Vous êtes sur la page 1sur 38

CCS

An Introduction to
Cyber-Security
Exploration of key concepts associated with the
evolving nature and practice of Information Security.
The Comprehensive Cyber Security (CCS) Practice and family of solutions

Presented by Stephen Lahanas


August 20, 2010

Copyright 2010 Semantech Inc., All Rights Reserved


Our Purpose

• This presentation is designed to highlight both


sides of the Cyber Security story:
• Side 1 (The Public View) – The impact of
Cyber Security on society and the current
management of information systems.
• Side 2 (The Provider View) – The necessary
evolution of Security practices which are
emerging as a result of those impacts.
• We also intend to help clarify concepts and issues
by examining or in some cases redefining key
terms…
Copyright 2010 Semantech Inc., All Rights Reserved 2
The First in a Series…

• This presentation is the first in a series of issue or


concept focused presentations on various aspects
of Cyber Security.
• Future presentations will provide focus on
individual topics such as:
• Security Architecture
• Cyber Security Analytics
• Exploits & Vulnerabilities
• Cyber Security, Privacy & Net Neutrality
• Cyber Security & the Cloud
• Cyber Security & Data Protection
• The Cyber Security Workforce
Copyright 2010 Semantech Inc., All Rights Reserved 3
The Impact of Cyber
Security

Copyright 2010, All Rights Reserved 4


The Cultural Impact

• It’s Personal – Cyber Security issues now impact


every individual who uses a computer. It’s no
longer science fiction – millions of people
worldwide are the victims of cyber-crimes.

• It’s Business – Every business today is dependent


on information and vulnerable to one or more type
of Cyber attacks (even those w/o online sites).

• It’s War – In fact it is already becoming the next


Cold War. Cyber operations are also becoming
increasing integrated into active conflicts.

Copyright 2010 Semantech Inc., All Rights Reserved 5


The Official Impact
Nations are redefining how
they do business and
spending an ever-growing
amount of money on
security-related mitigation.
But is it working?
To date, it only seems as
though the problem is
getting worse and Cyber
adversaries have a cost
advantage that puts
defenders at a permanent
disadvantage.
Copyright 2010 Semantech Inc., All Rights Reserved 6
The Solution Impact

• It’s Evolving – But at a fairly slow pace compared


to the problem space. This disparity will only grow
wider as the pace of change continues to quicken.

• It’s Getting Complicated – There is no longer any


realistic expectation of a single solution or even a
single family of solutions that can provide a
comprehensive approach to the problem space.

• A Fresh Perspective – Is what’s needed. We can


either react to ever-growing complexity and
disruption by adding more layers of complication
ourselves or we can manage the patterns…
Copyright 2010 Semantech Inc., All Rights Reserved 7
Defining Cyber
Security

Copyright 2010 Semantech Inc., All Rights Reserved 8


Technology & Modern Life

• In 1990 one book tracking future trends failed to


include the following words in its index; “Online,
Email, Internet, Hacking, Computer Virus…”

• Within a few years those technologies and issues


have come to dominate modern society.

• When we address Cyber Security we’re talking


about technology infrastructure, applications, data
and human interaction. These elements are no
longer limited to “wired” net, they now also
encompass all forms of converged IP-based
communications.
Copyright 2010 Semantech Inc., All Rights Reserved 9
What is CyberSpace ?

1. Cyberspace is unique and ubiquitous; it is both its


own domain as well as a dimension within all other
(functional) domains.

2. Cyberspace is both the medium and the message


in many cases. Anything that might involve IP data
transfer or communications has a cyber
component.

3. Cyberspace represents a single point of failure for


the Federal Government. It provides asymmetrical
opponents the opportunity to disrupt and defeat a
vastly superior foe.
Copyright 2010 Semantech Inc., All Rights Reserved 10
What is Cyber Warfare?
• Cyber Warfare is by nature asymmetric, even when
conducted by traditional nation-state opponents.

• Cyber Warfare is non-kinetic only in the most direct


sense, if we view Cyber Operations separate from
conventional operations. As soon as we consider that
conventional operations that rely on IT capability are
Cyber Operations then Cyber can become both Kinetic
and Non-Kinetic in nature.

