Cyber: Beyond Cybersecurity - PowerPoint PPT Presentation

Loading...

PPT – Cyber: Beyond Cybersecurity PowerPoint presentation | free to download - id: 4a613f-YTFjZ



Loading


The Adobe Flash plugin is needed to view this content

Get the plugin now

View by Category
About This Presentation
Title:

Cyber: Beyond Cybersecurity

Description:

Cyber: Beyond Cybersecurity Andy Singer AFCEA Hampton Roads November 18, 2008 * * * * * * * * – PowerPoint PPT presentation

Number of Views:165
Avg rating:3.0/5.0
Slides: 21
Provided by: AndyS67
Category:

less

Write a Comment
User Comments (0)
Transcript and Presenter's Notes

Title: Cyber: Beyond Cybersecurity


1
Cyber Beyond Cybersecurity
Andy Singer AFCEA Hampton Roads November 18, 2008
2
its about national competitiveness
  • "Cyber a prefix used to describe a person,
    thing, or idea as part of the computer and
    information age.
  • Taken from kybernetes, Greek for "steersman" or
    "governor," first used in cybernetics, coined
    by Norbert Wiener.

A global domain within the information
environment consisting of the interdependent
network of information technology
infrastructures, including the Internet,
telecommunications networks, computer systems,
and embedded processors and controllers. -- DoD
Definition of Cyberspace
Definitions can be starting points but we cant
wait for the whole Cyber dictionary we have to
keep in mind why we are securing
we have to keep in mind why we are securing what
we are securing
3
There is no denying the strategic importance of
our Nations cyber nervous system
  • Robust and reliable infrastructures fuel economic
    growth, scientific discovery, technological
    innovation, and social development
  • The United States possesses the most extensive,
    interdependent, and complex system of
    infrastructures ever developed by mankind
  • Constructed and cultivated over the course of the
    20th century, these infrastructures represent a
    source of great strength for the United States, a
    strength that continues to fuel the American way
    of life

4
Cyber underpins our complex inter-connected,
interdependent system
Nuclear
Government Facilities
Emergency Services
Energy
Commercial Facilities
National Monuments Icons
Transportation
Agriculture Food
Chemical
Manufacturing
Banking Finance
Telecommunications
Water Systems
Postal Shipping
DIB
Dams
Information Technology
Public Health
5
Cyberspace Whats different?
  • Man-made domain
  • Diverse stakeholderspublic, private and
    government
  • Speed of action and change
  • Transcends physical, organizational and
    geopolitical layers
  • Simultaneous Offense and Defense-favors offense
  • Favors crime espionage
  • Complex Cognitive layer
  • Anonymity

6
Struggling to Comprehend
All of the warfighting domains intersect
At home?
The Perspective of Civil Clients and Commercial
Clients vary greatly by organization
But the Cyberspace Domain is found entirely
within the others
Department of Defense
7
So,What is Cyber? (Today)
cybersecurity steal threat assurance attack
hacker CND crime DDOS malware risk avoidance
defense intrusion money password scam security
serious Layered defense vulnerable Chinese
detection ?rewall patches resilience
statesponsored terrorist untrustworthy CNCI
AntiVirus wild
Primary Characteristics Security Theater,
Adversary focused, Threat based, Anonymity
challenged, Very high ROI for engagement
8
Good old Days
9
Irregular Evolution
10
Complexity and Subtlety Evolution 08
Find the Cyber Weapons Factory and Training
Camp(s)
11
UCP 08 STRATCOM Cyber Responsibilities
  • Opportunities
  • Strategy
  • Cyberspace OPS
  • NetOPS
  • Intelligence
  • Operations
  • Integrating Offense and Defense
  • Fighting through concept
  • Structure
  • Form following function
  • People
  • Beyond CNA, CND and CNE models
  • Planners. Operators, Targeteers, analysts and . .
    .
  • Services, Agencies
  • Synchronizing planning w/COCOMS,
  • GIG OPS and Defense
  • Designated threats
  • Coordinate when cross area effects likely
  • Advocate capabilities
  • Integrating TSC activities w/COCOMs
  • Priority recommendations to SECDEF
  • Plan OPE
  • Execute when directed
  • Synch when crossing COCOM boundaries
  • Execute Cyberspace Operations
  • Meshes with IO and ISR Responsibilities
  • Leading role for newly defined Cyberspace
    Operations

