Slide 1 of 48

Cybersecurity

o Threats Risks Vulnerabilitieso 6 Environments

o Competitive Environmento Technological Environment

o Cyber riskso Infrastructure o Mobile devices

o Asymetricalo SoMe - Social media

oNCIS Tue night??

Slide 2 of 48

Cybersecurity

October is cybersecurity month

Slide 3 of 48

Cybersecurity

October cybersecurity month

Includes a section on Mobile device and smartphone security

Slide 4 of 48

TRV 101

Threats the chance a bad thing can happen, at all

Risks is the consequence when that bad thing is

very likely to actually happen to you

Vulnerabilities is the chances of success of a particular

threat against some asset

Slide 5 of 48

Cyber Threat trends

Top 8 trends Mobile everything Data breaches

Usernames and passwords compromised Malware

Used to gather personal profile info Malware on mobile devices

Social Media hacking Twitter accounts, Facebook pages

Slide 6 of 48

Cyber Threat trends

Web Server errors Increase in downtime

Government data breaches Outsourcing !

Highly specific ID theft of individuals who have “high net worth”

Obamacare… healthcare data hacks

MacKenzie Institute 2013 Oct Slide 7 of 48

CybersecurityWhat terms and situations are you familiar with already?

Phishing? Domain name hacking Spear Phishing

Humint and Teckint Osint !!

Slide 8 of 48

Cybersecurity

“regular crime” vs. “cyber crime” Big influencer is “magnitude”

More damage can be done On a larger scale In a shorter period of time

Slide 9 of 48

“regular crime”

Prevention Detection Reaction

“cyber crime” Prevention

Who – where Detection

Intangible evidence Reaction

Countermeasures and deterrence

Problem of jurisdiction and enforceability

Cybersecurity

Slide 10 of 48

Six groups of “clear and present danger”

Deliberate acts Inadvertant acts Third parties / outsourcing

A consequence of the intense Competitive Environment

Slide 11 of 48

Six groups of “clear and present danger”

Acts of God – weather extremes(the Geographic Environment) Hot weather in GTA 2014…

Technical failures Hardware software

Management failures

MacKenzie Institute 2013 Oct Slide 12 of 48

Cybersecurity

Deliberate acts on a large scale garner publicity and motivate politicians to react

Attacks on cyber structures at the national level

1 min 25 sec

MacKenzie Institute 2013 Oct Slide 13 of 48

Influencing environments

Competitive Political – Legal – Regulatory

(example, Naver in R.O.K.) Economic

MacKenzie Institute 2013 Oct Slide 14 of 48

Influencing environments

Social – cultural SoMe – Social Media

Technological Geographic – weather

extremes

MacKenzie Institute 2013 Oct Slide 15 of 48

Competitive Environment …intensely competitiveCompanies are facing competition from

other firms Other organizations offering the same product or service now  Other organizations offering similar products or services now  Other organizations offering a variation on a product or service, that

you cannot Organizations that could offer the same or similar products or services

in the future  Organizations that could remove the need for a product or service

we sell

MacKenzie Institute 2013 Oct Slide 16 of 48

Intense competition forces companies to do outsourcing to cut costs

Competitive Environment

MacKenzie Institute 2013 Oct Slide 17 of 48

“outsourcing the design, implementation and maintenance of ICT across all sectors to third-party providers, including developing countries, cloud computing and large data fusion centres, along with the use of off-the-shelf commercial technologies, has increased vulnerabilities and risks.”

Gendron and Rudner “Assessing Cyber Threats To Canadian Infrastructure

4th party !!

Competitive Environment - outsourcing

MacKenzie Institute 2013 Oct Slide 18 of 48

Competitive Environment and Economic Environment

Market Development more than Market Penetration

Gaining market share is too hard so you concentrate on making more off each customer

CRM, CLV, extending the PLC

MacKenzie Institute 2013 Oct Slide 19 of 48

Ian MacLeod Aug 14th 2013

Quoting Angela Gendron

Environments - political

MacKenzie Institute 2013 Oct Slide 20 of 48

Background papers

http://www.csis-scrs.gc.ca/pblctns/cdmctrch/20121001_ccsnlpprs-eng.asp

Written by

Prof. Martin Rudner

and

Prof. Angela Gendron

MacKenzie Institute 2013 Oct Slide 21 of 48

Future Threats, Risks and Vulnerabilities - Infrastructure

Risks “the industrial control

systems governing the operations of utilities, from water storage and purification to nuclear power reactors, pose a growing risk to national security and Canada’s economic and societal well-being. ”

MacKenzie Institute 2013 Oct Slide 22 of 48

Economic Environment

Economic Environment

The economics of information

MacKenzie Institute 2013 Oct Slide 23 of 48

New inventions being created by new enterprises

“Apps” Applications Materials Electronic circuitry

Increasing miniaturization of components Increasing connectivity – Bluetooth and WiFi

everywhere + A-GPS

Technological Environment

MacKenzie Institute 2013 Oct Slide 24 of 48

Magnitude of web based information is

increasing at a rate which is phenomenal

1,800 Terabytes YouTube Instagram

Technological Environment

40 secs

The growth of the Technological Environment = T.M.I.