• Cyber Attacks can be real-time events or time-delayed


events. They can originate from anywhere or be triggered
from anywhere and originate from within our perimeters.
They occur in multi-dimension Cyberspace as well as in
conventional warfare frames of reference.
Copyright 2010 Semantech Inc., All Rights Reserved 11
What is Cyber Security ?
• Cyber Security is an all-encompassing domain of
information technology – it comprises the entire set
of security-related technologies and issues.
• Without a single perspective for security
management, the hundred’s of related yet
technically distinct aspects of this problem space
could become unmanageable (and in fact many
would argue that’s exactly what we’re facing right
now).
• Problem Space = A related set of concepts or
issues united by shared challenges and inter-
dependencies.
Copyright 2010 Semantech Inc., All Rights Reserved 12
Security is Symbiotic
Cyber Security as a
concept represents a
radical departure from the
previous view of IT-related
security.
In the past, security was
often viewed as a
separate discipline or as
an afterthought. Cyber
Security acknowledges
that IT security must be
symbiotic from now on…

Copyright 2010 Semantech Inc., All Rights Reserved 13


Cyber is not Hype

• Cyber Security has gotten a lot of attention and


some of it at times appears like other typical IT
solution hype cycles.

• The attention being given to Cyber Security today


is often focused on trying to define the problem
and assess the true threat level.

• There is no single solution or even a single set of


Cyber Security solutions being hyped – what there
is a recognition that we’re falling behind the curve
and that a concerted effort is needed to manage
the problem. That’s different from hype cycles…
Copyright 2010 Semantech Inc., All Rights Reserved 14
What Cyber Security Isn’t

• Cyber Security isn’t just the most obvious exploits or


hacks used to breach perimeter security. The number
of DDOS pings or breach attempts is meaningless if
the intent of the attacks is not understood.

• Cyber Security isn’t any one focused solution for a


particular security vulnerability or operational defense
architecture. It is both its own domain while
simultaneously being part of every other IT domain.

• Cyber Security isn’t something that will or even can go


away. As long as our infrastructure remains networked
and interdependent Cyber Security will remain critical.

Copyright 2010 Semantech Inc., All Rights Reserved 15


Problem Space Taxonomy
For the purposes of this presentation we will examine
Cyber Security from five perspectives:
• Threat Management – This represents the ability to
characterize, respond to or prevent threats.
• Information or Cyber Assurance – The extension of
current security practices and principles into the Cyber
realm.
• Infrastructure Management – Both security architecture
and all other architectures.
• Cyber Operations – Active Defense and Offense.
• Cyber Integration – Putting it all together…
Copyright 2010 Semantech Inc., All Rights Reserved 16
Threat Management

Copyright 2010, All Rights Reserved 17


What is Threat Management
• It’s Analytical – Threats must be both defined and
identified and later – recognized when they occur.
• It’s Operational – Threat Management is an active
component of every security architecture already –
anti-virus software and firewalls have massive data
stores of threat related information which they apply.
The sources and exploitation of Threat data continues
to grow constantly.
• It’s Part of a Larger Lifecycle – Viewing threats outside
of either the attack lifecycle or the defense solution
lifecycle will provide an incomplete view.
• It’s both Strategic & Tactical – And it must be linked…
Copyright 2010 Semantech Inc., All Rights Reserved 18
Understanding Cyber Threats

Copyright 2010 Semantech Inc., All Rights Reserved 19


Cyber Threats are Patterns

• Cyber Security shares a similar problem with the rest


of information technology – information overload.

• There is already too much information for operators to


analyze rapidly, thus the practice of Forensics involves
serious time delays in providing relevant information –
and most of it isn’t actionable.

• The key to managing threats is understanding them –


the key to understanding them is to find a way to map
them against specific behaviors or events. The
activities which help provide this definition and
mapping represents the core of Threat Management.

Copyright 2010 Semantech Inc., All Rights Reserved 20


Information Assurance

Copyright 2010, All Rights Reserved 21


Information Assurance Defined
Network and System Security capabilities when viewed
together map to the core tenants of Information Assurance:
Confidentiality - Confidential information must only be accessed, used,
copied, or disclosed by users who have been authorized,

Integrity - Integrity means data can not be created, changed, or deleted


without proper authorization.

Authenticity - Authenticity is necessary to ensure that the users or objects


(like documents) are genuine (they have not been forged or fabricated).

Availability - Availability means that the information, the computing


systems used to process the information, and the security controls used to
protect the information are all available and functioning correctly when the
information is needed.

Non-Repudiation - When one party of a transaction cannot deny having


received a transaction nor can the other party deny having sent a
transaction.
Copyright 2010 Semantech Inc., All Rights Reserved 22
What is Cyber Assurance ?
• Cyber Assurance includes one extremely important
differentiation from Information Assurance – a focus
on the enterprise or multiple domains.

• In other words, Cyber Assurance scales Information


Assurance to whatever scope is needed to provide
comprehensive security.

• Information Assurance (IA) represents a set of


guidelines for managing security related activities
and systems. Originally it was developed in the
context of individual systems and smaller networks.
Adding “Cyber” scope extends but doesn’t replace IA.

Copyright 2010 Semantech Inc., All Rights Reserved 23


Mission Assurance
• Security is not an end unto itself, it is a means to
ensure facilitation of other ends.

