Transcript Preparing for a Cyber Attack

Preparing for a Cyber Attack
By Jeffrey Carr
CEO and Founder, GreyLogic.us
Author, "Inside Cyber Warfare" (O'Reilly Media, 2009)
O'Reilly Gov 2.0 Webcast
April 29, 2010
Cyber Landscape
Source: DHS, "Securing the Nation’s Critical Cyber Infrastructure
Threat Vectors

Computer network attacks

Cyber espionage

Cyber terrorism

Cyber crime

Network infiltration of Critical Infrastructure

Repression of Internal Opposition Groups

Hybrid warfare

Information warfare
Actors
State
State-Sponsored
Non-State
State Actors
Definition: Nation States who engage in one or more types of cyber operations
Russian Federation
Kyrgyzstan
Ukraine
Estonia
Georgia
Ingushetia
Peoples Republic of
China
Taiwan
Israel
Iran
Palestinian National
Authority (Hamas)
Myanmar (Burma)
U.S.
Turkey
Pakistan
Germany
Zimbabwe
Australia
State-Sponsored Actors
Definition: Non-state actors who are engaged by States to perform one or more
types of cyber operations.
Partial list of States known to or suspected of
sponsoring Actors
Russian Federation
Peoples Republic of China
Turkey
Iran
United States
Myanmar
Israel
Non-State Actors
Definition: Non-state actors who engage in cyber crime and/or patriotic hacking
(aka hacktivists)
Too numerous too list
Cyber Self Defense
You cannot protect all your data
You cannot stop every attack
Therefore,
1) Reduce your attack surface
2) Segregrate and protect your critical data
3) Establish access norms and monitor for anomalies
4) When you are attacked, report it. Transparency = Security
R&D Priorities: RF, PRC
Russian Federation
Peoples Republic of China
Nanoelectronics
Core electronic components
Cloud computing
High end generic chips
Cognitive systems and
robotics
Extra large scale integrated
chips
Digital libraries
Next gen wireless mobile
comms
ICT for patient safety,
Large scale oil, gas, and
coal mining
Semiconductor components
and miniaturization systems
Water pollution control and
treatment
Photonics
Contact Jeffrey Carr

Blog: http://IntelFusion.net

Website: http://Greylogic.us

Skype: greylogic

Email: [email protected]
Extra Slides
Initiate an Active Defense Posture
Source: Verdasys Enterprise Information Protection
Data Exfiltration Operation
Source: Capability of the People’s Republic of China to Conduct Cyber Warfare and
Computer Network Exploitation (2009, p. 61)