Cyber: Beyond Cybersecurity - PowerPoint PPT Presentation


PPT – Cyber: Beyond Cybersecurity PowerPoint presentation | free to download - id: 4a613f-YTFjZ


The Adobe Flash plugin is needed to view this content

Get the plugin now

View by Category
About This Presentation

Cyber: Beyond Cybersecurity


Cyber: Beyond Cybersecurity Andy Singer AFCEA Hampton Roads November 18, 2008 * * * * * * * * – PowerPoint PPT presentation

Number of Views:165
Avg rating:3.0/5.0
Slides: 21
Provided by: AndyS67


Write a Comment
User Comments (0)
Transcript and Presenter's Notes

Title: Cyber: Beyond Cybersecurity

Cyber Beyond Cybersecurity
Andy Singer AFCEA Hampton Roads November 18, 2008
its about national competitiveness
  • "Cyber a prefix used to describe a person,
    thing, or idea as part of the computer and
    information age.
  • Taken from kybernetes, Greek for "steersman" or
    "governor," first used in cybernetics, coined
    by Norbert Wiener.

A global domain within the information
environment consisting of the interdependent
network of information technology
infrastructures, including the Internet,
telecommunications networks, computer systems,
and embedded processors and controllers. -- DoD
Definition of Cyberspace
Definitions can be starting points but we cant
wait for the whole Cyber dictionary we have to
keep in mind why we are securing
we have to keep in mind why we are securing what
we are securing
There is no denying the strategic importance of
our Nations cyber nervous system
  • Robust and reliable infrastructures fuel economic
    growth, scientific discovery, technological
    innovation, and social development
  • The United States possesses the most extensive,
    interdependent, and complex system of
    infrastructures ever developed by mankind
  • Constructed and cultivated over the course of the
    20th century, these infrastructures represent a
    source of great strength for the United States, a
    strength that continues to fuel the American way
    of life

Cyber underpins our complex inter-connected,
interdependent system
Government Facilities
Emergency Services
Commercial Facilities
National Monuments Icons
Agriculture Food
Banking Finance
Water Systems
Postal Shipping
Information Technology
Public Health
Cyberspace Whats different?
  • Man-made domain
  • Diverse stakeholderspublic, private and
  • Speed of action and change
  • Transcends physical, organizational and
    geopolitical layers
  • Simultaneous Offense and Defense-favors offense
  • Favors crime espionage
  • Complex Cognitive layer
  • Anonymity

Struggling to Comprehend
All of the warfighting domains intersect
At home?
The Perspective of Civil Clients and Commercial
Clients vary greatly by organization
But the Cyberspace Domain is found entirely
within the others
Department of Defense
So,What is Cyber? (Today)
cybersecurity steal threat assurance attack
hacker CND crime DDOS malware risk avoidance
defense intrusion money password scam security
serious Layered defense vulnerable Chinese
detection ?rewall patches resilience
statesponsored terrorist untrustworthy CNCI
AntiVirus wild
Primary Characteristics Security Theater,
Adversary focused, Threat based, Anonymity
challenged, Very high ROI for engagement
Good old Days
Irregular Evolution
Complexity and Subtlety Evolution 08
Find the Cyber Weapons Factory and Training
UCP 08 STRATCOM Cyber Responsibilities
  • Opportunities
  • Strategy
  • Cyberspace OPS
  • NetOPS
  • Intelligence
  • Operations
  • Integrating Offense and Defense
  • Fighting through concept
  • Structure
  • Form following function
  • People
  • Beyond CNA, CND and CNE models
  • Planners. Operators, Targeteers, analysts and . .
  • Services, Agencies
  • Synchronizing planning w/COCOMS,
  • GIG OPS and Defense
  • Designated threats
  • Coordinate when cross area effects likely
  • Advocate capabilities
  • Integrating TSC activities w/COCOMs
  • Priority recommendations to SECDEF
  • Plan OPE
  • Execute when directed
  • Synch when crossing COCOM boundaries
  • Execute Cyberspace Operations
  • Meshes with IO and ISR Responsibilities
  • Leading role for newly defined Cyberspace

Intelligence, IT, Operations and Cyber
  • Moving beyond traditional Cycles
  • New strategy
  • Always on
  • Complexity, Speed and Pervasiveness
  • Near simultaneity of Offense and Defense
  • With Intel throughout
  • Commingling of Intelligence with IT, Operations,
    Assessment from Plans to response to preemption

Cyber (contd)
  • New Operations
  • NetOps, OPE, IPB, Contingency and Operations
    Plans in harmony
  • Offense and Defense C2
  • Effects anticipation, measure and adjustments
  • Capability development and advocacy
  • New People
  • Still specialized but interconnected and
    foundational cyber skills
  • Intelligence Operations cadre gatherers and
    analysts with hunting licenses
  • Cyber Intelligence Professional Corps integrated
    with IT and OPS

Quickly Needed
  • Operations in Cyberspace Strategy
  • Concept of Operations
  • Strategy
  • Set the tone and direction
  • Cyber People
  • One like minded professional corps
  • 4 Key skill sets
  • Subspecialty needs (Planners, Targeteers)
  • Bring together work in this area (JFCOM,
    Services, NSA and others)

It is More than Technology!
Dont get lost in DOTMLPF!
Break the thinking that technology can get us out
of where it got us
Uniform cyber protection is fiscally
unrealistic and unnecessary
  • Not every asset faces the same threats nor do
    they possess the same level of vulnerability to
    attack and each poses differing levels of
  • Cyber risk varies according to the sectors
    dependence on cyber networks and systems
  • Efforts do not need to be uniform however, cyber
    security must be integrated into systems up front
    and risk management considerations to ensure
    confidentiality, integrity, and availability of
    critical functions and services

He who wants to defend everything defends
nothing. Frederick the Great
but there is one very important axiom to keep
in mind with regard to this approach
You manage risk
You build resilience
This is the set of daily activities taken by
owner / operators to keep their systems operating
within the established risk profile
This is a set of fundamental changes to the
structure and/or operations of the infrastructure
that improve the risk profile over time
The global cyber conflict is one we cant win
unless we change our approach
  • This is a shared issue that requires a shared
  • No single entity the US federal government
    included can tackle this issue single-handedly
  • We need to break the thinking that technology can
    get us out of where it got us
  • People, Culture, Operations, Management and
    Budgeting, and Policy, Strategy, and Planning are
    as important as technology
  • Use resilience of the critical infrastructure as
    an enabler of a national cyber deterrence
  • An improved defense posture may increase the
    costs of executing a cyber attack and reduce or
    eliminate the threat
  • Improved resilience may eliminate the effect of a
    cyber attack and reduce an adversarys motivation
    to launch an attack that will not achieve its
    desired effect
  • Leap to Content Security and Rights Management

What is Cyber ? (Tomorrow)
cybersecurity cyber resilience threat upfront
assurance change-game hacker roi steal
tolerance architect Competitiveness attack
build-in and convenience convergence crime dos
malware identity risk management virus wild
avoidance Megacommunity defense intrusion
anticipate money password protect scam security
serious vulnerable Chinese ?rewall patches
sponsored state terrorist untrustworthy
operational advantage detection secure data
overlapping vital interests adaptability
Primary Characteristics Security and
convenience, Environment focused, Risk based,
Accepting anonymity, Reduced ROI for engagement,
You can help change the approach
  • Your thoughts?