Monday, August 28, 2017

Securing the Internet of Everything

Mr Philippe Roggeband
CISCO
Securing the Internet of Everything
Notes by Paul Fischer
Security not as a noun, but as an adjective. It must be attached to everything we do.

Opportunity to share with an audience the work in the cybersecurity space and also to listen, to learn, within the specific constraints of national security.

The people we are facing are highly paid professionals, they make higher salaries than we do. They get caught and after a few years in prison work for us as consultants.

I was recently in Dubai, and the cyber field was described as a graph with the skill level of the hackers and the focus of the hackers being the variables. Spearfishing, with one but not the other is not dangerous, but we need to concentrate on those who have both. Automation is possible for low skilled stuff, but the resources are needed for higher skilled efforts

Why does it happen? It is lucrative. It is lucrative because there is money, a Facebook account is worth about a dollar for each 15 friends. More and more devices connect, and bring formidable growth in efforts of conspiracy

application specific hacking and technology should be used with new objects, cross app of the tech will solve this problem.

Industrial control systems are a totally different beast. Isolated networks nonstandard, developed years ago…
Critical infrastructure were once isolated but no longer, and defense is paramount.  A German attack on a steel factory >> physical damage to the control systems.
Specific constraints, there can be no latency because there is a loop form to the code, any blocking of traffic can result in disaster (i.e., a control valve cannot be delayed when temp is changing), so IT solutions must be adapted for application in an industrial sense.

Next generation TVs with cameras will also create challenges, these techs offer promise, but also must be protected vigilantly.

Creation of the connected battlefield. Not possible without the paramount protections being offered to the field. There is no guarantee they can be 100% secure, but it may be possible to reduce problems. We have many partners, many of whom are committed towards creating such a battlefield, that are also helping to develop tech. For network segmentation, intro of latency, other points to develop this concept.

Analysis of app level data or metadata can allow understanding of patterns in normal actions and warrant intercept actions on abnormal behaviors
The concept of being watched too much is somewhat of a generation thing
In the former generation, there is an assumption that everything made is private unless made public, in this generation that assumption has changed
3 phases
Before you are attacked (two types of firms, those who know they have been compromised and those who do not know they have been compromised)
Deploy tools to decrease attack surface and vulnarability level. This will not stop the attack ,but make the hacckers job more difficultP
Phase two: detect the attack.
Low-skilled attacks warrant no effort, they will be detected. 
Finally, the after phase, what has to be done after the attack has been detected and contained. Forensics and investigations Back to the before phase… 
Don’t just change the locks, but check under the bed for an accomplice of the villain.
CISCO uses TALOS to scout for attacks and to inform consumers of the attacks. Security architecture against the threat of the month, do not present a manageable premise…
Consistency is key to achieving success in security.
The first thing is to establish a context when there is access authenticated to a network
Where how time, etc, if no authentication it must be profiled, and if authenticated, a granular image of the user is uploaded.
Sometimes data can be in a grey zone of action, a device or a file.
Then we initiate device lateral tracking or file lateral tracking. This tells us every device or file that the file uploaded to or device connected to. This allows us after TALOS determines that an attack occurred somewhere to clean up and destroy all traces of the attack.
Growth rate of new attacks on android is hitting 800% per year, which presents a new crisis for us and we have been put in a permanent catch up situation. Hackers have identified the system as lucrative in nature.

Bring visibility on what is happening by leveraging the network, extracting everything from the fabric, 
consistent control, a single source of truth on the topic
Advanced threat protection and intelligence, because no one can match the firepower of TALOS

Finally, reduce the complexity of the system through an architected approach.

Collective Cyber Defence

Collective Cyber Defence - A State and Industry Perspective.

Notes on Professor Dr. Marco Gercke, Director of the CyberCrime Research Institute
by Paul Fischer

under international criminal law
Misconception no prosecution occurs
Critical standpoint against int. Law
e.g. drone attacks
Currently unprotected, they will be. /
Is a cyber attack an act of war?
The cyber world has changed dramatically
No longer the sole domain of the military and other government organizations
It will be prosecuted as a matter of criminality
We are creating our own weapons as governments which will not be able to be once they retire or leave gov. Service
NATO independent states, instead of working on our own in the cyber world we work together, this can be difficult, there is an idea we can learn from.
Now it is time to think like a criminal
They are sharing knowledge free of charge, about cybersecurity attacks
Tools are also being distributed free of charge. Only the developers need to be smart, many criminals simply hit a button.
What is shared among states and industries is very limited.
CIO in an example refused to share information about another company at first even when one was contracted by both companies.
dist. Or otherwise for virus distribution, is a serious crime, but no one reports this, as a company. The state is unable to do anything about it, and may harm the image of the company if made public
This changed two years ago, and big companies began to stand up and say, we have a problem, we have been hacked.
States still do not engage in this behavior.
We are blind until you don’t report it, forcing people, to report, is coming up in Brussels and in Washington, under the Obama administration.
2 ways, report analysis and big data
The question arises about what to do with big data.
The state still does not have the power to protect, so the big data would need to shared with industries powerful enough to offer protection.
Necessity to discuss and to exchange information in the same way the criminals currently are.
Discussion of realtime exchange about attacks.
Prioritization of data sharing, this could be real.
The next step is making sure the companies work together in the defensive
Not every company could build the cyber machine for defense, opinion that cloud computing creates a big problem. The Patriot Act as an example that gives certain government agencies access to the data on your servers where otherwise it would not have that data.
In the industry there is a discussion to reduce the military expenditure but to pool resources more effectively
Let’s apply this to the states as well. Borders and infrastructure may be protectable by states, but the people cannot be protected in cyberspace by the state alone.
Change is the only constant we have, but more corporation is expected.
Transparency can be tough…
… governments are realizing that information will anyway leak, but it is better to have a straightforward process by which that information is disseminated.
Beyond NATO more states are more concerned about sharing standards and technology. States are not yet ready to talk the same language in strategies. We need to carefully move in this direction.

German membership to a convention changed the meaning of the international convention entirely. Translation issues and technological obsoletion created negative outcomes.

We should not stop. The development of a 3D printer is a beautiful thing, but it has been used to print guns and other thiings. That does not mean development should have been impeded.