The problem with T.M.I. is not being able to find things

MacKenzie Institute 2013 Oct Slide 26 of 48

The pace of technological change Very very fast Example

Cell phone cameras Most devices GPS enabled A-GPS

Technological Environment

MacKenzie Institute 2013 Oct Slide 27 of 48

Cell phone cameras Smartphones vs. superphones

Smartphones take good pics Superphones take great video

Tradecraft eclipsed by “teckint” ?

Technological Environment

MacKenzie Institute 2013 Oct Slide 28 of 48

Web 2.0 Web 3.0

Technological EnvironmentFuture Trends

MacKenzie Institute 2013 Oct Slide 29 of 48

Technological EnvironmentFuture Trends

Web 4.0 Marriage of human biologic

capabilities with IT hardware and software

MacKenzie Institute 2013 Oct Slide 30 of 48

Social – Cultural Environment

Risks Household devices and appliances

with IP addresses In condos and apts were there is a

centrally wired structure Houses in micro-communities (gated

communities or prestigious developments) where there is wired or bluetooth connectivity

MacKenzie Institute 2013 Oct Slide 31 of 48

increasingly demanding and educated customers Demanding Educated

Wikipedia Google Everyone is an expert But ppl don’t know how to discriminate

Social – Cultural Environment

MacKenzie Institute 2013 Oct Slide 32 of 48

Future Trends – Influencing Environments

Political – Legal – Regulatory Environment Laws as a result of politicians

responding to IT isssues Politically motivated cyber crime Challenges of cyber crime being

outside the jurisdiction of a police / security agency

MacKenzie Institute 2013 Oct Slide 33 of 48

Future Trends – Influencing Environments

Political – Legal – Regulatory Environment The “ruling” Government is also

the “policies” of the particular political party in power

stay in power Suppress crime

MacKenzie Institute 2013 Oct Slide 34 of 48

Future Trends – Influencing Environments

Political – Legal – Regulatory Environment

•National, regional, local•Surveillance technology

MacKenzie Institute 2013 Oct Slide 35 of 48

Future Trends – Influencing EnvironmentsNational Surveillance technology

CBC News Wed Oct 9th

New CSEC H.Q. in Ottawa

One of the key themes is the requirement for massive amounts of CPU power

Why?

MacKenzie Institute 2013 Oct Slide 36 of 48

Requirements for computing power

Mackenzie Institute as a word.doc file = 22 KB

Mackenzie Institute as an audio file = 42 KB

Mackenzie Institute as a video of someone speaking the words = 6,600 KB

MacKenzie Institute 2013 Oct Slide 37 of 48

What does this mean in the context of the classical approach to Security Threat

The nature of the threats are changing Who is who and where Example Internal employees also includes your

outsourcing IT partners Risk Vulnerability – “who” is changing

Not just computers

MacKenzie Institute 2013 Oct Slide 38 of 48

Mobile web access Marketing and business

Future Threats, Risks and Vulnerabilities

MacKenzie Institute 2013 Oct Slide 39 of 48

Asymetric warfare

MacKenzie Institute 2013 Oct Slide 40 of 48

Future Threats, Risks and Vulnerabilities

Vulnerabilities Highly specific ID theft of individuals

who have “high net worth”

MacKenzie Institute 2013 Oct Slide 41 of 48

e 911

Trends 70% of calls to 911 in the U.S. are

from mobile devices (over 50% in GTA)

GPS functionality used for social media GPS, SPS, PPS Relates to marketing where people are

“where” people are (victims and “bad guys”) http://www.witiger.com/ecommerce/mcommerceGPS.htm

MacKenzie Institute 2013 Oct Slide 42 of 48

Smartphone security

2011 paper on smartphone securityhttp://www.eecg.toronto.edu/~lie/papers/au-spsm2011.pdf

Prof. David LieCanada Research Chair in Secure and

Reliable Computer Systems Dept. of Electrical and Computer EngineeringUniversity of Torontohttp://www.eecg.toronto.edu/~lie/papers/au-spsm2011.pdf

MacKenzie Institute 2013 Oct Slide 43 of 48

Future Trends – Influencing Environments

Political – Legal – Regulatory Environment

•Municipal police agencies and cyber crime

Staff Inspector Bryce Evans

Ritesh KotakTPS

http://www.torontopolice.on.ca/socialmedia/

MacKenzie Institute 2013 Oct Slide 45 of 48

Cyber tools to fight crime

Co-operation and co-ordination

MacKenzie Institute 2013 Oct Slide 46 of 48

conclusionCybersecurity lends itself to a focus on teckint

Will the solutions be mostly teckint?

What role will humint play?

Osint?

Tim Richardson

School of MarketingSeneca Collegetim.richardson@senecacollege.ca

University of Toronto,

CCIT Program, MississaugaandDept. of Management, Scarboroughrichardson@utsc.utoronto.ca

www.witiger.comhttp://people.senecac.on.ca/tim.richardson/powerpoints/