Presentation is loading. Please wait.

Presentation is loading. Please wait.

Property of Argo Pacific Pty Ltd Cyber Security Threats Dr Paul Twomey The Lowy Institute for International Policy 8 September 2010 0.

Similar presentations


Presentation on theme: "Property of Argo Pacific Pty Ltd Cyber Security Threats Dr Paul Twomey The Lowy Institute for International Policy 8 September 2010 0."— Presentation transcript:

1 Property of Argo Pacific Pty Ltd Cyber Security Threats Dr Paul Twomey The Lowy Institute for International Policy 8 September 2010 0

2 Property of Argo Pacific Pty Ltd What is the Internet? Three layers All have vulnerabilities 1

3 Property of Argo Pacific Pty Ltd 2 The Transit Layer

4 Property of Argo Pacific Pty Ltd 3

5 The Application Layer 4 Source: Olaf Kolkman, Internet Architecture Board

6 Property of Argo Pacific Pty Ltd 5 And while we have been going from this…

7 Property of Argo Pacific Pty Ltd 6

8 Spectrum of Risk 1.Messaging 2. Storing Information 3. Transactional systems 4. Technology Integration 5. Fully Integrated information based Business Degree of Data Digitization Business has been aggregating data and risk at an unprecedented rate…

9 Property of Argo Pacific Pty Ltd And our physical infrastructure has become intertwined and reliant on our cyber infrastructure Source: DHS, "Securing the Nation’s Critical Cyber Infrastructure

10 Property of Argo Pacific Pty Ltd We have developed the myth that technology can be an effective fortress – we can have security 9 Traditional focus on: Better Firewalls Boundary Intrusion Detection Critical Offsite Capacity Compliance Certification False myths: IT staff = security staff Compliance failure is the main source of risk Being compliant = being safe

11 Property of Argo Pacific Pty Ltd But this concept of security is false – the Internet is fundamentally open Facts: We don’t know what’s on our own nets What’s on our nets is bad, and existing practices aren’t finding everything Threat is in the “interior” Threat is faster than the response “Boundaries” are irrelevant We don’t know what is on our partner’s nets nor on the points of intersection Compromises occur despite defenses Depending on the motivation behind any particular threat, it can be a nuisance, costly or mission threatening Global Internet 10 The critical capability it do develop real time response and resiliency

12 Property of Argo Pacific Pty Ltd Some types of Cyber Threats TypeMotivationTargetMethod Information Warfare Military or political dominance Critical infrastructure, political and military assets Attack, corrupt, exploit, deny, conjoint with physical attack Cyber EspionageGain of intellectual Property and Secrets Governments, companies, individuals Advanced Persistent Threats Cyber CrimeEconomic gainIndividuals, companies, governments Fraud, ID theft, extortion, Attack, Exploit CrackingEgo, personal enmity Individuals, companies, governments Attack, Exploit HactivismPolitical changeGovernments, Companeis Attack, defacing Cyber TerrorPolitical changeInnocent victims, recruiting Marketing, command and control, computer based voilence 11 Source: analysis, Dr Irv Lachov

13 Property of Argo Pacific Pty Ltd Cyber crime and cyber espionage are having real impacts Estimated $1 Trillion of intellectual property stolen each year (Gartner & McAfee, Jan 20 09) Cybercrime up 53% in 2008 (McAfee) Topped $20 Billion at financial institutions Reported cyber attacks on U.S. government computer networks climbed 40% in 2008 Sensitive records of 45,000 FAA workers breached (Feb 09) Chinese stole design secrets of all U.S. nuclear weapons (Michelle Van Cleave) U.S. nuclear weapons lab is missing 69 computers (Feb 09) Cost to repair average 2008 data breach = $6.6 Million 12 Source: Report of the CSIS Commission on Cybersecurity for the 44th Presidency

