A presentation at the 2015 East Africa CIO100

1. War Against Terrorism:
The Role of Today’s CIO
Ayo Rotibi
Managing Director
Forts & Shields Ltd
(US, Kenya, Nigeria)

2. “The Internet is a prime example
of how terrorists can behave in a
truly transnational way; in
response, States need to think and
function in an equally
transnational manner.”
Ban ki-moon

3. The Art of War
The Art of War is simple
enough. Find out where
your enemy is. Get at
him as soon as you can.
Strike him as hard as
you can and as often as
you can, and keep
moving on.(Ulysses S. Grant)
18th US President. Led
the Union to victory over
the Confederacy in the
American Civil War

4. www.terror.net – The Modern Terrorists
Internet-aided terrorism is a dynamic
phenomenon and transnational
Terrorist websites target three different
audiences: current and potential supporters;
international public opinion; and enemy publics
Ways contemporary terrorists use the Internet:
•From conducting psychological warfare to
gathering information, from training to
fundraising, from propagandizing to recruiting,
and from networking to planning and coordinating
terrorist acts.

5. www.terror.net – The Modern Terrorists
Workplace has been the primary target of terrorism
•WTC Building, Garisa University, Westgate Mall
Many workplaces upon which citizens rely to reach
work are relatively unprotected
•St Pancreas Underground
"We use Facebook to schedule the protests, Twitter
to co-ordinate and YouTube to tell the world.“ An
Egyptian Arab Spring Activist

6. www.terror.net – The Modern Terrorists
Dateline: September 2013
•Al Qaeda opens first official Twitter account
•@shomokhalislam, issued 29 tweets, followed
one account, and attracted 1,532 followers in 24
hours (including several high-profile digital
jihadists)
@shomokhalislam

7. www.terror.net – The Modern Terrorists
Breaking News...
Amazon Halts sales of ISIS propaganda Magazine

8. Darknet – The New Terror Frontier
Adopted platform for direct communication among
global jihadi activists
• Over 50,000 sites and 300 forums for terrorist
organizations
• Used to distribute material for recruitment, training, and
coordination of terrorist
• Informed the travel warning and closure of some US
embassies in August 2013

9. Darknet – The New Terror Frontier
A Course in the Art of Recruiting
• https://ia800300.us.archive.org/32/items/ACourseInTheArtOfRecruiting-
RevisedJuly2010/A_Course_in_the_Art_of_Recruiting_-_Revised_July2010.pdf
ISIS and the Lonely Young American
• http://www.nytimes.com/2015/06/28/world/americas/isis-online-recruiting-american.html

10. Kenya’s Global Terrorism Index (GTI)
Year Incidents Fatalities Injuries Properties GTI Rank (out
of 162)
2009 1 0 0 0 4.47 27
2010 12 19 159 4 4.81 24
2011 38 37 98 7 5.15 19
2012 73 98 410 34 6.06 14
2013 74 201 442 22 6.58 12
http://www.visionofhumanity.org/#page/indexes/terrorism-index/2013/KEN/FATA

11. Cyber-threat Barometer: Any Ideas?
Leading Cyber Attack Method
•Social Engineering
Leading Threat
•Insider (with Authorized Access)
Leading Vulnerability
•People

12. Kenya’s Cyber Goals
Enhance the nation’s cybersecurity posture in a manner
that facilitates the country’s growth, safety, and
prosperity.
Build national capability by raising cybersecurity
awareness and developing Kenya’s workforce to
address cybersecurity needs.
Foster information sharing and collaboration among
relevant stakeholders to facilitate an information
sharing environment focused on achieving the
Strategy’s goals and objectives.

13. Insider threat
Have legitimate access to systems
Often familiar with the
organization's data
Abuse privileges to harm the
organization
Circumvent security controls of
which they are aware
Have physical proximity to data
Harder to defend against than
attacks from outsiders

14. The 58% Theory-The Insider Family
The Rogue Employee
•AKA: Shadow IT, Rogue
IT
•Description: They have
many aliases, but one
definite goal – to take
valuable data and
leverage it into
monetary gain, revenge
or even some
revolutionary crusade

15. The 58% Theory-The Insider Family
Fired / Disgruntled
Worker
•AKA: Pinch a Penny
from a 1 million
Transactions
•Description: Think
Office Space – where
workers on their way
out devise a way to rip
off the company

