U.S. NATIONAL CYBERSECURITY BY: SEIF ABOU NAR

WHY ARE WE TALKING ABOUT CYBERSECURITY? Attacks received the attention of president Clinton and Attorney General Janet Reno. “A 15-year-old kid could launch these attacks, it doesn’t take a great deal of sophistication to do” – Ron Dick, Director NIPC, February 9 U.S. Federal Bureau of Investigation (FBI) officials have estimated the attacks caused $1.7 billion in damage

January 2003 Infects 90% of vulnerable computers within 10 minutes Effect of the Worm - Interference with elections - Cancelled airline flights emergency systems affected in Seattle - 13,000 Bank of America ATMs failed No malicious payload! Estimated ~$1 Billion in productivity loss Continue…

Wireless Tower on Top of Trade Center Destroyed AT&T has record call volumes “Flash” usage severely limits availability Rescue efforts hampered Continue…

The Internet is highly, globally connected Viruses/worms are legion on the Internet and continue to scan for vulnerable hosts Hackers scan looking for easy targets to attack Continue…

WHAT ’ S REALLY GOING ON HERE?

We are increasingly dependent on the Internet: Directly Communication ( , IM, VoIP) Commerce (business, banking, e-commerce, etc) Control systems (public utilities, etc) Information and entertainment Sensitive data stored on the Internet Indirectly Biz, Edu, Gov have permanently replaced physical/manual processes with Internet-based processes

SECURITY NOT A PRIORITY Other design priorities often trump security: Cost Speed Convenience Open Architecture Backwards Compatibility

THE CHALLENGE A solution to this problem will require both the right technology and the right public policy. This is the cybersecurity challenge.

WHAT IS “ CYBERSECURITY? ” According to the U.S. Dept of Commerce: The protection of information against unauthorized disclosure, transfer, modification, or destruction, whether accidental or intentional.

ADDITIONAL INFORMATION Corporate cybersecurity = availability, integrity and secrecy of information systems and networks in the face of attacks, accidents and failures with the goal of protecting a corporation’s operations and assets. National cybersecurity = availability, integrity and secrecy of the information systems and networks in the face of attacks, accidents and failures with the goal of protecting a nation’s operations and assets.

CYBERSECURITY AS A DISCIPLINE How to achieve cybersecurity “success”? How to overcome the cybersecurity problem? Must understand four factors that play into the cybersecurity equation: Technology Economics (of stakeholders and incentives) Social Influences (e.g. Big Brother fears) Public Policy

AUSTRALIAN CYBER SECURITY CENTRE THREAT REPORT 2015 The cyber threat to Australian organisations is undeniable, unrelenting and continues to grow. If an organisation is connected to the internet, it is vulnerable. The incidents in the public eye are just the tip of the iceberg.

AUSTRALIA CYBER SECURITY  Australia must be vigilant and proactive in its approach to cyber security, investing resources to meet the challenges of a complex cyber environment.  Compromise is expensive. It can include financial losses, damage to reputation, loss of intellectual property and disruption to business. Australia cannot afford this.  To combat the threats detailed in this report and reduce the risk of compromise, organisations must move now to implement cyber security measures to make Australia a harder target, increase the confidence of Australians when they are online, and maximise the benefits of the internet for Australian organisations.

PREDICTIONS  The number of state and cyber criminals with capability will increase.  Due to the limited number of quality software developers, cybercrime-as-a-service is likely to increase, reducing the barriers for entry for cybercriminals.  The sophistication of the current cyber adversaries will increase, making detection and response more difficult.  Spear phishing will continue to be popular with adversaries, and the use of watering-hole techniques will increase.  Ransomware will continue to be prominent.  There will be an increase in the number of cyber adversaries with a destructive capability and, possibly, the number of incidents with a destructive element.  There will be an increase in electronic graffiti, such as web defacements and social media hijacking, which is designed to grab a headline.

CONCLUSION Cyber security efforts should aim to make Australia a harder target and thereby increase the trust and confidence of all Australians to engage in the benefits the internet brings. Effective cyber security requires a partnership between government and the private sector, with organisations and their users taking greater responsibility for the security of their networks and information.