12
Intelligence, IT, Operations and Cyber
  • Moving beyond traditional Cycles
  • New strategy
  • Always on
  • Complexity, Speed and Pervasiveness
  • Near simultaneity of Offense and Defense
  • With Intel throughout
  • Commingling of Intelligence with IT, Operations,
    Assessment from Plans to response to preemption

13
Cyber (contd)
  • New Operations
  • NetOps, OPE, IPB, Contingency and Operations
    Plans in harmony
  • Offense and Defense C2
  • Effects anticipation, measure and adjustments
  • Capability development and advocacy
  • New People
  • Still specialized but interconnected and
    foundational cyber skills
  • Intelligence Operations cadre gatherers and
    analysts with hunting licenses
  • Cyber Intelligence Professional Corps integrated
    with IT and OPS

14
Quickly Needed
  • Operations in Cyberspace Strategy
  • Concept of Operations
  • Strategy
  • Set the tone and direction
  • Cyber People
  • One like minded professional corps
  • 4 Key skill sets
  • Subspecialty needs (Planners, Targeteers)
  • Bring together work in this area (JFCOM,
    Services, NSA and others)

15
It is More than Technology!
Dont get lost in DOTMLPF!
Break the thinking that technology can get us out
of where it got us
16
Uniform cyber protection is fiscally
unrealistic and unnecessary
  • Not every asset faces the same threats nor do
    they possess the same level of vulnerability to
    attack and each poses differing levels of
    consequences
  • Cyber risk varies according to the sectors
    dependence on cyber networks and systems
  • Efforts do not need to be uniform however, cyber
    security must be integrated into systems up front
    and risk management considerations to ensure
    confidentiality, integrity, and availability of
    critical functions and services

He who wants to defend everything defends
nothing. Frederick the Great
17
but there is one very important axiom to keep
in mind with regard to this approach
You manage risk
You build resilience
but
This is the set of daily activities taken by
owner / operators to keep their systems operating
within the established risk profile
This is a set of fundamental changes to the
structure and/or operations of the infrastructure
that improve the risk profile over time
18
The global cyber conflict is one we cant win
unless we change our approach
  • This is a shared issue that requires a shared
    solution
  • No single entity the US federal government
    included can tackle this issue single-handedly
  • We need to break the thinking that technology can
    get us out of where it got us
  • People, Culture, Operations, Management and
    Budgeting, and Policy, Strategy, and Planning are
    as important as technology
  • Use resilience of the critical infrastructure as
    an enabler of a national cyber deterrence
    strategy
  • An improved defense posture may increase the
    costs of executing a cyber attack and reduce or
    eliminate the threat
  • Improved resilience may eliminate the effect of a
    cyber attack and reduce an adversarys motivation
    to launch an attack that will not achieve its
    desired effect
  • Leap to Content Security and Rights Management

19
What is Cyber ? (Tomorrow)
cybersecurity cyber resilience threat upfront
assurance change-game hacker roi steal
tolerance architect Competitiveness attack
build-in and convenience convergence crime dos
malware identity risk management virus wild
avoidance Megacommunity defense intrusion
anticipate money password protect scam security
serious vulnerable Chinese ?rewall patches
sponsored state terrorist untrustworthy
operational advantage detection secure data
overlapping vital interests adaptability
Primary Characteristics Security and
convenience, Environment focused, Risk based,
Accepting anonymity, Reduced ROI for engagement,
Megacommunity
20
You can help change the approach
  • Your thoughts?
About PowerShow.com