Wally is a slacker, he is always looking for the easy way out of doing anything.
Cyber Security – Not Doing Anything About IT is a...
6
Cyber Security — Not Doing Anything About IT is a Crime Cyber Security – Not Doing Anything About IT is a Crime Raj G. Asava Strategy Leader, Dell Services
Transcript of Cyber Security – Not Doing Anything About IT is a...
Cyber Security — Not Doing Anything About IT is a Crime
Cyber Security –Not Doing Anything About IT is a Crime
Raj G. AsavaStrategy Leader,Dell Services
2
Cyber Security — Not Doing Anything About IT is a Crime
Table of Contents
Introduction .........................................................................................................................................3
Cyber Security Defi nition ............................................................................................................3
Why Are We So Vulnerable Now .......................................................................................... 4
Information Security Versus Cyber Security .................................................................. 4
Rise of the Hackers ....................................................................................................................... 4
How Real is the Cyber Security Market? .......................................................................... 5
A Comprehensive Cyber Security Framework............................................................. 6
Conclusion .......................................................................................................................................... 6
3
Cyber Security — Not Doing Anything About IT is a Crime
An executive level primer about information security in the digital era, and a suggested framework to address the vulnerabilities and threats present at each of the layers that make up a typical information and communication infrastructure.
IntroductionRecent news reports confi rm that cyber vulnerabilities are real, prominent, signifi cant, and unpredictable:
• “Cyberattacks Jam Government and Commercial Web Sites in U.S. and South Korea” The New York Times, July 9, 2009
» “A wave of cyberattacks aimed at 27 American and South Korean government agencies and commercial Web sites temporarily jammed more than a third of them over the past fi ve days… The Web sites of the Treasury Department, Secret Service, Federal Trade Commission and Transportation Department were all aff ected at some point over the weekend and into this week, The Associated Press reported Tuesday, citing American offi cials.”
• “Another Day, Another DDoS Blitz for Twitter” TechNewsWorld, July 16, 2009
» “For the second time in less than a week, Twitter has been hit by a distributed denial of service (DDoS) attack. Unlike the fi rst attack last week, the latest cyber assault, which started on Tuesday, has been confi ned to Twitter so far…”
• “130 million credit card numbers stolen in identity theft scheme” Yahoo! News, August 17, 2009
» “U.S. authorities announced what they believed to be the largest hacking and identity theft case ever... Three men were indicted on charges of being responsible for fi ve corporate data breaches in a scheme in which the card numbers were stolen ...”
These examples are just a small sampling of the recent cyber security related headlines that highlight the seriousness of the issue we face in the public and private sectors. Before we dive into the complex topic of cyber security, it is important to understand what exactly cyber space is and why there is such an urgent need to make it secure. Cyber space refers to the components of the digital infrastructure (networking, storage devices, servers, etc.) that enable the creation and movement of digitized information between various entities ranging from consumers to companies to countries, and everything in between.
“As president, I’ll make cyber security the top priority that it should be in the 21st century,” said President Barrack Obama.
President Obama went on to say that the cyber threat is, “one of the most serious economic and national security challenges we face as a nation. It’s also clear that we’re not as prepared as we should be, as a government, or as a country.”
Cyber Security Defi nitionThe following are comprehensive defi nitions of cyber security from two credible sources:
• United States, Computer Emergency Readiness Team (US-CERT) defi nes cyber security as: How much of your daily life relies on computers? How much of your personal or business information is stored either on your own computer or on someone else’s system? Cyber security involves protecting that information by preventing, detecting, and responding to attacks.
• India’s Information Technology Act Amendment — ITAA 2008 Section 2 (nb) states: “Cyber Security” means protecting information, equipment, devices, computer, computer resource, communication device and information stored therein from unauthorized access, use, disclosure, disruption, modifi cation or destruction.
Simply put, cyber security is all about securing the physical and virtual elements of cyber space.
To reap the full benefi ts of the digital revolution powering the global economy, users must have confi dence that digital information is fully secure at each stage of data creation, transportation, review, storage and manipulation leading to eventual archive and disposition.
