SlideShare ist ein Scribd-Unternehmen logo

Opening Keynote - Cybersecurity Summit 2018

Als PPTX, PDF herunterladen
A
aztechcouncil

Opening Keynote Speaker - Salim Hariri, Ph.D., Professor Department of Electrical and Computer Engineering, University of Arizona

Technologie
1 von 64
Resilient Smart City Services Salim Hariri, Director NSF Center for Cloud and Autonomic Computing The University of Arizona nsfcac.arizona.edu email: hariri@ece.arizona.edu (520) 977-7954
Presentation Outline UA NSF Center for Cloud and Autonomic Computing – Introduction, and what we do? Enabling Technologies for Smart City Services Cybersecurity Motivation and Challenges UA Autonomic Autonomic Cyber Security (ACS) Methodology – Methodology to Develop Resilient Smart City Services Conclusions
What is an IUCRC? • A Partnership: A mechanism to enable industrially-relevant, pre-competitive research via a sustained partnership among industry, universities, and government. • Centers bring together (1) IUCRC Sites (Academic Institutions) • Faculty and students from different academic institutions (2) IUCRC Industry Members • Companies, State/Federal/Local government, and non-profits • Focus – Perform cutting-edge pre-competitive fundamental research in science, engineering, technology area(s) of interest to industry and that can drive innovation and the U.S. economy. – Members guide the direction of Center research through active involvement and mentoring. 3
NSF IUCRC in US
NSF Funded Centers – A key investment STC: Science and Technology Centers MRSEC: Materials Research Science and Engineering Centers CCI: Centers for Chemical Innovation ERC: Engineering Research Centers IUCRC: Industry/University Cooperative Research Centers STC MRSEC CCI ERC IUCRC Basic Research Applied Use-inspired 19731987 1994, ‘98 1985
Advanced Electronics and Photonics (7 centers) Advanced Manufacturing 6 Advanced Materials 11 Biotechnology 6 Civil Infrastructure Systems 1 Energy and Environment 12 Health and Safety 6 IT, Communication, and Computing 24 (CAC) System Design and Simulation 3 75+ IUCRC Centers 225 University sites, 876 Industry members Broad Research Themes *Data from 2015
• Autonomic Cyber Security (ACS) • Tactical Cyber Immune System (TCIS) • Autonomic Monitoring, Analysis and Protection (AMAP) • Anomaly based Detection of Attacks on Wireless Ad Hoc Networks • Resilient Cyber Services • Hacker Web: Securing Cyber Space: Understanding the Cyber Attackers and Attacks via Social Media Analytics • IoT Security Framework • Big Data Analytics • Intelligent Cyber Security Assistant • Heart Modeling, Analysis, Diagnosis and Prediction • Digital Patient Assistant (DPA) • High Performance Distributed Computing and Applications • Just-In-Time Architecture (JITA) for Composable High Performance Data Centers • Heart Cyber Expert System (HeartCyPert) • Well Data Analytics and Protection (WDAP) • Hurricane Continuous Modeling and Simulation Environment On Going UA CAC Projects
The Need for Resilience Technology: Motivation - Emerging Technologies/Services: Problems and Opportunities 8
Internet Revolution
Starting from the Internet Internet appears to connect people every where, Internet of People (IoP)
What is the Internet of Things? If we put every things on the internet, and get them connected, we end up with what we call “the Internet of Things” (IoT) or Internet of Everything (IoE)
IoTs Applications Education Food Pharmaceuticals Management IoT Applications Retail Logistics http://www.youtube.com/watch?v=nDBup8KLEtk
The Rising Problem/Opportunity - 1 • Smart devices are proliferating with the promise to make human lives better. Everything from smart wearables, phones, watches to shoes, glasses and many other accessories. • The machines are monitoring almost every aspect of our lives. Problems arise because these technologies use proprietary underlying infrastructure that enforces brand controls. • Security in all these devices are after thought, never was one a primary design issue
14 Sink node Gateway Core network e.g. InternetGateway End-user Computer services - The networks typically run Low Power Devices - Consist of one or more sensors, could be different type of sensors (or actuators) -They cannot run sophisticated security tools and algorithms The Rising Problem/Opportunity - 2
The Rising Problem/Opportunity – Smart Cities Smart Technology Smart Government Smart Healthcare Smart Grid Smart Building Smart Homes Smart Auto Services Smart Critical Infrastructure Command/Control Center Data Command
Security Challenges in IoT It is estimated that 30 billion devices will be wirelessly connected to the Internet of Things by 2020 Current cybersecurity solutions have failed to secure and protect our cyber resources and services due to being – Manual, reactive, mainly signature base, and use many isolated tools – Biometrics are not well used and integrated with other cyber tools We have a challenging problem to secure computers, networks, data and applications that are about less than 2 billion computers or mobile devices. – How are we going to manage and secure the operations of more than 30+ billion devices that do not have computing and storage capacity to secure and protect their operations? – How do you authenticate, trust and manage the identify of these devices? © 2012 Open Geospatial Consortium
CYBERSECURITY MOTIVATION
Attack Sophistication and Attacker Knowledge 18
Smart Infrastructure Services SC 2 Smart Infrastructure Smart Infrastructure Gateway SC 1 SC n Smart Meter Bio-Cyber Access Control https://youtu.be/AOEpS8uV73Q
Attack Propagation and Impact 20
CYBER SECURITY SOLUTIONS: INTRODUCTION
22 Detection techniques Signature-based (Misuse): Models the attacks – Pros: Fast, easy to implement. – Cons: Cannot detect new or modified attacks, Manual Update Anomaly-based Models the normal behavior – Pros: Detects any attack, scalable – Cons: High false positive Signature Matching Engine Attack Signature Data Base Manual Update Signature Based Known Attack UnKnown Attack Detected UnDetected Anomaly Detection Engine Normal Model Anomaly Based Known Attack UnKnown Attack Detected Automatic Learning Detected
Intrusion Detection System (Challenge) 23 Each protocol has its own specification which is defined in its RFC document as: • Protocol message format (Syntax) • Communication Rules (Semantic) Source: www.tcpipguide.com Solution: Apply multiple customized Micro Intrusion Detection engines for each protocol and aggregate the results for final detection. It is hard to come up with a single intrusion detection system which accurately works for all protocols.
Anomaly Behavior Analysis (ABA) Decision Fusion FlowFlow DBDB PayloadPayload DBDB Application LayerApplication Layer Behavior AnalysisBehavior Analysis Transport LayerTransport Layer Behavior AnalysisBehavior Analysis Network LayerNetwork Layer Behavior AnalysisBehavior Analysis -Multi-Level Behavior Analysis Link LayerLink Layer Behavior AnalysisBehavior Analysis Online Monitoring : NetFlow & AppFlow 24
ABA Methodology Need to define: • U: The event set • R: The representation map • f: The anomaly characterization function • M: The Normal model (memory) • ԏ : The detection threshold
Detection Evaluation (a-score distribution) 26
Main Cybersecurity Challenges Insider Threats Detection and Protection Resilient Cyber Operations Resilience is a promising solution – You do not need to worry about detecting, and reacting to attacks – You just make these attacks insignificance; that means you build Intrusion Tolerance capabilities Our Solution: Autonomic Cyber Security (ACS) – Full visibility – Continuous monitoring, analysis and mitigation 5/8/2018 27
UA AUTONOMIC CYBER SECURITY (ACS) METHODOLOGY
Autonomic Cyber Security (ACS) Analogous to Human autonomic nervous system ACS continuously monitors, analyzes, and diagnoses the user-cyber behavior and then takes proactive actions
ACS Development Methodology
CAC Cybersecurity Test-beds Industrial Process Control Test-bed Private Cloud Smart Building GPU Cluster
Raspberry PI, Microduino and Arduino ACL Smart Devices Testbed ZigBee, WiFi, blue tooth, Ethernet Modbus, DNP3, Backnet NI Grid
