Presentation is loading. Please wait.

Presentation is loading. Please wait.

In the Crossfire International Cooperation and Computer Crime Stewart Baker.

Published byElfreda Bates Modified over 9 years ago

Similar presentations

Presentation on theme: "In the Crossfire International Cooperation and Computer Crime Stewart Baker."— Presentation transcript:

1 In the Crossfire International Cooperation and Computer Crime Stewart Baker

2 1815 1816 Waterloo Mt. Tambora

3 1817

4 6 th century BC

5 Stability and speed Stability Speed A B C

6 What Point B Looks Like

7 Stability and speed Stability Speed A B C

8 What Point C Looks Like

9 Have we reached Point C for information technology? What the CSIS report found

10 Summary Attacks are already heavy Adoption of security measures lags The many roles of governments – Regulator – Policeman – Attacker

11 1. Attacks are already heavy 60% reported theft-of-service cyberattacks – Low: Germany, UK (42%) – High: India (83%), Brazil (77%), France (76%) 29% reported multiple large-scale denial of service attacks each month, and nearly two-thirds of those reported an impact on operations – High: France (60%), India (50%) 89% report infection with viruses or other malware 70+% report a wide range of other attacks – E.g., phishing and pharming. More sophisticated attacks like DNS poisoning or SQL injection are less common, but still widespread – more than half of respondents report these attacks

12 2. Adoption of security measures lags behind the threat Basic, key security measures are not widely adopted – Fewer than 60% patched and updated software on a regular schedule – User name and password the most common form of login/authentication – more than three-quarters of SCADA/ICS systems are connected to an IP network or the Internet nearly half of those admitted that these connections create unresolved security issues Security measure adoption rates vary widely by country

13 Security measure adoption rate More than two dozen different security measures -- technologies, policies and procedures Security Information and Event Management tools Network access control measures Intrusion prevention systems Database security and access controls Data leak prevention tools Intrusion detection systems Firewalls to public network Firewalls between systems Application whitelisting Role and activity anomaly detection Standardized desktop Use threat monitoring service Encryption for – Online transmission to network Laptop hard drives Individual emails Data in databases Data while in network storage Tapes, portable media Authentication by – User name and password Token Biometrics Regular patches and updates Threat information sharing Restrict or ban USB sticks

14 China leads in adopting security measures

15 3. The many roles of governments Regulators – Regulation seen as generally positive 74% have implemented new measures as a result of regulation 58% say regulation has “sharpened policy and improved security” 28% say it has “diverted resources from improving security to recording/reporting incidents or other forms of compliance” – Audit frequency varies widely Policemen – Widespread skepticism about governments’ ability to protect networks Attackers, infiltrators and adversaries

16 Regulator: auditing to enforce compliance varies widely

17 Policeman: Little faith in laws against cyber- attack

18 Attacker: 60% believe governments are already attacking their country

19 Attacker: Many report government-style attacks Half report “stealthy infiltration by high-level adversary … like in Ghostnet” Half report DDOS attacks by “high-level adversaries” including governments:

20 Attacker: United States and China are most feared; Russia is third

21 China the outlier Chinese executives report -- – Uniquely close cooperation with officials – High levels of regulation and auditing – Very robust confidence in government – Much higher adoption of security measures China is taking concerted steps to bolster its industries’ defenses Are the steps effective? – Chinese companies report low to average levels of attack and damage – China does appear better protected than other large developing countries, such as India and Brazil

22 Changing the Trajectory

23 Is there a broader solution? Deterrence depends on attribution – Attribution is not possible today – Can’t depend on international cooperation as long as attribution is not possible – Technology has been tilted against attribution An end to anonymity on the serious Internet? – Code – Devices – Routing

24 The End

Download ppt "In the Crossfire International Cooperation and Computer Crime Stewart Baker."

Similar presentations

The Whole/Hole of Security Public (DoD) v. Corporate Carl Bourland US Army Judge Advocate Generals Corps.

The Whole/Hole of Security Public (DoD) v. Corporate Carl Bourland US Army Judge Advocate Generals Corps.
INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.
Ethics, Privacy and Information Security

Ethics, Privacy and Information Security
1© Copyright 2011 EMC Corporation. All rights reserved. Anatomy of an Attack.

1© Copyright 2011 EMC Corporation. All rights reserved. Anatomy of an Attack.
Introducing WatchGuard Dimension. Oceans of Log Data The 3 Dimensions of Big Data Volume –“Log Everything - Storage is Cheap” –Becomes too much data –

Introducing WatchGuard Dimension. Oceans of Log Data The 3 Dimensions of Big Data Volume –“Log Everything - Storage is Cheap” –Becomes too much data –
1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.

1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.
Current Security Threats WMO CBS ET-CTS Toulouse, France 26-30 May 2008 Allan Darling, NOAA’s National Weather Service WMO CBS ET-CTS Toulouse, France.

Current Security Threats WMO CBS ET-CTS Toulouse, France May 2008 Allan Darling, NOAA’s National Weather Service WMO CBS ET-CTS Toulouse, France.
1 Telstra in Confidence Managing Security for our Mobile Technology.

1 Telstra in Confidence Managing Security for our Mobile Technology.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Qualitative.

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Qualitative.
Contact Center Security Strategies Grant Sainsbury Practice Director, Dimension Data.

Contact Center Security Strategies Grant Sainsbury Practice Director, Dimension Data.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
Factors to be taken into account when designing ICT Security Policies

Factors to be taken into account when designing ICT Security Policies
Developing a Security Policy Chapter 2. Learning Objectives Understand why a security policy is an important part of a firewall implementation Determine.

Developing a Security Policy Chapter 2. Learning Objectives Understand why a security policy is an important part of a firewall implementation Determine.
Comptroller of the Currency Administrator of National Banks E- Security Risk Mitigation: A Supervisor’s Perspective Global Dialogue World Bank Group September.

Comptroller of the Currency Administrator of National Banks E- Security Risk Mitigation: A Supervisor’s Perspective Global Dialogue World Bank Group September.
The Difficult Road To Cybersecurity Steve Katz, CISSP Security Risk Solutions 631-692-5175 Steve Katz, CISSP Security.

The Difficult Road To Cybersecurity Steve Katz, CISSP Security Risk Solutions Steve Katz, CISSP Security.
Lecture 11 Electronic Business (MGT-485). Recap – Lecture 10 Transaction costs Network Externalities Switching costs Critical mass of customers Pricing.

Lecture 11 Electronic Business (MGT-485). Recap – Lecture 10 Transaction costs Network Externalities Switching costs Critical mass of customers Pricing.
New Data Regulation Law 201 CMR 17.00. TJX Video.

New Data Regulation Law 201 CMR TJX Video.

Similar presentations

Ads by Google