• The mission/s of most enterprises or organizations


now depend entirely on the availability of
information technology. This is fairly well
understood – what isn’t as well understood is the
growing symbiosis of those missions and their
enabling technologies.

• This symbiosis is most critical in the context of


security. Cyber Assurance by nature now
encompasses mission assurance.
Copyright 2010 Semantech Inc., All Rights Reserved 24
Infrastructure
Management

Copyright 2010 Semantech Inc., All Rights Reserved 25


The Data Center

• The Data Center has evolved quite a bit over the


past 20 years. Data Centers have become more
centralized, more powerful and generally more
secure.

• Currently, Data Centers are undergoing a


Virtualization Revolution which is allowing for
better utilization of existing resources.

• Individuals and organizations which don’t manage


their own Data Centers inevitably end up
depending on some else’s.

Copyright 2010 Semantech Inc., All Rights Reserved 26


The Network

• Networks have evolved as well. Internet Protocol


or IP has allowed for convergence of many types
of networks:
• The wired backbone (much of which now is fiber
optic).
• The wired telephone backbone.
• Various wireless telephony networks.
• Satellite Networks.
• Smaller, targeted wired and wireless networks
(some riding on the larger infrastructure, some
not).
• Security must be considered at all points in every
network…
Copyright 2010 Semantech Inc., All Rights Reserved 27
Today & Tomorrow

Infrastructure will become


intelligent…
Copyright 2010 Semantech Inc., All Rights Reserved 28
Cyber Operations

Copyright 2010 Semantech Inc., All Rights Reserved 29


What is Cyber Operations ?
• In the past, the term Cyber-Operations if used at all
tended to refer to operations that exclusively
applied Cyber capabilities.
• In the future, this is likely to change – any
operations which require Cyber capabilities to fulfill
mission objectives could considered Cyber
Operations.
• Why the emphasis on Cyber as opposed to
traditional ops? Because knowing that a once non-
Cyber op is now wholly reliant on Cyber
capabilities to carry it out changes the nature of the
operation as well as how we should manage it…
Copyright 2010 Semantech Inc., All Rights Reserved 30
Principle - Defensive Complexity
• One of the most important principles associated
with Cyber Assurance is the recognition that it is
much easier to attack than to defend.

• An attacker only needs to understand a portion of the


technical architecture to compromise it. The
Defenders must understand the entire infrastructure
to defend it as well as understanding the
organizations which manage them and understanding
the nature of both internal and external attackers.

• Becoming an expert in all aspects of IT and


Operational Security is quite simply – overwhelming.
Copyright 2010 Semantech Inc., All Rights Reserved 31
Cyber Ops & NETOPS
• Much of the activity currently associated with the
concept of Cyber Security is referred to as
NETOPS or Network Operations.
• As the name implies, NETOPS involves network
security but also encompasses aspects of IA,
system level security and infrastructure
management.
• The current weakness associated with NETOPS is
its focus on perimeter security in limited contexts.
Cyber Operations in contrast encompasses all
elements in fielded solutions as well as the entire
solution lifecycle.
Copyright 2010 Semantech Inc., All Rights Reserved 32
Cyber Integration

Copyright 2010 Semantech Inc., All Rights Reserved 33


Cyber Integration in Context

Copyright 2010 Semantech Inc., All Rights Reserved 34


What is Cyber Integration ?
• Cyber Integration supports both solution
development and solution operations.
• Cyber Integration centers around the ability to pass
data from one solution element to another as well
as the ability to synchronize related processes.

• Cyber Integration is a relatively new discipline in


that it directly responds to the recent mandate that
Cyber Security solutions support both enterprise
and multiple domain level scale.
• Cyber Integration is where the majority of new &
intelligent security capabilities will arise from…
Copyright 2010 Semantech Inc., All Rights Reserved 35
Cyber Semantics

We must redefine how we


manage complexity…

Copyright 2010 Semantech Inc., All Rights Reserved 36


Conclusion
• Any intelligent device that can pass data to one or
more other devices (either through a network or
not) is encompassed within the scope of Cyber
Security – that includes pretty much the entire
foundation of modern society.
• Not viewing security from this scope is the single
biggest risk associated with Cyber Terrorism,
Cyber Crime or Cyber Warfare.
• In our following presentations, we will drill down to
more specific issues and examples that will help
illustrate what direction the practice of Cyber
Security must proceed to match the growing threat.
Copyright 2010 Semantech Inc., All Rights Reserved 37
CCS Practice Contact Information

CCS Integration
Partners…

For more information, visit http://www.cyber-ccs.com


or contact:
Stephen Lahanas
Steve.Lahanas@semantech-inc.com

Copyright 2010 Semantech Inc., All Rights Reserved 38

Vous aimerez peut-être aussi