UserCyberDNA User Behavior Keyboard Mouse Deception Resource Behavior CPU Utilization # of cores Memory Read/Write I/O Network Behavior Number of Connection Bandwidth Packet Rate UserCyberDNA 33 Application/Soft ware Behavior Data Access
2) Continuous Behavior Analysis 5/8/2018 34
Continuous Trust Evaluation 5/8/2018 35
3) Automated and Integrated Management (AIM) Observer Controller Anomaly BAU Knowledg e Monitorin g Executio n PoliciesPlanning Resource Activities CPU Memory I/O Network Interactions Task Activities CPU Memory I/O Interactions
ACS APPLICATIONS: TACTICAL CYBER IMMUNE SYSTEM (TCIS) INTELLIGENT CYBER SECURITY ASSISTANT (ICSA) CLAAS: VIRTUAL CYBERSECURITY LABORATORY RESILIENT SMART CITY SERVICES
Source: http://www.hitachi.com/environment/showcase/solution/energy/smartgrid.html Resilient Smart City Services Smart Technology Smart Government Smart Healthcare Smart Grid Smart Building Smart Homes Smart Auto Services Smart Critical Infrastructure Command/Control Center Data Command
IP Fluxing Resilient Communication System (RCS) Resilient Server Resilient Command and Control System (RCCS) Engineering workstation Database Server HMI Data Acquisition Server Historian Reports Actuators/Effector s Sensors Physical System IP Fluxing Resilient and Intelligent City Ecosystem (RICE)
Resilient Computations 40
Moving Target Defense Strategies Address Space Randomization Instruction Set Randomization Data Randomization Execution Environment Randomization – Change Programming Language – Change OS and Middleware – Change Resources
Diversity – Hot Shuffling software variants at runtime – Variants are functionally equivalent, behaviorally different Redundancy – Multiple replicas on different physical hardware Random Selection and Shuffling of Variants Software Behavior Encryption (SBE) 42
How SBE achieve resiliency? 43
Input Output Resilient Algorithm Autonomic Management Resilient Server VM App 1 Primary: Version 1 Secondary: Version 2 Smart City Applications VM App 2 Primary: Version 1 Secondary: Version 2 Application Repository App 1 Version 1, 2, .. App n Version 1, 2, .. VM Image Repository VM Type 1 2, .. VM Type n Configuration Engine Diversity Level Redundancy Level Shuffling Rate Resilient Computations/Applications
45 Application Execution Env. 1 VM3 (V6) VM2 (V4) VM1 (V1) Applications/Resources Application Repository VM Images Repository Diversity Level Resilient Cloud Middleware Configuration Engine Redundancy Level Shuffling Rate Observer Analyzer Application Supervisor Application Resilient EditorUser’s Application Application Execution Env. 2 VM3 (V5) VM2 (V7) VM1 (V2) Application Execution Env.n VM3 (V2) VM2 (V4) VM1 (V3) Resilient Cloud Services Architecture
Controller Supervisor 1 Physical Node 1 Master 1 Worker 2 [V7] Worker 1 [V4] Worker 3 [V2] Supervisor 3 Physical Node 3 Master 3 Worker 8 [V5] Worker 7 [V3] Worker 9 [V8] Supervisor 2 Physical Node 2 Master 2 Worker 5 [V1] Worker 4 [V9] Worker 6 [V6] Data store for VM images Invoking Virtual Machins Check Pointing Supervisor Selection Worker Selection
RCS Experimental Results and Evaluation • Developed an experimental environment • MapReduce Application • Linear Equation Solver Application • Mibench G. Dsouza, G. Rodríguez, Y. B. Al-Nashif, S. Hariri, “Building resilient cloud services using DDDAS and moving target defence”, IJCC 2(2/3): 171-190, 2013
Resilient Communications 48
AIM SDN Controller OF Switch Resilient Communication Anomaly Behavior Analysis (ABA Network Model Monitoring Service Resilient Computation Wired/WirelessNetwork (Radio,Cellular,WiFi,Internet) OF Switch Command and Control Center Resilient Servers OF Switch
Tactical Operation Center MTD Node Transmitter Module Receiver Module Modulation- BPSK Frequency- 1 Ghz Packet size - 30 B Modulation-QPSK Frequency- 2 Ghz Packet size- 20 MTD Node Logical Link Legend Active Stand by Attacked Link 1 Resilience Radio Communications 50
WiFi Cellular Cellular WiFi Normal Behavior with no attack Radio Radio Radio Cellular WiFi WiFi Radio Cellular Primary link Secondary link Attacked link Time Normal Behavior with attack T1 T3T2
Research Scientific Computing Site Scientific Data Cloud Repository CommunicationsNetworks (Radio,Cellular,Wifi,Internet) Sensors Data Resilient Data Transfer (RDT) Server Software Defined Sensors Communications Remote Sensors High Performance Computing and Large-Scale Storage Site Primary and Secondary Communications Links
Resilience Modeling and Analysis
The system resilience 𝑅 is the ability of the system to continue providing its normal operations as long as the impact of the attacks is bellow the minimum threshold 𝑅. The impact 𝑖 𝑣 𝑡 of a vulnerability 𝑣 is: 𝑖 𝑣 𝑡 = 0, 𝑡 < 𝑇𝑣 𝐼 𝑉, 𝑡 ≥ 𝑇𝑣 Where 𝑇𝑣 is the time required for discovering the vulnerability and exploiting it, and 𝐼𝑣 is the impact of exploiting the vulnerability. Resilience Analysis
Probability of Successful Attack Erik Blasch, Youssif Al-Nashif , Salim Hariri, Static versus Dynamic Data Information Fusion analysis using DDDAS for Cyber Trust, ICCS 2014.
Resilient Crisis Management 56 Decision Makers Domain Experts Air Force First Medical Responders Police Firemen Actions Sensors Measurements Management Domain Operations Domain • Battle Management • Nuclear Disaster Management • Terrorist/Accident Management • Analytics for Cybersecurity
Command and Controls Actions Logger Tool 2 Current StatesRecommended actions Smart City Operations Center (SCOC): Integrated Modeling, Analysis and Simulation Response AnalysisAgent based Simulation Risk Impact Analysis Resilient Water Application Resilient Power Grid Application Resilient Applications and Communications Resilient Communications Resilient Computations Sensors, Devices, Resources Monitoring, Filtering, and Characterization Resource Behavior Abstraction Normal Behavior Characterization Requirements Biosphere 2: A Smart City Test Bed
Conclusions We cannot build perfect cyber systems and services Resilient paradigm provides us the methodology to make attacks ineffective, so we can continue to operate normally in spite of attacks, malicious accidents, failures, or disasters Autonomic computing provides a promising paradigm to self manage Cyber operations and services Big Data Analytics and smart data structures will enable us to effectively address the cybersecurity challenges Ultimate goal is the development of Intelligent Cybersecurity Assistant (ICSA) (like Siri for cybersecurity) technologies that can proactively self-protect cyber resources, data and applications 58
THANK YOU
60 Questions? Salim Hariri Salim.hariri@avirtek.com
MapReduce provides – Automatic parallelization & distribution Application 1 – MapReduce (MR) G. Dsouza, G. Rodríguez, Y. B. Al-Nashif, S. Hariri, “Building resilient cloud services using DDDAS and moving target defense”, IJCC 2(2/3): 171-190, 2013
MapReduce – Attack Scenarios During validation, SM checks current environment and if okay, contoler starts the application execution cycle Case 1: During validation, SM detects an error in V4 and it selects the first error free output from v5 or v12 Case 2: During validation, SM detects compromised results of V9 and it selects the first error free result from V3 or V7 G. Dsouza, G. Rodríguez, Y. B. Al-Nashif, S. Hariri, “Building resilient cloud services using DDDAS and moving target defence”, IJCC 2(2/3): 171-190, 2013
Case 1: Resilience against DoS Attacks Denial of Service attack on Windows VM-6 Response Time (in seconds) Without DoS attack With DoS attack Without RCS 95 615 With RCS 105 105 G. Dsouza, G. Rodríguez, Y. B. Al-Nashif, S. Hariri, “Building resilient cloud services using DDDAS and moving target defence”, IJCC 2(2/3): 171-190, 2013
Case 2: Resilience against Insider Attacks Response Time (in seconds) Without Insider attack With Insider attack Without RCS 95 No response With RCS 105 105 % increase in response time with RCS 11% Compromise attack on Linux VM-1 G. Dsouza, G. Rodríguez, Y. B. Al-Nashif, S. Hariri, “Building resilient cloud services using DDDAS and moving target defence”, IJCC 2(2/3): 171-190, 2013

