[PPT] - CYBER BREACH Preventing Bodily Injury and Property Damage PowerPoint Presentation

SLIDE 1

CYBER BREACH

Tactical Network Solutions LLC Proprietary Information info@tacnetsol.com

1

Preventing Bodily Injury and Property Damage

SLIDE 2

THE WORLD WE KNOW TODAY

Tactical Network Solutions LLC Proprietary Information info@tacnetsol.com

2

SLIDE 3

INTERNET SECURITY CAMERAS

Tactical Network Solutions LLC Proprietary Information info@tacnetsol.com

3

SLIDE 4

IoT BOTNET

Tactical Network Solutions LLC Proprietary Information info@tacnetsol.com

4

SLIDE 5

WE WARNED YOU IN 2013

Tactical Network Solutions LLC Proprietary Information info@tacnetsol.com

5

SLIDE 6

BUT YOU STILL GOT SUED

Tactical Network Solutions LLC Proprietary Information info@tacnetsol.com

6

SLIDE 7

Tactical Network Solutions LLC Proprietary Information info@tacnetsol.com

7

SLIDE 8

Tactical Network Solutions LLC Proprietary Information info@tacnetsol.com

8

SLIDE 9

AND THE BEAT GOES ON…

Tactical Network Solutions LLC Proprietary Information info@tacnetsol.com

9

SLIDE 10

MEDICAL DEVICES

Tactical Network Solutions LLC Proprietary Information info@tacnetsol.com

10

SLIDE 11

THE STORY

Tactical Network Solutions LLC Proprietary Information info@tacnetsol.com

11

SLIDE 12

VERSUS

Tactical Network Solutions LLC Proprietary Information info@tacnetsol.com

12

SLIDE 13

Tactical Network Solutions LLC Proprietary Information info@tacnetsol.com

13

SLIDE 14

Tactical Network Solutions LLC Proprietary Information info@tacnetsol.com

14

SLIDE 15

Tactical Network Solutions LLC Proprietary Information info@tacnetsol.com

15

SLIDE 16

Tactical Network Solutions LLC Proprietary Information info@tacnetsol.com

16

SLIDE 17

Tactical Network Solutions LLC Proprietary Information info@tacnetsol.com

17

SLIDE 18

Tactical Network Solutions LLC Proprietary Information info@tacnetsol.com

18

SLIDE 19

Tactical Network Solutions LLC Proprietary Information info@tacnetsol.com

19

SLIDE 20

Tactical Network Solutions LLC Proprietary Information info@tacnetsol.com

20

SLIDE 21

Tactical Network Solutions LLC Proprietary Information info@tacnetsol.com

21

SLIDE 22

THE COST

Tactical Network Solutions LLC Proprietary Information info@tacnetsol.com

Credit rating S&P cuts credit rating Job security Executive shake-ups Customers leave Some customers never return

SLIDE 29

DISCOVERING ATTACK VECTORS

Tactical Network Solutions LLC Proprietary Information info@tacnetsol.com

29

SLIDE 30

AS EASY AS 1, 2, 3

Tactical Network Solutions LLC Proprietary Information info@tacnetsol.com

Step 1 Unpack the Firmware Image Open source tool called binwalk can unpack most firmware images. Step 2 Analyze Executable Binaries and System Files Look for low-hanging fruit like insecure coding practices and hidden private crypto keys. Step 3 Fix, Compile, Repeat Replace insecure coding practices with secure methods. Remove all private crypto keys. Recompile code. Re-examine.

30

SLIDE 31

BUT MY SOURCE CODE IS SECURE!

Tactical Network Solutions LLC Proprietary Information info@tacnetsol.com

31

SLIDE 32

Tactical Network Solutions LLC Proprietary Information info@tacnetsol.com

32

SLIDE 33

Tactical Network Solutions LLC Proprietary Information info@tacnetsol.com

33

SLIDE 34

Tactical Network Solutions LLC Proprietary Information info@tacnetsol.com

34

SLIDE 35

Tactical Network Solutions LLC Proprietary Information info@tacnetsol.com

35

SLIDE 36

Tactical Network Solutions LLC Proprietary Information info@tacnetsol.com

36

SLIDE 37

Tactical Network Solutions LLC Proprietary Information info@tacnetsol.com

37

SLIDE 38

Tactical Network Solutions LLC Proprietary Information info@tacnetsol.com

38

SLIDE 39

Tactical Network Solutions LLC Proprietary Information info@tacnetsol.com

39

SLIDE 40

HOW TO MITIGATE CYBER SECURITY RISKS IN CONNECTED MEDICAL DEVICES

Tactical Network Solutions LLC Proprietary Information info@tacnetsol.com

Step 1 Perform a Traditional Security Assessment Open source tools such as Nmap, Nessus, and Metasploit can help. Step 2 Perform Blackbox Testing with Fuzzing Open source tools: w3af, Wfuzz, Wapiti. Commercial tools: Defensics. Step 3 Perform a Firmware Evaluation Open source tool: binwalk, gdb, OllyDbg. Commercial tools: Centrifuge Security Platform.

40

SLIDE 41

WHO IS TACTICAL NETWORK SOLUTIONS

Tactical Network Solutions LLC Proprietary Information info@tacnetsol.com

41

SLIDE 42

Founded 2007

Tactical Network Solutions LLC Proprietary Information info@tacnetsol.com

Founders are former NSA/TAO employees Offensive cyber operations focus 12 Employees

42

SLIDE 43

MANAGEMENT TEAM

Tactical Network Solutions LLC Proprietary Information info@tacnetsol.com

Terry Dunlap, Founder & CEO National Security Agency - 7 years experience Computer Network Exploitation wireless tool development Acting Branch Chief Peter Eacmen, Co-Founder & CTO National Security Agency - 10+ years experience Computer Network Exploitation tool development Close access operation support Embedded directly with USSOCOM unit at NSA

43

SLIDE 44

FIRMWARE EVALUATION TEAM

Tactical Network Solutions LLC Proprietary Information info@tacnetsol.com

10 Employees Former NSA Computer Network Exploitation specialists in firmware reverse engineering

44

SLIDE 45

CUSTOMERS

Tactical Network Solutions LLC Proprietary Information info@tacnetsol.com

45

SLIDE 46

CONTACT

Tactical Network Solutions LLC Proprietary Information info@tacnetsol.com

Terry Dunlap Partner tdunlap@tacnetsol.com 240-672-2945 (C) Peter Eacmen Partner peacmen@tacnetsol.com 617-548-5384 (C) Tactical Network Solutions LLC 8825 Stanford Blvd., Suite 308 Columbia, MD 21045 (443) 276-2990

46