Cyber(space) Incidents 1 IS TV4 attack TV5Monde went black - PowerPoint PPT Presentation

• • •

•

•

Cyber(space) Incidents 1 IS TV4 attack ‘TV5Monde went black’ (2015) Heartbleed: Wikileaks Revelations ‘worst vulnerability ever’ ‘ secret hacking tools: IoT ’ (2014; in open SSL) (democratic control?, 2017) Great Bank Robbery (Carbanak) ‘ biggest ever cybercrime’ (1 billion dollars, 2015, global)

Cyber(space) Incidents 2 Wanna Cry (2017) : within a day 230.000 Microsoft computers were infected in 150 countries (ransom to be paid in bitcoin crypto currency ; exploit was discovered by NSA and used for cyber weapons; Microsoft also discovered it; released a patch: was often not implemented  wide spread of the worm) Petya (2016/17) container terminal of APM (Maersk) in port of Rotterdam stopped to function, among others (worldwide impact!!!!) WannyCry: Initially affected countries

•

• • •

•

• –  –  13

Vision: Cyberspace = 5th domain • Cyberspace is a complex , manmade system at global scale, deeply embedded in the four physical domains of land, water, air and space • Characteristics: high speed global connectivity (  individual organizations) – – huge distributed data processing power (including millions of intelligent systems taking autonomously decisions  passive information) huge data storage capabilities: we now talk about big & open data – – with almost 3 billion human actors in different roles worldwide – with > 14 billion (intelligent) devices and systems connected • Key assets: cyber activities = IT-enabled 6 activities (!)

Cyber activities of all kind… Basic cyber activities (= IT-enabled activities ) • Communication: sms, email, chat, whatsapp, skype, voip, twittering , … • Information retrieval: news, wheather forcast , public transportation, crises, … • Watching: movies, sporting events, television, youtube , … • Listening: radio, music, spotify , … More advanced cyber activities ‘ Searching ’: google searching, wikipedia , route planning, translating, … • • (Automatic) transacting: e-shopping, e-trading, e-payments, e-procurement, holiday planning, tax returns, e-marketplaces, e-voting, crowd sourcing/funding , … • Social gathering: Facebook, LinkedIn, e-dating, 2 nd love, sexting, gambling , … 15 15 Rating & Ranking: top web-sites, universities , hotels, services, … •

Cyber activities of all kind, cont’d . More advanced cyber activities, cont. • Educating: MOOCs, e-learning, e- coaching … • Monitoring and surveillance activities : sensoring, detecting, using drones, … • Controling critical infrastructures: energy & water supply, transport, chemical processing, flood defence , … • Cyber protesting: activism including fundraising, community building, lobbying, organizing Less favourable cyber activities • Cyber crime (dark markets) : financial fraud, theft, hacking, child pornography, e- espionage, cyber bullying, sale of drugs/guns /…, illegal downloads, … • Cyber warfare: intelligence, defense, attack ~ Cyber Operations: NSA, drones, hacking, attacking, cracking, information warfare … Note : cyber activities provide semantics to data processing (!!!) 16 16

Decomposing cyberspace in layers Technical layer: IT services ~ information security ~ • CIA(A) Socio-tech layer: • cyber activities ~ cyber security ~ personal/business/societal goals Governance layer: • governance & management ~ rules & regulations (for other layers) ~ cyber risk appetite, ethics & compliance - Cyber sub-domains: examples in figure! 17 17

Cyber security struggling As end-user •  How to protect my PC? How to educate (my) children?  As (board) member of a company •  Which specialists, how to organize them? Should we start a SOC?  • As decision maker about critical infrastructures  How far can we develop the smart grid?  What about the cyber security of automated car control?  Is distant-control for gas supply/flood defense acceptable?

Cyber security struggling, cont’d • As crisis manager What to do? Who should I contact?  Which information to make public?  • As police officer What happens in the dark web?  Which tools to use for catching the unknown  attacker/criminal? • As politician  Which rules & regulations to put in place?  Which institutions, which responsibilities?

Risk mgt: 1. Risk assessment of cyber activity breaches 2. Reduction of cyber risks to ‘ acceptable levels’ “bowtie diagram” 21 21

3. Taking a set of adequate security measures Balancing preventive and repressive measures in different layers Technical layer: …  Socio-tech layer:   Governance layer: aligned over all cyber sub-domains • … … • together securing cyberspace = securing the cyber activities of all actors 22 22

Conditio-sine-qua-non for adequate risk management  Creating Cyber Situational Awareness in  socio-technical layer (cyber activities by people & intelligent systems)  technical layer (in terms of IT-processes and -communication)  Includes  attackers  cyber crime (dark web)  in short: cyber attacks Creates   privacy-security dilemma

Conclusions  Cyberspace = space of cyber activities = IT-enabled activities  Cyber security (= Securing Cyberspace ) is a societal problem having technical/legal/economical/institutional/international relations/ethical , … perspectives  Goal of cyber security: reducing cyber risks to acceptable levels  It starts with identification of all relevant cyber risks  Level of cyber risks determines what measures are appropriate  Everyone can and has to contribute 24 24

• • •

• • • •

• • • •

• •

• • • • • • •

• • • • • • •

• •

• • •

• • • – – • •

• • – –

•