Empfohlen

Workshop incident response n handling-bssn 12 nop 2019-ignmantra
Workshop incident response n handling-bssn 12 nop 2019-ignmantraWorkshop incident response n handling-bssn 12 nop 2019-ignmantra
Workshop incident response n handling-bssn 12 nop 2019-ignmantra
IGN MANTRA
 
Aalto cyber-10.4.18
Aalto cyber-10.4.18Aalto cyber-10.4.18
Aalto cyber-10.4.18
japijapi
 
ISACA smart security for smart devices
ISACA smart security for smart devicesISACA smart security for smart devices
ISACA smart security for smart devices
Marc Vael
 
Security and Privacy in IoT and Cyber-physical Systems
Security and Privacy in IoT and Cyber-physical SystemsSecurity and Privacy in IoT and Cyber-physical Systems
Security and Privacy in IoT and Cyber-physical Systems
Bob Marcus
 
Security Awareness
Security AwarenessSecurity Awareness
Security Awareness
Dinesh O Bareja
 
Energy Industry Organizational Strategies to Increase Cyber Resiliency
Energy Industry Organizational Strategies to Increase Cyber ResiliencyEnergy Industry Organizational Strategies to Increase Cyber Resiliency
Energy Industry Organizational Strategies to Increase Cyber Resiliency
EnergySec
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
NC Military Business Center
 
Security and Privacy Big Challenges in Internet of things
Security and Privacy Big Challenges in Internet of thingsSecurity and Privacy Big Challenges in Internet of things
Security and Privacy Big Challenges in Internet of things
IRJET Journal
 

Empfohlen

Workshop incident response n handling-bssn 12 nop 2019-ignmantra
Workshop incident response n handling-bssn 12 nop 2019-ignmantraWorkshop incident response n handling-bssn 12 nop 2019-ignmantra
Workshop incident response n handling-bssn 12 nop 2019-ignmantra
IGN MANTRA
 
Aalto cyber-10.4.18
Aalto cyber-10.4.18Aalto cyber-10.4.18
Aalto cyber-10.4.18
japijapi
 
ISACA smart security for smart devices
ISACA smart security for smart devicesISACA smart security for smart devices
ISACA smart security for smart devices
Marc Vael
 
Security and Privacy in IoT and Cyber-physical Systems
Security and Privacy in IoT and Cyber-physical SystemsSecurity and Privacy in IoT and Cyber-physical Systems
Security and Privacy in IoT and Cyber-physical Systems
Bob Marcus
 
Security Awareness
Security AwarenessSecurity Awareness
Security Awareness
Dinesh O Bareja
 
Energy Industry Organizational Strategies to Increase Cyber Resiliency
Energy Industry Organizational Strategies to Increase Cyber ResiliencyEnergy Industry Organizational Strategies to Increase Cyber Resiliency
Energy Industry Organizational Strategies to Increase Cyber Resiliency
EnergySec
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
NC Military Business Center
 
Security and Privacy Big Challenges in Internet of things
Security and Privacy Big Challenges in Internet of thingsSecurity and Privacy Big Challenges in Internet of things
Security and Privacy Big Challenges in Internet of things
IRJET Journal
 
How We Will Fail in Privacy and Ethics for the Emerging Internet of Things
How We Will Fail in Privacy and Ethics for the Emerging Internet of ThingsHow We Will Fail in Privacy and Ethics for the Emerging Internet of Things
How We Will Fail in Privacy and Ethics for the Emerging Internet of Things
Jason Hong
 
Security and Privacy Challenges for IoT
Security and Privacy Challenges for IoTSecurity and Privacy Challenges for IoT
Security and Privacy Challenges for IoT
Jason Hong
 
John kingsley OT ICS SCADA Cyber security consultant
John kingsley OT ICS SCADA Cyber security consultantJohn kingsley OT ICS SCADA Cyber security consultant
John kingsley OT ICS SCADA Cyber security consultant
John Kingsley
 
ICS Supply Chain Security: Learning from Recent Incidents and Other Sectors
ICS Supply Chain Security: Learning from Recent Incidents and Other SectorsICS Supply Chain Security: Learning from Recent Incidents and Other Sectors
ICS Supply Chain Security: Learning from Recent Incidents and Other Sectors
EnergySec
 
PAS: Leveraging IT/OT - Convergence and Developing Effective OT Cybersecurity
PAS: Leveraging IT/OT - Convergence and Developing Effective OT CybersecurityPAS: Leveraging IT/OT - Convergence and Developing Effective OT Cybersecurity
PAS: Leveraging IT/OT - Convergence and Developing Effective OT Cybersecurity
Mighty Guides, Inc.
 