14 Property of Argo Pacific Pty Ltd Critical infrastructure and cyber attack Infrastructure vulnerable to cyber attack – Power grid – Water – Communications – Banking, etc. Little barrier to skilled attackers Software protections not current with today’s threats Coordinated physical and cyber attack strategies could cripple critical infrastructure 13 Source: Brenton Greene, Northrop Grumman

15 Property of Argo Pacific Pty Ltd Corporate Brands Under Attack U.S. companies have lost billions in intellectual property to cyber A third of companies surveyed said a major security breach could put them out of business Terrorists finance their operations Heartland Payment Systems (HPY) suffered an intrusion that compromised at least 130 million consumer cards 14 Source: Brenton Greene, Northrop Grumman

16 Property of Argo Pacific Pty Ltd The total cost of a data breach continues to rise. Direct and Indirect data breach costs US$ costs per record 15 Source: The Ponemon Institute Direct Cost: e.g. engaging forensic experts, outsourced hotline support, free credit monitoring subscriptions, and discounts for future products and services. Indirect Costs: e.g. in-house investigations and communication, and the value of customer loss resulting from churn or diminished acquisition rates.

17 Property of Argo Pacific Pty Ltd The biggest cost growth is the churn of customers affected or influenced by the breach Over the past four years lost business costs, created by abnormal churn or turnover of customers, grew by more than $64 on a per victim basis, or a 38% overall percentage increase. Organizations in highly trusted industries such as banking, pharmaceuticals and healthcare are more likely to experience high abnormal churn rates following a data breach compared to retailers and companies with less direct consumer contact. 16 Component of Cost of data breach on a per victim basis US$

18 Property of Argo Pacific Pty Ltd This is an international problem 17

19 Property of Argo Pacific Pty Ltd Extortion Loss of intellectual property/data Potential for disruption As part of cyber conflict (i.e. Estonia) As target of cyber protest (i.e. anti-globalization) Potential accountability for misuse (i.e. botnets) Potential for data corruption Terrorism Cyber risks are an increasing threat to sources of enterprise capability and brand competitiveness Now Emerging Now Future Emerging Phishing and pharming driving increased customer costs, especially for financial services sector DDOS extortion attacks National security information/export controlled information Sensitive competitive data Sensitive personal/customer data eBusiness and internal administration Connections with partners Ability to operate and deliver core services Reputational hits; legal accountability Impact operations or customers through data DDOS and poisoning attacks Focused attacks coordinated with physical attacks 18

20 Property of Argo Pacific Pty Ltd Attacks are increasingly easy to conduct Email propagation of malicious code “Stealth”/advanced scanning techniques Widespread attacks using NNTP to distribute attack Widespread attacks on DNS infrastructure Executable code attacks (against browsers) Automated widespread attacks GUI intruder tools Hijacking sessions Internet social engineering attacks Packet spoofing Automated probes/scans Widespread denial-of-service attacks Techniques to analyze code for vulnerabilities without source code DDoS attacks Increase in worms Sophisticated command and control Anti-forensic techniques Home users targeted Distributed attack tools Increase in wide-scale Trojan horse distribution Windows-based remote controllable Trojans (Back Orifice) Skill level needed by attackers 1990 2008 Source: SE/CERT CC Attack sophistication 19 Drivers: fear and impact

21 Property of Argo Pacific Pty Ltd Recent Incidents: Rise of the Professionals 20

22 Property of Argo Pacific Pty Ltd Recent Incidents: Rise of the Professionals F-35: WSJ article: “Computer spies have broken into the Pentagon's $300 billion Joint Strike Fighter project -- the Defense Department's costliest weapons program ever -- according to current and former government officials familiar with the attacks”... China suspected Google: Internet search company reveals existence of large-scale computer intrusions, apparently coming from China with some support from the state US Electrical System: WSJ article: “Cyberspies have penetrated the U.S. electrical grid and left behind software programs that could be used to disrupt the system” … Russia and China suspected Optus: In April 2010, customers of Optus, its partner internet service providers, and a number of major corporate customers suffered traffic degradation as a result of a distributed denial of service attack sourced from China and aimed at a large, unnamed Optus financial services customer. 21

