1 / 7

2015 Predicted Threats

This article discusses the lack of intelligence sharing in cybersecurity and predicts that 2015 will be the year to overcome these challenges. It also covers topics such as the Cyber Intelligence and Information Sharing Act and recent cyber war games.

mwillis
Download Presentation

2015 Predicted Threats

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. 2015 Predicted Threats Cyber Security Intelligence You got to be careful if you don’t know where you’re going, because you might not get there. – Yogi Berra

  2. Outline and Review • One of the biggest challenges in Cybersecurity intelligence has been the lack of intelligence. • Companies are not sharing /collaborating to overcome many of the threats currently facing organizations. • 2015 is predicted to be the year when we may overcome many of these challenges • Articles/Topics Discussed: • Obama Endorses CISPA • Obama talks cybersecurity, but Federal IT system breaches increasing  • Cyber War Games

  3. Cyber Intelligence and Information Sharing Act (CISPA) Originally introduced in 2013 • Passed the House but not Senate • Reintroduced earlier this week with administration support. Allows companies to share cyber threat information with the Dept. of Homeland Security Argument by leaders: “We must stop dealing with cyber attacks after the fact.” (in reference to recent Sony hack)

  4. CISPA: Controversial? Under CISPA 2015 (HR 234), the Secretary of Homeland Security, the Attorney General, the Director of National Intelligence, and the Secretary of Defense would create the cyber threat information sharing program and also provide oversight for the program’s civil liberties protections. CISPA 2015 also mandates privacy and civil liberties reports, but allows government agencies to classify the annexes to the reports. In other words, CISPA 2015 does not intend to have any real oversight for civil liberties and privacy. Cyber threat information shared with the government would also be exempt from the Freedom of Information Act. It would give immunity from criminal prosecution and lawsuits to anyone sharing cyber threat information with the government. Figure 2-1 Information Security and Planning Source: Course Technology/Cengage Learning

  5. Federal IT & Cybersecurity • Recent Actions: • Pledging Free and Open Internet • Broadband expansion • Embrace Cyber Security Legislation • Federal Government IT Professionals • Poor track record • 2006 – 5,503 cyber breaches on federal IT systems • Any guesses how many last year? • By 2013, 40% of federal breaches involved potential exposure of private data

  6. Cyber War Games • US and UK have agreed to hold the first Cyber War Games later this year • Target: UK Banks • The first war game will involve the Bank of England and commercial banks, targeting the City of London and Wall Street, and will be followed by "further exercises to test critical national infrastructure", Downing Street said

  7. What’s involved in Cyber War Games? • Step up from penetration tests • Pen tests generally target computers (internal staff know) • Cyber game attack will test the internal staff as they won’t know how or when the attack will occur. • Not entirely new • Waking Shark • bank staff reacting to a series of different problems such as ATM networks failing or phone systems breaking down, to see how response teams fared. • Nato 2014 Wargame • Involved 700 soldiers and civilians across 28 nations • 3 day exercise involving 100 attacks (from booby-trapped apps sent to Android phones to compromising equipment from firms supplying military material

More Related