Looking into the future of security
Looking into the future of securityLooking into the future of security
Looking into the future of security
Southern Cross Group Services
 
WEARABLE TECHNOLOGY DEVICES SECURITY AND PRIVACY VULNERABILITY ANALYSIS
WEARABLE TECHNOLOGY DEVICES SECURITY AND PRIVACY VULNERABILITY ANALYSISWEARABLE TECHNOLOGY DEVICES SECURITY AND PRIVACY VULNERABILITY ANALYSIS
WEARABLE TECHNOLOGY DEVICES SECURITY AND PRIVACY VULNERABILITY ANALYSIS
IJNSA Journal
 
Why You’ll Care More About Mobile Security in 2020 - Tom Bain
Why You’ll Care More About Mobile Security in 2020 - Tom BainWhy You’ll Care More About Mobile Security in 2020 - Tom Bain
Why You’ll Care More About Mobile Security in 2020 - Tom Bain
EC-Council
 
The Internet of Things: the 4 security dimensions of smart devices
The Internet of Things: the 4 security dimensions of smart devicesThe Internet of Things: the 4 security dimensions of smart devices
The Internet of Things: the 4 security dimensions of smart devices
Wavestone
 
All The Things: Security, Privacy & Safety in a World of Connected Devices
All The Things: Security, Privacy & Safety in a World of Connected DevicesAll The Things: Security, Privacy & Safety in a World of Connected Devices
All The Things: Security, Privacy & Safety in a World of Connected Devices
John D. Johnson
 
Cyber Security Awareness of Critical Infrastructures in North East of Italy S...
Cyber Security Awareness of Critical Infrastructures in North East of Italy S...Cyber Security Awareness of Critical Infrastructures in North East of Italy S...
Cyber Security Awareness of Critical Infrastructures in North East of Italy S...
Luca Moroni ✔✔
 
IoT and the implications on business IT architecture and security
IoT and the implications on business IT architecture and securityIoT and the implications on business IT architecture and security
IoT and the implications on business IT architecture and security
DeniseFerniza
 
Eurosmart etsi-e-io t-scs-presentation
Eurosmart etsi-e-io t-scs-presentationEurosmart etsi-e-io t-scs-presentation
Eurosmart etsi-e-io t-scs-presentation
Stefane Mouille
 
The importance of authenticity in cyber security training and education
The importance of authenticity in cyber security training and educationThe importance of authenticity in cyber security training and education
The importance of authenticity in cyber security training and education
Jisc
 
Cybersecurity-Real World Approach FINAL 2-24-16
Cybersecurity-Real World Approach FINAL 2-24-16Cybersecurity-Real World Approach FINAL 2-24-16
Cybersecurity-Real World Approach FINAL 2-24-16
James Rutt
 
Wireless Security on Context (disponible en español)
Wireless Security on Context (disponible en español)Wireless Security on Context (disponible en español)
Wireless Security on Context (disponible en español)
Cisco Service Provider Mobility
 
Cse 8th sem syllabus
Cse 8th sem syllabusCse 8th sem syllabus
Cse 8th sem syllabus
Akshatha Nair
 
Gary Leatherman - A Holistic Approach for Reimagining Cyber Defense
Gary Leatherman - A Holistic Approach for Reimagining Cyber DefenseGary Leatherman - A Holistic Approach for Reimagining Cyber Defense
Gary Leatherman - A Holistic Approach for Reimagining Cyber Defense
EnergySec
 
Information Security for Small Business
Information Security for Small BusinessInformation Security for Small Business
Information Security for Small Business
Julius Clark, CISSP, CISA
 
Cyber risks in supply chains
Cyber risks in supply chains Cyber risks in supply chains
Cyber risks in supply chains
Aparajita Banerjee
 
Cyber Security - awareness, vulnerabilities and solutions
Cyber Security - awareness, vulnerabilities and solutionsCyber Security - awareness, vulnerabilities and solutions
Cyber Security - awareness, vulnerabilities and solutions
inLabFIB
 
Power Plants Security Webinar Presentation
Power Plants Security Webinar PresentationPower Plants Security Webinar Presentation
Power Plants Security Webinar Presentation
Certrec
 

Weitere ähnliche Inhalte

Was ist angesagt?

How We Will Fail in Privacy and Ethics for the Emerging Internet of Things
How We Will Fail in Privacy and Ethics for the Emerging Internet of ThingsHow We Will Fail in Privacy and Ethics for the Emerging Internet of Things
How We Will Fail in Privacy and Ethics for the Emerging Internet of Things
Jason Hong
 
John kingsley OT ICS SCADA Cyber security consultant
John kingsley OT ICS SCADA Cyber security consultantJohn kingsley OT ICS SCADA Cyber security consultant
John kingsley OT ICS SCADA Cyber security consultant
John Kingsley
 
ICS Supply Chain Security: Learning from Recent Incidents and Other Sectors
ICS Supply Chain Security: Learning from Recent Incidents and Other SectorsICS Supply Chain Security: Learning from Recent Incidents and Other Sectors
ICS Supply Chain Security: Learning from Recent Incidents and Other Sectors
EnergySec
 
WEARABLE TECHNOLOGY DEVICES SECURITY AND PRIVACY VULNERABILITY ANALYSIS
WEARABLE TECHNOLOGY DEVICES SECURITY AND PRIVACY VULNERABILITY ANALYSISWEARABLE TECHNOLOGY DEVICES SECURITY AND PRIVACY VULNERABILITY ANALYSIS
WEARABLE TECHNOLOGY DEVICES SECURITY AND PRIVACY VULNERABILITY ANALYSIS
IJNSA Journal
 
Why You’ll Care More About Mobile Security in 2020 - Tom Bain
Why You’ll Care More About Mobile Security in 2020 - Tom BainWhy You’ll Care More About Mobile Security in 2020 - Tom Bain
Why You’ll Care More About Mobile Security in 2020 - Tom Bain
EC-Council
 
