Suche senden
Hochladen
Global Cyber Security on Earth + in Space
•
Als PPTX, PDF herunterladen
•
2 gefällt mir
•
473 views
DIGIJAKS
Folgen
Training/Presentation done at the GEOINT 2016 Conference
Weniger lesen
Mehr lesen
Präsentationen & Vorträge
Melden
Teilen
Melden
Teilen
1 von 38
Jetzt herunterladen
Empfohlen
Cyber espionage - Tinker, taylor, soldier, spy
Cyber espionage - Tinker, taylor, soldier, spy
b coatesworth
Have the Bad Guys Won the Cyber security War...
Have the Bad Guys Won the Cyber security War...
Andrew Hammond
Cyber Security
Cyber Security
frcarlson
Towngas Infomation Security Week 2013 presentation
Towngas Infomation Security Week 2013 presentation
Charles Mok
Is the us engaged in a cyber war
Is the us engaged in a cyber war
David Willson, Attorney, CISSP, Security +
Hack the World: IT/IOT/ICS SCADA OSINT
Hack the World: IT/IOT/ICS SCADA OSINT
DefCamp
From stealing confidential data to revenue-generating attacks
From stealing confidential data to revenue-generating attacks
Minseok(Jacky) Cha
Staying Ahead of Internet Background Exploitation - Microsoft BlueHat Israel ...
Staying Ahead of Internet Background Exploitation - Microsoft BlueHat Israel ...
Andrew Morris
Empfohlen
Cyber espionage - Tinker, taylor, soldier, spy
Cyber espionage - Tinker, taylor, soldier, spy
b coatesworth
Have the Bad Guys Won the Cyber security War...
Have the Bad Guys Won the Cyber security War...
Andrew Hammond
Cyber Security
Cyber Security
frcarlson
Towngas Infomation Security Week 2013 presentation
Towngas Infomation Security Week 2013 presentation
Charles Mok
Is the us engaged in a cyber war
Is the us engaged in a cyber war
David Willson, Attorney, CISSP, Security +
Hack the World: IT/IOT/ICS SCADA OSINT
Hack the World: IT/IOT/ICS SCADA OSINT
DefCamp
From stealing confidential data to revenue-generating attacks
From stealing confidential data to revenue-generating attacks
Minseok(Jacky) Cha
Staying Ahead of Internet Background Exploitation - Microsoft BlueHat Israel ...
Staying Ahead of Internet Background Exploitation - Microsoft BlueHat Israel ...
Andrew Morris
Advantage Technology - Ransomware and the NIST Cybersecurity Framework
Advantage Technology - Ransomware and the NIST Cybersecurity Framework
Jack Shaffer
Information Security Lesson 2 - Attackers and Attacks - Eric Vanderburg
Information Security Lesson 2 - Attackers and Attacks - Eric Vanderburg
Eric Vanderburg
Hacking Exposed Live: Mobile Targeted Threats
Hacking Exposed Live: Mobile Targeted Threats
CrowdStrike
EENA 2021: Keynote – Open-Source Intelligence (OSINT) for emergency services ...
EENA 2021: Keynote – Open-Source Intelligence (OSINT) for emergency services ...
EENA (European Emergency Number Association)
Does a Bear Leak in the Woods?
Does a Bear Leak in the Woods?
ThreatConnect
【HITCON FreeTalk 2021 - SolarWinds 供應鏈攻擊事件分析】
【HITCON FreeTalk 2021 - SolarWinds 供應鏈攻擊事件分析】
Hacks in Taiwan (HITCON)
Honeypots for Active Defense
Honeypots for Active Defense
Greg Foss
Ransomware: History, Analysis, & Mitigation
Ransomware: History, Analysis, & Mitigation
WhiskeyNeon
CrowdCasts Monthly: When Pandas Attack
CrowdCasts Monthly: When Pandas Attack
CrowdStrike
Mobile #Infosec hackathon for journalists(2)
Mobile #Infosec hackathon for journalists(2)
Tanja Drca
SACON - Deception Technology (Sahir Hidayatullah)
SACON - Deception Technology (Sahir Hidayatullah)
Priyanka Aash
2019 CYBER SECURITY TRENDS REPORT REVIEW
2019 CYBER SECURITY TRENDS REPORT REVIEW
Sylvain Martinez
CrowdCasts Monthly: Going Beyond the Indicator
CrowdCasts Monthly: Going Beyond the Indicator
CrowdStrike
Defending Your Base of Operations: How Industrial Control Systems are Being T...
