COMPLEXITY AND CYBER DEFENSE TTI/VANGUARD TAMING COMPLEXITY October 5, 2011 Michael A. Wertheimer,...
9
COMPLEXITY AND CYBER DEFENSE TTI/VANGUARD TAMING COMPLEXITY October 5, 2011 Michael A. Wertheimer, DoD
-
Upload
adelia-greer -
Category
Documents
-
view
216 -
download
1
Transcript of COMPLEXITY AND CYBER DEFENSE TTI/VANGUARD TAMING COMPLEXITY October 5, 2011 Michael A. Wertheimer,...
COMPLEXITY AND CYBER DEFENSETTI/VANGUARDTAMING COMPLEXITYOctober 5, 2011Michael A. Wertheimer, DoD
The Problem
After infiltrating Natanz's industrial-control systems, Stuxnet automatically ordered subsystems operating the centrifuge motors to spin too fast and make them fly apart. At the same time, Stuxnet made it appear random breakdowns were responsible so plant operators would not realize a nasty software weapon was behind it.
-Ralph Langner
German industrial control system expert
The Problem Simplified
We are building our lives around our wired and wireless networks. The question is, are we ready to work together to defend them?
-FBI
The Domain
5 BILLION MOBILE PHONES• 60% in developing countries• AT&T volume in 2010 will be
exceeded in first 7 weeks of 2015• Commoditization of base stations
Model No.: 900MHz&DCS 1800MHzStandard: ISO9001, ISO9002, CETrademark: HELIOSOrigin: China
The Domain
2 BILLION INTERNET USERS• 107 Trillion Emails sent – 89% spam• 255 Million websites• 202 Million domain names• 2015: more hosts than people
•Hundreds of thousands of SERVERS
•Tens of thousands Layer 1 & 2 SWITCHES
Threats to DoD
20K malicious email/month targeted at DoD networks40K pieces of malware/year detected phoning home from DoD networks1K attempts/month to compromise DoD systems using public exploits 1200 XSS attempts launched against DoD systems last year
Threats to You
Web-based applications fastest growing target75% of companies reported cyber attacks. 92% incurred costs
averaging $2M per companyMcAfee identifies 55K unique new pieces of malware each dayThat’s more than one piece of malware every second
Blah, Blah, Blah
So what to do?
Make Big Small, Private Public• Number of Internet Appliances is small (billions)
• IPv6 assigns everything an identity
• Compute Clouds are cheap, effective, and scale• Profile appliances, not people. s
• There is no security through obscurity – go open source• Create the Internet’s analytic engine(s) as a common good• SE Linux SE Android• Edge to core with heterogenous diversity
• Mature the legal framework• Attribution as a last resort