23 Property of Argo Pacific Pty Ltd Recent Incidents: Rise of the Professionals Estonia: As part of unrest and pro-Russian riots in Tallinn, the Internet-embracing nation undergoes massive online attacks from ethnic Russians Zeus Trojan: Zeus Trojan, capable of defeating the one-time password systems used in the finance sector, targets commercial bank accounts and has gained control of more than 3 million computers, just in the US Mariposa: "botnet" of infected computers included PCs inside more than half of the Fortune 1,000 companies and more than 40 major banks 22

24 Property of Argo Pacific Pty Ltd Mass-scale hacking It's ROI focused.. It's not personal. Automated attacks against mass targets, not specific individuals. It's multilayer. Each party involved in the hacking process has a unique role and uses a different financial model. It's automated. Botnets exploit vulnerabilities and extract valuable data, conduct brute force password attacks, disseminate spam, distribute malware and manipulate search engine results. Common attack types include: Data theft or SQL injections. Business logic attacks. Denial of service attacks. 23 Source: Amichai Shulman

25 Property of Argo Pacific Pty Ltd Advanced Persistent Threats It's very personal. The attacking party carefully selects targets based on political, commercial and security interests. Social engineering is often employed. It's persistent. If the target shows resistance, the attacker will not leave, but rather change strategy and deploy a new type of attack against the same target. Control focused. APTs are focused on gaining control of crucial infrastructure, such as power grids and communication systems. APTs also target data comprised of intellectual property and sensitive national security information. It's automated, but on a small scale. Automation is used to enhance the power of an attack against a single target, not to launch broader multi-target attacks. It's one layer. One party owns and controls all hacking roles and responsibilities. 24 Source: Amichai Shulman

26 Property of Argo Pacific Pty Ltd Started on April 27, 2007 and this attacks last about 3 weeks. Series of attacks targeting government portals, parliament portal, banks, ministries, newspapers and broadcasters of Estonia. Estonians claimed this attacks as a political attack or revenge from Russians for the moving of a WWII memorial. Cyber warfare?: Estonia cyber attacks Source: Presentation to Africa Asia Forum on Network Research & Engineering workshop, Dakar, Senegal, 23 November 2009

27 Property of Argo Pacific Pty Ltd Weeks of cyber attacks followed, targeting government and banks, ministries, newspapers and broadcasters Web sites of Estonia. Some attacks took the form of distributed denial of service (DDoS) attacks (using ping floods to expensive rentals of botnets). 128 unique DDOS attacks (115 ICMP floods, 4 TCP SYN floods and 9 generic traffic floods). Used hundreds or thousands of "zombie" computers and pelted Estonian Web sites with thousands of requests a second, boosting traffic far beyond normal levels. Attacker commanding other computers to bombard a web site with requests for data, causing the site to stop working. How the attacks took place Source: Presentation to Africa Asia Forum on Network Research & Engineering workshop, Dakar, Senegal, 23 November 2009

28 Property of Argo Pacific Pty Ltd The attack heavily affected infrastructures of all network:  Routers damaged.  Routing tables changed.  DNS servers overloaded.  Email servers mainframes failure, and etc. How the attack took place … Source: Presentation to Africa Asia Forum on Network Research & Engineering workshop, Dakar, Senegal, 23 November 2009

29 Property of Argo Pacific Pty Ltd Inoperability of the following state and commercial bodies:  The Estonian presidency and its parliament.  Almost all of the country’s government ministries.  Political parties.  Three news organizations.  Two biggest banks and communication’s firms.  Governmental ISP.  Telecom companies. Impact Source: Presentation to Africa Asia Forum on Network Research & Engineering workshop, Dakar, Senegal, 23 November 2009

