Threat Trends and Protection Strategies Barbara Laswell, Ph. D Threat Trends and Protection Strategies Barbara Laswell, Ph.D. September 2003 CERT® Centers Software Engineering Institute Carnegie Mellon Pittsburgh, PA 15213 Sponsored by the U.S. Department of Defense

Software Engineering Institute Federally Funded Research and Development Center (FFRDC) Sponsored by the U.S. Department of Defense Operated by Carnegie Mellon Purpose is to help others make measured improvements in their software engineering capabilities CERT® Centers are part of the SEI

Growth in Number of Incidents Reported to the CERT/CC

Growth in Number of Vulnerabilities Reported to the CERT/CC

Attack Sophistication vs. Intruder Knowledge

Lack of Boundaries Today we see the shift in thinking from bounded to unbounded systems, specifically shifting from the presence of well-defined geographic, political, cultural, and legal/jurisdictional boundaries to their absence.

Trends Steady increase in both vulnerabilities and incidents, as well as a growing dependency on the Internet Cyber attackers using vulnerabilities and easy connectivity to the Internet to conduct criminal activities, compromise information, and launch denial of service attacks that seriously disrupt operations Attacks are cheap, easy, difficult to trace, and growing increasingly sophisticated Cyber-space and physical space are one

Strategy for Organizations

Protect Strategy Conduct risk analyses Develop policy and implement risk mitigation plans Use security practices

Protect Resources Risk-based information security assessment methods OCTAVE http://www.cert.org/octave/ Security practices http://www.cert.org/security-improvement/ Survey on network security and insider threats [USSS and CERT] https://www.survey.cert.org/InsiderThreat/index.php

Detect Strategy Use modern technology and system management processes to identify and analyze attacks and compromises

Detect Resources Analysis techniques and methods http://www.cert.org/analysis/

Respond Strategy Have incident response teams and procedures in place to quickly react to attacks and compromises Recover and restore critical services Conduct cybercrime investigations

Respond Resources CERT Advisories Vulnerability notes database http://www.cert.org/nav/index_red.html Vulnerability notes database Automated Incident Reporting (AirCERT) http://www.cert.org/kb/aircert/ Computer Security Incident Response Team (CSIRT) guidance, training and certification http://www.cert.org/csirts/ “Tracking and Tracing Cyber Attacks” http://www.cert.org/archive/pdf/02sr009.pdf

Sustain/Improve Strategy Develop an information assurance empowered workforce

Sustain/Improve Resources Awareness and training at all levels http://www.isalliance.org/resources/papers/ISAhomeuser.pdf http://www.cert.org/homeusers/ http://www.cert.org/training/ Secure programming practices and training TSP/PSP pilots

Our Mission An Internet community that is in information assurance and survivability

Countries of CERT course attendees

Recent Publications

For More Information CERT® Centers Software Engineering Institute Carnegie Mellon University Pittsburgh, PA 15213 USA +1 (412) 268-7090 http://www.cert.org