Defending Your Base of Operations: How Industrial Control Systems are Being T...
AFCEA International
Cyberwar and Geopolitics
Cyberwar and Geopolitics
tnwac
Threat Intelligence Workshop
Threat Intelligence Workshop
Priyanka Aash
Cybersecurity Law and Policy II Slides for First Summit Meeting
Cybersecurity Law and Policy II Slides for First Summit Meeting
David Opderbeck
Threat-Based Adversary Emulation with MITRE ATT&CK
Threat-Based Adversary Emulation with MITRE ATT&CK
Katie Nickels
CrowdCast Monthly: Operationalizing Intelligence
CrowdCast Monthly: Operationalizing Intelligence
CrowdStrike
Cybercrime and Cybersecurity Governance: A Kenyan Perspective
Cybercrime and Cybersecurity Governance: A Kenyan Perspective
Ivan Sang
Quant & Crypto Gold
Quant & Crypto Gold
Andrew Hammond
Do it Best Corp. Techapalooza 2013 Presentation
Do it Best Corp. Techapalooza 2013 Presentation
Brian T. O'Hara CISA, CISM, CRISC, CCSP, CISSP
Weitere ähnliche Inhalte
Was ist angesagt?
Advantage Technology - Ransomware and the NIST Cybersecurity Framework
Advantage Technology - Ransomware and the NIST Cybersecurity Framework
Jack Shaffer
Information Security Lesson 2 - Attackers and Attacks - Eric Vanderburg
Information Security Lesson 2 - Attackers and Attacks - Eric Vanderburg
Eric Vanderburg
Hacking Exposed Live: Mobile Targeted Threats
Hacking Exposed Live: Mobile Targeted Threats
CrowdStrike
EENA 2021: Keynote – Open-Source Intelligence (OSINT) for emergency services ...
EENA 2021: Keynote – Open-Source Intelligence (OSINT) for emergency services ...
EENA (European Emergency Number Association)
Does a Bear Leak in the Woods?
Does a Bear Leak in the Woods?
ThreatConnect
【HITCON FreeTalk 2021 - SolarWinds 供應鏈攻擊事件分析】
【HITCON FreeTalk 2021 - SolarWinds 供應鏈攻擊事件分析】
Hacks in Taiwan (HITCON)
Honeypots for Active Defense
Honeypots for Active Defense
Greg Foss
Ransomware: History, Analysis, & Mitigation
Ransomware: History, Analysis, & Mitigation
WhiskeyNeon
CrowdCasts Monthly: When Pandas Attack
CrowdCasts Monthly: When Pandas Attack
CrowdStrike
Mobile #Infosec hackathon for journalists(2)
Mobile #Infosec hackathon for journalists(2)
Tanja Drca
SACON - Deception Technology (Sahir Hidayatullah)
SACON - Deception Technology (Sahir Hidayatullah)
Priyanka Aash
2019 CYBER SECURITY TRENDS REPORT REVIEW
2019 CYBER SECURITY TRENDS REPORT REVIEW
Sylvain Martinez
CrowdCasts Monthly: Going Beyond the Indicator
CrowdCasts Monthly: Going Beyond the Indicator
CrowdStrike
Defending Your Base of Operations: How Industrial Control Systems are Being T...
Defending Your Base of Operations: How Industrial Control Systems are Being T...
