SlideShare ist ein Scribd-Unternehmen logo
1 von 56
Downloaden Sie, um offline zu lesen
Finding

Needles
in
Needle Stacks
or
Future aspects of Cyber Security

Peter Cochrane
cochrane.org.uk
ca-global.biz
COCHRANE
a s s o c i a t e s
Thursday, 21 November 13
le s
p n
im t i o
s
o lu
n o
re r s
a a
re g u l
e
h in
T s
r
o

Cyber Security
- Attacks are growing and are increasingly sophisticated
- We need to up our game & become more anticipatory
Thursday, 21 November 13
Finding the

Bent Needles
or

Needles about to bend
The good majority
The evil minority
The potentially evil
Thursday, 21 November 13
Cyber INSecurity
What we know for sure

- There is always a threat
- The threat never sleeps
- The threat evolves rapidly

People are by far the biggest risk factor
The perceived threat

⧣ the actual threat

The biggest threat is always on the inside
Security people are never their own customer
The best defenders have been the best attackers
Cracking systems is far more fun than defending them
The biggest threat is in the direction you are not looking
Resources are generally deployed inversely proportional to actual risk
Thursday, 21 November 13
Breaking into
most companies
and institutions
really isn’t all that difficult!
Thursday, 21 November 13
big

are

ges
t

Th

e

th

rea

ts

ins
ide

Equipment
Networks
Chips
Code
Ports
People

Lax:

th

e
W

Fi

re

all

Thursday, 21 November 13

Rogue:

People
Visitors
Security
Operations
No single solution
can deal with all
forms of attack....

Thursday, 21 November 13
Fire Walls and
malware protection
are certainly not enough...

Thursday, 21 November 13
Cyber Attacks
Major Country Nodes

Reproduced Courtesy of Akamai 2013

Thursday, 21 November 13
Cyber Attacks
M a j o r Tra f fi c Po r t s

Reproduced Courtesy of Akamai 2013

Thursday, 21 November 13
P r i m a r y C y b e r T a r g e t s Q4 2012
Government 1.0%
Auctions 2.07%
Classifieds 0.3%
Retail 5.12%
Social Nets 6.0%
Financial 34.4%
Other 6.78%
ISP 9.5%

Gaming 14.7%
Payment Services 32.1%
Thursday, 21 November 13
CyberCrime >> CYBER-SECURITY
Not clear which side is spending more on software
$Bn

>200Bn

The cost of
cyber crime

200
150

Cyber
Defence
expenditure

100
50

100Bn
17Bn

0
2004

2005

21Bn
2006

2007

2008

2009

2009

2011

2012

Data Courtesy of Detica 2011
Thursday, 21 November 13
Cyber Security
Improvements for free ?

What will we benefit from
if we don nothing ?
Thursday, 21 November 13
Increasingly
transient
people &
machine
behaviour

A multi-device, multi-screen,
mobile world, of rapidly
renewed and replaced devices,
new and updated apps

With built-in
security features
automatically
updated

Connecting
on the
move via
wifi, 3G,
4G, LTE,
BlueTooth

Any
Net
Any
where

BYOD = Fewer corporate constrains and greater variabilities
BMOB = Be My Own Boss - shorter assignment periods
Thursday, 21 November 13
Many networks
to attack not
just one

3,4,5G,
LTE, WiFi
WiFi WiMax
BlueTooth ++
Thursday, 21 November 13
Many OS types
to attack not
just one

Thursday, 21 November 13
Many applications
to attack not
just one

Thursday, 21 November 13
Huge device
variance

Interface
Boards
Chips
Config
Firmware

Thursday, 21 November 13
Huge hardware
and circuit
variance

Circuitry
Layout
Antennas
Analogue
Design
Facilities

Thursday, 21 November 13
Far more variable human
and device connection
behaviours

O

rid
nG

On & Off Grid
Off

Thursday, 21 November 13

Grid
A fast
spreading
realisation
that this
really isn’t
good
enough!