4
Cyber Security — Not Doing Anything About IT is a Crime
Why Are We So Vulnerable NowOne word: Internet! Also known as and referred to as the world wide web or the famous “information highway.” Over the years, the information highway itself has become a destination, thanks primarily to Cloud Computing that is now becoming a mainstream computing platform.
Since the advent of Cloud Computing, the Internet has evolved beyond being just a network-of-networks, to a robust repository where more and more information is being stored in strategically located data hubs right on this digital highway. No longer does an individual or an organization need to bring the data down to their computers to reference or process it, they can store it on these hubs and have access to it from anywhere and any device with which they can access the Internet.
As the Internet becomes a powerful and ubiquitous modern day utility, much like the telephone and television, it is imperative that the infrastructure and information fl owing through the infrastructure are secured from both accidental failure and intentional hacking.
Information Security Versus Cyber SecurityInformation has been the underpinning of all eras of the past — right from the caveman days, and especially throughout the industrial era on into the current digital era. Given information’s importance throughout history, calling today’s digital era the information age is a bit ludicrous.
In each era, consumers, companies, and countries all used data to make informed decisions and gain a competitive advantage. In fact, information warfare has been around from the time individuals started to organize as institutions — businesses, churches, universities, governments, etc.
Great dynasties were able to defeat the enemy and record achievements surpassing those of ordinary men because they were able to obtain critical information about the enemy in advance. Making use of spies was the crux of war in the past, because the action of the entire army was in response to the intelligence furnished by spies.
In the biblical story of “Samson & Delilah,” Delilah was promised a great sum of money from the Philistines to discover the secret of Samson’s incredible strength. In a like manner, intelligence information gained in the Ramayana enabled the slaying of the demon king Ravana. And of course, the famous “Helen of Troy” story that gave birth to the term Trojan (Horse), which has become a part of our lexicon and is one of the most popular methods used to carry out cyber attack.
Today, practically all businesses — small, medium, to the Fortune 100 companies – depend upon competitive information and information analytics to gain business intelligence that enables informed decision making. Before the cyber-world, information breach by espionage was carried out through a network of spies and confi dants. In the cyber-world, the network changed from spies and confi dants to digitized bits and packets.
Rise of the HackersAt the dawn of the digital era, the super powers created super computers, which only they could aff ord. They used these super computers to analyze massive amounts of data to gain intelligence on their “enemies” while showcasing their supremacy over cyber space.
Cyber-based information warfare started in the 1980s, when personal computers were unleashed. Information trapped and contained within the monolithic mainframes suddenly became distributable. This empowered both good and bad elements around the world.
Productivity and effi ciencies gained by private and public sectors are testimonials to the value and benefi t of the brave new cyber world.
While most of the world enjoyed productivity gains, the mischievous faction excelled in fi nding ways to disrupt economies, regulations, and our way of life. The cyber world gave rise to a new
Cloud Computing is a highly automated, readily scalable, on-demand computing platform of virtually unlimited processing, storage and ubiquitous connectivity, always available to carry out a task of any size and charged based on usage.
5
Cyber Security — Not Doing Anything About IT is a Crime
class of “faceless” entities. Today, a small obscure hacker group has the means to plan and carry out cyber-based attacks, which in the past would require the backing of a State; a State with advanced resources and deep pockets.
Some of the common cyber attack types that have become part of our vocabulary are worms, viruses, Trojans, phishing, and Bot.nets, to name a few. These popular methods are used to attack and cripple websites, steal confi dential data, compromise individual identities, and even wipe out entire servers or hard disks.
How Real is the Cyber Security Market?
Security and Privacy spending (Actual & Forecast) Outlook
Source: Datamonitor IT Services, July 2008
2008 Security and Privacy spending
Source: Datamonitor IT Services, July 2008
Cyber security is expected to be one of the fastest growing segments of the Information Technology (IT) industry in the coming years with every industry investing heavily to make their computing environment secure. Recent U.S. projections alone depict a 49% increase in spending, in as little as six years.
