1. Aggressive and Persistent: Using Frameworks
to Defend Against Cyber Attacks
Featuring cyber security experts Professor Scott J. Shackelford,
JD, PhD, of Indiana University's Kelley School of Business and
Andrew A. Proia of Indiana University's Center for Applied
Cybersecurity Research
Sponsored by
APRIL 16, 2014
2. Today’s Speakers
Professor Scott J. Shackelford, JD, PhD
Kelley School of Business
Indiana University
Andrew A. Proia
Center for Applied Cybersecurity Research
Indiana University
Aggressive and Persistent: Using Frameworks
to Defend Against Cyber Attacks
APRIL 16, 2014
3. Harvard Business Review
Apr. 16, 2014
Advanced and Persistent: Using
Frameworks to Defend Against Cyber
Attacks
Prof. Scott Shackelford & Andrew Proia
4. Outline
1. Conceptualizing the Cyber Threat to
the Private Sector
2. Managing Cyber Attacks
A. Identifying Threats
B. Regulatory Approaches and
Examples
3. Negligence and the NIST
Framework
A. Genesis
B. Application
C. Shaping Duty of Care
4. Global Implications
5. To Companies To Countries
• Theft of IP is Costly – impacts
up to 75% of businesses,
costing hundreds of billions
USD annually
• Widespread – at least 19
million people in more than
120 nations
• Easy –more than 30,000
websites with malware kits
available
• Fear of “Electronic Pearl
Harbor”
• Protecting critical national
infrastructure
1.1 Defining the Cyber Threat
*Source: KAL’s Cartoon, Economist, May 7, 2009
6. *Source: McAfee In the Dark (2010)
Number of Cyber Attacks Cataloged
by CERT from 1995 to 2011
1.2 Unpacking the “Cyber Threat”
CyberWar
Cybercrime
ManyTypes
True Extent Unknown
Global Nature
Response
Cyber Espionage
Legal “black hole”
Cost
CyberTerrorism
Ransomware
Why relatively rare?
New Cyberwarfare
0
20000
40000
60000
80000
100000
120000
1995
1996
1997
1998
1999
2000
2001
2002
2003
2004
2005
2006
2007
2008
2009
2010
2011
*Source: The
War Room