Thursday, 21 November 13
No One

security

technique

is sufficient

Thursday, 21 November 13

The concatenation of multiple
low cost methods rapidly
delivers a very high
level of protection
Habits
Personal
Locations
Networks
Biometrics
Knowledge
++++++++
SOMETHINGS
What you:
are
were
know
drove
work on
wear
own
use
eat
do
+
Thursday, 21 November 13

Unique to you alone
Why you:

Who you:
work with
live with
manage
mentor
dislike
+++

How you:
talk
type
stand
appear
write
walk
++

like
dislike
prefer
thought
imagined
migrated
assumed
helped
failed
won
++
But what
about the
cloud ?

Thursday, 21 November 13
FUTURE NETWORKING
The Internet will not Scale
ç or economically
functionally
But Clouds/Cloud working will !

<5Bn People on
(and off) line

2013
Thursday, 21 November 13

2025

9Bn People and >>
50Bn Things on line
Thursday, 21 November 13
RECENT HEADLINE

Data courtesy of Cisco.

Thursday, 21 November 13
Mobile networks
but a minor
player !

Thursday, 21 November 13
Cyber Security
ç
Clouds change everything

More degrees of freedom to exploit that make it all
inherently more secure than anything we have seen before
Thursday, 21 November 13
Axiom..

1,000,000s
of Clouds
and not 1
Thursday, 21 November 13
And they come
in many forms
-

Corporate
Government
Private
Personal
Long term
Sporadic

Thursday, 21 November 13

-

Visible
Invisible
Dynamic
Fixed
Mobile
Wireless
Wired

-

Open
Closed
Secure
Insecure
Regular
Unknown
Unquantified
Experimental
Cyber Security
ç
Hidden by multi-hop depth
Corporate/Private
/Government
Cloud

Invisible
Cloud

Invisible
Cloud

Invisible
Cloud
Invisible
Cloud

Public
/Open
Cloud
Corporate/Private
/Government
Cloud

Diverse routing and increasingly hidden
and disguised data storage in depth
Thursday, 21 November 13
Cyber Security
ç
In Cloud Gating/Encryption

Every Cloud demands a key and all
routings are hidden - data parsed/coded
Thursday, 21 November 13
The
Biggest
Risk

Service providers do not
guarantee your data!
Thursday, 21 November 13
we need

SCAlable

network

Solutions

Thursday, 21 November 13
This isn’t tenable...

Thursday, 21 November 13
This is...

Thursday, 21 November 13
Smart car...
Smart gas...
Smart net...
Thursday, 21 November 13
Clouds connect
dynamically, driven
by need, location,
work, groups and
associations...

Thursday, 21 November 13
THE Security Problem
Even deeper protection required

Thursday, 21 November 13
DETECTION
BUILT INTO
EVERY
ELEMENT
OF A DEVICE

Thursday, 21 November 13
On Server

On Device

In Network

In Individual Apps

In Hardware

Thursday, 21 November 13
Honey pot, and
malware traps,
distributed across
the cloud spectrum
Thursday, 21 November 13
Data decimation and
distribution with
individual encryption
Thursday, 21 November 13
ing
ss
re ing
d p
d
A

ic rl
m u
a
n

Thursday, 21 November 13

y
D

p
ho
Have an alias, be
invisible, don’t be
what you appear, be
there but absent...

Ghost Cloud

Ghost
Device

Thursday, 21 November 13
Distributed Attacks
demand a
Distributed Defence
Dynamic Attackers
necessitate
Dynamic Defenders
We c a n a c t a l o n e
or we can unite
and act together
Thursday, 21 November 13
MORE CYBER-BENEFITS
Going for free in the default future

Thursday, 21 November 13
Fewer full
time people
and less
predictable
corporate/
network/
device/
behavior

Thursday, 21 November 13
People job and location Half Life
getting shorter

Thursday, 21 November 13
Mean Time to
Destruction
unknown!