AFCEA International
Cyberwar and Geopolitics
Cyberwar and Geopolitics
tnwac
Threat Intelligence Workshop
Threat Intelligence Workshop
Priyanka Aash
Cybersecurity Law and Policy II Slides for First Summit Meeting
Cybersecurity Law and Policy II Slides for First Summit Meeting
David Opderbeck
Threat-Based Adversary Emulation with MITRE ATT&CK
Threat-Based Adversary Emulation with MITRE ATT&CK
Katie Nickels
CrowdCast Monthly: Operationalizing Intelligence
CrowdCast Monthly: Operationalizing Intelligence
CrowdStrike
Was ist angesagt?
(19)
Advantage Technology - Ransomware and the NIST Cybersecurity Framework
Advantage Technology - Ransomware and the NIST Cybersecurity Framework
Information Security Lesson 2 - Attackers and Attacks - Eric Vanderburg
Information Security Lesson 2 - Attackers and Attacks - Eric Vanderburg
Hacking Exposed Live: Mobile Targeted Threats
Hacking Exposed Live: Mobile Targeted Threats
EENA 2021: Keynote – Open-Source Intelligence (OSINT) for emergency services ...
EENA 2021: Keynote – Open-Source Intelligence (OSINT) for emergency services ...
Does a Bear Leak in the Woods?
Does a Bear Leak in the Woods?
【HITCON FreeTalk 2021 - SolarWinds 供應鏈攻擊事件分析】
【HITCON FreeTalk 2021 - SolarWinds 供應鏈攻擊事件分析】
Honeypots for Active Defense
Honeypots for Active Defense
Ransomware: History, Analysis, & Mitigation
Ransomware: History, Analysis, & Mitigation
CrowdCasts Monthly: When Pandas Attack
CrowdCasts Monthly: When Pandas Attack
Mobile #Infosec hackathon for journalists(2)
Mobile #Infosec hackathon for journalists(2)
SACON - Deception Technology (Sahir Hidayatullah)
SACON - Deception Technology (Sahir Hidayatullah)
2019 CYBER SECURITY TRENDS REPORT REVIEW
2019 CYBER SECURITY TRENDS REPORT REVIEW
CrowdCasts Monthly: Going Beyond the Indicator
CrowdCasts Monthly: Going Beyond the Indicator
Defending Your Base of Operations: How Industrial Control Systems are Being T...
Defending Your Base of Operations: How Industrial Control Systems are Being T...
Cyberwar and Geopolitics
Cyberwar and Geopolitics
Threat Intelligence Workshop
Threat Intelligence Workshop
Cybersecurity Law and Policy II Slides for First Summit Meeting
Cybersecurity Law and Policy II Slides for First Summit Meeting
Threat-Based Adversary Emulation with MITRE ATT&CK
Threat-Based Adversary Emulation with MITRE ATT&CK
CrowdCast Monthly: Operationalizing Intelligence
CrowdCast Monthly: Operationalizing Intelligence
Ähnlich wie Global Cyber Security on Earth + in Space
Cybercrime and Cybersecurity Governance: A Kenyan Perspective
Cybercrime and Cybersecurity Governance: A Kenyan Perspective
Ivan Sang
Quant & Crypto Gold
Quant & Crypto Gold
Andrew Hammond
Do it Best Corp. Techapalooza 2013 Presentation
Do it Best Corp. Techapalooza 2013 Presentation
Brian T. O'Hara CISA, CISM, CRISC, CCSP, CISSP
Event: George Washington University -- National Security Threat Convergence: ...
Event: George Washington University -- National Security Threat Convergence: ...
