Cyber(space) Incidents 1 IS TV4 attack TV5Monde went black - - PowerPoint PPT Presentation

Cyber(space) Incidents 1

Heartbleed: ‘worst vulnerability ever’

(2014; in open SSL)

Great Bank Robbery (Carbanak)

‘biggest ever cybercrime’

(1 billion dollars, 2015, global)

IS TV4 attack

‘TV5Monde went black’

(2015)

Wikileaks Revelations ‘secret hacking tools: IoT’

(democratic control?, 2017)

Cyber(space) Incidents 2

WannyCry: Initially affected countries

Wanna Cry (2017): within a day 230.000 Microsoft

computers were infected in 150 countries

(ransom to be paid in bitcoin crypto currency; exploit was discovered by NSA and used for cyber weapons; Microsoft also discovered it; released a patch: was often not implemented  wide spread of the worm)

Petya (2016/17) container terminal

• f APM (Maersk) in

port of Rotterdam stopped to function, among others

(worldwide impact!!!!)

• –

 – 

13

Vision: Cyberspace = 5th domain

• Cyberspace is a complex, manmade system at

global scale, deeply embedded in the four physical domains of land, water, air and space

• Characteristics:

– high speed global connectivity ( individual organizations) – huge distributed data processing power (including millions of intelligent systems taking autonomously decisions  passive information) – huge data storage capabilities: we now talk about big & open data – with almost 3 billion human actors in different roles worldwide – with > 14 billion (intelligent) devices and systems connected

• Key assets: cyber activities = IT-enabled

activities (!)

6

15 15

Basic cyber activities (= IT-enabled activities)

• Communication: sms, email, chat, whatsapp, skype, voip, twittering, …
• Information retrieval: news, wheather forcast, public transportation, crises, …
• Watching: movies, sporting events, television, youtube, …
• Listening: radio, music, spotify, …

More advanced cyber activities

• ‘Searching’: google searching, wikipedia, route planning, translating, …
• (Automatic) transacting: e-shopping, e-trading, e-payments, e-procurement, holiday

planning, tax returns, e-marketplaces, e-voting, crowd sourcing/funding, …

• Social gathering: Facebook, LinkedIn, e-dating, 2nd love, sexting, gambling, …
• Rating & Ranking: top web-sites, universities, hotels, services, …

Cyber activities of all kind…

16 16

Cyber activities of all kind, cont’d.

More advanced cyber activities, cont.

• Educating: MOOCs, e-learning, e-coaching …
• Monitoring and surveillance activities: sensoring, detecting, using drones, …
• Controling critical infrastructures: energy & water supply, transport, chemical

processing, flood defence, …

• Cyber protesting: activism including fundraising, community building, lobbying,
• rganizing

Less favourable cyber activities

• Cyber crime (dark markets): financial fraud, theft, hacking, child pornography, e-

espionage, cyber bullying, sale of drugs/guns/…, illegal downloads, …

• Cyber warfare: intelligence, defense, attack ~ Cyber Operations: NSA, drones,

hacking, attacking, cracking, information warfare …

Note: cyber activities provide semantics to data processing (!!!)

17 17

Decomposing cyberspace in layers

Technical layer:

• IT services ~ information security ~

CIA(A)

Socio-tech layer:

• cyber activities ~ cyber security ~

personal/business/societal goals

Governance layer:

• governance & management ~

rules & regulations (for other layers) ~ cyber risk appetite, ethics & compliance

• Cyber sub-domains: examples in figure!

• As end-user
• How to protect my PC?
• How to educate (my) children?
• As (board) member of a company
• Which specialists, how to organize them?
• Should we start a SOC?
• As decision maker about critical infrastructures
• How far can we develop the smart grid?
• What about the cyber security of automated car control?
• Is distant-control for gas supply/flood defense acceptable?

Cyber security struggling

Cyber security struggling, cont’d

• As crisis manager
• What to do? Who should I contact?
• Which information to make public?
• As police officer
• What happens in the dark web?
• Which tools to use for catching the unknown

attacker/criminal?

• As politician
• Which rules & regulations to put in place?
• Which institutions, which responsibilities?

21 21

Risk mgt: 1. Risk assessment of cyber activity breaches

• 2. Reduction of cyber risks to ‘acceptable levels’

“bowtie diagram”

22 22

• 3. Taking a set of adequate security measures

Balancing preventive and repressive measures in different layers

• Technical layer: …
• Socio-tech layer:
• Governance layer:

aligned over all cyber sub-domains

• …
• …

together securing cyberspace = securing the cyber activities of all actors

Conditio-sine-qua-non for adequate risk management

• Creating Cyber Situational Awareness in
• socio-technical layer (cyber activities by people & intelligent systems)
• technical layer (in terms of IT-processes and -communication)
• Includes
• attackers
• cyber crime (dark web)
• in short: cyber attacks
• Creates
• privacy-security dilemma

24 24

Conclusions

• Cyberspace = space of cyber activities = IT-enabled activities
• Cyber security (= Securing Cyberspace) is a societal problem

having technical/legal/economical/institutional/international relations/ethical, … perspectives

• Goal of cyber security: reducing cyber risks to acceptable levels
• It starts with identification of all relevant cyber risks
• Level of cyber risks determines what measures are appropriate
• Everyone can and has to contribute

• –

–

• –

–