Data Half Life
getting shorter
and shorter
Thursday, 21 November 13
The Ace
in the
Hole
Global Cooperation
Device, App, Network

Thursday, 21 November 13
Finding Those Needles
The sociology and habits of

Applications
Networks
Machines
Software
Malware
People
Bugs
++

Thursday, 21 November 13
Things cooperate
inter and extra
community to
defeat attacks

We all own
multiple
clouds

Thursday, 21 November 13

THE END
GAME

AI systems monitor
activities and identify
trends to then
anticipate and
fend off all
attacks

Auto-immune response
systems emerge as
part of the overall
evolving behaviours
“Speed is the essence of war.
Take advantage of the enemy's
u n p re p a re d n e s s ; t r ave l b y
unexpected routes and strike
him where he has taken no
precautions”
The Art of War by Sun Tzu, 600 BC

Thursday, 21 November 13
Thank You
cochrane.org.uk
ca-global.org

COCHRANE
a s s o c i a t e s
Thursday, 21 November 13

Weitere ähnliche Inhalte

Mehr von University of Hertfordshire

Mehr von University of Hertfordshire (20)

The Philosophy of Science
The Philosophy of ScienceThe Philosophy of Science
The Philosophy of Science
 
Future Telecoms Challenges & Opportunities
Future Telecoms Challenges & OpportunitiesFuture Telecoms Challenges & Opportunities
Future Telecoms Challenges & Opportunities
 
Thermodynamics - Laws Embracing Our Universe
Thermodynamics -  Laws Embracing Our UniverseThermodynamics -  Laws Embracing Our Universe
Thermodynamics - Laws Embracing Our Universe
 
Applied Science - Engineering Systems
Applied Science - Engineering SystemsApplied Science - Engineering Systems
Applied Science - Engineering Systems
 
IoT Yet to Come
IoT Yet to ComeIoT Yet to Come
IoT Yet to Come
 
The Scientific Meme
The Scientific Meme The Scientific Meme
The Scientific Meme
 
Uncanny Valley and Human Destiny
Uncanny Valley and Human DestinyUncanny Valley and Human Destiny
Uncanny Valley and Human Destiny
 
Resurgence of Technology Driven Change
Resurgence of Technology Driven ChangeResurgence of Technology Driven Change
Resurgence of Technology Driven Change
 
Society 5.0: A Vital Symbiosis
Society 5.0: A Vital SymbiosisSociety 5.0: A Vital Symbiosis
Society 5.0: A Vital Symbiosis
 
Cyber Portents and Precursors
Cyber Portents and PrecursorsCyber Portents and Precursors
Cyber Portents and Precursors
 
Technology Overlords Or A Symbiosis ?
Technology Overlords Or A Symbiosis ?Technology Overlords Or A Symbiosis ?
Technology Overlords Or A Symbiosis ?
 
THE FUTURE OF MOBILE NETWORKS
THE FUTURE OF MOBILE NETWORKS THE FUTURE OF MOBILE NETWORKS
THE FUTURE OF MOBILE NETWORKS
 
Quantifying Machine Intelligence Mathematically
Quantifying Machine Intelligence MathematicallyQuantifying Machine Intelligence Mathematically
Quantifying Machine Intelligence Mathematically
 
Technologies That Will Change Everything
Technologies That Will Change EverythingTechnologies That Will Change Everything
Technologies That Will Change Everything
 
Cyber Security - Thinking Like The Enemy
Cyber Security - Thinking Like The EnemyCyber Security - Thinking Like The Enemy
Cyber Security - Thinking Like The Enemy
 
Society 5.0 Redefined
Society 5.0 RedefinedSociety 5.0 Redefined
Society 5.0 Redefined
 
The Future WorkScape
The Future WorkScapeThe Future WorkScape
The Future WorkScape
 
Engineering Reliability and Resilience
Engineering Reliability and ResilienceEngineering Reliability and Resilience
Engineering Reliability and Resilience
 
Smart Materials and Structures
Smart Materials and StructuresSmart Materials and Structures
Smart Materials and Structures
 
TRUTH, SITUATION, & CONTEXT AWARENESS
TRUTH, SITUATION, & CONTEXT AWARENESSTRUTH, SITUATION, & CONTEXT AWARENESS
TRUTH, SITUATION, & CONTEXT AWARENESS
 

Kürzlich hochgeladen

Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?Antenna Manufacturer Coco
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfhans926745
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
Evaluating the top large language models.pdf
Evaluating the top large language models.pdfEvaluating the top large language models.pdf
Evaluating the top large language models.pdfChristopherTHyatt
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 

Kürzlich hochgeladen (20)

Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdf
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Evaluating the top large language models.pdf
Evaluating the top large language models.pdfEvaluating the top large language models.pdf
Evaluating the top large language models.pdf
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 

Finding needles in needle stacks - or Future aspects of cyber security