Chuck Brooks
DNS Cybersecurity in 2012-2015
DNS Cybersecurity in 2012-2015
Andrzej Bartosiewicz
NewsByte Mumbai October 2017
NewsByte Mumbai October 2017
chauhananand17
Cyber terrorism
Cyber terrorism
Hiren Selani
Enhancing Your Security Infrastructure with Infoblox Threat Intelligence Webinar
Enhancing Your Security Infrastructure with Infoblox Threat Intelligence Webinar
Adelaide Hill
Insider Threat Solution from GTRI
Insider Threat Solution from GTRI
Zivaro Inc
Is6120 data security presentation
Is6120 data security presentation
JamesDempsey1
Internet of Things - Privacy and Security issues
Internet of Things - Privacy and Security issues
Pierluigi Paganini
Cyber as WMD- April 2015- GFSU
Cyber as WMD- April 2015- GFSU
Mohit Rampal
All about Hacking
All about Hacking
Madhusudhan G
Webinar: Why evasive zero day attacks are killing traditional sandboxing
Webinar: Why evasive zero day attacks are killing traditional sandboxing
Cyren, Inc
Guerilla warfare by means of netwarfare [2001]
Guerilla warfare by means of netwarfare [2001]
Mikko Hypponen
Global Cyber Threat Intelligence
Global Cyber Threat Intelligence
NTT Innovation Institute Inc.
cybersecurity notes important points.pptx
cybersecurity notes important points.pptx
dhumaletiku
Stopping zero day threats
Stopping zero day threats
Zscaler
2012 02 14 Afcom Presentation
2012 02 14 Afcom Presentation
Eric Gallant
IoT DDoS Attacks: the stakes have changed
IoT DDoS Attacks: the stakes have changed
Great Bay Software
Ähnlich wie Global Cyber Security on Earth + in Space
(20)
Cybercrime and Cybersecurity Governance: A Kenyan Perspective
Cybercrime and Cybersecurity Governance: A Kenyan Perspective
Quant & Crypto Gold
Quant & Crypto Gold
Do it Best Corp. Techapalooza 2013 Presentation
Do it Best Corp. Techapalooza 2013 Presentation
Event: George Washington University -- National Security Threat Convergence: ...
Event: George Washington University -- National Security Threat Convergence: ...
DNS Cybersecurity in 2012-2015
DNS Cybersecurity in 2012-2015
NewsByte Mumbai October 2017
NewsByte Mumbai October 2017
Cyber terrorism
Cyber terrorism
Enhancing Your Security Infrastructure with Infoblox Threat Intelligence Webinar
Enhancing Your Security Infrastructure with Infoblox Threat Intelligence Webinar
Insider Threat Solution from GTRI
Insider Threat Solution from GTRI
Is6120 data security presentation
Is6120 data security presentation
Internet of Things - Privacy and Security issues
Internet of Things - Privacy and Security issues
Cyber as WMD- April 2015- GFSU
Cyber as WMD- April 2015- GFSU
All about Hacking
All about Hacking
Webinar: Why evasive zero day attacks are killing traditional sandboxing
Webinar: Why evasive zero day attacks are killing traditional sandboxing
Guerilla warfare by means of netwarfare [2001]
Guerilla warfare by means of netwarfare [2001]
Global Cyber Threat Intelligence
Global Cyber Threat Intelligence
cybersecurity notes important points.pptx
cybersecurity notes important points.pptx
Stopping zero day threats
Stopping zero day threats
2012 02 14 Afcom Presentation
2012 02 14 Afcom Presentation
IoT DDoS Attacks: the stakes have changed
IoT DDoS Attacks: the stakes have changed
Kürzlich hochgeladen
The workplace ecosystem of the future 24.4.2024 Fabritius_share ii.pdf
The workplace ecosystem of the future 24.4.2024 Fabritius_share ii.pdf
Senaatti-kiinteistöt
BDSM⚡Call Girls in Sector 93 Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 93 Noida Escorts >༒8448380779 Escort Service
Delhi Call girls
No Advance 8868886958 Chandigarh Call Girls , Indian Call Girls For Full Nigh...
No Advance 8868886958 Chandigarh Call Girls , Indian Call Girls For Full Nigh...
Sheetaleventcompany
Dreaming Music Video Treatment _ Project & Portfolio III
Dreaming Music Video Treatment _ Project & Portfolio III
NhPhngng3
Re-membering the Bard: Revisiting The Compleat Wrks of Wllm Shkspr (Abridged)...
