Presentation on theme: "NOT FOR UNAUTHORISED DISTRIBUTION 1 CYBER THREAT: 2015 and beyond – the age of stealth terror and crime."— Presentation transcript:
NOT FOR UNAUTHORISED DISTRIBUTION 1 CYBER THREAT: 2015 and beyond – the age of stealth terror and crime. Alt3 understanding future risks and opportunities
NOT FOR UNAUTHORISED DISTRIBUTION : I gave a speech outlining the scale and scope of cyber threat – and how much this will impact the world as we know it... and the world as we don’t know it. Predicted that 2015 and following will be an age of increasing cyber warfare and the rise of true cyber terrorism. I already knew my s were routinely viewed by outside agencies. But then all my counter-terrorism material vanished from my laptop. I knew I had someone’s attention. TIMELINE:
NOT FOR UNAUTHORISED DISTRIBUTION 3 Increasing online activity and the increasing sophistication of intrusion techniques mean that 2015 will be a year of: increased intrusion by rogue states and states with an aggressive foreign policy specifically to cause widespread economic and physical damage to other states the hacking of commercial organisations to steal sensitive data the increased use of social media for terrorist propaganda the hacking of individuals by minor criminals to gain access to bank accounts the increased use of the “dark web” by insidious criminals such as drug dealers and paedophiles COUNTRIES NEED TO BE BETTER AT EXPLAINING THE NEED FOR SURVEILLANCE ORGANISATIONS NEED TO BE BETTER AT PROTECTING THEIR DATA
NOT FOR UNAUTHORISED DISTRIBUTION 4 CYBER WARFARE This is the 21 st century. You don’t have to defeat an army on the battlefield to win the war. 2013: cyber warfare considered a greater threat to US interests than AQ 2014: increasing intrusion at a national security level. “Hackers” threaten to close down nuclear power plants in South Korea. Following investigations, this became widely viewed as an act of cyber warfare with a political purpose by a nearby state.
NOT FOR UNAUTHORISED DISTRIBUTION 5 Making sure everyone has the same understanding: Definition of war (20 th century): “shock and awe” – large armies, zooming planes, lots of munitions, long distance PR based on front line news comments from the boots on the ground. High risk. High cost. Lots of death. Anti-war demonstrations. Election issue. War-weariness. Definition of war (21 st century): Silence. You don’t know it’s happening. People continue on their daily lives while beneath the surface the war rages … with cyber vulnerabilities exposed and people believing they are safe. Ignorance is bliss.
NOT FOR UNAUTHORISED DISTRIBUTION 6 Making sure everyone has the same understanding: CYBER WARFARE: Instead of the high risk / high cost / high opposition dismantling an entire country through traditional warfare, cyber warfare can essentially close down that country at the press of a button … … or at least inflict serious economic damage. But … the trouble is … anyone with a grudge can potentially do this. And the world is full of very intelligent people.
NOT FOR UNAUTHORISED DISTRIBUTION 7 Hidden Reality: Welcome to the turbulent 21 st century. The war is already raging … and many people are blissfully unaware. Hacking became known in the 1960’s It became prevalent in the 1980’s It became industrialised in the 2000’s It broke the surface into public knowledge in 2010 with Stuxnet 2010,US Pentagon sets up U.S. Cyber Command 2013 – 2014 the rise of internet comms as a means of stealth command and control / propaganda, increasing the pressure for surveillance and overall control Estimated cost to produce and distribute Stuxnet: $380K Cost of a Tomahawk Cruise missile (2011): $1.41M Traditional 20 th century armies, cost: $billions
NOT FOR UNAUTHORISED DISTRIBUTION 8 Hidden Reality. IF you had to fight a war what would you do? If you don't understand the risks, how can you prepare? Can you afford to let the issues be blurred? Stealth Vs “shock and awe” – what would you go for? Low cost efficiency Vs high cost / high risk – what would you go for? This is the 21 st century. “You don’t have to defeat an army on the battlefield to win the war” For the past 5 years cyber warfare has been raging. Most people don’t even know it.
NOT FOR UNAUTHORISED DISTRIBUTION 9 Hidden Reality: Cyber Warfare is: a “game” of cat and mouse something all the major powers are engaged in initially around IP theft and defensive security now major multinational vulnerability and threat assessment and when found out … becomes a “blame game” includes the balance between the freedom of the net and control of information in the face of social media mass movements and / or terrorist propaganda The world is changing. The pace of change is increasing. The more we live our lives on line, the greater the automation, the greater the “footprints in the sand” – and the greater the vulnerability.