30 Property of Argo Pacific Pty Ltd Estonia's Computer Emergency Response Team (CERT) acted as a coordinating unit, concentrating its efforts on protecting the most vital resources. Closing down the sites under attacked to foreign internet addresses and keep the sites only accessible to domestic users. Cutting 99% of bogus traffic which was originated outside Estonia. Implemented an online "diversion" strategy that made attackers hack sites that had already been destroyed. Implemented advanced filters to the traffic, then Cisco Guard was installed to lower malicious traffic. How did Estonia respond? Source: Presentation to Africa Asia Forum on Network Research & Engineering workshop, Dakar, Senegal, 23 November 2009

31 Property of Argo Pacific Pty Ltd Identification and further blockade of bots from root DNS servers. CERT persuaded ISPs around the world to blacklist attacking computers which overwhelm Estonia’s bandwidth. Germany, Slovakia, Latvia, Lithuania, Italy and Spain supported and funded CERT the hub in the Estonian capital Tallinn to protect the security. Block all.ru domain. The president gave up his own website and let them continue to attack it so that they would not be able to destroying more critical things. Response included much help from others Source: Presentation to Africa Asia Forum on Network Research & Engineering workshop, Dakar, Senegal, 23 November 2009

32 Property of Argo Pacific Pty Ltd The Estonian CERT analyze server logs and data to find out who is behind the attacks. NATO assisted Estonia in combating the cyber attacks and has voted to work with member governments to improve cyber security. NATO's new cyber-warfare center will be based in Tallinn. Estonia called in July 2008 for an international convention on combating computer-based attacks. International impact Source: Presentation to Africa Asia Forum on Network Research & Engineering workshop, Dakar, Senegal, 23 November 2009

33 Property of Argo Pacific Pty Ltd State Actors Definition: Nation States who engage in one or more types of cyber operations Russian FederationKyrgyzstan UkraineEstonia GeorgiaIngushetia Peoples Republic of China Taiwan IsraelIran Palestinian National Authority (Hamas) Myanmar (Burma) U.S.Turkey PakistanGermany ZimbabweAustralia Source Jeffrey Carr, GreyLogic So who can do this?

34 Property of Argo Pacific Pty Ltd State-Sponsored Actors Definition: Non-state actors who are engaged by States to perform one or more types of cyber operations. Partial list of States known to or suspected of sponsoring Actors Russian Federation Peoples Republic of China Turkey Iran United States Myanmar Israel Source Jeffrey Carr, GreyLogic

35 Property of Argo Pacific Pty Ltd Non-State Actors Definition: Non-state actors who engage in cyber crime and/or patriotic hacking (aka hacktivists) Too numerous too list Source Jeffrey Carr, GreyLogic

36 Property of Argo Pacific Pty Ltd War by proxy? Kremlin Kids: We Launched the Estonian Cyber War By Noah ShachtmanNoah Shachtman March 11, 2009 | Wired.com Like the online strikes against Georgia, the origins of the 2007 cyber attacks on Estonia remain hazy. Everybody suspects the Russian government was somehow behind the assaults; no one has been able to prove it. At least so far. A pro-Kremlin youth group has taken responsibility for the network attacks. And that group has a track record of conducting operations on Moscow’s behalf.online strikes against Georgia2007 cyber attacks on Estonia NashiNashi ("Ours") is the "largest of a handful of youth movements created by Mr. Putin’s Kremlin to fight for the hearts and minds of Russia’s young people in schools, on the airwaves and, if necessary, on the streets," according to the New York Times.created by Mr. Putin’s Kremlin Yesterday, one of the group’s "commissars," Konstantin Goloskokov (pictured), told the Financial Times that he and some associates had launched the strikes. "I wouldn’t have called it a cyber attack; it was cyber defense," he said. "We taught the Estonian regime the lesson that if they act illegally, we will respond in an adequate way." He made similar claims, in 2007.he and some associates had launched the strikes similar claims If true, it would be only one in a long string of propaganda drives the group has waged in support of the Kremlin. Not only has Nashi waged intimidation campaigns against the British and Estonian ambassadors to Moscow, and staged big pro-Putin protests. Not only has been it been accused of launching denial-of-service attacks against unfriendly newspapers. Last month, Nashi activist Anna Bukovskaya acknowledged that the group was paid by Moscow to spy on other youth movements. The project, for which she was paid about $1100 per month, included obtaining "videos and photos to compromise the opposition, data from their computers; and, as a separate track, the dispatch of provocateurs," she told a Russian television channel. accused of launching denial-of-service attacksspy on other youth movements 35