16. The 58% Theory-The Insider Family
3rd Party and Outside Insider
•AKA: The Ulterior
Motivator
•Description: Your
temporary contractor or
third-party vendor is
around so much that your
office is almost his second
home. He may fraternize
with employees and gain
the trust of your crew – but
who is really watching over

17. The 58% Theory-The Insider Family
Inadvertent Users
•AKA: Not the Brightest
Crayon in the Box
•Description: Believe it not,
inadvertent insider threats
make up a good portion of
data breaches– thanks to
the consumerization of
IT, the mobility of data and
the smartphone trend, it is
easier for company data to
move beyond traditional
firewalls

18. The 58% Theory-The Insider Family
Personalization Guru
•AKA: The Guy Who Brings
Home to Work
•Description: This guy is a
disaster waiting to happen.
They are the ones who
want their workstation to
be a basic clone of their
personal laptop. They want
to have all the applications,
tools and software –to
bypass admin rights

19. The 58% Theory-The Insider Family
The Night Janitor
•AKA: The Unsuspecting Pirate
•Description: The support staff
is in your office at strange
hours with no supervision
really at all. Don't let the false
characterizations and
stereotypes fool you –
criminals and social engineers
would not lose a sweat
getting employed as a janitor
just to have your server room
to themselves.

20. Exposure in the Workplace
Types of Sensitive Corporate Information Employees Access
(http://www.ponemon.org/blog/the-security-impact-of-mobile-device-use-by-employees)

21. Exposure in the Workplace
Types of Personal Tasks Employees Do in the Workplace
(http://www.ponemon.org/blog/the-security-impact-of-mobile-device-use-by-employees)

22. Exposure in the Workplace
Content Accessed on Mobile Devices As Permitted By Enterprise
(http://www.ponemon.org/blog/the-security-impact-of-mobile-device-use-by-employees)

23. Food For Thought
What Will You Do
If You Knew You
Were Under
Surveillance?

24. 4 Cyber-Breach Questions
What:
•Happened? Was Stolen? Was Compromised?
How:
•Did They Do It? To Prevent Reoccurrence?
Who:
•Did It? Is Affected?
When:
•Did They Do It? Can Recovery Begin?

25. CIOs must leverage this singular advantage and
take a stand on the new encryption regime
introduced by FB, Google and Apple
Nothing is Hidden Under the Hood
Every online activity leaves a Digital Footprint

26. The Role of The CIO
Due Care: Conduct a reasonable person would
exercise in a particular situation
•Security is Good Business
•Security is Everybody’s Business
Due Diligence: Gathers facts to make an informed
decision
•Additional Internal Control procedure – Network Forensics
Threat awareness, assessment, and perception
Efficient information flow within corporations,
between corporations, and between corporations
and local and federal government agencies

27. National Domestic Communication Assistance Center
Core functions:
• Law Enforcement
Coordination
• Industry Relations
• Technology Sharing
• CALEA Implementation
Government's first ever
attempt to develop a centre
for electronic surveillance
knowledge management, and
facilitate the sharing of
technical solutions and know-
how among law enforcement
agencies

28. What if...
...we all work together for a common
purpose?
...we aspire to build a Regional NDCAC to
foster stronger collaboration and
complement Kenya CIRT/CERT?
...we foster stronger collective
relationship with LEA and Government
...we leave this conference with a
resolution to make SOMETING happen?
...we...?

29. Proposed Initiatives
Initiate targeted knowledge dissemination
programs
Provide real time knowledge dissemination to
corporate members
Develop lessons learned from corporate incidences
Modify existing Users and Internet Usage Policies to
include Internal Surveillance
Establish a Regional NDCAC

30. A Little Story
Breaking News
Eiffel Tower for Sale!
Moral Lesson:
Share Information

31. Conclusion
CIOs have been dragged into the War Against Terrorism
The Enterprise landscape has changed forever – FACT
The Internet offers us opportunity to prevent, detect
and deter acts of terrorism
CIOs have a responsibility to secure their enterprise
CIOs need to know about human psychology and
behavioural attitude
Real-time Digital Forensics will become a major tool in
identifying these threat agents
CIO must determine that their enterprise network does
not become a recruitment ground or a conduit for fund-
raising and propaganda

32. For Further Information and Demo:
•Email: arotibi@isecureconsulting.com
•Phone: +254-786-834-158, +254-772-299-802
•Skype: arotibi
•Forts & Shields, 63 Mandera Rd, Kileleshwa, Nairobi, Kenya
•www.fortsandshields.com
•www.isecureconsulting.com
Questions