Docstoc

Emerging Cyber Threats & Advanced Technologies

Document Sample
Emerging Cyber Threats & Advanced Technologies Powered By Docstoc
					Emerging Cyber Threats & Advanced Technologies
Anita D’Amico, Ph.D. www.SecureDecisions.avi.com www.AVI.com

Emerging Cyber Threats & Advanced Technologies

LOOMING SECURITY THREATS

2

2009 Threats

   

Organized cyber crime
More malware, fueled by cyber crime Botnets VOIP & mobile computing Cyber warfare and cyber terrorism

3

Organized Cyber Crime

 

“End user” criminals
Malware manufacturers Cyber crime vendors and Managed Service Providers (MSPs)

4

Malware

  

10-fold increase
Needed for cyber crime Social networking Monoculture

5

More and More Botnets



10% of computers are part of Botnets
10 million bot computers distribute spam & malware each day



Legitimate web sites

6

Mobile computing & VOIP

  

VOIP Denial of Service (DOS)
Voice phishing Cell phone malware Wireless break-ins

7

Cyber Warfare & Cyber Terrorism



Hacktivism
New military battle space
 e.g. Russian attacks on Estonia and Georgia



New attack vector for terrorists
 e.g. critical infrastructures

8

Emerging Cyber Threats & Advanced Technologies

EMERGING SECURITY TECHNOLOGIES

9

New Thrusts on End User Security


More usable interfaces for security and privacy
 Easier configuration of security tools by non-experts  National opportunity cost for time to read privacy policies: $781 billion



“Safe Computing” or “Computer Hygiene”
 New game-based techniques for training K-12 and adults  Cyber-equivalent of “wash your hands” marketing

10

National Cyber Leap Year


2008 national call for “Leap Ahead” security technologies
238 responses





National Summit on cyber security R&D in August

11

Five Hot Areas in Summit


Cyber Economics
 Make cyber crime “not worth it” – Change laws and market forces



Moving-target Defense
 Constantly change the target environment so attackers can’t find it or stay there



Health-inspired Network Defense
 Defense and response technologies inspired by immunity, epidemiology



Digital Provenance
 Guarantee the source and integrity of digital content



Hardware-enabled Trust
 Persistently monitor networked assets for changes in trustworthiness  Isolate and decontaminate in real time.

12

Cyber Economics


Incentivize corporations to avoid computing “monoculture”
 More diversity of operating systems, hardware  Less of a monolithic target



Special purpose dedicated, isolated and virtual networks that are secure from end to end
 E.g. network dedicated to financial transactions  Another network dedicated to online gaming



Cyber Interpol
 International body for the monitoring and reporting of cyber attacks  Powers to enforce international treaties in the area of cyber-crime

13

Moving Target


Distributed Data “Shell Game”
 Break high-value data into pieces  Move the pieces around into various storage locations  Only users or applications with the “keys” can recombine the data into usable form  Tampered data will fail to recombine

14

Health-Inspired


Make end user computers get “immunized” before joining the network
Piggybacking worms – “Riding the Worm”
    
Use honey pots to catch worms
Replace worm payload with a rider Rider prevents host damage



Rider still allows network spread
Rider goes where worm goes, possibly at the same rate the worm spreads

15

Digital Provenance


Automated tagging or labeling of data
 Track chain of custody and data modifications  Standard labeling system for quality (like food labels)

16

Additional Reading


Threats
 Georgia Tech Information Security Center (GTISC) 2009 Cyber Threats Report  IBM Internet Security Systems  http://www.darkreading.com/document.asp?doc_id=161524



Usability of security and privacy technologies
 http://lorrie.cranor.org/pubs/readingPolicyCostauthorDraft.pdf  http://sites.nationalacademies.org/CSTB/CurrentProjects/CSTB_045475



National Cyber Leap Year Summit
 

http://www.nitrd.gov/leapyear/NCLY_Submissions_Public.pdf http://www.nitrd.gov/NCLYSummitIdeas.aspx

17

Anita D’Amico
AnitaD@SecureDecisions.avi.com (631) 754-4920 ext. 147

18


				
DOCUMENT INFO
Lingjuan Ma Lingjuan Ma MS
About work for China Compulsory Certification. Some of the documents come from Internet, if you hold the copyright please contact me by huangcaijin@sohu.com