Re-membering the Bard: Revisiting The Compleat Wrks of Wllm Shkspr (Abridged)...
Hasting Chen
Presentation on Engagement in Book Clubs
Presentation on Engagement in Book Clubs
samaasim06
Thirunelveli call girls Tamil escorts 7877702510
Thirunelveli call girls Tamil escorts 7877702510
Vipesco
Dreaming Marissa Sánchez Music Video Treatment
Dreaming Marissa Sánchez Music Video Treatment
nswingard
ICT role in 21st century education and it's challenges.pdf
ICT role in 21st century education and it's challenges.pdf
Islamia university of Rahim Yar khan campus
VVIP Call Girls Nalasopara : 9892124323, Call Girls in Nalasopara Services
VVIP Call Girls Nalasopara : 9892124323, Call Girls in Nalasopara Services
Pooja Nehwal
lONG QUESTION ANSWER PAKISTAN STUDIES10.
lONG QUESTION ANSWER PAKISTAN STUDIES10.
lodhisaajjda
Chiulli_Aurora_Oman_Raffaele_Beowulf.pptx
Chiulli_Aurora_Oman_Raffaele_Beowulf.pptx
raffaeleoman
Report Writing Webinar Training
Report Writing Webinar Training
KylaCullinane
AWS Data Engineer Associate (DEA-C01) Exam Dumps 2024.pdf
AWS Data Engineer Associate (DEA-C01) Exam Dumps 2024.pdf
SkillCertProExams
Call Girl Number in Khar Mumbai📲 9892124323 💞 Full Night Enjoy
Call Girl Number in Khar Mumbai📲 9892124323 💞 Full Night Enjoy
Pooja Nehwal
BDSM⚡Call Girls in Sector 97 Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 97 Noida Escorts >༒8448380779 Escort Service
Delhi Call girls
If this Giant Must Walk: A Manifesto for a New Nigeria
If this Giant Must Walk: A Manifesto for a New Nigeria
Kayode Fayemi
My Presentation "In Your Hands" by Halle Bailey
My Presentation "In Your Hands" by Halle Bailey
hlharris
Mohammad_Alnahdi_Oral_Presentation_Assignment.pptx
Mohammad_Alnahdi_Oral_Presentation_Assignment.pptx
mohammadalnahdi22
Uncommon Grace The Autobiography of Isaac Folorunso
Uncommon Grace The Autobiography of Isaac Folorunso
Kayode Fayemi
Kürzlich hochgeladen
(20)
The workplace ecosystem of the future 24.4.2024 Fabritius_share ii.pdf
The workplace ecosystem of the future 24.4.2024 Fabritius_share ii.pdf
BDSM⚡Call Girls in Sector 93 Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 93 Noida Escorts >༒8448380779 Escort Service
No Advance 8868886958 Chandigarh Call Girls , Indian Call Girls For Full Nigh...
No Advance 8868886958 Chandigarh Call Girls , Indian Call Girls For Full Nigh...
Dreaming Music Video Treatment _ Project & Portfolio III
Dreaming Music Video Treatment _ Project & Portfolio III
Re-membering the Bard: Revisiting The Compleat Wrks of Wllm Shkspr (Abridged)...
Re-membering the Bard: Revisiting The Compleat Wrks of Wllm Shkspr (Abridged)...
Presentation on Engagement in Book Clubs
Presentation on Engagement in Book Clubs
Thirunelveli call girls Tamil escorts 7877702510
Thirunelveli call girls Tamil escorts 7877702510
Dreaming Marissa Sánchez Music Video Treatment
Dreaming Marissa Sánchez Music Video Treatment
ICT role in 21st century education and it's challenges.pdf
ICT role in 21st century education and it's challenges.pdf
VVIP Call Girls Nalasopara : 9892124323, Call Girls in Nalasopara Services
VVIP Call Girls Nalasopara : 9892124323, Call Girls in Nalasopara Services
lONG QUESTION ANSWER PAKISTAN STUDIES10.
lONG QUESTION ANSWER PAKISTAN STUDIES10.
