Security Threats in the Internationally Networked World - PowerPoint PPT Presentation


PPT – Security Threats in the Internationally Networked World PowerPoint presentation | free to download - id: 4b389c-ZDliY


The Adobe Flash plugin is needed to view this content

Get the plugin now

View by Category
About This Presentation

Security Threats in the Internationally Networked World


Started my career at NSA in 1979 Worked in Information Assurance for ... Real World Example Transformational Communications Next Generation for military ... – PowerPoint PPT presentation

Number of Views:47
Avg rating:3.0/5.0
Slides: 26
Provided by: DTh65
Learn more at:


Write a Comment
User Comments (0)
Transcript and Presenter's Notes

Title: Security Threats in the Internationally Networked World

Security Threats in the Internationally Networked
  • David Thompson
  • Harris Corporation
  • 321-984-5799

Who am I?
  • Started my career at NSA in 1979
  • Worked in Information Assurance for multiple
    companies over the years
  • 9 years at DARPA
  • Contributing Editor at eWeek
  • Currently lead the Harris Information Assurance
    Center of Excellence
  • Focused on providing IA solutions for many US
    government programs

Information Protection Today
  • Its Tombstone, Arizona in the 1880s
  • Very little protection provided by law
  • Everyone carries their own gun for protection
  • The criminals prey on the weak
  • How do you protect yourself from a pervasive
    international threat that operates outside
    jurisdictions, but can reach into your living

The Language of Threats
  • threat n.
  • An expression of an intention to inflict pain,
    injury, evil, or punishment.
  • An indication of impending danger or harm.
  • One that is regarded as a possible danger a

The Language of Threats
  • risk n.
  • The possibility of suffering harm or loss
  • A factor, thing, element, or course involving
    uncertain danger a hazard the usual risks of
    the desert rattlesnakes, the heat, and lack of
    water (Frank Clancy).
  • One considered with respect to the possibility of
    loss a poor risk.

The Language of Threats
  • mitigation n.
  • The act of mitigating, or the state of being
    mitigated abatement or diminution of anything
    painful, harsh, severe, afflictive, or
    calamitous as, the mitigation of pain, grief,
    rigor, severity, punishment, or penalty.

The Language of Threats
  • Threats derive from the actions (intentional or
    unintentional) of others that could inflict harm
    upon you
  • Risks encompass the harm that could be inflicted
    upon you if you do not take action
  • Mitigations are the actions you take to protect
    yourself from risk
  • The Bottom Line You are the one who will suffer
    harm, and you are responsible for protecting

The Nature of the Threat
  • Threats come from people, not technologies
  • There are a few categories of threats, but the
    techniques used number in the thousands
  • Hackers Amateurs who break into systems for
    fun, vandalism or theft
  • Virus Producers Programmers that produce self
    replicating programs intended to move between
    systems without authorization
  • Spies Professionals that break into systems
    with the intent of removing information of value
  • Users Authorized system users that cause
    disruption through intent or error
  • White Hats Professionals who break into systems
    to test security

The Nature of the Threat
  • Born August 6, 1963
  • Arrested by the FBI, February 15, 1995
  • Held for 4 ½ years without a bail hearing due to
    concern of capability to execute weapons system
    control from a telephone
  • Specialist in telephone hacking (phreaking) and
    social engineering
  • Now CEO of a security consulting company
  • Cost of hacking on US business
  • 1995 - 800M
  • 2003 - 2.8B
  • Small businesses suffer the most

Kevin Mitnick
The Nature of the Threat
  • David Smith released Melissa in March 1999
  • It traversed the world in a rolling wave
    following the rising sun
  • Smith was arrested in April 1999, received a
    reduced sentence due to cooperation with the FBI
  • Calls Melissa a Colossal Mistake
  • Melissa (named after a Florida stripper) caused
    over 80M in damage in 1 day

David Smith
Virus Producers
The Nature of the Threat
  • Ran a Family Spy Ring providing information to
    the Soviet Union for decades
  • Brother, Son and Wife were all involved in the
  • Was arrested in 1985 and sentenced to life in
    prison, without parole
  • The Walker ring provided encryption keys to the
    Soviets allowing the monitoring of naval

John Walker Jr.
The Nature of the Threat
  • Experts agree that the vast majority of threats
    stem from authorized users of the system
  • Active attacks against internal systems
  • Inadvertent actions that cause damage
  • Release virus
  • Access inappropriate information
  • Violate policy causing embarrassment
  • Story HBL Mercedes in Fairfax Virginia

Typical User
The Nature of the Threat
  • Sandia IORTA program
  • Information Operations Red Team and Assessments
  • Considered the Nations premier experts for
    conducting Red Team assessments on systems
  • Dont Forget White Hats arent there to be your
    friend, and failing their tests can harm you

White Hats
Real World Example
  • Transformational Communications
  • Next Generation for military communications
  • Based on a geosynchronous constellation of
    satellite hosted high performance routers
  • Provides direct IP connectivity to land, air and
    sea based assets globally
  • Provides direct reach back to information,
    intelligence and command control
  • Harris providing Information Assurance expertise

TC Operational Environment
Real World Example
TC Connectivity
Real World Example
Portions of military networks (.mil domains)
connect to the Internet
Real World Example
Mitigations include multiple layers of firewalls,
two factor authentication, channel separation
through cryptography
Real World Example
- MS Windows is the dominant OS used by the
military - Viruses can be introduced at any point
through communications or software loading
Real World Example
Virus detection is performed at all interfaces,
centralized profile updates are performed
Real World Example
  • Adversaries will attempt to gain information
    through monitoring satellite signals
  • Direct information gain
  • Force location
  • Traffic analysis

Real World Example
- Multiple levels of encryption are used to mask
information - Low probability of intercept (LPI)
antennas used on terminals
Real World Example
  • Multiple levels of classified information
    traverse the network
  • User error contributing to exposure is of great

Real World Example
Channelization and High Assurance Guards protect
against information exposure
Real World Example
  • Red Team assessments are required for all
    government systems
  • I am betting my career on getting this right

  • There is no such thing as perfect security
  • The threat is pervasive and the
    techniques/vulnerabilities ever changing
  • Protections must evolve to meet these changes
  • It is the responsibility of the security
    professionals to provide adequate mitigation to
    result in acceptable risk