Presentation is loading. Please wait.

Presentation is loading. Please wait.

Cyber Criminals and the Potential for Cyber War

Published byAusten Shepherd Modified over 6 years ago

Similar presentations

Presentation on theme: "Cyber Criminals and the Potential for Cyber War"— Presentation transcript:

1 Cyber Criminals and the Potential for Cyber War
How do we protect ourselves and our country? Sharon oNeal

2 Interesting Cyber Facts
Cyber Crime damage costs to reach $6 trillion annually by 2021 Human attack surface to reach 6 billion people by 2022 Typical Dwell Time in public Infrastructure networks before Penetration Detection: 128 Days Every minute 1,080 hacks occur 27 Days to Resolve at an average cost of ~$ 7.4M / incident Software Code: 4.9 Flaws/1000 Lines of Code 1 to 5% represent a serious vulnerability Typical Penetration Detector: External Vulnerability Assessment Currently more than 1.5 Million Cyber Security Jobs are unfilled (Expected to rise to 3.5M by 2021) Attacker only needs Success Rate Most Asset Owners aren’t aware of their Outbound Traffic: Number of Connections Length of Connection Amount of Data % Encrypted Destination IP Interesting Cyber Facts And here are some more compelling statistics for you to contemplate: Cyber crime damage costs to hit $6 trillion annually by 2021 (up from $3 a year ago) Predictions and observations provide a 30,000-foot view of the cybersecurity industr Cybersecurity spending to exceed $1 trillion from 2017 to 2021.  Cyber crime will more than triple the number of unfilled cybersecurity jobs, which is predicted to reach 3.5 million by 2021. Human attack surface to reach 6 billion people by 2022.  There are 3.8 billion internet users in 2017 (51 percent of the world’s population of 7 billion), up from 2 billion in 2015. Global ransomware damage costs are predicted to exceed $5 billion in 2017.  Billionaire businessman Warren Buffet takes it a step further and says that cyber attacks are the number one problem with mankind, even worse than nuclear weapons

3 Cyber threat landscape
Let’s look at a top level view of the current cyber landscape. Who are the actors? Govts, ideological groups, organized crime, private individuals. What are some of the techniques they use? Other Statistics: Top 3 Cyber threats last year: Social Engineering: 52% of all threats Insider Threat accounts for 40% of all threats APT: 39% Recent high profile case of the Insider Threat – Chelsea Manning leaked 750K classified and unclassified documents to WikiLeaks motivated by crowdsourcing – getting others to come to c=the conclustion that the war was not worthwhile.) and Edward Snowden who released thousands of documents revealing several global surveillance programs by the NSA and other govt agencies. A subject of controversy, Snowden has been variously called a hero, a whistleblower, a dissident, a traitor and a patriot. His disclosures have fueled debate over mass surveillance, government secrecy, and the balance between national security and information privacy. Currently lives in an undisclosed location in Russia who has granted him temporary asylum. How do they gain access to a corporations/ organization’s systems: suppliers, employers and contractors, mobile devices, network access, physical access. Co-mingled corporate and personal assets, excessive 3rd party access, lack of secure supply chain, patching and system upgrades, outdated equipment and lack of installing software updates, inexperienced cyber architects, lack of business risk aseesment and ineffective mitigation strategies. Let’s talk about IoT – projected to have more than 50B connected devices by 2020 Cyber threat landscape Source:

4 Dept of homeland Security (DHS) – 16 Critical Infrastructure Sectors
In 2013, then President Obama issues an Executive Order – titled “improving Critical Infrastructure Cyber Security”, which among other things called for the establishment of a voluntary risk- based Cyber Security Frameowkr between private and public sectors. Also the DHS identified 16 critical infrastructure sectors in response to the POTUS Policy Directive-21 Critical Infrastructure Security and Resilience directs the Executive Branch, led by DHS, in coordination with NIST, NSA and sector Agencies to: * develop near-real time physical and cyber situational awareness capability * understand cascading consequences of infrastructure failures * mature public-private partnerships * update the National Infrastructure Protection Plan * develop comprehensive research and development plan The nation's critical infrastructure provides the essential services that underpin American society and serve as the backbone of our nation's economy, security, and health. We know it as the power we use in our homes, the water we drink, the transportation that moves us, the stores we shop in, and the communication systems we rely on to stay in touch with friends and family. Overall, there are 16 critical infrastructure sectors that compose the assets, systems, and networks, whether physical or virtual, so vital to the United States that their incapacitation or destruction would have a debilitating effect on security, national economic security, national public health or safety, or any combination thereof. The National Protection and Programs Directorate's Office of Infrastructure Protection (IP) leads the coordinated national effort to manage risks to the nation's critical infrastructure and enhance the security and resilience of America's physical and cyber infrastructure. Clearly, government and businesses alike all need to dedicate more resources to becoming more cyber-vigilant towards anticipating, protecting, and responding to potential and future cyber attacks. Complex Interactions With Limited Corresponding Government - Industry Expertise & Accountability