Chiulli_Aurora_Oman_Raffaele_Beowulf.pptx
Chiulli_Aurora_Oman_Raffaele_Beowulf.pptx
Report Writing Webinar Training
Report Writing Webinar Training
AWS Data Engineer Associate (DEA-C01) Exam Dumps 2024.pdf
AWS Data Engineer Associate (DEA-C01) Exam Dumps 2024.pdf
Call Girl Number in Khar Mumbai📲 9892124323 💞 Full Night Enjoy
Call Girl Number in Khar Mumbai📲 9892124323 💞 Full Night Enjoy
BDSM⚡Call Girls in Sector 97 Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 97 Noida Escorts >༒8448380779 Escort Service
If this Giant Must Walk: A Manifesto for a New Nigeria
If this Giant Must Walk: A Manifesto for a New Nigeria
My Presentation "In Your Hands" by Halle Bailey
My Presentation "In Your Hands" by Halle Bailey
Mohammad_Alnahdi_Oral_Presentation_Assignment.pptx
Mohammad_Alnahdi_Oral_Presentation_Assignment.pptx
Uncommon Grace The Autobiography of Isaac Folorunso
Uncommon Grace The Autobiography of Isaac Folorunso
Global Cyber Security on Earth + in Space
1.
ALAN W. SILBERBERG DIGIJAKS
FOUNDER + CEO GLOBAL CYBER SECURITY ON EARTH + IN SPACE US GEOINT CONFERENCE 5.18.16 Copyright © 2016 Digijaks 1
2.
Who am I
and what is Digijaks? • Alan W Silberberg • Founder of Digijaks – Boutique Cyber Security Firm • Subject Matter Expert, Cyber Security to US SBA • Member, California Governor’s Cyber Security Task Force • Former US White House aide • Former US National Archives Task Force Member • Former Executive at Paramount Pictures • Invented technology to utilize aspects of search + social media to defend against cyber attacks. • Invented technology to change and alter search results. Copyright © 2016 Digijaks 2
3.
Summary Of Areas
Covered • People • Ground Stations • Ground Station Hardware + Software • Uplinked Data • Downlinked Data • Terrestrial Platforms • Threat Matrix • Threat Actors • Suggested Changes Copyright © 2016 Digijaks 3
4.
Copyright © 2016
Digijaks 4
5.
3, 2, 1
– Liftoff is just beginning of challenges for satellite communications Copyright © 2016 Digijaks 5
6.
3, 2, 1
– Liftoff is just beginning of challenges for satellite cyber security Copyright © 2016 Digijaks 6 • The challenges mount from the moment of liftoff. • Depending on the complexity of the payload and onboard data packages cyber security risks can only increase once in space due to problems and or failures on the ground, or in space. • Cyber Security was an afterthought until only recently, so there are many gaps where legacy systems and legacy technology are in the clear, not encrypted, and not ready for a modern cyber attack.
7.
25 years ago
there were dozens….. Copyright © 2016 Digijaks 7
8.
And 1000s of
Satellites now in Space Copyright © 2016 Digijaks 8
9.
Internet = Anyone
Anywhere 2 Track, Identify software, do enough open source *osint research to then move on to next phase of cyber security information collection prior to attack or breach of Ground, Person, Satellite LOTS OF DATA Copyright © 2016 Digijaks 9
10.
People and their
Devices Copyright © 2016 Digijaks 10
11.
People and their
Devices • BYOD • Social Engineering • USBs • WALK BY Photo/Video/SMS/Social Media • Laziness • Corruptness • Leveraged by Organized Crime or Foreign Intelligence • Disregard of security protocols • Will-full destruction/cyberwar/espionage Copyright © 2016 Digijaks 11
12.
People and their
Devices Copyright © 2016 Digijaks 12
13.