37 Property of Argo Pacific Pty Ltd The proliferation of capability into the hacker/criminal world has enabled a blurring of actors and motivations – a major challenge for any future international regime for controlling national state cyber competition Cyber Warfare Cyber Crime Cyber Espionage 36

38 Property of Argo Pacific Pty Ltd Strategic implications Nation-states lose some control over conflict Geopolitical analysis required –Cyber conflict mirrors fighting on ground Attribution and the false flag –Concept: People’sWar Is national security at risk? –As with WMD, defense strategies unclear –As with terrorism, success in media hype 37 Source: Cyberspace and the Changing Nature of Warfare Kenneth Geers Nato Cooperative Cyber Defence Centre of Excellence

39 Property of Argo Pacific Pty Ltd The old rules collide with cyber reality Foreign Relations Law(U.S.): “It is universally recognized, as a corollary of state sovereignty, that officials in one state may not exercise their functions in the territory of another state without the latter's consent.” 38 Source: Cyberspace and the Changing Nature of Warfare Kenneth Geers Nato Cooperative Cyber Defence Centre of Excellence

40 Property of Argo Pacific Pty Ltd Australian Federal government response since 2009 39 Defence Signals Directorate Reveal Their Secrets – Protect Our Own Cyber Security Operations Centre (CSOC) DSD capability that serves all government agencies. Provides government with a comprehensive understanding of cyber threats against Australian interests; coordinates operational responses to cyber events of national importance across government and critical infrastructure. embedded representation from a number of other agencies involved in assessing the threat to, and the protection of, Australian interests from sophisticated threat actors. The CSOC will also assist CERT Australia ASIO Attorney General’s Department CERT Australia work with the private sector in identifying critical infrastructure and systems that are important to Australia’s national interest, based on an assessment of risk, and to provide these organisations with information and assistance to help them protect their information and communication technology infrastructure from cyber threats and vulnerabilities. Sector Progams: banking and finance, control systems telecommunications

41 Property of Argo Pacific Pty Ltd Up to the early 1990s in Australia Government ran government networks. The government ran military networks. The government owned Telecom Australia and OTC. To expect DSD and/or ASIO to play the primary protection role was quite valid. 40

42 Property of Argo Pacific Pty Ltd But today Every business is connected to the Internet. Every business’s network is part of the internet. The capacity to interact with each other is a key part of their risk environment. Telcos, businesses, universities, and households are all connected in different ways. The government now owns a tiny minority of these networks. If there were negligence causing damage, who would be liable? In the 1970s, 80s and even the early 1990s you could make a case that somehow or other the government would end up being the defendant. Today it would be the companies. The big change for boards in Australia is that if somebody wants to bring a negligence action for something that went bad on the network they are more likely to to be liable. Cyber crime and cyber espionage pose increasing risk to the 41

43 Property of Argo Pacific Pty Ltd Cyber crime and cyber espionage pose increasing risk to Operations Reputation Financial performance Competitive position in the market And managing risk is a Board responsibility 42

44 Property of Argo Pacific Pty Ltd THANK YOU 43


Download ppt "Property of Argo Pacific Pty Ltd Cyber Security Threats Dr Paul Twomey The Lowy Institute for International Policy 8 September 2010 0."

Similar presentations


Ads by Google