Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 James Houghton Michael Siegel Advancing Cybersecurity Using System Dynamics Simulation Modeling For Analyzing & Disrupting Cybercrime Ecosystem & Vulnerability.

Published byAja Leadley Modified over 10 years ago

Similar presentations

Presentation on theme: "1 James Houghton Michael Siegel Advancing Cybersecurity Using System Dynamics Simulation Modeling For Analyzing & Disrupting Cybercrime Ecosystem & Vulnerability."— Presentation transcript:

1 1 James Houghton Michael Siegel Advancing Cybersecurity Using System Dynamics Simulation Modeling For Analyzing & Disrupting Cybercrime Ecosystem & Vulnerability Markets Interdisciplinary Consortium for Improving Critical Infrastructure Cybersecurity (IC) 3 3 Sept 2014

2 Resolving Emergent Issues In Cyber Security: Vulnerability Markets

3 How do white markets influence black market pricing? An exploit’s price factors in both how widely the target software is used as well as the difficulty of cracking it. Greenberg - Forbes Black Market (Forbes 2012) White Market (2014) IOS$100k-$250k$0k Android$30k-$60k$0.5k – $3.1k MS Windows$60k-$120k$50-$100k Internet Explorer$80k-$200k11k

4 What is the lifecycle of cybercrime? ‘Selling a bug to the Russian mafia guarantees it will be dead in no time, and they pay very little money … They monetize exploits in the most brutal and mediocre way possible…’ -Grugq, third party broker Greenberg, Forbes ‘We are setting aside a $100K budget to purchase browser and browser plug-in vulnerabilities, which are going to be used exclusively by us, without being released to public’ -Paunch, Author of Blackhole, Jan ‘13 Krebs on Security Data from Microsoft Security Bulletins, Krebs on Security Vulnerability Budget

5 How do bug bounty programs influence vulnerability supply? Bounty Evolution: $100,000 for New Mitigation Bypass Techniques Wanted Dead or Alive “Microsoft is announcing the first evolution of its bounty programs, first announced in June of 2013. We are expanding the pool of talent who can participate and submit novel mitigation bypass techniques and defensive ideas to include responders and forensic experts who find active attacks in the wild.” - Katie Moussouris, BlueHat Blog

6

7 How does State investment in cyber capability influence foreign behavior? “The Chinese are conducting espionage on a massive scale. [If we] ban sales of … exploits to the U.S. and European allies … the only possible outcome is that the Chinese will increase their internal production and skills and the…West will fall behind.” -Grugq, third party broker Greenberg, Forbes

8 Cyber Security Challenge: Resolving Problems As Part Of A Larger System White/Black Market Competition State Actor Market Influence Cyber Crime Lifecyle Bug Bounty Vulnerability Supply

9 Summary Cybersecurity solutions require a holistic approach Systems modeling considers, behavior, management, policy and technology The case of patching and software quality provide insights into timing and approaches Bug bounty programs and vulnerability markets have significant effect on security and the cyber ecosystem 9

Download ppt "1 James Houghton Michael Siegel Advancing Cybersecurity Using System Dynamics Simulation Modeling For Analyzing & Disrupting Cybercrime Ecosystem & Vulnerability."

Similar presentations

Armour and Protection Science and Technology Centre June 2013

Armour and Protection Science and Technology Centre June 2013
SET Plan conference 2013 Session 4: Support the market roll-out of innovative solutions Access to risk finance under Horizon 2020 8 May 2013 Martin KOCH.

SET Plan conference 2013 Session 4: Support the market roll-out of innovative solutions Access to risk finance under Horizon May 2013 Martin KOCH.
When you have completed your study of this chapter, you will be able to C H A P T E R C H E C K L I S T Explain how banks create money by making loans.

When you have completed your study of this chapter, you will be able to C H A P T E R C H E C K L I S T Explain how banks create money by making loans.
SSE14 – Students will explain the Characteristics of Pure Competition You have to --- –Know what pure competition is. –Understand How it works. Buyers.

