An Introduction To: Cyber-Security

CCS
An Introduction to
Cyber-Security
Exploration of key concepts associated with the
evolving nature and practice of Information Security.
The Comprehensive Cyber Security (CCS) Practice and family of solutions
Presented by Stephen Lahanas
August 20, 2010
Copyright 2010 Semantech Inc., All Rights Reserved
Our Purpose
This presentation is designed to highlight both
sides of the Cyber Security story:
Side 1 (The Public View) The impact of
Cyber Security on society and the current
management of information systems.
Side 2 (The Provider View) The necessary
evolution of Security practices which are
emerging as a result of those impacts.
We also intend to help clarify concepts and issues
by examining or in some cases redefining key
terms
The First in a Series

This presentation is the first in a series of issue or
concept focused presentations on various aspects
of Cyber Security.
Future presentations will provide focus on
individual topics such as:
Security Architecture
Cyber Security Analytics
Exploits & Vulnerabilities
Cyber Security, Privacy & Net Neutrality
Cyber Security & the Cloud
Cyber Security & Data Protection
The Cyber Security Workforce
The Impact of Cyber

Security
Copyright 2010, All Rights Reserved
The Cultural Impact

Its Personal Cyber Security issues now impact
every individual who uses a computer. Its no
longer science fiction millions of people
worldwide are the victims of cyber-crimes.
Its Business Every business today is dependent
on information and vulnerable to one or more type
of Cyber attacks (even those w/o online sites).
Its War In fact it is already becoming the next
Cold War. Cyber operations are also becoming
increasing integrated into active conflicts.
The Official Impact

Nations are redefining how
they do business and
spending an ever-growing
amount of money on
security-related mitigation.
But is it working?
To date, it only seems as
though the problem is
getting worse and Cyber
adversaries have a cost
advantage that puts
defenders at a permanent
disadvantage.
The Solution Impact

Its Evolving But at a fairly slow pace compared
to the problem space. This disparity will only grow
wider as the pace of change continues to quicken.
Its Getting Complicated There is no longer any
realistic expectation of a single solution or even a
single family of solutions that can provide a
comprehensive approach to the problem space.
A Fresh Perspective Is whats needed. We can
either react to ever-growing complexity and
disruption by adding more layers of complication
ourselves or we can manage the patterns
Defining Cyber
Security
Technology & Modern Life

In 1990 one book tracking future trends failed to
include the following words in its index; Online,
Email, Internet, Hacking, Computer Virus
Within a few years those technologies and issues
have come to dominate modern society.
When we address Cyber Security were talking
about technology infrastructure, applications, data
and human interaction. These elements are no
longer limited to wired net, they now also
encompass all forms of converged IP-based
communications.
What is CyberSpace ?
1. Cyberspace is unique and ubiquitous; it is both its
own domain as well as a dimension within all other
(functional) domains.
2. Cyberspace is both the medium and the message
in many cases. Anything that might involve IP data
transfer or communications has a cyber
component.
3. Cyberspace represents a single point of failure for
the Federal Government. It provides asymmetrical
opponents the opportunity to disrupt and defeat a
vastly superior foe.
10
What is Cyber Warfare?

Cyber Warfare is by nature asymmetric, even when
conducted by traditional nation-state opponents.
Cyber Warfare is non-kinetic only in the most direct
sense, if we view Cyber Operations separate from
conventional operations. As soon as we consider that
conventional operations that rely on IT capability are
Cyber Operations then Cyber can become both Kinetic
and Non-Kinetic in nature.
Cyber Attacks can be real-time events or time-delayed
events. They can originate from anywhere or be triggered
from anywhere and originate from within our perimeters.
They occur in multi-dimension Cyberspace as well as in
conventional warfare frames of reference.
11
What is Cyber Security ?

