Download - Gov 2.0 public 2.0 bad guys 2.0 v3
www.QinetiQ.com.au© Copyright QinetiQ Pty. Ltd.2011
QinetiQ Proprietary
Gov 2.0, People 2.0 and Bad Guys 2.0
A Presentation to : Gov 2.0 Conference14th June 2010Dr. Rodger Manning, QinetiQ
QinetiQ Proprietary
www.QinetiQ.com.au© Copyright QinetiQ Pty. Ltd. 2011
Overview
• Gov 2.0
• National Broadband Network
• Public 2.0
• Bad Guys 2.0
• Concluding Remarks
2
QinetiQ Proprietary
www.QinetiQ.com.au© Copyright QinetiQ Pty. Ltd. 2011
ListeningAllows me to
Talk to Government
Efficiency
Education & Empowerment
Reacting
InnovationOpening up GovernmentMaking Tougher
Choices
Engaging with YouthsNew Ways of
Working
Allows Government to
Talk to Each Other
Gov 2.0
3
….is a good thing
Democracy
QinetiQ Proprietary
www.QinetiQ.com.au© Copyright QinetiQ Pty. Ltd. 2011
National Broadband Network
Overwhelming public support
Some implications…
• Downloads are faster
• Mass hardware upgrades will likely follow
• Upload speeds are faster
• It’s always on
• Prices fall, open/public access grows rapidly
• Home and SMB use of WiFi explodes
4
….is a good thing
77% of Internet Users agree that the NBN is a good thing1
1Source – The Internet In Australia, S. Ewing & J. Thomas, Swinburne University of Technology
QinetiQ Proprietary
www.QinetiQ.com.au© Copyright QinetiQ Pty. Ltd. 2011
Public 2.0
• 80.1% Internet penetration by capita
• 3rd largest Tweater by capita
5
….are ready
….are frustrated?
44%53 %
2007 2009
Respondents disagreeing with:
By using the Internet will people like you have more say about what the government does?
Source – The Internet In Australia, S. Ewing & J. Thomas, Swinburne University of Technology
QinetiQ Proprietary
www.QinetiQ.com.au© Copyright QinetiQ Pty. Ltd. 2011
Public 2.0
• Capped access
• Expensive Internet access
• 25th out of 34 (OECD Survey, 2010)
• ~Double the United Kingdom
6
….are restrained
Source – OECD
QinetiQ Proprietary
www.QinetiQ.com.au© Copyright QinetiQ Pty. Ltd. 2011
Bad Guys 2.0 are…
• Empowered
• Diverse and unseen
• Pranksters
• Hackivists
• Criminals
• Individual and organised
• Terrorists
• Stated sponsored
• Innovative
• Successful
QinetiQ Proprietary
www.QinetiQ.com.au© Copyright QinetiQ Pty. Ltd. 2011
What do we see?
8
Gov 2.0
Public 2.0NBN
OpenAccountableResponsive
Efficient Government
FasterBetter
Cheaper
EmbracingReady
Innovative
OPPORTUNITY
QinetiQ Proprietary
www.QinetiQ.com.au© Copyright QinetiQ Pty. Ltd. 2011
What do Bad Guys 2.0 see?
9
Gov 2.0
Public 2.0NBN
InformationBrand
Access
Business FacilitatorInformation
AccessVictim
OPPORTUNITY
QinetiQ Proprietary
www.QinetiQ.com.au© Copyright QinetiQ Pty. Ltd. 2011
The Web2.0 Landscape
10
QinetiQ Proprietary
www.QinetiQ.com.au© Copyright QinetiQ Pty. Ltd. 2011
Implications
• Nearly every common aspect of online evildoing is accelerated by on always on Web 2.0 environment
• Phishing and identity theft
• Data theft
• Infection/compromise of servers and PCs, for:
• Spamming
• Criminal Hosting: Malware, fast flux, illegal content, Phishing, etc.
• DDOS attacks and Cyber Extortion
• Libel, defamation, character assassination, disinformation
11
QinetiQ Proprietary
www.QinetiQ.com.au© Copyright QinetiQ Pty. Ltd. 2011
Implications
• Social engineering will become a primary attack vector
• Public 2.0 make it easy
• Profile 21 year old female
• 2000 random people
• 94% in 7 days
• 31% of users who took less than 2 lines of convincing where IT security workers
12
QinetiQ Proprietary
www.QinetiQ.com.au© Copyright QinetiQ Pty. Ltd. 2011
Robin Sage Case Study
13
QinetiQ Proprietary
www.QinetiQ.com.au© Copyright QinetiQ Pty. Ltd. 2011
Generic Case Study
14
QinetiQ Proprietary
www.QinetiQ.com.au© Copyright QinetiQ Pty. Ltd. 2011
Generic Case Study
15
QinetiQ Proprietary
www.QinetiQ.com.au© Copyright QinetiQ Pty. Ltd. 2011
I’m Not Making This Stuff Up
16
QinetiQ Proprietary
www.QinetiQ.com.au© Copyright QinetiQ Pty. Ltd. 2011
What Can We do?
• Know your vulnerabilities
• DSD strategies
17
QinetiQ Proprietary
www.QinetiQ.com.au© Copyright QinetiQ Pty. Ltd. 2011
What Can We do?
• Know your vulnerabilities
• DSD strategies
• Awareness and Training
• Teach your staff about risks to data, privacy, systems and customers
• Public awareness
• Policy & Governance
• Prepare guidance for networked employees
• Victorian State Government risk assessment
• Stop and Think
• How might the bad guys exploit this?
• Monitor
• Understand “Internet Footprint” and monitor yours to minimise risk
18