1 / 20

Cyberdefense and security policy Concepts and considerations for government policy

Cyberdefense and security policy Concepts and considerations for government policy. Zolt á n Pr é cs é nyi. Government Affairs Manager. Issue statement. Agenda. The threat landscape. 1. Attack types . 2. Cyberdefence , cybersecurity , cyberintelligence. 3. Emerging challenges. 4.

evelia
Download Presentation

Cyberdefense and security policy Concepts and considerations for government policy

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Cyberdefense and security policyConcepts and considerations for government policy Zoltán Précsényi Government Affairs Manager Cyberdefense and security policy – concepts and considerations for government policy

  2. Issue statement Cyberdefense and security policy – concepts and considerations for government policy

  3. Agenda The threat landscape 1 Attack types 2 Cyberdefence, cybersecurity, cyberintelligence 3 Emerging challenges 4 Recommendations 5 Cyberdefense and security policy – concepts and considerations for government policy

  4. The Threat Landscape Cyberdefense and security policy – concepts and considerations for government policy

  5. 2010 Trends Targeted Attacks continued to evolve Social Networking + social engineering = compromise Hide and Seek (zero-day vulnerabilities and rootkits) Attack Kits get a caffeine boost Mobile Threats increase Cyberdefense and security policy – concepts and considerations for government policy

  6. 2010 in numbers • 286M+ threats • +93% web-based attacks • 260.000 identities exposed per breach • +42% mobile vulnerabilities • 6253 new vulnerabilities • 14 new zero day vulnerabilities • 1M+ bots in Rustock • $0.07 to $100 per stolen credit card Cyberdefense and security policy – concepts and considerations for government policy

  7. Attack types Cyberdefense and security policy – concepts and considerations for government policy

  8. Sources Organized crime Wellmeaninginsiders Malicious insiders Extremists Cyberdefense and security policy – concepts and considerations for government policy

  9. Targets and methods • Any combinations of the above are possible. And likely. Cyberdefense and security policy – concepts and considerations for government policy

  10. CyberdefenseCybersecurityCyberintelligence Cyberdefense and security policy – concepts and considerations for government policy

  11. From cybersecurity to cyberdefense Cyberdefense and security policy – concepts and considerations for government policy

  12. Cyberintelligence: What is the Internet used for? • Communication: • Propaganda, instructions, information exchange • Diversion / disinformation / psychological operations • Cybercrime and related finances: • Turning stolen data and attack capabilities into profits • Laundering money • Intelligence • OSINT operations, social engineering • Attack • Web-based attacks against information, organisations, infrastructure The Internet can also be used in support of other forms of attack. Cyberdefense and security policy – concepts and considerations for government policy

  13. Cyberintelligence: needs and challenges • Needs: • Design: Engineering skills • Deploy: Infrastructure for advanced monitoring • Leverage: Strong analytical capabilities, including human intelligence skills • Challenges: • Fundamental rights: How intrusive can you be? • Confidentiality, encryption: How effective can you be? • Mass of information: Can you tell the wheat from the chaff? • Attribution: Can you tell who you’re up against? Can you really? Cyberdefense and security policy – concepts and considerations for government policy

  14. Symantec™ Global Intelligence NetworkIdentifies more threats, takes action faster & prevents impact Calgary, Alberta Dublin, Ireland Tokyo, Japan San Francisco, CA Chengdu, China Mountain View, CA Austin, TX Culver City, CA Taipei, Taiwan Chennai, India Pune, India Worldwide Coverage Global Scope and Scale 24x7 Event Logging RapidDetection • Attack Activity • 240,000 sensors • 200+ countries • Malware Intelligence • 133M client, server, gateways monitored • Global coverage • Vulnerabilities • 40,000+ vulnerabilities • 14,000 vendors • 105,000 technologies • Spam/Phishing • 5M decoy accounts • 8B+ email messages/day • 1B+ web requests/day Information Protection Threat Triggered Actions Preemptive Security Alerts Cyberdefense and security policy – concepts and considerations for government policy

  15. Emerging challenges Cyberdefense and security policy – concepts and considerations for government policy

  16. Next generation computing technologies Cyberdefense and security policy – concepts and considerations for government policy

  17. Mobile Threats • Most malware for mobiles are Trojans posing as legitimate apps • Mobiles will be targeted more when used for financial transactions 163 vulnerabilities 2010 115 vulnerabilities 2009 42% increase Cyberdefense and security policy – concepts and considerations for government policy

  18. Recommendations Cyberdefense and security policy – concepts and considerations for government policy

  19. Recommendations View cybersecurity as a national security stake. 1 Security: in depth, mobile, adjustable, dynamic. 2 Security can no longer go without intelligence. 3 Monitor, correlate data, respond accordingly. 4 Assess actual threat levels, prioritise accordingly. 5 6 Focus on people, processes and technology. 7 Operationalise public private partnerships in CIIP. Ensure that cybersecurity is adequately resourced. 8 Allocate clear responsibility for cybersecurity. 9 10 Design security already into the earliest concept. Cyberdefense and security policy – concepts and considerations for government policy

  20. Zoltán Précsényi zoltan_precsenyi@symantec.com +32 225 71319 Cyberdefense and security policy – concepts and considerations for government policy

More Related