Cyber Security is an all-encompassing domain of
information technology it comprises the entire set
of security-related technologies and issues.
Without a single perspective for security
management, the hundreds of related yet
technically distinct aspects of this problem space
could become unmanageable (and in fact many
would argue thats exactly what were facing right
now).
Problem Space = A related set of concepts or
issues united by shared challenges and interdependencies.
12
Security is Symbiotic
Cyber Security as a
concept represents a
radical departure from the
previous view of IT-related
security.
In the past, security was
often viewed as a
separate discipline or as
an afterthought. Cyber
Security acknowledges
that IT security must be
symbiotic from now on
13
Cyber is not Hype

Cyber Security has gotten a lot of attention and
some of it at times appears like other typical IT
solution hype cycles.
The attention being given to Cyber Security today
is often focused on trying to define the problem
and assess the true threat level.
There is no single solution or even a single set of
Cyber Security solutions being hyped what there
is a recognition that were falling behind the curve
and that a concerted effort is needed to manage
the problem. Thats different from hype cycles
14
What Cyber Security Isnt

Cyber Security isnt just the most obvious exploits or
hacks used to breach perimeter security. The number
of DDOS pings or breach attempts is meaningless if
the intent of the attacks is not understood.
Cyber Security isnt any one focused solution for a
particular security vulnerability or operational defense
architecture. It is both its own domain while
simultaneously being part of every other IT domain.
Cyber Security isnt something that will or even can go
away. As long as our infrastructure remains networked
and interdependent Cyber Security will remain critical.
15
Problem Space Taxonomy

For the purposes of this presentation we will examine
Cyber Security from five perspectives:
Threat Management This represents the ability to
characterize, respond to or prevent threats.
Information or Cyber Assurance The extension of
current security practices and principles into the Cyber
realm.
Infrastructure Management Both security architecture
and all other architectures.
Cyber Operations Active Defense and Offense.
Cyber Integration Putting it all together
16
Threat Management
17
What is Threat Management

Its Analytical Threats must be both defined and
identified and later recognized when they occur.
Its Operational Threat Management is an active
component of every security architecture already
anti-virus software and firewalls have massive data
stores of threat related information which they apply.
The sources and exploitation of Threat data continues
to grow constantly.
Its Part of a Larger Lifecycle Viewing threats outside
of either the attack lifecycle or the defense solution
lifecycle will provide an incomplete view.
Its both Strategic & Tactical And it must be linked
18
Understanding Cyber Threats
19
Cyber Threats are Patterns

Cyber Security shares a similar problem with the rest
of information technology information overload.
There is already too much information for operators to
analyze rapidly, thus the practice of Forensics involves
serious time delays in providing relevant information
and most of it isnt actionable.
The key to managing threats is understanding them
the key to understanding them is to find a way to map
them against specific behaviors or events. The
activities which help provide this definition and
mapping represents the core of Threat Management.
20
Information Assurance
21
Information Assurance Defined

Network and System Security capabilities when viewed
together map to the core tenants of Information Assurance:
Confidentiality - Confidential information must only be accessed, used,
copied, or disclosed by users who have been authorized,
Integrity - Integrity means data can not be created, changed, or deleted
without proper authorization.
Authenticity - Authenticity is necessary to ensure that the users or objects
(like documents) are genuine (they have not been forged or fabricated).
Availability - Availability means that the information, the computing systems
used to process the information, and the security controls used to protect
the information are all available and functioning correctly when the
information is needed.
Non-Repudiation - When one party of a transaction cannot deny having
received a transaction nor can the other party deny having sent a
transaction.
22
What is Cyber Assurance ?

Cyber Assurance includes one extremely important
differentiation from Information Assurance a focus
on the enterprise or multiple domains.
In other words, Cyber Assurance scales Information
Assurance to whatever scope is needed to provide
comprehensive security.
Information Assurance (IA) represents a set of
guidelines for managing security related activities
and systems. Originally it was developed in the
context of individual systems and smaller networks.
Adding Cyber scope extends but doesnt replace IA.
23
Mission Assurance
Security is not an end unto itself, it is a means to
ensure facilitation of other ends.
The mission/s of most enterprises or organizations
now depend entirely on the availability of
information technology. This is fairly well
understood what isnt as well understood is the
growing symbiosis of those missions and their
enabling technologies.
This symbiosis is most critical in the context of
security. Cyber Assurance by nature now
encompasses mission assurance.
24
Infrastructure
Management
25
The Data Center

The Data Center has evolved quite a bit over the
past 20 years. Data Centers have become more
centralized, more powerful and generally more
secure.
Currently, Data Centers are undergoing a
Virtualization Revolution which is allowing for better
utilization of existing resources.
Individuals and organizations which dont manage
their own Data Centers inevitably end up
depending on some elses.
26
The Network
Networks have evolved as well. Internet Protocol
or IP has allowed for convergence of many types
of networks:
The wired backbone (much of which now is fiber
optic).
The wired telephone backbone.
Various wireless telephony networks.
Satellite Networks.
Smaller, targeted wired and wireless networks
(some riding on the larger infrastructure, some
not).
Security must be considered at all points in every

network
27
Today & Tomorrow
Infrastructure will become

intelligent
28
Cyber Operations
29
What is Cyber Operations ?

