1 / 15

Current State of Cyber Warfare and Impact on US Business

Current State of Cyber Warfare and Impact on US Business. Infragard – ISSA Meeting. Charly Shugg, Brig Gen, USAF (Retired). Chief Operating Officer, Sylint Group Inc. Clients - Fortune 100, Gov’t, Public, Private NSA, Air Force Cyber Component, Army CID, Law Enforcement

lis
Download Presentation

Current State of Cyber Warfare and Impact on US Business

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Current State of Cyber Warfare and Impact on US Business Infragard – ISSA Meeting

  2. Charly Shugg, Brig Gen, USAF (Retired) • Chief Operating Officer, Sylint Group Inc. • Clients - Fortune 100, Gov’t, Public, Private • NSA, Air Force Cyber Component, Army CID, Law Enforcement • Cyber Security provider to Fortune 100 companies & think tanks • Digital Data Forensics Lab /Licensed Private Investigators • Criminal Investigations for Law Enforcement • US Secret Service | Federal Bureau of Investigation • Payment Card Industry QSA & PFI

  3. Cyber Warfare* Examples • Saudi Aramco (Aug 12) • “Cutting Sword of Justice” or Iran? • South Korea (Mar 13) • Bureau 121 suspected • Ukraine (Mar 14) • “Cyber Berkut”, pro-Russia group suspected • Sony Pictures (Nov 14) • “Guardians of Peace” or North Korea or Russia / China or Inside Job? *Leave the discussion of what constitutes a “Cyber Warfare / Attack” off the table for now

  4. Traditional Major “Threat Actors” • Nation States • State Security Espionage • Organized Crime • Economic Gain • Hacktivist • Civil Disobedience & Activism • Script Kiddies • Personal Gratification Primary Focus on “Confidentiality” of Information

  5. Evolving “Threat Actors” • Nation States • Economic competitiveness • Supplementing Kinetic Operations • Expanding workforce by collaborating with Organized Crime, infiltrating Hacktivist groups, and transforming Script Kiddies into novice “Cyber Patriots” • Terrorist Groups • Cyber domain primarily used as Command and Control vehicle • Potential to supplement Kinetic Operations • Collaboration with Organized Crime and sympathetic nation state players Tactics /Techniques starting to blend making attribution that much more difficult

  6. Evolving “Attack Process” • Stages of Attack • Intelligence Gathering • Initial Attack • Network Modeling / Mapping / Info gathering • BREAK (Digest Information) • Data Collection • Potential Interruption (INCIDENT RESPONSE) • Intrusion Maintenance Well orchestrated operation with isolated groups using various focused tactics and tools

  7. Cyber Warfare Strategy – Digital “Pearl Harbor” • Ultimate Weapon • Moves at speed of light • Unlimited by geography or political boarders • Capable of simultaneous attacks on multiple targets in multiple locations • Difficult to accurately attribute • Primary focus on destruction or disruption (“Availability”) • Seeking Immediate effects • Potential Target Set(s): • Critical Assets / Infrastructure

  8. Cyber Warfare Strategy – Digital “Pearl Harbor” (cont) • Potential Drawbacks • Damage Containment Difficult • Ethics and Morality drive employment • Little concern for others (results justify means) • Future Access • Could be tied to intelligence channels • Potential Threat Actors: • Low end “Offensive Capable” nation states • Terrorist / Organized Crime

  9. Cyber Warfare Strategy – Digital “Death by a Thousand Cuts” • Discrete Support Weapon • Primary focus on discretely manipulating perceptions and eroding situational awareness / trust (Integrity) • Win – Win Outcome • Unaware of attack – Mode perceptions and potentially create confusion with operations • Aware of attack – Loss of trust for previous tools and methodologies for implementing various operations

  10. Cyber Warfare Strategy – Digital “Death by a Thousand Cuts” (cont) • Potential Target Sets: • Banking & Finance • Communication • Local Law Enforcement • Healthcare • Probable Actors: • High end “offensive capable” nation states • Sophisticated International criminal element

  11. US Business Ramifications - Scope of the Problem • FBI Director believes nearly 100% of US businesses compromised • 80% of breached companies don’t know it • 98% of US companies are SMB • 60% SMB fail 6 months after cyber attack • Intangible assets represent 80% of S&P 500 company valuations • $100 Billion / Year estimated damage to US businesses due to cyber attacks

  12. US Business Ramifications - Unrealistic Protection Expectations • Use physical world security analogy • Attacks from foreign nation states • Attacks from organized crime • Gov’t Compliance and Regulatory Measures • Reality cannot meet security expectations • US Government / Military • US Government / Law Enforcement • Gov’t Compliance and Regulatory Measures

  13. US Business Ramifications - Potential Outcomes • Disrupt / Destroy basic economic premise of capitalism • Stolen proprietary information • Stolen trusted information • Loss of brand reputation • Erode Public Trust in economic system and government • Loss of critical infrastructure • Arguments regarding public resiliency

  14. US Business Ramifications – Future Strategy • Reduce attack surface exposure and become threat aware • Create Resiliency • Exercise Incident Response • Support US Cyber Security Thought Leadership

  15. Sylint.com

More Related