5 Cyber risks impacts energy critical infrastructure
Threat Map for the Energy Sector Let’s consider one of the 16 sectors that seems to be getting a lot of attention these days in the wake of Maria and the destruction and damage caused from natural sources. When I hear the projections of how long it will take to rebuild the PR infrastructure, it helps me to grasp the reality of how vulnerable and reliant we all are on our energy sources. Here is an example of a recent attack against an electrical grid that happened in the Ukraine.: In Dec 2015 a presumed Russian cyber attacker successfully seized control of an energy control center in Western Ukraine that left more than 230K people without power for up to 6 hours. This marked the first time a cyber weapon was successfully used against a nation’s power grid. The attackers were very skilled who carefully planned their attack over many months, first doing reconnaissance to study networks and siphon operator credentials, then launching a synchronized assault. The attackers overwrote firmware on critical devices at 16 different substations, leaving them unresponsive to remote commands from operators. From what is known about the attack, the experts feel that they could have left the system permanently inoperable, but they didn't. Some speculate that it was a message from Russia not to pursue pending power plant legislation. Others feel it was a “dry run” for a future attack. Legend: Source:

6 Healthcare Cyber Attack Trends: 2015 - 2019
Medical and personal information theft due to healthcare provider data breachers will impact 1/13 patients 25M patients will have their medical information stolen 6M patients will become victims of medical identify theft 4M patients will pay out of pocket costs related to medical identity theft What about the healthcare sector? This chart shows cyber attack trends over a 5 year period. 25M patients will shave their medical information stolen. 6M patients will become victims of medical identify theft. 4M will pay out of pocket costs related to medical identity theft. What about the technologies that run our modern hospitals and treatment facilities? Can you imagine the impact of our health institutions if they were victims of cyber attacks that took down their ability to provide critical and life saving healthcare to millions of patients across the country? Scary – isn’t it?

7 Source: http://www. securitymea

8 Defense Department Cyber spending
From 2015 – 2020, the current planned expenditures within the DoD is ~$37B. The majority of that spending will be in cyberspace operations and IA. A much smaller amount will be spent by USCybercom and S&T funding (research). Is it enough? How does this compare to conventional defense spending? In 2017, the planned DoD spend plan was $598B – for one year. That means that in terms of defense spending, <1% of all DoD spending goes to Cyber related activities. Defense Department Cyber spending

9 STUXNET: one of the world’s first digital weapons
A malicious computer worm first identified in Infiltrated tht entered the computer system at a uranium enrichment facility via a removable USB memory stick. Targets industrial computer systems and was responsible for causing substantial damage to Iran’s nuclear program Stuxnet reportedly compromised Iranian programmable logic controllers and caused the fast-spinning centrifuges to tear themselves apart Prohibited the manufacturing of uranium STUXNET Destroyed Manufacturing Equipment Connected to a Secure, Closed Network

Download ppt "Cyber Criminals and the Potential for Cyber War"

Similar presentations

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.
Idaho Critical Infrastructure and Key Resources Protection Program and Fusion Center Brief.

Idaho Critical Infrastructure and Key Resources Protection Program and Fusion Center Brief.
© 2013 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual.

© 2013 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual.
DoD and Cyber-Terrorism Eric Fritch CPSC 620. What is cyber-terrorism? The premeditated, politically motivated attack against information, computer systems,

DoD and Cyber-Terrorism Eric Fritch CPSC 620. What is cyber-terrorism? "The premeditated, politically motivated attack against information, computer systems,
National Infrastructure Protection Plan

National Infrastructure Protection Plan
STOP.THINK.CONNECT™ NATIONAL CYBERSECURITY AWARENESS CAMPAIGN SMALL BUSINESS PRESENTATION.