People and their
Devices Copyright © 2016 Digijaks 13 • Devices can be hacked and need to be screened or put in lead or steel box outside prior to entry. Air gapped breaches have been proven to be actual exploits. • Device access to Ground Station networks need to be closely controlled and monitored 24x7 including vpn, remote by proxy, late night email logins, and late night from home server logins. • In addition to physical security concerns, BYOD devices can also insert malware, viruses, worms, and can simultaneously be used to extrifilcate DATA and transmit instantly via carrier exchanges or social media to internet + Globe.
14.
Ground Station Cyber
Security Copyright © 2016 Digijaks 14
15.
Ground Station Cyber
Security Copyright © 2016 Digijaks 15 • People. People. People. • Incoming data from other ground stations/networks • Incoming data from Internet/extranet • Incoming Data bound for Sat Payload Uplink • Outgoing Data bound from Sat Payload Downlink • Uplink Data • Downlink Data • Maintenance Level • Control Level • Security Level
16.
Ground Station Cyber
Security Copyright © 2016 Digijaks 16
17.
Ground Station Cyber
Security Copyright © 2016 Digijaks 17 • Perimeters • Attractive and Visible Physical Targets • Critical Infrastructure yet not always provided security for such protections as needed • Easy to track and research using online OSINT for • SCADA Installs connected to Internet • SCADA Install passwords, default reset data • Real world representation of the need to blend physical and cyber security into one force multiplier.
18.
Ground Station Cyber
Security Copyright © 2016 Digijaks 18 What does your ground station cyber posture look like from space? Probably, another satellite is spying on you as you work and as your teams go about “securing the facility”.
19.
You do not
know who your attacker is. Copyright © 2016 Digijaks 19
20.
But …. They
know you Copyright © 2016 Digijaks 20
21.
But they know
you: Partial List of Satellite Hacks in last few years. Copyright © 2016 Digijaks 21 • US Weather System Satellites (Non Mil) NOAA satellites penetrated (CHINESE NATION STATE THREAT ACTOR) • Commercial Satellites have been compromised for APT use like in case of TURLA APT (RUSSIAN NATION STATE THREAT ACTOR) corrupted weak satellite protocols • Ground Station Software + Hardware from multiple manufacturers flagged in 2014 for cyber security failures – CERT notification was issued, but only some companies have made updates to date in 2016.
22.
But they know
you - Copyright © 2016 Digijaks 22 • In 2015 CNN and many other news outlets reported on the GPS system and satellites having been compromised and even altered. By whom? Why? What happens when that gets combined with the command and control structure for your fleet? For your bird? • SIMPLEX network known and unknown vulnerabilities include un encrypted data transmission between ground and satellite, as well as ground to ground and satellite to satellite. In 2015 warnings were issued about organizations relying on this backbone for their comms. • EXFIL sensitive data from government, military, diplomatic, research and educational organizations in US + EU. • Hide command-and-control servers from law enforcement agencies.
23.
But they know
you - Copyright © 2016 Digijaks 23
24.
Terrestrial Platform Cyber
Security Copyright © 2016 Digijaks 24
25.
Terrestrial Platform Cyber
Security Copyright © 2016 Digijaks 25 Several factors become weak points: A. Uplink From Ground that is un encrypted or already corrupted. B. Downlink from Bird that is same C. Penetration and or control of data stream, redistributing FUD DATA D. EXFIL of DATA E. LOSS of bird through willful destruction, terrorism, hunter killer satellite from opponent F. Corruption of GEO SPATIAL location and or timing for signal control rendering the satellite(s) useless and or dangerous or both.
26.
Terrestrial Platform Cyber
Security Copyright © 2016 Digijaks 26 • Loss of Command and Control through ground infiltration or penetration of ground station either physically or through cyber means. • Acquisition of signals and BAND(s) data from Space by another satellite tasked with sensors/lasers to track/acquire such information without knowledge of users on ground. • Same problems apply from ground station, ie, if any of those are triggered, then the cybersecurity of the bird is already compromised.