All The Things: Security, Privacy & Safety in a World of Connected Devices
All The Things: Security, Privacy & Safety in a World of Connected DevicesAll The Things: Security, Privacy & Safety in a World of Connected Devices
All The Things: Security, Privacy & Safety in a World of Connected Devices
John D. Johnson
 
Cybersecurity-Real World Approach FINAL 2-24-16
Cybersecurity-Real World Approach FINAL 2-24-16Cybersecurity-Real World Approach FINAL 2-24-16
Cybersecurity-Real World Approach FINAL 2-24-16
James Rutt
 
Gary Leatherman - A Holistic Approach for Reimagining Cyber Defense
Gary Leatherman - A Holistic Approach for Reimagining Cyber DefenseGary Leatherman - A Holistic Approach for Reimagining Cyber Defense
Gary Leatherman - A Holistic Approach for Reimagining Cyber Defense
EnergySec
 

Was ist angesagt? (19)

How We Will Fail in Privacy and Ethics for the Emerging Internet of Things
How We Will Fail in Privacy and Ethics for the Emerging Internet of ThingsHow We Will Fail in Privacy and Ethics for the Emerging Internet of Things
How We Will Fail in Privacy and Ethics for the Emerging Internet of Things
 
Security and Privacy Challenges for IoT
Security and Privacy Challenges for IoTSecurity and Privacy Challenges for IoT
Security and Privacy Challenges for IoT
 
John kingsley OT ICS SCADA Cyber security consultant
John kingsley OT ICS SCADA Cyber security consultantJohn kingsley OT ICS SCADA Cyber security consultant
John kingsley OT ICS SCADA Cyber security consultant
 
ICS Supply Chain Security: Learning from Recent Incidents and Other Sectors
ICS Supply Chain Security: Learning from Recent Incidents and Other SectorsICS Supply Chain Security: Learning from Recent Incidents and Other Sectors
ICS Supply Chain Security: Learning from Recent Incidents and Other Sectors
 
PAS: Leveraging IT/OT - Convergence and Developing Effective OT Cybersecurity
PAS: Leveraging IT/OT - Convergence and Developing Effective OT CybersecurityPAS: Leveraging IT/OT - Convergence and Developing Effective OT Cybersecurity
PAS: Leveraging IT/OT - Convergence and Developing Effective OT Cybersecurity
 
Looking into the future of security
Looking into the future of securityLooking into the future of security
Looking into the future of security
 
WEARABLE TECHNOLOGY DEVICES SECURITY AND PRIVACY VULNERABILITY ANALYSIS
WEARABLE TECHNOLOGY DEVICES SECURITY AND PRIVACY VULNERABILITY ANALYSISWEARABLE TECHNOLOGY DEVICES SECURITY AND PRIVACY VULNERABILITY ANALYSIS
WEARABLE TECHNOLOGY DEVICES SECURITY AND PRIVACY VULNERABILITY ANALYSIS
 
Why You’ll Care More About Mobile Security in 2020 - Tom Bain
Why You’ll Care More About Mobile Security in 2020 - Tom BainWhy You’ll Care More About Mobile Security in 2020 - Tom Bain
Why You’ll Care More About Mobile Security in 2020 - Tom Bain
 
The Internet of Things: the 4 security dimensions of smart devices
The Internet of Things: the 4 security dimensions of smart devicesThe Internet of Things: the 4 security dimensions of smart devices
The Internet of Things: the 4 security dimensions of smart devices
 
All The Things: Security, Privacy & Safety in a World of Connected Devices
All The Things: Security, Privacy & Safety in a World of Connected DevicesAll The Things: Security, Privacy & Safety in a World of Connected Devices
All The Things: Security, Privacy & Safety in a World of Connected Devices
 
Cyber Security Awareness of Critical Infrastructures in North East of Italy S...
Cyber Security Awareness of Critical Infrastructures in North East of Italy S...Cyber Security Awareness of Critical Infrastructures in North East of Italy S...
Cyber Security Awareness of Critical Infrastructures in North East of Italy S...
 
IoT and the implications on business IT architecture and security
IoT and the implications on business IT architecture and securityIoT and the implications on business IT architecture and security
IoT and the implications on business IT architecture and security
 
Eurosmart etsi-e-io t-scs-presentation
Eurosmart etsi-e-io t-scs-presentationEurosmart etsi-e-io t-scs-presentation
Eurosmart etsi-e-io t-scs-presentation
 
The importance of authenticity in cyber security training and education
The importance of authenticity in cyber security training and educationThe importance of authenticity in cyber security training and education
The importance of authenticity in cyber security training and education
 
Cybersecurity-Real World Approach FINAL 2-24-16
Cybersecurity-Real World Approach FINAL 2-24-16Cybersecurity-Real World Approach FINAL 2-24-16
Cybersecurity-Real World Approach FINAL 2-24-16
 
Wireless Security on Context (disponible en español)
Wireless Security on Context (disponible en español)Wireless Security on Context (disponible en español)
Wireless Security on Context (disponible en español)
 
Cse 8th sem syllabus
Cse 8th sem syllabusCse 8th sem syllabus
Cse 8th sem syllabus
 
Gary Leatherman - A Holistic Approach for Reimagining Cyber Defense
Gary Leatherman - A Holistic Approach for Reimagining Cyber DefenseGary Leatherman - A Holistic Approach for Reimagining Cyber Defense
Gary Leatherman - A Holistic Approach for Reimagining Cyber Defense
 
Information Security for Small Business
Information Security for Small BusinessInformation Security for Small Business
Information Security for Small Business
 

Ähnlich wie Opening Keynote - Cybersecurity Summit 2018

Cyber risks in supply chains
Cyber risks in supply chains Cyber risks in supply chains
Cyber risks in supply chains
Aparajita Banerjee
 
Security FJ_Exec_Strattegy_Comittee_V13.4.pptx
Security FJ_Exec_Strattegy_Comittee_V13.4.pptxSecurity FJ_Exec_Strattegy_Comittee_V13.4.pptx
Security FJ_Exec_Strattegy_Comittee_V13.4.pptx
S .Ali Raza
 
Infrastructure Security by Sivamurthy Hiremath
Infrastructure Security by Sivamurthy HiremathInfrastructure Security by Sivamurthy Hiremath
Infrastructure Security by Sivamurthy Hiremath
ClubHack
 
SN-Security Architecture for Mobile Computing and IoT
SN-Security Architecture for Mobile Computing and IoTSN-Security Architecture for Mobile Computing and IoT
SN-Security Architecture for Mobile Computing and IoT
Sukumar Nayak
 
Protecting health and life science organizations from breaches and ransomware
Protecting health and life science organizations from breaches and ransomwareProtecting health and life science organizations from breaches and ransomware
Protecting health and life science organizations from breaches and ransomware
Cloudera, Inc.
 
