CRITICAL INFRASTRUCTURE PROTECTION • IDENTIFIED 8 LIFE SUPPORT SYSTEMS OF A NATION • TELECOMMUNICATIONS • BANKING AND FINANCE • ELECTRICAL POWER • OIL AND GAS DISTRIBUTION AND STORAGE • WATER SUPPLY • TRANSPORTATION • EMERGENCY SERVICES • GOVERNMNET SERVICES
AREAS OF VULNERABILITY DEFENSE INFORMATION SECURITY AGENCY (DISA) 88% OF THE 3000 DEFENSE SYSTEMS ARE EASILY PENETRABLE OF THESE 96% ENTRY WAS NOT DETECTED 5% WERE REPORTED
TYPES OF ATTACKS VIRUS …GROWS AS PASSED ON WORMS…ENTERS AND FINDS OWN PATH & FEEEDS INFO OUT MALICIOUS CODE…DESTROYS/SHUTS DOWN SYSTEMS, APS, ETC WEB DEFACEMENT… BRAND, IMAGE, MESSAGE UNATHORIZED ACCESS… SECURITY, FINANCE, ETC MISUSE… POLITICAL, PERSOANL, FINANCIAL, ETC EXPLOITS…STEALING IDENTITIES , PWs, ETC.
NATIONAL INFORMATION INFRASTRUCTURE • THE PHYSICAL LAYER IS BEING OVERLAID BY ANOTHER LAYER • …THE NATIONAL INFORMATION INFRASTRUCTURE (NII) • THAT SYSTEM OF ADVANCED COMPUTERS SYSTEMS, • DATABASES & TELECOM NETWORKS… THAT MAKE ELECTRONIC • INFORMATION WIDELY AVAILABLE AND ACCESSIBLE… • THIS IS WHAT ALLOWS AND DRIVES THE NEW ECONOMY • E-COMMERCE AND E-BUSINESS • WE HAVE A TOTAL RELIANCE . ANY DISRUPTION IMPACTS: • NATIONAL ECONOMY • INDIVIDUAL GOVERNMNETS AND • BUSINESS
E-COMMERCE • THE INTERNET IS THE DRIVER LIFTING THE USA ECONOMY • USA... • $20 BIL IN RETAIL MARKET • BY 2004 $185 BIL IN COMMISSION SALES • B2B $114 BIL IN 1999 • B2B $1.5 TRILLION BY 2004 • 1/4 OF ALL PURCHASE ONLINE • 16% STOCK TRADES EXECUTED ONLINE • WORLDWIDE • B2B $3.2 TRILLION BY 2003 (EUROPE 100% A YEAR) • FORRESTER RESEARCH & GOLDMAN-SACHS • OUR “SOFT BELLY”
THE ENTERPRISE... • AREAS OF VULNERABILITY • “TARGETS” • PATENTS • BUSINESS CRITICAL ASSETS • INTELLECTUAL PROPERTY • CLIENT DATABASE • BRAND INFORMATION • STRATEGIES • TRADE SECRETS • NEW PRODUCT/SERVICES • COMMERCIALY SENSITIVE DATA • FINANCIAL DATA • PRICING STRUCTURE • PARTNERSHIP/ALLIANCE AGREEMENTS • PAYROLL • PRODUCTIVITY
THE ENTERPRISE • “IMPACT OF CYBER ATTACK” • BRAND ERROSION • LOSS OF TRUST - CUSTOMERS AND SUPPLIERS • TARGET FOR SHAREHOLDER SUITES • LOSS OF IMAGE • LOSS OF MARKET SHARE • DATA MANIPULATION, CORRUPTION OR LOSS • DATA MINING • LOSS OF PUBLIC CONFIDENCE • DESTABLIZATION • FINANCIAL • LOSS OF NETWORK AVAILABILITY • 80% OF A CORPORATIONS INTELLETUAL • PROPERTY IS IN DIGITAL FORM
THE ENTERPRISE • “IMPACT OF CYBER ATTACK” • CITIBANK, RUSSIAN HACKERS TRANSFERRED $10MIL • ALL BUT $400K RECOVERED, 20 CUSTOMERS • MOVED TO OTHER BANKS. • LAW TO PROSECUTE… • CRIMINAL FORFIEITURE • FINE $10 MIL • SENTENCE 15 YEARS • THE “CAVEAT”… • REASONABLE MEASURES TAKEN, FAILURE • MAY RESULT IN DOWNSTREAM LIABILITIES.
CYBER TERRORISM • FBI SAID NUMBER OF CYBER ATTACKS DOUBLED IN A YEAR • WWW ABOUT 1 BIL PAGES OF INFORMATION • 30,000 HACKER ORIENTED SITES • 200 MIL EMAILS • 1900 WEB SITES THAT OFFER TOOLS • CORP. AMERIA SPENT $6BIL ON NETWORK SECURITY • 1 COMPUTER SECURITY PERSON FOR 1000 COMPUTERS • FBI SURVEYED 400 COMPANIES • 40% REPORTED RECENT BREAKINS • 30% TOOK PLACE INSPITE OF SECURITY • 15% WERE REPORTED WHAT’S BEING DONE?
