Welcome This webcast is part of ACM ’s commitment to lifelong learning. • To control volume, please adjust the master volume on your computer . • The slides will advance automatically throughout the event. • You may enlarge the slides using the button in the top right corner of the screen or by dragging the corner of the slide window. • You may submit questions at any time by typing your question into the Q&A box and clicking the submit button. You do not need to wait until the end of the presentation to begin submitting questions. • The session is being recorded and will be archived . • Troubleshooting Windows Press F5 key @ACMeducation M ac Command + R #cybersecurity Refresh your browser / Relaunch the presentation Click the “Help” widget below the slide window. ACM Learning Webinar with Herb Lin 1 June 25, 2014
Today’s Speakers J eremy Epstein Herb Lin Moderator Chief Scientist, Computer Science and Telecommunications Board, Lead Program Officer, National Science National Research Council Foundation Secure and Trustworthy Cyberspace program; ACM Senior Member ACM Learning Webinar with Herb Lin 2 June 25, 2014
At the Nexus of Cybersecurity and Public Policy Six Key Issues Herb Lin National Research Council ACM Learning Webinar with Herb Lin 3 June 25, 2014
2014 National Research Council Report Editors David Clark Tom Berson Herb Lin www.nap.edu Online, May 5, 2014 Printed ($), J une 18, 2014 ACM Learning Webinar with Herb Lin 4 June 25, 2014
About the Report • Builds on earlier work by the Computer Science and Telecommunications Board (CSTB) of the National Research Council of the National Academies • Describes fundamental concepts and principles of cybersecurity • Discusses a range of public policy issues • Explains technical details in an easy-to-understand manner for non-technical audiences • Includes input from cybersecurity experts from government, industry, organizations, and academia ACM Learning Webinar with Herb Lin 5 June 25, 2014
What are we talking about today? A. Why should we care about cybersecurity? What is cybersecurity? What is its significance for public policy? B. Understanding the threats, vulnerabilities, and risks What types of cyber threats and vulnerabilities exist? What does it mean to be an adversary in cyberspace? C. What policy approaches will help improve security? Is public policy needed to address market failure? What are the major tensions between cybersecurity and other important public policies? How do U.S. public policies relate to international issues? D. What you should know about the 6 KEY FINDINGS from the report! ACM Learning Webinar with Herb Lin 6 June 25, 2014
Why should we care about cybersecurity? Some important What is What is questions at the cyberspace ? cybersecurity? nexus ACM Learning Webinar with Herb Lin 7 June 25, 2014
Why should we care about cybersecurity? What is Some important What is cyberspace ? cybersecurity? questions at the nexus • Artifacts based on or dependent on computer and Technologies communications technology • Information - data and programs - Cyber-Physical Internet that these artifacts Systems use, store, handle, or process • The various ways cyber elements are connected . Internet of Things ACM Learning Webinar with Herb Lin 8 June 25, 2014
Why should we care about cybersecurity? What is Some important What is cyberspace ? cybersecurity? questions at the nexus The prevention • Artifacts based on and/or reduction of or dependent on the negative impact of computer and events in cyberspace communications that can happen as the technology result of DELIBERATE • Information - data ACTIONS against and programs - that information technology these artifacts use, by a hostile or store, handle , or malevolent actor. process • The various ways cyber elements are connected . ACM Learning Webinar with Herb Lin 9 June 25, 2014
Why should we care about cybersecurity? What is Some important What is cyberspace ? cybersecurity? questions at the nexus What is the scope of I NTERNET security ? Everything? Critical Just the e.g., connections, Ambiguity connections? devices, software, etc. * For technical description of technologies and Internet Architecture, see report pp. 18-28 ACM Learning Webinar with Herb Lin 10 June 25, 2014
Why should we care about cybersecurity? What is Some important What is cyberspace ? cybersecurity? questions at the nexus • How much reduction or The prevention • Artifacts based on prevention is enough? and/or reduction of or dependent on the negative impact of computer and • Who decides? events in cyberspace communications that can happen as the technology • What counts as negative result of deliberate impact or deliberate • Information - data actions against action? and programs - that information technology • Whose information these artifacts use, by a hostile or technology? store, handle , or malevolent actor. process • What makes an actor hostile or malevolent? • The various ways cyber elements are • What does enhancing connected . cybersecurity mean for civil liberties, privacy, innovation, the economy, and more? ACM Learning Webinar with Herb Lin 11 June 25, 2014
Why should we care about cybersecurity? What is Some important What is cyberspace ? cybersecurity? questions at the nexus Why are policy leaders concerned? • Cybercrime IMP ACTS • Loss of privacy Economics • Activism Innovation • Appropriation of intellectual property Civil Liberties • Espionage International Relations • Denials of service • Destruction of or damage to physical property and/ or critical infrastructure • Loss of public confidence ACM Learning Webinar with Herb Lin 12 June 25, 2014
Understanding the threats, vulnerabilities, and risks What are the What types of Who is an major types of vulnerabilities adversary in cyberspace? cyber threats ? exist? ACM Learning Webinar with Herb Lin 13 June 25, 2014
Understanding the threats, vulnerabilities, and risks Who is an adversary What are the major types What types of in cyberspace? of cyber threats? vulnerabilities exist? Exploitation – unauthorized exfiltration of information (violation of confidentiality) Attack – unauthorized exfiltration of information • Deny availability of service (violation of availability) • Damage or destroy information stored in or transiting through that system or network (violation Cyber threats can damage or destroy of integrity) information at rest or in transit . • May cause physical damage as a result ACM Learning Webinar with Herb Lin 14 June 25, 2014
Understanding the threats, vulnerabilities, and risks Who is an adversary What are the major types What types of in cyberspace? of cyber threats? vulnerabilities exist? • Any hostile or unfriendly • People action taken against a computer system or • Systems network. • Any hostile or unfriendly • Components cyber action taken against a computer • Connections system or network. • Only hostile or unfriendly action taken against a computer system or network intended to cause a denial of service or damage to or destruction of information stored in or transiting through that system or network. ACM Learning Webinar with Herb Lin 15 June 25, 2014
Understanding the threats, vulnerabilities, and risks Who is an adversary What are the major types What types of in cyberspace? of cyber threats? vulnerabilities exist? Viewing a Webpage – what has to happen Viewing a Webpage – what has to happen User start Design Web Provider of Select ISP O/ S Design App Select/ purchase computer VPN provider Provider of Provider start Hardware Boot computer DNS registrar; Use VPN Create web Activate DNS DNS provider page name Access ISP Run DHCP Specify DNS Install on Elect to use SSL Certificate server Running system available authority DNS provider Provider of Elect to use Obtain merchant Cert browser Select browser CDN CDN Install browser provider Set up secure page Download mechanism Configured system available Server software; system operator Obtain URL Web page Extract DNS available name Browser Convert DNS All ISPs Retrieve DNS to IP along path certificate server/ system Retrieve All ISPs Browser Verify page along path Cert authority certificate User Browser Render page Accept cognition/ perce verification ption All of these Retrieve embedded steps elements ACM Learning Webinar with Herb Lin 16 June 25, 2014
Understanding the threats, vulnerabilities, and risks Who is an adversary What are the major types What types of in cyberspace? of cyber threats? vulnerabilities exist? Adversary or intruder who takes one or more unfriendly actions against a computer system or network for the ultimate purpose of conducting a cyber exploitation or a cyber attack . (Adversaries conduct hostile cyber operations; good guys conduct offensive cyber operations.) Me? I’m just spying looking. ACM Learning Webinar with Herb Lin 17 June 25, 2014
Recommend
More recommend