2014 the future evolution of cybersecurity
2014 the future evolution of cybersecurity2014 the future evolution of cybersecurity
2014 the future evolution of cybersecurity
Matthew Rosenquist
 

Ähnlich wie Opening Keynote - Cybersecurity Summit 2018 (20)

Cyber risks in supply chains
Cyber risks in supply chains Cyber risks in supply chains
Cyber risks in supply chains
 
Cyber Security - awareness, vulnerabilities and solutions
Cyber Security - awareness, vulnerabilities and solutionsCyber Security - awareness, vulnerabilities and solutions
Cyber Security - awareness, vulnerabilities and solutions
 
Power Plants Security Webinar Presentation
Power Plants Security Webinar PresentationPower Plants Security Webinar Presentation
Power Plants Security Webinar Presentation
 
Build a Cyber Resilient Network with Symantec
Build a Cyber Resilient Network with SymantecBuild a Cyber Resilient Network with Symantec
Build a Cyber Resilient Network with Symantec
 
Security FJ_Exec_Strattegy_Comittee_V13.4.pptx
Security FJ_Exec_Strattegy_Comittee_V13.4.pptxSecurity FJ_Exec_Strattegy_Comittee_V13.4.pptx
Security FJ_Exec_Strattegy_Comittee_V13.4.pptx
 
Webinar - Reducing the Risk of a Cyber Attack on Utilities
Webinar - Reducing the Risk of a Cyber Attack on UtilitiesWebinar - Reducing the Risk of a Cyber Attack on Utilities
Webinar - Reducing the Risk of a Cyber Attack on Utilities
 
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security ObservabilityGlenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
 
Infrastructure Security by Sivamurthy Hiremath
Infrastructure Security by Sivamurthy HiremathInfrastructure Security by Sivamurthy Hiremath
Infrastructure Security by Sivamurthy Hiremath
 
Cyber Security in AI (Artificial Intelligence)
Cyber Security in AI (Artificial Intelligence)Cyber Security in AI (Artificial Intelligence)
Cyber Security in AI (Artificial Intelligence)
 
Cyber-menaces et cyber-préjudices : regards croisés par Gilles DESOBLIN & Red...
Cyber-menaces et cyber-préjudices : regards croisés par Gilles DESOBLIN & Red...Cyber-menaces et cyber-préjudices : regards croisés par Gilles DESOBLIN & Red...
Cyber-menaces et cyber-préjudices : regards croisés par Gilles DESOBLIN & Red...
 
Mobile Threat Protection: A Holistic Approach to Securing Mobile Data and Dev...
Mobile Threat Protection: A Holistic Approach to Securing Mobile Data and Dev...Mobile Threat Protection: A Holistic Approach to Securing Mobile Data and Dev...
Mobile Threat Protection: A Holistic Approach to Securing Mobile Data and Dev...
 
SN-Security Architecture for Mobile Computing and IoT
SN-Security Architecture for Mobile Computing and IoTSN-Security Architecture for Mobile Computing and IoT
SN-Security Architecture for Mobile Computing and IoT
 
Basics of Cyber Security
Basics of Cyber SecurityBasics of Cyber Security
Basics of Cyber Security
 
Can you trust your smart building
Can you trust your smart buildingCan you trust your smart building
Can you trust your smart building
 
Internet of Things: Trends and challenges for future
Internet of Things: Trends and challenges for futureInternet of Things: Trends and challenges for future
Internet of Things: Trends and challenges for future
 
The evolution of IT in a cloud world
The evolution of IT in a cloud worldThe evolution of IT in a cloud world
The evolution of IT in a cloud world
 
Risk Assessment Solutions of H2020 IoT Security/Privacy Cluster Projects
Risk Assessment Solutions of H2020 IoT Security/Privacy Cluster ProjectsRisk Assessment Solutions of H2020 IoT Security/Privacy Cluster Projects
Risk Assessment Solutions of H2020 IoT Security/Privacy Cluster Projects
 
Iot cyber security
Iot cyber securityIot cyber security
Iot cyber security
 
Protecting health and life science organizations from breaches and ransomware
Protecting health and life science organizations from breaches and ransomwareProtecting health and life science organizations from breaches and ransomware
Protecting health and life science organizations from breaches and ransomware
 
2014 the future evolution of cybersecurity
2014 the future evolution of cybersecurity2014 the future evolution of cybersecurity
2014 the future evolution of cybersecurity
 

Mehr von aztechcouncil

Lunch and Learn, Pitfalls and Best Practic, Preses Around Outsourcing Softwar...
Lunch and Learn, Pitfalls and Best Practic, Preses Around Outsourcing Softwar...Lunch and Learn, Pitfalls and Best Practic, Preses Around Outsourcing Softwar...
Lunch and Learn, Pitfalls and Best Practic, Preses Around Outsourcing Softwar...
aztechcouncil
 
Arizona Association for Economic Development, Technology Workforce Survey
Arizona Association for Economic Development, Technology Workforce SurveyArizona Association for Economic Development, Technology Workforce Survey
Arizona Association for Economic Development, Technology Workforce Survey
aztechcouncil
 
Lunch and Learn: Why Being an Expert can Hurt your Career, ImpaQ Solutions
Lunch and Learn: Why Being an Expert can Hurt your Career, ImpaQ SolutionsLunch and Learn: Why Being an Expert can Hurt your Career, ImpaQ Solutions
Lunch and Learn: Why Being an Expert can Hurt your Career, ImpaQ Solutions
aztechcouncil
 
SRP Metro Phoenix Business Study
SRP Metro Phoenix Business StudySRP Metro Phoenix Business Study
SRP Metro Phoenix Business Study
aztechcouncil
 
Council Connect, Bonus Bucks
Council Connect, Bonus BucksCouncil Connect, Bonus Bucks
Council Connect, Bonus Bucks
aztechcouncil
 
Council connect, tech pr smarts
Council connect, tech pr smartsCouncil connect, tech pr smarts
Council connect, tech pr smarts
aztechcouncil
 
A&D Conf Northrop Grumman
A&D Conf Northrop GrummanA&D Conf Northrop Grumman
A&D Conf Northrop Grumman
aztechcouncil
 
A&D Conf Breakout Session #2
A&D Conf Breakout Session #2A&D Conf Breakout Session #2
A&D Conf Breakout Session #2
aztechcouncil
 
A&D Conf Breakout Session #1
A&D Conf Breakout Session #1A&D Conf Breakout Session #1
A&D Conf Breakout Session #1
aztechcouncil
 
A&D Conf BAE Systems
A&D Conf BAE SystemsA&D Conf BAE Systems
A&D Conf BAE Systems
aztechcouncil
 
A&D Conf General Dynamics C4 Systems
A&D Conf General Dynamics C4 SystemsA&D Conf General Dynamics C4 Systems
A&D Conf General Dynamics C4 Systems
aztechcouncil
 