27.
Terrestrial Platform Cyber
Security Copyright © 2016 Digijaks 27 • Cyber Attacks are common, more common than not. • Cyber Attacks are both from the ground and from another satellite or group of satellites. • How can satellite or group of cube-sats be used in malicious ways against a country, or company or a person?
28.
Terrestrial Platform Cyber
Security Copyright © 2016 Digijaks 28
29.
Terrestrial Platform Cyber
Security Copyright © 2016 Digijaks 29 • Do you know who is watching from above? Or why? • What about your cyber security – how much is already penetrated from above, let alone from the computer you are already using? • What of your upstream and downstream DATA? How much is already FUD and or compromised. • Is your platform being used in a Space Based DDoS attack? Or Space Based misdirection of signal/GPS/location to purposely mislead either data or physical time and space objects like people.
30.
Threat Matrix Copyright ©
2016 Digijaks 30
31.
Threat Matrix Copyright ©
2016 Digijaks 31 • Know your weaknesses • Know the weaknesses of your staff, the training and the software and hardware. • Anticipate that you will be attacked. It is not IF but WHEN. • Use both internal and external sources of information to stay apprised of current threats against the industry or your facility. Search for the facility name and see if it is being mentioned in social media or on chat rooms. • Scour sites like Shodan weekly to ensure your IoT + SCADA devices are not listed, if they are make changes.
32.
Threat Matrix Copyright ©
2016 Digijaks 32 • Attacks will occur onto: • A. Ground Station Software • B. Ground Station Hardware • C. People + their devices • D. Social Engineering, Phishing, Whaling, Waterholes • E. Upstream Data • F. Downstream Data • G. Ground to Ground Data – SMS, Cell, Internet, Intranet, Extranet, Phone/Voice/Video • F. Satellite to Satellite Attacks on both software + hardware through lasers, sonic beams + hunter killer sats
33.
Threat Actors • Nation
State • China (estimated 125K+ official hackers paid by Gov) • Russia (17K+ Twitter Trolls + estimated 25K hackers paid by Gov) • Iran (1000s of Hackers + 100s of Twitter trolls + funding others) • North Korea • Vietnam • Ukraine • Romania • Also a host of other countries with either sophisticated telecom networks or where traditional computing is taught. • Paid hacker cartels • Paid hacker soldier of war Copyright © 2016 Digijaks 33
34.
Threat Actors • Corporations
using technology to spy on their competition or on their staff or clients. • Bad actor cyber companies doing unethical work and or illegal work under cover of “helping” • Your own people • Your own equipment • Your own networks • May already be compromised, how would you know if you do not look? Copyright © 2016 Digijaks 34
35.
Constant Actions +
Energy Needed 24x7 Copyright © 2016 Digijaks 35
36.
Suggested Changes • Update
all software and firmware on regular basis. • Do not ignore alerts from already installed software or monitoring services regarding breach behavior or irregular network data passing as regular flow. • Understand relationship (emerging and growing between physical security and cyber security in both ground and terrestrial situations. • Train employees and contractors regularly, and drill regularly in what to do when cyber attacked/ how to handle active breach / mitigation of previous breach and proactively taking steps to make changes into new paradigms. Copyright © 2016 Digijaks 36
37.
Suggested Changes • Install
and utilize two factor authentication for every entry or access to control of data streams / up + downlinks • Disable use of BYOD on premises of ground stations or only in specifically marked areas. • Institute signal proof lead/steel boxes outside of conference rooms/important areas/data centers and regulate that all personal devices be placed in one during a meeting or any grouping. • Constantly review SHODAN.IO for your installation’s SCADA and other internet connected devices/software or firmware numbers or other identifying information, then work to make changes or remove. Copyright © 2016 Digijaks 37
38.
THANK YOU!! WWW.DIGIJAKS.COM @IDEAGOV
424.442.9658 Copyright © 2016 Digijaks 38
Jetzt herunterladen