SSE14 – Students will explain the Characteristics of Pure Competition You have to --- –Know what pure competition is. –Understand How it works. Buyers.
AFCEA DC Cyber Security Symposium Military Joint Cyber Command Panel Harry Raduege Lieutenant General, USAF (Ret) Chairman, Center for Network Innovation.

AFCEA DC Cyber Security Symposium Military Joint Cyber Command Panel Harry Raduege Lieutenant General, USAF (Ret) Chairman, Center for Network Innovation.
James D. Brown Chief Engineer and Senior Fellow Information Resource Management L-3 Communications.

James D. Brown Chief Engineer and Senior Fellow Information Resource Management L-3 Communications.
Trade Promotion Management Study Summary Charts 2012-2013.

Trade Promotion Management Study Summary Charts
Crops Choice Info sheets. Peas Cost of seed: £500 Expected selling price: £10 000 Selling price will increase by 20% if product is farmed organically.

Crops Choice Info sheets. Peas Cost of seed: £500 Expected selling price: £ Selling price will increase by 20% if product is farmed organically.
1 NEST New and emerging science and technology EUROPEAN COMMISSION - 6th Framework programme : Anticipating Scientific and Technological Needs.

1 NEST New and emerging science and technology EUROPEAN COMMISSION - 6th Framework programme : Anticipating Scientific and Technological Needs.
©2014 Bit9. All Rights Reserved The Evolution of Endpoint Security: Detecting and Responding to Malware Across the Kill Chain Mary Ann Fitzsimmons Regional.

©2014 Bit9. All Rights Reserved The Evolution of Endpoint Security: Detecting and Responding to Malware Across the Kill Chain Mary Ann Fitzsimmons Regional.
Energy and Foreign Policy

Energy and Foreign Policy
Strategy Review Meeting Strategy Review Meeting

Strategy Review Meeting Strategy Review Meeting
Finding vulnerabilities in your software before attackers do Supported by Her Majesty’s Government and U.S. Department of Homeland Security, Science &

Finding vulnerabilities in your software before attackers do Supported by Her Majesty’s Government and U.S. Department of Homeland Security, Science &
1 Michael Siegel James Houghton Advancing Cybersecurity Using System Dynamics Simulation Modeling For System Resilience, Patching, and Software Development.

1 Michael Siegel James Houghton Advancing Cybersecurity Using System Dynamics Simulation Modeling For System Resilience, Patching, and Software Development.
Classification The Threat Environment Joyce Corell, NCSC Assistant Director for Supply Chain National Defense Industrial Association Global Supply Chain.

Classification The Threat Environment Joyce Corell, NCSC Assistant Director for Supply Chain National Defense Industrial Association Global Supply Chain.
USING EMET TO DEFEND AGAINST TARGETED ATTACKS PRESENTED BY ROBERT HENSING – SENIOR CONSULTANT – MICROSOFT CORPORATION MICHAEL MATTES – SENIOR CONSULTANT.

USING EMET TO DEFEND AGAINST TARGETED ATTACKS PRESENTED BY ROBERT HENSING – SENIOR CONSULTANT – MICROSOFT CORPORATION MICHAEL MATTES – SENIOR CONSULTANT.
Addressing Terrorist Use of the Internet, Cyber Crime and Other Threats: National Expert Workshop Forging a Comprehensive Approach to Cyber Security Richard.

Addressing Terrorist Use of the Internet, Cyber Crime and Other Threats: National Expert Workshop Forging a Comprehensive Approach to Cyber Security Richard.
David Flournoy Bit9 Mid-Atlantic Regional Manager

David Flournoy Bit9 Mid-Atlantic Regional Manager
Cyber Resilience Simon Onyons Financial Stability – Resilience Team.

Cyber Resilience Simon Onyons Financial Stability – Resilience Team.
Security Offering. Cyber Security Solutions 2 Assessment Analysis & Planning Design & Architecture Development & Implementation O&M Critical Infrastructure.

Security Offering. Cyber Security Solutions 2 Assessment Analysis & Planning Design & Architecture Development & Implementation O&M Critical Infrastructure.

Similar presentations

Ads by Google