2015 Predicted Threats
CYBER SECURITY INTELLIGENCE
You got to be careful if you don’t know where you’re going,
because you might not get there. – Yogi Berra
Outline and Review
One of the biggest challenges in Cybersecurity intelligence
has been the lack of intelligence.
Companies are not sharing /collaborating to overcome
many of the threats currently facing organizations.
2015 is predicted to be the year when we may overcome
many of these challenges
Articles/Topics Discussed:
•
•
•
Obama Endorses CISPA
Obama talks cybersecurity, but Federal IT system breaches increasing
Cyber War Games
Cyber Intelligence and Information Sharing Act (CISPA)
Originally introduced in 2013
•
•
Passed the House but not Senate
Reintroduced earlier this week with administration support.
Allows companies to share cyber threat information with
the Dept. of Homeland Security
Argument by leaders:
“We must stop dealing with cyber attacks after the fact.” (in
reference to recent Sony hack)
CISPA: Controversial?
Under CISPA 2015 (HR 234), the Secretary of Homeland Security, the Attorney
General, the Director of National Intelligence, and the Secretary of Defense would
create the cyber threat information sharing program and also provide oversight for the
program’s civil liberties protections.
CISPA 2015 also mandates privacy and civil liberties reports, but allows government
agencies to classify the annexes to the reports. In other words, CISPA 2015 does not
intend to have any real oversight for civil liberties and privacy.
Cyber threat information shared with the government would also be exempt from the
Freedom of Information Act.
It would give immunity from criminal prosecution and lawsuits to anyone sharing
cyber threat information with the government.
Figure 2-1 Information Security and Planning
Source: Course Technology/Cengage Learning
Federal IT & Cybersecurity
Recent Actions:
• Pledging Free and Open Internet
• Broadband expansion
• Embrace Cyber Security Legislation
Federal Government IT Professionals
• Poor track record
• 2006 – 5,503 cyber breaches on federal IT systems
• Any guesses how many last year?
By 2013, 40% of federal breaches involved potential
exposure of private data
Cyber War Games
• US and UK have agreed to hold the first Cyber War
Games later this year
• Target: UK Banks
The first war game will involve the Bank of England and
commercial banks, targeting the City of London and Wall Street,
and will be followed by "further exercises to test critical national
infrastructure", Downing Street said
What’s involved in Cyber War Games?
• Step up from penetration tests
• Pen tests generally target computers (internal staff know)
• Cyber game attack will test the internal staff as they won’t know
how or when the attack will occur.
• Not entirely new
• Waking Shark
• bank staff reacting to a series of different problems such as
ATM networks failing or phone systems breaking down, to
see how response teams fared.
 Nato 2014 Wargame
• Involved 700 soldiers and civilians across 28 nations
• 3 day exercise involving 100 attacks (from booby-trapped
apps sent to Android phones to compromising equipment
from firms supplying military material