DuWayne Aikins Information Security Forum May 21, 2015 Cyber, A Militarized Domain: What is Means to Texas

Objective The threat landscape A closer look at China Lessons learned Demystify the Cyber Realm so that we can understand it and then do something about it.

Threat landscape new pieces of malware are discovered... of fortune 500 companies have admitted they've been hacked of malicious hacks are for financial gain.

Threat landscape Internet of things Using internet enabled devices to operate our world. Shift from using the internet to communicate. With 40 billion new devices connecting to the internet in the next 5 years, devices will be communicating with themselves. Allows hackers to penetrate further into our lives.

Threat landscape Cyberspace, a Military Zone? 100 governments have created military units to fight and win cyber wars STUXNET Computer worm designed to attack programmable logic controllers Reportedly ruined almost one-fifth of Iran's nuclear centrifuges WIPER: Two destructive threads Overwrites data Interrupts execution processes

China along with ‘one or two’ other countries had the capability to successfully launch a cyber attack that could shut down the electric grid in parts of the United States. U.S. adversaries are performing electronic ‘reconnaissance,’ on a regular basis so that they can be in a position to attack the industrial control systems that run everything from chemical facilities to water treatment plants. —November 20, 2014 – Admiral Michael Rogers, Director National Security Agency (NSA) NSA Director: China can damage US power grid

People’s Liberation Army, Unit May 2014: U.S. Justice Department indicted five members of the People’s Liberation Army (PLA) General Staff Department (GSD), Unit This unit was "assigned" to deploy a widespread spear-phishing (or "spearfishing") campaign to allegedly hack into leading US companies Unit requires its personnel to be trained in computer security and computer network operations and also requires its personnel to be proficient in the English language

People’s Liberation Army, Unit Unit is partially situated on Datong Road ( 大同路 ) in Gaoqiaozhen ( 高桥镇 ), which is located in the Pudong New Area ( 浦东新区 ) of Shanghai ( 上海 ). The central building in this compound is a 130,663 square foot facility that is 12 stories high and was built in early 2007.

People’s Liberation Army, Unit Since 2006, Mandiant has observed Unit compromise 141 companies spanning 20 major industries. Unit maintained access to victim networks for an average of 356 days. The longest time period Unit maintained access to a victim’s network was 1,764 days, or four years and ten months. Of the 141 APT1 victims, 87% of them are headquartered in countries where English is the native language. The industries APT1 targets match industries that China has identified as strategic to their growth, including four of the seven strategic emerging industries that China identified in its 12th Five Year Plan. WHAT DOES THIS INFER?

PLA GSD third department Located in Xianghongxi community in the western hills of Beijing‘s Haidian District. Manages a vast communications intercept infrastructure and cyber surveillance system. Targets foreign diplomatic communications, military activity, economic entities, public education institutions, and individuals of interest. Responsible for PLA Computer Network Defense (CND).

Lessons learned 1.Traditional Detection and Incident Response Methods are Proving Ineffective Organizations cannot stop every attack What have we learned from 9/11? What do examples like Target, Home Depot, and Ferguson MO teach us? Must be able to maneuver through the attacks 2.We are now operating in a Military Domain Texas Is and Will be a target, must change the Culture of Blame Network Defense is Two-Fold: First line of Defense is focused on Deterrence Second line of Defense is focused on Incident Response Change from Remediation to Investigation Who, What, When, Where, and WHY?