STOP.THINK.CONNECT™ NATIONAL CYBERSECURITY AWARENESS CAMPAIGN SMALL BUSINESS PRESENTATION.
Cyber Security and the Smart Grid George W. Arnold, Eng.Sc.D. National Institute of Standards and Technology (NIST) U.S. Department of Commerce

Cyber Security and the Smart Grid George W. Arnold, Eng.Sc.D. National Institute of Standards and Technology (NIST) U.S. Department of Commerce
A Cyber Security Company June 16, 2009 Cyber Security: Current Events and White House Cyberspace Policy Review.

A Cyber Security Company June 16, 2009 Cyber Security: Current Events and White House Cyberspace Policy Review.
South Carolina Cyber.

South Carolina Cyber.
Global Information Security Issues According to the E&Y Global Survey, Managers Say the Right Thing… –90% of 1400 companies surveyed in 66 countries say.

Global Information Security Issues According to the E&Y Global Survey, Managers Say the Right Thing… –90% of 1400 companies surveyed in 66 countries say.
DuWayne Aikins Information Security Forum May 21, 2015 Cyber, A Militarized Domain: What is Means to Texas.

DuWayne Aikins Information Security Forum May 21, 2015 Cyber, A Militarized Domain: What is Means to Texas.
Resiliency Rules: 7 Steps for Critical Infrastructure Protection.

Resiliency Rules: 7 Steps for Critical Infrastructure Protection.
The Financial Impact of Cyber Security 50 Questions Every CFO Should Ask A publication of the American National Standards Institute and the Internet Security.

The Financial Impact of Cyber Security 50 Questions Every CFO Should Ask A publication of the American National Standards Institute and the Internet Security.
Isdefe ISXXXX-090000-1XX 5.10.2010 Your best ally Panel: Future scenarios for European critical infrastructures protection Carlos Martí Sempere. Essen.

Isdefe ISXXXX XX Your best ally Panel: Future scenarios for European critical infrastructures protection Carlos Martí Sempere. Essen.
IAEA International Atomic Energy Agency IAEA Nuclear Security Programme Enhancing cybersecurity in nuclear infrastructure TWG-NPPIC – IAEA May 09 – A.

IAEA International Atomic Energy Agency IAEA Nuclear Security Programme Enhancing cybersecurity in nuclear infrastructure TWG-NPPIC – IAEA May 09 – A.
Critical Infrastructure Protection Overview Building a safer, more secure, more resilient America The National Infrastructure Protection Plan, released.

Critical Infrastructure Protection Overview Building a safer, more secure, more resilient America The National Infrastructure Protection Plan, released.
The NIGF CONFERENCE © 2013 ADDRESSING THE VULNERABILITY OF CRITICAL ICT INFRASTRUCTURE by Ernest Ndukwe, OFR Chairman Openmedia Communications Ltd 18 th.

The NIGF CONFERENCE © 2013 ADDRESSING THE VULNERABILITY OF CRITICAL ICT INFRASTRUCTURE by Ernest Ndukwe, OFR Chairman Openmedia Communications Ltd 18 th.
Lessons from Stuxnet Matthew McNeill. Quick Overview Discovered in July 2011 Sophisticated worm - many zero-day exploits, Siemens programmable logic controller.

Lessons from Stuxnet Matthew McNeill. Quick Overview Discovered in July 2011 Sophisticated worm - many zero-day exploits, Siemens programmable logic controller.
Cyber Insecurity Under Attack Cyber Security Past, present and future Patricia Titus Chief Information Security Officer Unisys Corporation.

Cyber Insecurity Under Attack Cyber Security Past, present and future Patricia Titus Chief Information Security Officer Unisys Corporation.
The Challenging Landscape of Critical Information Infrastructure: Are We Ready? Leonard Bailey Senior Counsel Computer Crime & Intellectual Property Section.

The Challenging Landscape of Critical Information Infrastructure: Are We Ready? Leonard Bailey Senior Counsel Computer Crime & Intellectual Property Section.

Similar presentations

Ads by Google