Media and Entertainment
Other
Life Sciences
9%8%
27%
5%
4%
22%
5%
2%
15% 1%
2%
Public Sector
Retail, Wholesale, and Distribution
Telecommunications
TT&L and Hospitality
Energy and Utilities
Financial Services
Healthcare Manufacturing
$25,645 $28,862
$32,529
$36,704
$41,468
$46,903
$52,645
$0
$10,000
$20,000
$30,000
$40,000
$50,000
$60,000
Fig
ure
s in
mil
USD
2007 2008 2009 2010 2011 2012 2013
6
Cyber Security — Not Doing Anything About IT is a Crime
A Comprehensive Cyber Security FrameworkWhile individuals must be vigilant in the way they go about their business in the cyber space, organizations can reduce the risks associated with cyber security threats by assessing the vulnerabilities and threats present at each of the layers that make up the typical information and communication infrastructure. Models such as the Open Systems Interconnection Reference Model (developed by the International Organization for Standardization and The Telecommunication Standardization Sector), and the defense-in-depth for Information Security framework (developed by the U.S. Department of Defense) can be used to systematically address and secure each of the layers and the interactions between the layers.
A defense-in-depth approach involves applying countermeasures at every layer of the information and communication infrastructure, from perimeter routers and fi rewalls to users’ personal computers/devices. This includes the policies and procedures that govern the way the infrastructure as a whole is managed, enhanced, and even transformed.
The process of addressing and securing layers can be carried out in three broad phases: Consulting, Implementation, and Operations, and is typically the responsibility of the Chief Information Offi cer of the organization.
The Cyber Security Framework will be the topic of the next paper with an in-depth review of each layer and best practices and approaches at each of the intersection points.
ConclusionInformation has been the underpinning of all eras of the past. In the current digital era, the Internet has become a powerful and ubiquitous modern day utility that allows for rapid creation, replication, and movement of information to the masses, from one part of the world to the other, through simple strokes on the keyboard. The digitization of all kinds of information has made it imperative that the infrastructure connecting into the Internet and the information that fl ows through it are secured from both accidental failure and intentional hacking.
Recognizing the magnitude of challenges faced by this powerful digital value chain, President Obama has identifi ed cyber security as one of the top priorities of his administration.
While governments and businesses must be vigilant in the way they go about their business in the cyber space, they can reduce the risks associated with cyber security threats by assessing the vulnerabilities and threats present at diff erent levels of the typical information and communication infrastructure.
It comes as no surprise that cyber security is expected to be one of the fastest growing segments of the Information Technology (IT) industry in the coming years. A “Comprehensive Cyber Security Framework” envisages vulnerabilities and threats present in each of the layers that make up a typical information and communication infrastructure (e.g., Defense in Depth model), and addresses them in a systematic manner (e.g., Cyber Security Services Lifecycle) by leveraging and applying industry compliant security products and services.
Cyber security has become a matter of national security and is a top priority for the U.S. government and so should it be for organizations and individuals. Not doing anything about IT is a crime waiting to happen…
Cyber security threats must be addressed at each of the layers that make up the typical information and communication infrastructure
Def
ense
in D
epth
Mo
del Perimeter Defenses
International Network Defenses
Data Defenses
Physical Defenses
Host Defenses
Application Defenses
Cyber Security Services Lifecycle is a disciplined approach to assure vulnerabilities and threats are thwarted at each layer through application of industry compliant security products and services.
Cyber Security Services Lifecycle
OperationsConsulting Implementation
ImplementationSolutionDesign
Requirements Assessment Operations Optimization
What is at Stake Here?Cyberattack Defense:
Staying One Step
Ahead of Hackers
TechNewsWorld, July 16, 2009
Last year alone, cybercriminals stole intellectual property from businesses worldwide worth up to US $1 trillion. In the past two years alone, cybercrime has cost Americans more than $8 billion.
Simplify your IT Management at dell.com
Availability varies by country. To learn more, customers and Dell Channel Partners should contact your sales representative for more information.© 2010 Dell Inc. All rights reserved.