Council Connect: Mobile Marketing, presented by Mojo Video Marketing (Boom Te...
Council Connect: Mobile Marketing, presented by Mojo Video Marketing (Boom Te...Council Connect: Mobile Marketing, presented by Mojo Video Marketing (Boom Te...
Council Connect: Mobile Marketing, presented by Mojo Video Marketing (Boom Te...
aztechcouncil
 

Mehr von aztechcouncil (18)

Philip bane smart city
Philip bane smart cityPhilip bane smart city
Philip bane smart city
 
2017 Arizona Technology Council New Member Presentation
2017 Arizona Technology Council New Member Presentation2017 Arizona Technology Council New Member Presentation
2017 Arizona Technology Council New Member Presentation
 
2016 Aerospace, Aviation, Defense and Manf Conference
2016 Aerospace, Aviation, Defense and Manf Conference2016 Aerospace, Aviation, Defense and Manf Conference
2016 Aerospace, Aviation, Defense and Manf Conference
 
Partnering Conf Presentations
Partnering Conf PresentationsPartnering Conf Presentations
Partnering Conf Presentations
 
Lunch and Learn, Pitfalls and Best Practic, Preses Around Outsourcing Softwar...
Lunch and Learn, Pitfalls and Best Practic, Preses Around Outsourcing Softwar...Lunch and Learn, Pitfalls and Best Practic, Preses Around Outsourcing Softwar...
Lunch and Learn, Pitfalls and Best Practic, Preses Around Outsourcing Softwar...
 
Arizona Association for Economic Development, Technology Workforce Survey
Arizona Association for Economic Development, Technology Workforce SurveyArizona Association for Economic Development, Technology Workforce Survey
Arizona Association for Economic Development, Technology Workforce Survey
 
Lunch and Learn: Why Being an Expert can Hurt your Career, ImpaQ Solutions
Lunch and Learn: Why Being an Expert can Hurt your Career, ImpaQ SolutionsLunch and Learn: Why Being an Expert can Hurt your Career, ImpaQ Solutions
Lunch and Learn: Why Being an Expert can Hurt your Career, ImpaQ Solutions
 
SRP Metro Phoenix Business Study
SRP Metro Phoenix Business StudySRP Metro Phoenix Business Study
SRP Metro Phoenix Business Study
 
Council Connect, Bonus Bucks
Council Connect, Bonus BucksCouncil Connect, Bonus Bucks
Council Connect, Bonus Bucks
 
Lunch and learn, flagstaff, loop demand gen
Lunch and learn, flagstaff, loop demand genLunch and learn, flagstaff, loop demand gen
Lunch and learn, flagstaff, loop demand gen
 
Council connect, tech pr smarts
Council connect, tech pr smartsCouncil connect, tech pr smarts
Council connect, tech pr smarts
 
A&D Conf Northrop Grumman
A&D Conf Northrop GrummanA&D Conf Northrop Grumman
A&D Conf Northrop Grumman
 
A&D Conf Honeywell
A&D Conf HoneywellA&D Conf Honeywell
A&D Conf Honeywell
 
A&D Conf Breakout Session #2
A&D Conf Breakout Session #2A&D Conf Breakout Session #2
A&D Conf Breakout Session #2
 
A&D Conf Breakout Session #1
A&D Conf Breakout Session #1A&D Conf Breakout Session #1
A&D Conf Breakout Session #1
 
A&D Conf BAE Systems
A&D Conf BAE SystemsA&D Conf BAE Systems
A&D Conf BAE Systems
 
A&D Conf General Dynamics C4 Systems
A&D Conf General Dynamics C4 SystemsA&D Conf General Dynamics C4 Systems
A&D Conf General Dynamics C4 Systems
 
Council Connect: Mobile Marketing, presented by Mojo Video Marketing (Boom Te...
Council Connect: Mobile Marketing, presented by Mojo Video Marketing (Boom Te...Council Connect: Mobile Marketing, presented by Mojo Video Marketing (Boom Te...
Council Connect: Mobile Marketing, presented by Mojo Video Marketing (Boom Te...
 

Kürzlich hochgeladen

+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
UiPathCommunity
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Orbitshub
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 

Kürzlich hochgeladen (20)

presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Vector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxVector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptx
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
 
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot ModelMcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Six Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal OntologySix Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal Ontology
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 

