Академический Документы
Профессиональный Документы
Культура Документы
Dr Paul Twomey
8 September 2010
• Three layers
4. Technology Integration
Degree of Data Digitization
3. Transactional systems
2. Storing Information
1.Messaging
Spectrum of Risk
And our physical infrastructure has become
intertwined and reliant on our cyber infrastructure
• Estimated $1 Trillion of intellectual property stolen each year (Gartner & McAfee, Jan 20
09)
• Cybercrime up 53% in 2008 (McAfee)
• Topped $20 Billion at financial institutions
• Reported cyber attacks on U.S. government computer networks climbed 40% in 2008
• Sensitive records of 45,000 FAA workers breached (Feb 09)
• Chinese stole design secrets of all U.S. nuclear weapons (Michelle Van Cleave)
• U.S. nuclear weapons lab is missing 69 computers (Feb 09)
• Cost to repair average 2008 data breach = $6.6 Million
Source: Report of the CSIS Commission on Cybersecurity for the 44th Presidency
Direct Cost: e.g. engaging forensic experts, outsourced hotline support, free credit
monitoring subscriptions, and discounts for future products and services.
Indirect Costs: e.g. in-house investigations and communication, and the value of customer
loss resulting from churn or diminished acquisition rates.
Property of Argo Pacific Pty Ltd
Source: The Ponemon Institute 15
The biggest cost growth is the churn of customers
affected or influenced by the breach
Component of Cost of data breach on a per victim basis
US$
• Over the past four years lost business costs, created by abnormal churn or turnover of
customers, grew by more than $64 on a per victim basis, or a 38% overall percentage
increase.
• Organizations in highly trusted industries such as banking, pharmaceuticals and
healthcare are more likely to experience high abnormal churn rates following a data
breach compared to retailers and companies with less direct consumer contact.
Potential for data corruption • Impact operations or customers through data Future
Sophisticated command
Widespread attacks using NNTP to distribute attack and control
2008
Widespread attacks on DNS infrastructure
Attack sophistication
Distributed attack tools
Hijacking sessions
Increase in wide-scale
Trojan horse distribution
Internet social Widespread
engineering attacks denial-of-service
attacks Windows-based
1990 remote controllable
Techniques to analyze
code for vulnerabilities Trojans (Back Orifice)
Automated probes/scans
Packet spoofing without source code
Source: SE/CERT CC
• It's very personal. The attacking party carefully selects targets based on political,
commercial and security interests. Social engineering is often employed.
• It's persistent. If the target shows resistance, the attacker will not leave, but rather
change strategy and deploy a new type of attack against the same target.
• Control focused. APTs are focused on gaining control of crucial infrastructure, such as
power grids and communication systems. APTs also target data comprised of intellectual
property and sensitive national security information.
• It's automated, but on a small scale. Automation is used to enhance the power of an
attack against a single target, not to launch broader multi-target attacks.
• It's one layer. One party owns and controls all hacking roles and responsibilities.
Source: Presentation to Africa Asia Forum on Network Research & Engineering workshop, Dakar, Senegal, 23 November 2009
• 128 unique DDOS attacks (115 ICMP floods, 4 TCP SYN floods and
9 generic traffic floods).
Source: Presentation to Africa Asia Forum on Network Research & Engineering workshop, Dakar, Senegal, 23 November 2009
Routers damaged.
Source: Presentation to Africa Asia Forum on Network Research & Engineering workshop, Dakar, Senegal, 23 November 2009
Source: Presentation to Africa Asia Forum on Network Research & Engineering workshop, Dakar, Senegal, 23 November 2009
• Closing down the sites under attacked to foreign internet addresses and
keep the sites only accessible to domestic users.
• Implemented an online "diversion" strategy that made attackers hack sites that
had already been destroyed.
• Implemented advanced filters to the traffic, then Cisco Guard was installed
to lower malicious traffic.