NOT FOR UNAUTHORISED DISTRIBUTION 10 Cyber Warfare Vulnerabilities: Critical Infrastructure – any core system an advanced country requires to maintain its daily operations: transport health financial energy water government - not a move away from high tech IP theft or financial crime but an evolution into national security.
NOT FOR UNAUTHORISED DISTRIBUTION 11 In todays fragile economic climate … what if … … one of these critical service sectors was to be suddenly unavailable? There would be: chaos a momentum of chaos an attempted sudden imposition of “control” from the centre devaluation potential social disintegration Welcome to the turbulent 21 st century. You don’t have to defeat an army on the battlefield to win the war.
NOT FOR UNAUTHORISED DISTRIBUTION 12 In todays fragile economic climate … in the next 2-3 years … Cyber Warfare will become the number ONE priority for national security. (closely followed by terrorism and then rogue, extremist states – all of which are linked) And within this timeframe there will be at least one major global / regional intrusion episode with a severe damage probability. Do not make the mistake of thinking bad things just happen to other people.
NOT FOR UNAUTHORISED DISTRIBUTION 13 So, who’s doing this? Major global / international powers o aggressive foreign policy o stealth warfare o seeking to steal IP and gain commercial benefit o even as a means of defence Extremist states Other countries Extremist and anarchist groups including terrorists Industrial espionage hackers Mischief makers … and we are The war is raging. It is gathering pace.
NOT FOR UNAUTHORISED DISTRIBUTION 14 Evidence? Full Scale and Massive Intrusion. The open secret: large scale IP theft that can not take place without national knowledge – originally to steal commercial secrets, now mainly to steal the technology secrets that are at the core of modern defence systems the constant probing of defences by potentially hostile powers – most developed countries now have a budget for cyber defence and often for cyber offence Dates for some major national level cyber attacks: Baltic States – 2007 Georgia – 2008 Ukraine – 2014 South Korea
NOT FOR UNAUTHORISED DISTRIBUTION 15 The point is … it exists it is a fact of life it is more prevalent than most people realise it is set to become even more prevalent no one is immune to the potential consequences of cyber war In a highly competitive world when there is conflict or the risk of conflict (therefore the need to defend) countries want that low cost / low risk option.
NOT FOR UNAUTHORISED DISTRIBUTION 16 The targets of Cyber war – FACTS: 1. The world is becoming more “automated” – faster, more global, more communicative. 2. every time you make a phone call, every time you engage in a transaction, every time you visit a web page, every comment you make on line … you leave a footprint. This is “high availability” data. 3. every time an organisation electronically touches the outside world for any reason … they create their own footprint. Crucially, they do so through gateways. 4. If not guarded properly these on line gateways are in fact open doors. 5. Cyber warfare and a large proportion of cyber crime focuses on finding a route through these open doors or poorly guarded gateways. 6. This is “vulnerability”.
NOT FOR UNAUTHORISED DISTRIBUTION 17 What do we need to do? Understand the nature of vulnerability: what are the national vulnerabilities? do bad things really just happen to someone else? what are the common international vulnerabilities? from where are the common threats? what is the common ground? Build alliances. it’s not “us against the world”. There IS a shared threat and a common ground. The world is changing. The pace of change is increasing. Reach out. You will be surprised at who our friends are with whom we share a common goal.
NOT FOR UNAUTHORISED DISTRIBUTION 18 The Greatest Threat? Nationalism? The belief it’s us against the world and no one else can be trusted. FACT: there are many of us who share the same threat there are many of us who share the same vulnerabilities shared defence creates greater security this means mutual respect, benefits AND privacy no one member is greater than any of the others This is our only viable future.
NOT FOR UNAUTHORISED DISTRIBUTION onward: Countries need to work together to form a common shield against: rogue and aggressive states currently engaged in cyber warfare the use of social media as a terrorist propaganda tool Police organisations need to work closely together to prevent: organised crime / cyber criminals paedophiles Business organisations need to be more aware of: the changing nature of the threat against them their vulnerability
NOT FOR UNAUTHORISED DISTRIBUTION 20 Thank you. If you don't understand the risks, how can you prepare? Can you afford to let the issues be blurred?