In the past, the term Cyber-Operations if used at all
tended to refer to operations that exclusively
applied Cyber capabilities.
In the future, this is likely to change any
operations which require Cyber capabilities to fulfill
mission objectives could considered Cyber
Operations.
Why the emphasis on Cyber as opposed to
traditional ops? Because knowing that a once nonCyber op is now wholly reliant on Cyber
capabilities to carry it out changes the nature of the
operation as well as how we should manage it
30
Principle - Defensive Complexity

One of the most important principles associated
with Cyber Assurance is the recognition that it is
much easier to attack than to defend.
An attacker only needs to understand a portion of the
technical architecture to compromise it. The
Defenders must understand the entire infrastructure
to defend it as well as understanding the
organizations which manage them and
understanding the nature of both internal and
external attackers.
Becoming an expert in all aspects of IT and
Operational Security is quite simply overwhelming.
31
Cyber Ops & NETOPS

Much of the activity currently associated with the
concept of Cyber Security is referred to as
NETOPS or Network Operations.
As the name implies, NETOPS involves network
security but also encompasses aspects of IA,
system level security and infrastructure
management.
The current weakness associated with NETOPS is
its focus on perimeter security in limited contexts.
Cyber Operations in contrast encompasses all
elements in fielded solutions as well as the entire
solution lifecycle.
32
Cyber Integration
33
Cyber Integration in Context
34
What is Cyber Integration ?

Cyber Integration supports both solution
development and solution operations.
Cyber Integration centers around the ability to pass
data from one solution element to another as well
as the ability to synchronize related processes.
Cyber Integration is a relatively new discipline in
that it directly responds to the recent mandate that
Cyber Security solutions support both enterprise
and multiple domain level scale.
Cyber Integration is where the majority of new &
intelligent security capabilities will arise from
35
Cyber Semantics
We must redefine how we

manage complexity
36
Conclusion
Any intelligent device that can pass data to one or
more other devices (either through a network or
not) is encompassed within the scope of Cyber
Security that includes pretty much the entire
foundation of modern society.
Not viewing security from this scope is the single
biggest risk associated with Cyber Terrorism, Cyber
Crime or Cyber Warfare.
In our following presentations, we will drill down to
more specific issues and examples that will help
illustrate what direction the practice of Cyber
Security must proceed to match the growing threat.
37
CCS Practice Contact Information
CCS Integration
Partners
For more information, visit http://www.cyber-ccs.com
or contact:
Stephen Lahanas
Steve.Lahanas@semantech-inc.com
38

An Introduction To: Cyber-Security

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

An Introduction To: Cyber-Security

Uploaded by

Copyright:

Available Formats

CCS

The First in a Series

The Impact of Cyber

Copyright 2010, All Rights Reserved

The Cultural Impact

The Official Impact

The Solution Impact

Copyright 2010 Semantech Inc., All Rights Reserved

Technology & Modern Life

What is Cyber Warfare?

What is Cyber Security ?

Cyber is not Hype

What Cyber Security Isnt

Problem Space Taxonomy

Copyright 2010, All Rights Reserved

What is Threat Management

Understanding Cyber Threats

Copyright 2010 Semantech Inc., All Rights Reserved

Cyber Threats are Patterns

Copyright 2010, All Rights Reserved

Information Assurance Defined

What is Cyber Assurance ?

Copyright 2010 Semantech Inc., All Rights Reserved

The Data Center

Security must be considered at all points in every

Today & Tomorrow

Infrastructure will become

Copyright 2010 Semantech Inc., All Rights Reserved

What is Cyber Operations ?

Principle - Defensive Complexity

Cyber Ops & NETOPS

Copyright 2010 Semantech Inc., All Rights Reserved

Cyber Integration in Context

Copyright 2010 Semantech Inc., All Rights Reserved

What is Cyber Integration ?

We must redefine how we

Copyright 2010 Semantech Inc., All Rights Reserved

CCS Practice Contact Information

Copyright 2010 Semantech Inc., All Rights Reserved

You might also like