ACTIONS • RUSSIAN FEDERATION PROPOSED - UN GENERAL ASSEMBLY • ADOPTED A RESOLUTION RELATED TO CYBERCRIME, • CYBER TERRORISM AND CYBER WARFARE. • AN AGREEMENT REQUIRED THAT WILL FIGHT CYBER • ATTACKSIN THE SAME WAY NATIONS AGREE ON HOW • TO FIGHT AIR HIJACKINGS • CORPORATE DIRECTORS HAVE A RESPONSIBILTY • TO PRACTICE “DUE CARE” IN OVERSEEING INFORMATION • SECURITY PRACTICES • JAN. 2000, WHITEHOUSE - INSTITUTE FOR INFORMATION • INFRASTRUCTURE PROTECTION… • ID, FUND RESEARCH, TECHNICAL DEVELOPMENTS
ACTIONS • NATIONAL SECURITY COUNCIL PLAN • 10 STEPS TOWARD INFORMATION SECURITY • NATIONAL INFRASTRUCTURE PROTECTION CENTER • MISSION… TO DETECT, DETER, ASSESS, WARN OF, • RESPOND TO & INVESTIGATE INTRUSIONS… • WHATEVER THE SOURCE • INFRAGARD - NEW INITIATIVE • INFRAGARD@FBI.GOV
OPPORTUNITIES • AS “CRISIS BRINGS OPPORTUNITY”, AREAS • OF JOB/MARKET GROWTH • LEGAL • INSURANCE • INFORMATION SECURITY SPECIALIST • OUTSOURCING • RECOVERY SERVICES • CERTIFICATION • EDUCATION AND TRAINING • GOVERNMNET SERVICES… FBI • AWARNESS… MARKETING AND PR • CORPORATIONS WILL NEED A… • “CHIEF SECURITY OFFICER”
LEGAL • INSURANCE • INFORMATION SECURITY SPECILIST • OUTSOURCING • RECOVERY SERVICES • CERTIFICATION • EDUCATION AND TRAINING • GOVERNMNET SERVICES… FBI AN OVERVIEW ACTIONS & OPPORTUNITIES STRIKE ZONES STRIKE ZONES • PATENTS • BUSINESS CRITICAL ASSETS • INTELLECTUAL PROPERTY • CLIENT DATABASE • BRAND INFORMATION • STRATEGIES • TRADE SECRETS • NEW PRODUCT/SERVICES • COMMERCIALY SENSITIVE DATA • FINANCIAL DATA • PRICING STRUCTURE • PARTNERSHIP AGREEMENTS • PAYROLL NATIONAL - GLOBAL • TELECOMMUNICATIONS • BANKING AND FINANCE • ELECTRICAL POWER • OIL AND GAS • WATER SUPPLY • TRANSPORTATION • EMERGENCY SERVICES • GOVERNMNET SERVICES BUSINESS CYBER TERRORISM TARGETS E-COMMERCE & E-BUSINESS NATIONAL INFORMATION INFRASTRUCTURE
IN SUMMARY… • IN CYBERSPACE, NATIONAL BORDERS ARE NOT RELEVANT. • LIKE PREVIOUS TECHNICAL REVOLUTIONS, • IT HAS BROUGHT WITH IT NEW OPPORTUNITY • FOR CRIMINAL ABUSE. • THE RELIANCE ON COMPUTERS & OTHER • TECHNOLOGIES WILL CREATE VULNERABILITIES • TO ATTACK FROM THOSE PREVIOUSY UNABLE TO • TAKE ON OUR DEFENSE SYSTEMS. THEY WILL BE: • INVISIBLY RECONNOTERED • CLANDESTINLY REHEARSED • MOUNTED IN SECONDS • WITHOUT REVEALING THE IDENTITY OR • LOCATION OF THE CYBER TERRORIST. • DEVELOPMENT OF AN EFFECTIVE RESPONSE • TO CYBER TERRORISM IS ESSENTIAL
YOUR POSITION - ADVANTAGE • IN THE SECURITY MARKET • SECURITY MARKET GROWING • PRODUCTS AT 23.5% • SERVICES AT 24.2% • 1. ANTI-VIRUS 2. VULNERABILITY & DETECTION • 3. INTRUSION DETECTION 4. FIREWALLS • KEYS TO SECURITY GROWTH • INCREASE IN CONNECTIVITY = INCREASED RISK • INCREASED THREATS AND VULNERABLITIES • E BUSINESS REQUIRES OPEN NETWORKS • NETWORKS ARE DYNAMIC • SECURITY IS COSTLY AND COMPLEX • LIMITED RESOURCES AND EXPERTS • WIRELESS PRIVACY REGULATIONS • WIRELESS IS THE GREATEST AREA OF RISK
C-LEVEL ISSUES • RESOURCE AVAILIBILITY • HUMAN CAPITAL • FINANCIAL CAPITAL • TIME • “IMPACT” KNOWLEDGE LIMITED • OUTSOURCE or MANAGED SERVICES • COST BENEFIT UNCLEAR • COMPETITIVE ADVANTAGE UNDEFINED • SHAREHOLDER VALUE UNSTATED
AREAS OF IMPACT 4% PHYSICAL SECURITY 26% MALICIOUS ATTACKS 5% OTHER 20% DENIAL OF SERVICE 25% LOSS OF PRIVACY CONFIDENTIALITY 20% EVENT EXPLOITED
MARKET RESPONSE OPPORTUNITY FIELD RISK HIGH INTERNAL OUT SOURCED EXPERTISE MANAGED SERVICES SW HIGH LOW NEEDS BUSINESS CRITICAL SYSTEMS
NEXT STEPS OPEN DISCUSSION MAP YOUR COMPANIY’S CAPABILITIES TO THE MARKET CREATE A “C-LEVEL” MESSAGE MAP ORGNAIZATION TO DELIVER DETERMINE BEST CLIENT HOW TO SELL INTO THIS MARKET