Presentation is loading. Please wait.

Presentation is loading. Please wait.

Copyright © 2011-2012 Brian Snow. The contents of this presentation are confidential. All rights reserved. Cyber Security is a Mess: Is There a Way Out?

Similar presentations


Presentation on theme: "Copyright © 2011-2012 Brian Snow. The contents of this presentation are confidential. All rights reserved. Cyber Security is a Mess: Is There a Way Out?"— Presentation transcript:

1 Copyright © Brian Snow. The contents of this presentation are confidential. All rights reserved. Cyber Security is a Mess: Is There a Way Out? EPFL Workshop on Cyber Risk and Information Security June 3, 2014

2 2 Copyright © Brian Snow. The contents of this presentation are confidential and may not be distributed without Brian Snow’s permission. All rights reserved.  Malice is dynamic, adaptive, reacting to changes in practitioner’s product  We need to be proactive, not retroactive  Security Products are like fruit; they don’t last long Defeating Malice is our Job

3 3 Copyright © Brian Snow. The contents of this presentation are confidential and may not be distributed without Brian Snow’s permission. All rights reserved.  The Internet was not built to to address known risks  Insufficient Emphasis on Mutual Suspicion and other Security Primitives  Risks and Costs Were Passed to End Users – You and Me! Engineering Practices -- Inadequate

4 4 Copyright © Brian Snow. The contents of this presentation are confidential and may not be distributed without Brian Snow’s permission. All rights reserved.  Fiscal Bubble – Credit Derivative Collapse (We are still in a LONG recovery!)  Trust Bubble Collapse (Coming Soon?) Stuxnet and WikiLeaks make situation worse)  BOTH have components that are widely used, but little understood by users and not fully analyzed!  This is a Recipe for Disaster! Two “Bubbles Fiscal and Trust

5 5 Copyright © Brian Snow. The contents of this presentation are confidential and may not be distributed without Brian Snow’s permission. All rights reserved.  Identity  Role  Capabilities  Intent  It is limited, does not scale readily, is easily revoked, and once revoked, is not easily recovered Human Trust Depends On:

6 6 Copyright © Brian Snow. The contents of this presentation are confidential and may not be distributed without Brian Snow’s permission. All rights reserved.  Identity  Usually, not much else  It is Transitive (Spreads Easily and Widely), and Hard to Revoke Cyber Trust Depends On:

7 7 Copyright © Brian Snow. The contents of this presentation are confidential and may not be distributed without Brian Snow’s permission. All rights reserved CAs Trusted by Browsers

8 8 Copyright © Brian Snow. The contents of this presentation are confidential and may not be distributed without Brian Snow’s permission. All rights reserved.  MISMATCH between Human Trust and Cyber Trust leads to Cognitive Dissonance!  NOT UNDERSTOOD by most People (even Techies)  Leads people astray, creates RISKS  As with Fiscal Bubble, a Recipe for Disaster! A REALLY MAJOR PROBLEM!!

9 9 Copyright © Brian Snow. The contents of this presentation are confidential and may not be distributed without Brian Snow’s permission. All rights reserved.  In the 1980’s, 3-10 medical professionals knew your medications; an example of Human Trust.  Today, easily many hundreds have access to that data through drug databases; an example of Cyber Trust.  This additional exposure of your data WAS NOT NECESSARY, but merely the result of coding expediency (and a lack of well-thought-out requirements)! Pharmacy Example:

10 10 Copyright © Brian Snow. The contents of this presentation are confidential and may not be distributed without Brian Snow’s permission. All rights reserved.  “Shipping first time code is like going into debt. A little debt speeds development as long as it is paid back promptly with a rewrite… The danger occurs when the debt is not repaid. Every minute spent on not-quite-right code counts as interest on that debt.” Ward Cunningham Technical Debt:

11 11 Copyright © Brian Snow. The contents of this presentation are confidential and may not be distributed without Brian Snow’s permission. All rights reserved.  I use the phrase “Technical Debt” to cover two types of debt:  Conceptual errors in the design of a product, and  Implementation errors in the product as built. Refining Cunningham’s Concept:

12 12 Copyright © Brian Snow. The contents of this presentation are confidential and may not be distributed without Brian Snow’s permission. All rights reserved.  The pharmacy example has both types of technical debt.  The design allows too many pharmacists to have easy access, and  The implementation probably contains cyber vulnerabilities that will let in non-pharmacists (hackers), compounding your risks! Pharmacy Example Revisited:

13 13 Copyright © Brian Snow. The contents of this presentation are confidential and may not be distributed without Brian Snow’s permission. All rights reserved.  Conceptual errors are best solved early with applied brain-power during design time; “smarts”, not dollars or time, is most important.  Implementation errors are typically found in deployed products and can only be solved with time and money (usually lots of both). Fixing Errors:

14 14 Copyright © Brian Snow. The contents of this presentation are confidential and may not be distributed without Brian Snow’s permission. All rights reserved.  We COULD (not Necessarily WILL) feel pain (a major Cyber Security Breach with lasting National Impact) in as little as long weeks to short months. Prediction:

15 15 Copyright © Brian Snow. The contents of this presentation are confidential and may not be distributed without Brian Snow’s permission. All rights reserved.  Your Cyber Systems function and serve you NOT due to the  EXPERTISE of your Security Staff,  but due to the  SUFFERANCE of your opponents. Current State of Cyber Security:

16 16 Copyright © Brian Snow. The contents of this presentation are confidential and may not be distributed without Brian Snow’s permission. All rights reserved.  Given three years of preparation, $500M and 30 days to actually execute an attack,  an adversary can destabilize the U.S. and depress the economy with attacks on critical infrastructure,  thus reducing our ability to project military power, depleting our will to fight, and creating panic and distrust in the government. (paraphrased) Saydjari Congressional Testimony

17 17 Copyright © Brian Snow. The contents of this presentation are confidential and may not be distributed without Brian Snow’s permission. All rights reserved.  Primacy: Security Team needs to be involved at the beginning of a new system, and with all changes to it.  Robust Control: Sensitive systems require robust control, so that only authorized parties, operating with valid permissions, can control the systems, subject to full audit and review of their individual actions at need.  Mutual Suspicion: Use between peer processes, AND between subordinates and their controllers. Software can monitor hardware, and hardware can monitor software. Steps to Doing it RIGHT:

18 18 Copyright © Brian Snow. The contents of this presentation are confidential and may not be distributed without Brian Snow’s permission. All rights reserved.  Least Privilege: No entity should have more privileges than needed. Especially, no single person should be in complete control of all systems  Stark Sub-Setting: Install the minimum number of simplest components needed to do the job. Install nothing else.  Isolation Barriers: Hypervisors running on Microkernel OS’es reduce the attack surface and isolate components from each other. Steps to Doing it RIGHT:

19 19 Copyright © Brian Snow. The contents of this presentation are confidential and may not be distributed without Brian Snow’s permission. All rights reserved.  Partitions and Blinded Interfaces: Design the overall system, then partition; contract so that no single contractor knows enough to mount an attack.  De-link Complex Systems: Minimize 'tight coupling' of systems, i.e. reduce interdependency and reduce information flows. Steps to Doing it RIGHT:

20 20 Copyright © Brian Snow. The contents of this presentation are confidential and may not be distributed without Brian Snow’s permission. All rights reserved.  Are Software Code Sequences “Reasonable”?: Do A, B, C, D, E might be fine, wereas Do E, B, C, D, A could be a disaster  CAPI’s: Use high level “Cryptographic Application Programming Interfaces”. They reduce the attack surface. Steps to Doing it RIGHT:

21 21 Copyright © Brian Snow. The contents of this presentation are confidential and may not be distributed without Brian Snow’s permission. All rights reserved.  UNFETTERED Red Team efforts: Don’t cripple the effort -- Don’t constrain them; tell them what you know is weak, so they don’t duplicate that effort. But let them look; they will find OTHER things there you weren’t aware of.  Physical, Cyber, and Human Security: These technical systems interact; but they may be managed in separate organizations that do not interact, so the separate management organizations MUST insure that any system THREAT or SECURITY analysis they perform addresses the vulnerabilities that may arise when these system security components interact, or harm will ensue. Steps to Doing it RIGHT :

22 22 Copyright © Brian Snow. The contents of this presentation are confidential and may not be distributed without Brian Snow’s permission. All rights reserved.  Quantum Computing is a SEVERE threat to PKC Algorithms that support key portions of Internet Connectivity and Security. (http://www.merkle.com/)  We need 5 years to find and vet Quantum-Computing Resistant Algorithms and another years to fully deploy them world-wide.  Quantum Computers capable of mounting the attacks may well be available before the current algorithms can be replaced with resistant ones in time to be safe!  I think the odds now favor quantum computers, NOT the internet! Quantum Computing Threat:

23 23 Copyright © Brian Snow. The contents of this presentation are confidential and may not be distributed without Brian Snow’s permission. All rights reserved.  LEAN FORWARD! ANTICIPATE, PLAN AHEAD. It is not about expediency or being “First to market”; it is about being “Good enough to Market”!  Face it; the Internet is too important today for both citizens and corporations; whether you like it or not, it has become a de-facto “Utility”. Get over it. Utilities get regulated, either by adequate self-regulation, or the government will step in.  So far, it may still be your choice, but not for long. Changing our Toxic Environment: II

24 24 Copyright © Brian Snow. The contents of this presentation are confidential and may not be distributed without Brian Snow’s permission. All rights reserved.  “Compliance Regimes” may be necessary, but they cannot be sufficient.  By definition, they focus on past problems, not present or emerging problems.  You may not be able to predict the nature of the next attack, but you can provide defined data structures, points to monitor, and choke functions that allow you to detect that SOMETHING unusual is going on and permit real- time mitigating actions to limit damage, if not totally avoiding it.  It is simply no longer Credible to say, “Not My Problem”! Changing our Toxic Environment: III

25 25 Copyright © Brian Snow. The contents of this presentation are confidential and may not be distributed without Brian Snow’s permission. All rights reserved.  Let’s compare NSA support to Military in 1970’s – 1980’s With Commercial security Vendor’s support… (OVER SIMPLIFIED!)  COMMERCIAL Vendor: Want Message security? We have DES radios; OK? Good; done deal.  NSA: Want message security? You realize that if opponents cannot read it, they will jam it. Do you want Anti- jam as well? Good – But if they cannot jam you, they will direction find (DF) you, and send rockets… Would you like Low Probability of Detection (LPD) as well? Good… Changing our Toxic Environment: IV

26 26 Copyright © Brian Snow. The contents of this presentation are confidential and may not be distributed without Brian Snow’s permission. All rights reserved.  Brian D. Snow  40 years of experience in  Crypto/Cyber/Systems Security  Additional support material at:    Also see:  IEEE Security & Privacy, May/June 2005, pp  Communications of the ACM, Aug 2009 Vol 52 NO. 8, pp Good Resources:

27 27 Copyright © Brian Snow. The contents of this presentation are confidential and may not be distributed without Brian Snow’s permission. All rights reserved. Contact Information Brian D. Snow

28 28 Copyright © Brian Snow. The contents of this presentation are confidential and may not be distributed without Brian Snow’s permission. All rights reserved. Questions? Questions


Download ppt "Copyright © 2011-2012 Brian Snow. The contents of this presentation are confidential. All rights reserved. Cyber Security is a Mess: Is There a Way Out?"

Similar presentations


Ads by Google