Source: Presentation to Africa Asia Forum on Network Research & Engineering workshop, Dakar, Senegal, 23 November 2009
• CERT persuaded ISPs around the world to blacklist attacking computers which
overwhelm Estonia’s bandwidth.
• Germany, Slovakia, Latvia, Lithuania, Italy and Spain supported and funded
CERT the hub in the Estonian capital Tallinn to protect the security.
• The president gave up his own website and let them continue to attack it so
that they would not be able to destroying more critical things.
Source: Presentation to Africa Asia Forum on Network Research & Engineering workshop, Dakar, Senegal, 23 November 2009
• The Estonian CERT analyze server logs and data to find out who is
behind the attacks.
• NATO assisted Estonia in combating the cyber attacks and has voted to
work with member governments to improve cyber security.
• NATO's new cyber-warfare center will be based in Tallinn.
• Estonia called in July 2008 for an international convention on combating
computer-based attacks.
Source: Presentation to Africa Asia Forum on Network Research & Engineering workshop, Dakar, Senegal, 23 November 2009
Israel Iran
Palestinian National Myanmar (Burma)
Authority (Hamas)
U.S. Turkey
Pakistan Germany
Zimbabwe Australia
Definition: Non-state actors who are engaged by States to perform one or more
types of cyber operations.
Russian Federation
Peoples Republic of China
Turkey
Iran
United States
Myanmar
Israel
Definition: Non-state actors who engage in cyber crime and/or patriotic hacking
(aka hacktivists)
Like the online strikes against Georgia, the origins of the 2007 cyber
attacks on Estonia remain hazy. Everybody suspects the Russian
government was somehow behind the assaults; no one has been able
to prove it. At least so far. A pro-Kremlin youth group has taken
responsibility for the network attacks. And that group has a track record
of conducting operations on Moscow’s behalf.
Nashi ("Ours") is the "largest of a handful of youth movements created
by Mr. Putin’s Kremlin to fight for the hearts and minds of Russia’s
young people in schools, on the airwaves and, if necessary, on the
streets," according to the New York Times.
Yesterday, one of the group’s "commissars," Konstantin Goloskokov
(pictured), told the Financial Times that he and some associates had
launched the strikes. "I wouldn’t have called it a cyber attack; it was
cyber defense," he said. "We taught the Estonian regime the lesson that
if they act illegally, we will respond in an adequate way." He made
similar claims, in 2007.
If true, it would be only one in a long string of propaganda drives the
group has waged in support of the Kremlin. Not only has Nashi waged
intimidation campaigns against the British and Estonian ambassadors to
Moscow, and staged big pro-Putin protests. Not only has been it been
accused of launching denial-of-service attacks against unfriendly
newspapers. Last month, Nashi activist Anna Bukovskaya
acknowledged that the group was paid by Moscow to spy on other
youth movements. The project, for which she was paid about $1100 per
month, included obtaining "videos and photos to compromise the
opposition, data from their computers; and, as a separate track, the
dispatch of provocateurs," she told a Russian television channel.
Property of Argo Pacific Pty Ltd 35
The proliferation of capability into the hacker/criminal
world has enabled a blurring of actors and motivations
– a major challenge for any future international regime
for controlling national state cyber competition
Cyber
Warfare
Cyber Cyber
Espionage Crime
• Government ran government networks. The government ran military networks. The
government owned Telecom Australia and OTC.
• To expect DSD and/or ASIO to play the primary protection role was quite valid.
• Every business is connected to the Internet. Every business’s network is part of the
internet.
• The capacity to interact with each other is a key part of their risk environment. Telcos,
businesses, universities, and households are all connected in different ways.
• If there were negligence causing damage, who would be liable? In the 1970s, 80s and
even the early 1990s you could make a case that somehow or other the government
would end up being the defendant. Today it would be the companies.
• The big change for boards in Australia is that if somebody wants to bring a negligence
action for something that went bad on the network they are more likely to to be liable.
• Operations
• Reputation
• Financial performance