Documents
Resources
Learning Center
Upload
Plans & pricing Sign in
Sign Out

Emerging Cyber Threats & Advanced Technologies

VIEWS: 27 PAGES: 18

									Emerging Cyber Threats & Advanced Technologies
Anita D’Amico, Ph.D. www.SecureDecisions.avi.com www.AVI.com

Emerging Cyber Threats & Advanced Technologies

LOOMING SECURITY THREATS

2

2009 Threats

   

Organized cyber crime
More malware, fueled by cyber crime Botnets VOIP & mobile computing Cyber warfare and cyber terrorism

3

Organized Cyber Crime

 

“End user” criminals
Malware manufacturers Cyber crime vendors and Managed Service Providers (MSPs)

4

Malware

  

10-fold increase
Needed for cyber crime Social networking Monoculture

5

More and More Botnets



10% of computers are part of Botnets
10 million bot computers distribute spam & malware each day



Legitimate web sites

6

Mobile computing & VOIP

  

VOIP Denial of Service (DOS)
Voice phishing Cell phone malware Wireless break-ins

7

Cyber Warfare & Cyber Terrorism



Hacktivism
New military battle space
 e.g. Russian attacks on Estonia and Georgia



New attack vector for terrorists
 e.g. critical infrastructures

8

Emerging Cyber Threats & Advanced Technologies

EMERGING SECURITY TECHNOLOGIES

9

New Thrusts on End User Security


More usable interfaces for security and privacy
 Easier configuration of security tools by non-experts  National opportunity cost for time to read privacy policies: $781 billion



“Safe Computing” or “Computer Hygiene”
 New game-based techniques for training K-12 and adults  Cyber-equivalent of “wash your hands” marketing

10

National Cyber Leap Year


2008 national call for “Leap Ahead” security technologies
238 responses





National Summit on cyber security R&D in August

11

Five Hot Areas in Summit


Cyber Economics
 Make cyber crime “not worth it” – Change laws and market forces



Moving-target Defense
 Constantly change the target environment so attackers can’t find it or stay there



Health-inspired Network Defense
 Defense and response technologies inspired by immunity, epidemiology



Digital Provenance
 Guarantee the source and integrity of digital content



Hardware-enabled Trust
 Persistently monitor networked assets for changes in trustworthiness  Isolate and decontaminate in real time.

12

Cyber Economics


Incentivize corporations to avoid computing “monoculture”
 More diversity of operating systems, hardware  Less of a monolithic target



Special purpose dedicated, isolated and virtual networks that are secure from end to end
 E.g. network dedicated to financial transactions  Another network dedicated to online gaming



Cyber Interpol
 International body for the monitoring and reporting of cyber attacks  Powers to enforce international treaties in the area of cyber-crime

13

Moving Target


Distributed Data “Shell Game”
 Break high-value data into pieces  Move the pieces around into various storage locations  Only users or applications with the “keys” can recombine the data into usable form  Tampered data will fail to recombine

14

Health-Inspired


Make end user computers get “immunized” before joining the network
Piggybacking worms – “Riding the Worm”
    
Use honey pots to catch worms
Replace worm payload with a rider Rider prevents host damage



Rider still allows network spread
Rider goes where worm goes, possibly at the same rate the worm spreads

15

Digital Provenance


Automated tagging or labeling of data
 Track chain of custody and data modifications  Standard labeling system for quality (like food labels)

16

Additional Reading


Threats
 Georgia Tech Information Security Center (GTISC) 2009 Cyber Threats Report  IBM Internet Security Systems  http://www.darkreading.com/document.asp?doc_id=161524



Usability of security and privacy technologies
 http://lorrie.cranor.org/pubs/readingPolicyCostauthorDraft.pdf  http://sites.nationalacademies.org/CSTB/CurrentProjects/CSTB_045475



National Cyber Leap Year Summit
 

http://www.nitrd.gov/leapyear/NCLY_Submissions_Public.pdf http://www.nitrd.gov/NCLYSummitIdeas.aspx

17

Anita D’Amico
AnitaD@SecureDecisions.avi.com (631) 754-4920 ext. 147

18


								
To top