protecting our cyber space staying ahead of the game basel alomair national center for cybersecurity...
TRANSCRIPT
Protecting our Cyber Space Staying Ahead of the Game
Basel Alomair
National Center for Cybersecurity Technology (C4C)King Abdulaziz City for Science and Technology (KACST)
2
What is Cybersecurity?
NATIONAL SYMPOSIUM FOR COMMAND & CONTROL AND CYBERSECURITY
• A very wide-ranging term with no standard definition• Cybersecurity is the science of protecting networks,
computers, programs and data from attack, damage or unauthorized access.• Cybersecurity is the availability, integrity and secrecy of
information systems and networks in the face of attacks, accidents and failures.• We can divide it into
• knowing what to do—science of cybersecurity• Knowing how to do—engineering of cybersecurity
4/29/2015
3
Types of Attacks
NATIONAL SYMPOSIUM FOR COMMAND & CONTROL AND CYBERSECURITY
• Man-in-the-middle• Malware• Denial-of-Service (DoS)• Unpatched software• Socially engineered attacks• …
4/29/2015
4
Cost of Cyber Attacks
NATIONAL SYMPOSIUM FOR COMMAND & CONTROL AND CYBERSECURITY
• The UK suffered 44 million cyber attacks in 2011 – the equivalent of 120,000 a day – and such attacks are estimated to cost the country up to £27 billion a year.• A global price tag of $338 billion in 2011–Symantec• When theft of intellectual property is factored in, the figure
soars past $1 trillion-former head of the NSA, General Michael Hayden
4/29/2015
5
Attacks on the Rise
NATIONAL SYMPOSIUM FOR COMMAND & CONTROL AND CYBERSECURITY
• CERT-In: 23 in 2004 vs. 22,060 in 2012• Ponemon Institute: 18% increase in successful attacks• Ponemon Institute: 26% increase in average cost
4/29/2015
6
Cyber Attacks to Cyber Warfare
NATIONAL SYMPOSIUM FOR COMMAND & CONTROL AND CYBERSECURITY
• In the 2006 war against Hezbollah, Israel alleges that cyber warfare was part of the conflict, targeting the Israel Defense Forces (IDF) • In September 2007, Israel carried out an airstrike on Syria.
U.S. military sources speculated that the Israelis may have used cyber warfare to allow their planes to pass undetected by radar into Syria• In September 2010, Iran was attacked by the Stuxnet worm
targeting its nuclear facility.• May 2013, US DoD accused China’s military of launching
cyber attacks against US computer systems • Over 120 countries developed strategies to use the Internet as a
weapon
4/29/2015
7
HOW MANY ATTACKS?
4/29/2015 NATIONAL SYMPOSIUM FOR COMMAND & CONTROL AND CYBERSECURITY
1,385 Defacement
26 in April
8
HOW MANY ATTACKS?
4/29/2015 NATIONAL SYMPOSIUM FOR COMMAND & CONTROL AND CYBERSECURITY
9
Tip of the Iceberg
NATIONAL SYMPOSIUM FOR COMMAND & CONTROL AND CYBERSECURITY4/29/2015
10
Regin
NATIONAL SYMPOSIUM FOR COMMAND & CONTROL AND CYBERSECURITY
• Regin is a multi-purpose data collection tool. •Multiple versions were found in the wild.• Targets: several corporations, institutions, academics, and
individuals
At least since 2008
4/29/2015
11
Challenges
NATIONAL SYMPOSIUM FOR COMMAND & CONTROL AND CYBERSECURITY
• Cyber Attacks can be launched at any time and from anywhere• Attacks cost next to nothing• Successful attacks can be catastrophic• Changing Environment: Technology adoption is moving faster
than security implementation• Shifting Strategies: data in transit (66%) vs. stored data
(26.5%)• No metrics to measure (in)security
4/29/2015
12
Threats
NATIONAL SYMPOSIUM FOR COMMAND & CONTROL AND CYBERSECURITY
• Any device that has an IP could be a target to cyber attacks• Nation states have the potential to disrupt an enemy’s
economy and perhaps reach their strategic objectives without risk to their armed forces• “If you want to hit a country severely you hit its power and water
supplies. Cyber technology can do this without shooting a single bullet.” • Isaac Ben-Israel (Major General Israeli Air Force)
4/29/2015
13
Internet of Things
NATIONAL SYMPOSIUM FOR COMMAND & CONTROL AND CYBERSECURITY
• Objects and people will be equipped with identifiers• Managed and
inventoried by computers• IBA Research:
more than 30 Billion devices by 2020
4/29/2015
14
Internet of Things
NATIONAL SYMPOSIUM FOR COMMAND & CONTROL AND CYBERSECURITY
• Security firm: Global cyberattack was launched from more than 100,000 everyday appliances• Gadgets included routers, televisions and at least one "smart"
refrigerator• Poorly protected "smart" devices may be easier to infect and
control than PC, laptops, or tablets
4/29/2015
15
Internet of Things
NATIONAL SYMPOSIUM FOR COMMAND & CONTROL AND CYBERSECURITY4/29/2015
16
Good News
NATIONAL SYMPOSIUM FOR COMMAND & CONTROL AND CYBERSECURITY
• Tremendous research attention• Research Labs• Dedicated conferences and workshops
• Encouraging results
* Alomair and Poovendran, U.S. Patent 20,130,145,169, entitled EFFICIENT AUTHENTICATION FOR MOBILE AND PERVASIVE COMPUTING, (IEEE Transactions on Mobile Computing).
Speedcycles/byte
Energy consumptionµJ/bit
SHA-like 40.18 20-30
Our results* 0.02 0.00026
4/29/2015
17
Conclusion
NATIONAL SYMPOSIUM FOR COMMAND & CONTROL AND CYBERSECURITY
• Cyber threats are increasing • Attackers are changing strategies continuously• Must stay ahead of the game• Research, research, and more research
4/29/2015
Thank You!