CYBER SECURITY STANDARDS AND POLICIES

CSA 581

WEEK 5
1
 TODAY WE WILL TALK ABOUT:

Countermeasures and Challenges

2
 Importance

New threats
New tools and services to protect
New organization to manage
Better results under worse conditions

3
 Security technology innovations, cyber attacks continued to
be successful. Emails that look like normal communication
from financial institutions contained links to malicious look-
alike sites that either
trick users into typing their passwords into the malicious
sites.

4
 Countermeasures and Challenges

Cyber criminals attacked the methods used to direct

users to Internet addresses and change the addresses
to those of look-alike sites. These attacks were
called phishing and pharming.

5
 One type of malware logs user keystrokes and
send user names and passwords to criminal data
collection websites. Antivirus and intrusion detection
vendors still create signatures for the latest spyware
and malware, and SOC staff develop routine
procedures to eradicate the software once it is
identified.
6
 The network intrusion detection technology vendors
offer the SOC staff a feature that
would sever the network connection of any user
who was downloading malware, but to accomplish
it, they had to replace all of their intrusion detection
system with intrusion prevention systems.

7
 The mid-2000s also saw a dramatic increase in
organized crime on the Internet, and identity theft was
rampant.
incidents of lost laptops and backup
tapes that contained large quantities of the type of PII
used to commit identity theft.

8
 This raised awareness of the habits of remote users, who
frequently kept such data on the laptops that they took
with them on travel and also used removable media such
as USB devices to carry data with them between home
and work.

9
 While some of the technologies had been
configured with the threat of device theft or loss in
mind (e.g., smart phones containing software and
data programmed to destroy all data if a user enters
too many inaccurate passwords), many had never
even been the
subject of security review.

10
 Understanding the risk

It is hard to purchase laptops without these USB ports

and DVD writers. Security software to control them can
be very intrusive, expensive, and hard to monitor. So it
is not uncommon to see security staff adopt tactical
measures such as applying crazy glue to USB ports
and removing DVD writers from laptops before they are
delivered to users.

11
 Theft of storage devices extended even into the data
center. So many devices were being encrypted, it
became difficult for administrators to keep up with
procedures to safeguard encryption keys.

12
 Security vendors stepped in with automated
key storage and retrieval systems. Often keys
are stored on special hardware chips physically
protected in isolated locations and accessible
only by the equipment used to control access
to the devices.

13
 There has been no evolution in email security since the
Morris Worm, only patches for known vulnerabilities. Even
today, the protocols by which servers communicate and share
information are not encrypted without very specialized
agreements on both sides of the communication.
Email is easy to observe with network equipment and is
routinely routed via multiple Internet service providers
before landing at its destination.

14
 Although there have been some attempts to identify
authorized email servers via certificate like keys, they are
often ignored for fear of blocking legitimate email users by
accident. Email security vendors created software to assist in
the analysis of email content, and many companies who
suspected that confidential
data such as PII was being sent via email for work-at-home
purposes thereby found that many of their business processes
routinely emailed such data to customer or service providers.

15
 They may also use free software (“freeware”) for which no
source code is available. Much of this code has known
security bugs and flaws. These have been dubbed software
security “mistakes” by security software consultants and
vendors. Like the lists of viruses and software
vulnerabilities, software security mistakes have been
cataloged as part of the National Vulnerability Database
project.

16
 Cyber security vendors have created security source
code analysis software to be incorporated into
source code control systems so these bugs can be
found before software is deployed. These work
using static software analysis, which reads code as
written, or dynamic software analysis, which reads
code as it is being executed.

17
18
 Challenges

Though the terminology has morphed over the

last half century from computer security to
information security to cyber security, the basic
concept has remained unchanged. Cyber security
policy is concerned with stakeholders in cyberspace.

19
 Challenges

In a world where computers control financial

stability, health-care systems, power grids, and
weapons systems, the importance of informed cyber
security policy has never before been more
significant, and is only likely to increase in
significance over the next several decades, if not
longer.

20
 Today’s hacker activities

21
 Correct cyber security can keep out the joyriders.
In many domains, joyriders are not even perceived as
an issue anymore, as the more dangerous threats
come from hardened criminals and espionage agents.

22
 New paradigms of thinking about cyber security
protection are needed to face these challenges.

Standards are been proposed as the subject of

legislation, and this is just one of numerous reasons
why the history of cyber security presents policy
issues.

23
 Smart Grid

24
 Smart grid

Smart grid network is the necessary communication

platform for monitoring and controlling the grid
operation.

25
26
 Thanks for your attention

27