Three policy changes to deter, disable, and degrade hostile adversary capabilities Dr. Samuel Liles Statements and/or opinions do not reflect current, past, or future government department/agency/organization policy or opinions
Pr Presentation scope and ask A presentation on Cybersecurity that focuses on the ability of Cybersecurity efforts to deter malicious actors from harming American interests. President Obama recently noted that "we need a capability to deter and impose costs on those responsible for significant harmful cyber activity where it really hurts — at their bottom line .” The briefing should show how this could be done for various classes of threat actors and how Cybersecurity strategy should be integrated with other national security strategies. Tuesday, May 10, 2016 UNCLASSIFIED 2
Gi Given • The focus is deterrence and imposition of costs (work factor) • The focus is action to be taken towards mitigating harmful cyber activity • The focus is on different classes of threat actors • The focus is on the 80-20 principle by Vilfredo Pareto, the first 80 percent will take only 20 percent of the cost, and the last 20 percent will cost 80 percent • This presentation will not focus on prevention, detection, or correction of current DoD or government networks or cyber hygiene. Tuesday, May 10, 2016 UNCLASSIFIED 3
St Stating s som ome of of t the myths Myth 1 : Attribution has nothing to do with security Reality : Attribution is deterrence Myth 2 : Cyberspace has no borders so stopping stuff is not possible Reality : Balkanization of the Internet exists Myth 3 : The insider threat is the key to successful cybersecurity Reality : Though insider and partner attacks occur the external threat is extensive Tuesday, May 10, 2016 UNCLASSIFIED 4
Ad Adversaries • Internal or External Analogies • Internal (knowing and unknowing) • Vandals • External (existential or criminal) • Burglars • Nation States or Nots • Thugs • Nation states • Spies • Military • Intelligence • Saboteurs • Patriots • Nots From Dr. Andy Ozment DUS CS&C • For profit • Not for profit Tuesday, May 10, 2016 UNCLASSIFIED 5
At Attribution Tuesday, May 10, 2016 UNCLASSIFIED 6
Th The primary risk to organizations is an external actor and not an in inter ernal l actor (80 to 95 per ercen ent). Ve Verizon Data Breach Report 2015 ht http: p://www.verizone nent nterpr prise.com/verizon-in insig ights-la lab/dbir ir/ Tuesday, May 10, 2016 UNCLASSIFIED 7
Th The number on one hos osting environ onment and cyber attack launch lo locatio ion is is Unit ited ed States es domes estic ic (56% to the e res est 44%). So Solutionary Th Threat Report 2015 ht http: p://www www.nttcomsecurity.com/us/uploads/files/US_GTIR_Executiv e_ e_Summary_Public lic_Approved ed_v8.pdf Tuesday, May 10, 2016 UNCLASSIFIED 8
Ac Action on 1: The ability to o attribute hos ostile activity is ac accomplis lished at at mult ltip iple le le levels ls. There is is polit litic ical, al, technic ical, al, an and forensic ic le levels ls of at attrib ibutio ion. Deterrence of ad adversar ary ac actio ion an and dis isruptio ion of ad adversar ary in infras astructure is is possib ible le. • Policy inject 1 : Regulatory and statutory frameworks need to be aligned and harmonized between intelligence, military, and law enforcement actors enabling sharing • Policy inject 2 : Detect and degrade the utilization of domestic infrastructure and degrade adversary ability to operate through interdiction • Policy result 1: Current intelligence law does not allow for domestic surveillance of hostile actors regardless of point of origin • Policy result 2: Naming and shaming can deter actor activity as has been seen previously Tuesday, May 10, 2016 UNCLASSIFIED 9
Ac Action on 2: The United States has regulator ory and statutor ory co controls that ca can co constrain, deter, and disrupt adversary in interac actio ions utiliz ilizin ing US domestic ic in infras astructure for hostile ile ac actio ions in in cyberspac ace. • Policy inject 1 : End short term free domain registrations (currently 7 days) • Policy inject 2 : Hold infrastructure owners accountable/liable for criminal utilization of their networks • Policy result 1: Remove the economic disparity between attack and defense through economic means • Policy result 2 : Denial of adversary advantage on utilization of US infrastructure and equivalent to area denial principles Tuesday, May 10, 2016 UNCLASSIFIED 10
Ac Action on 3: The foc ocus on on for oreign adversaries is not ot misplaced. Th The utilization of domestic infrastructure by y foreign ad adversar arie ies exis ists an and can an be mit itig igat ated. • Policy inject 1 : Automate detection of foreign registrants of domestic infrastructure utilized in hostile actions and suspend or disable accesses • Policy inject 2 : Information sharing should be increased at the operational level by removing privacy and civil rights protections that are inherently not harmonized with reality and actually protect privacy and civil rights (IP addresses are not PII). • Policy result 1 : As with the case study discussion this keeps adversaries cheap, easy, fast, and intelligence free infrastructures from being utilized • Policy result 2 : Information sharing is passive, but if done well can result in increased adversary work factor. Tuesday, May 10, 2016 UNCLASSIFIED 11
Questions?
Bo Bonus Round Action 4: Create a war-fighting led operational entity for the domain of cyber • Policy Inject 1 : Separate CyberCom from NSA by modifying NDAA as in done in current NDAA Section 911 • Policy Inject 2 : Create a cyber academy as in and US Military Academy (1802), Naval Academy (1845), Coast Guard Academy (1876), Air Force Academy (1947), • Policy Inject 3 : Create a Cyber War College (as was done with Air War College in 1946 a year before USAF was created 1947, Key West Agreement 1948) Tuesday, May 10, 2016 UNCLASSIFIED 13
Recommend
More recommend