Opening Keynote - Cybersecurity Summit 2018

  • 1. Resilient Smart City Services Salim Hariri, Director NSF Center for Cloud and Autonomic Computing The University of Arizona nsfcac.arizona.edu email: hariri@ece.arizona.edu (520) 977-7954
  • 2. Presentation Outline UA NSF Center for Cloud and Autonomic Computing – Introduction, and what we do? Enabling Technologies for Smart City Services Cybersecurity Motivation and Challenges UA Autonomic Autonomic Cyber Security (ACS) Methodology – Methodology to Develop Resilient Smart City Services Conclusions
  • 3. What is an IUCRC? • A Partnership: A mechanism to enable industrially-relevant, pre-competitive research via a sustained partnership among industry, universities, and government. • Centers bring together (1) IUCRC Sites (Academic Institutions) • Faculty and students from different academic institutions (2) IUCRC Industry Members • Companies, State/Federal/Local government, and non-profits • Focus – Perform cutting-edge pre-competitive fundamental research in science, engineering, technology area(s) of interest to industry and that can drive innovation and the U.S. economy. – Members guide the direction of Center research through active involvement and mentoring. 3
  • 5. NSF Funded Centers – A key investment STC: Science and Technology Centers MRSEC: Materials Research Science and Engineering Centers CCI: Centers for Chemical Innovation ERC: Engineering Research Centers IUCRC: Industry/University Cooperative Research Centers STC MRSEC CCI ERC IUCRC Basic Research Applied Use-inspired 19731987 1994, ‘98 1985
  • 6. Advanced Electronics and Photonics (7 centers) Advanced Manufacturing 6 Advanced Materials 11 Biotechnology 6 Civil Infrastructure Systems 1 Energy and Environment 12 Health and Safety 6 IT, Communication, and Computing 24 (CAC) System Design and Simulation 3 75+ IUCRC Centers 225 University sites, 876 Industry members Broad Research Themes *Data from 2015
  • 7. • Autonomic Cyber Security (ACS) • Tactical Cyber Immune System (TCIS) • Autonomic Monitoring, Analysis and Protection (AMAP) • Anomaly based Detection of Attacks on Wireless Ad Hoc Networks • Resilient Cyber Services • Hacker Web: Securing Cyber Space: Understanding the Cyber Attackers and Attacks via Social Media Analytics • IoT Security Framework • Big Data Analytics • Intelligent Cyber Security Assistant • Heart Modeling, Analysis, Diagnosis and Prediction • Digital Patient Assistant (DPA) • High Performance Distributed Computing and Applications • Just-In-Time Architecture (JITA) for Composable High Performance Data Centers • Heart Cyber Expert System (HeartCyPert) • Well Data Analytics and Protection (WDAP) • Hurricane Continuous Modeling and Simulation Environment On Going UA CAC Projects
  • 8. The Need for Resilience Technology: Motivation - Emerging Technologies/Services: Problems and Opportunities 8
  • 10. Starting from the Internet Internet appears to connect people every where, Internet of People (IoP)
  • 11. What is the Internet of Things? If we put every things on the internet, and get them connected, we end up with what we call “the Internet of Things” (IoT) or Internet of Everything (IoE)
  • 13. The Rising Problem/Opportunity - 1 • Smart devices are proliferating with the promise to make human lives better. Everything from smart wearables, phones, watches to shoes, glasses and many other accessories. • The machines are monitoring almost every aspect of our lives. Problems arise because these technologies use proprietary underlying infrastructure that enforces brand controls. • Security in all these devices are after thought, never was one a primary design issue
  • 14. 14 Sink node Gateway Core network e.g. InternetGateway End-user Computer services - The networks typically run Low Power Devices - Consist of one or more sensors, could be different type of sensors (or actuators) -They cannot run sophisticated security tools and algorithms The Rising Problem/Opportunity - 2
  • 15. The Rising Problem/Opportunity – Smart Cities Smart Technology Smart Government Smart Healthcare Smart Grid Smart Building Smart Homes Smart Auto Services Smart Critical Infrastructure Command/Control Center Data Command
  • 16. Security Challenges in IoT It is estimated that 30 billion devices will be wirelessly connected to the Internet of Things by 2020 Current cybersecurity solutions have failed to secure and protect our cyber resources and services due to being – Manual, reactive, mainly signature base, and use many isolated tools – Biometrics are not well used and integrated with other cyber tools We have a challenging problem to secure computers, networks, data and applications that are about less than 2 billion computers or mobile devices. – How are we going to manage and secure the operations of more than 30+ billion devices that do not have computing and storage capacity to secure and protect their operations? – How do you authenticate, trust and manage the identify of these devices? © 2012 Open Geospatial Consortium
  • 18. Attack Sophistication and Attacker Knowledge 18
  • 19. Smart Infrastructure Services SC 2 Smart Infrastructure Smart Infrastructure Gateway SC 1 SC n Smart Meter Bio-Cyber Access Control https://youtu.be/AOEpS8uV73Q
  • 22. 22 Detection techniques Signature-based (Misuse): Models the attacks – Pros: Fast, easy to implement. – Cons: Cannot detect new or modified attacks, Manual Update Anomaly-based Models the normal behavior – Pros: Detects any attack, scalable – Cons: High false positive Signature Matching Engine Attack Signature Data Base Manual Update Signature Based Known Attack UnKnown Attack Detected UnDetected Anomaly Detection Engine Normal Model Anomaly Based Known Attack UnKnown Attack Detected Automatic Learning Detected
  • 23. Intrusion Detection System (Challenge) 23 Each protocol has its own specification which is defined in its RFC document as: • Protocol message format (Syntax) • Communication Rules (Semantic) Source: www.tcpipguide.com Solution: Apply multiple customized Micro Intrusion Detection engines for each protocol and aggregate the results for final detection. It is hard to come up with a single intrusion detection system which accurately works for all protocols.
  • 24. Anomaly Behavior Analysis (ABA) Decision Fusion FlowFlow DBDB PayloadPayload DBDB Application LayerApplication Layer Behavior AnalysisBehavior Analysis Transport LayerTransport Layer Behavior AnalysisBehavior Analysis Network LayerNetwork Layer Behavior AnalysisBehavior Analysis -Multi-Level Behavior Analysis Link LayerLink Layer Behavior AnalysisBehavior Analysis Online Monitoring : NetFlow & AppFlow 24
  • 25. ABA Methodology Need to define: • U: The event set • R: The representation map • f: The anomaly characterization function • M: The Normal model (memory) • ԏ : The detection threshold
  • 27. Main Cybersecurity Challenges Insider Threats Detection and Protection Resilient Cyber Operations Resilience is a promising solution – You do not need to worry about detecting, and reacting to attacks – You just make these attacks insignificance; that means you build Intrusion Tolerance capabilities Our Solution: Autonomic Cyber Security (ACS) – Full visibility – Continuous monitoring, analysis and mitigation 5/8/2018 27
  • 28. UA AUTONOMIC CYBER SECURITY (ACS) METHODOLOGY
  • 29. Autonomic Cyber Security (ACS) Analogous to Human autonomic nervous system ACS continuously monitors, analyzes, and diagnoses the user-cyber behavior and then takes proactive actions
  • 31. CAC Cybersecurity Test-beds Industrial Process Control Test-bed Private Cloud Smart Building GPU Cluster
  • 32. Raspberry PI, Microduino and Arduino ACL Smart Devices Testbed ZigBee, WiFi, blue tooth, Ethernet Modbus, DNP3, Backnet NI Grid
  • 33. UserCyberDNA User Behavior Keyboard Mouse Deception Resource Behavior CPU Utilization # of cores Memory Read/Write I/O Network Behavior Number of Connection Bandwidth Packet Rate UserCyberDNA 33 Application/Soft ware Behavior Data Access
  • 34. 2) Continuous Behavior Analysis 5/8/2018 34
  • 36. 3) Automated and Integrated Management (AIM) Observer Controller Anomaly BAU Knowledg e Monitorin g Executio n PoliciesPlanning Resource Activities CPU Memory I/O Network Interactions Task Activities CPU Memory I/O Interactions
  • 37. ACS APPLICATIONS: TACTICAL CYBER IMMUNE SYSTEM (TCIS) INTELLIGENT CYBER SECURITY ASSISTANT (ICSA) CLAAS: VIRTUAL CYBERSECURITY LABORATORY RESILIENT SMART CITY SERVICES
  • 38. Source: http://www.hitachi.com/environment/showcase/solution/energy/smartgrid.html Resilient Smart City Services Smart Technology Smart Government Smart Healthcare Smart Grid Smart Building Smart Homes Smart Auto Services Smart Critical Infrastructure Command/Control Center Data Command
  • 39. IP Fluxing Resilient Communication System (RCS) Resilient Server Resilient Command and Control System (RCCS) Engineering workstation Database Server HMI Data Acquisition Server Historian Reports Actuators/Effector s Sensors Physical System IP Fluxing Resilient and Intelligent City Ecosystem (RICE)
  • 41. Moving Target Defense Strategies Address Space Randomization Instruction Set Randomization Data Randomization Execution Environment Randomization – Change Programming Language – Change OS and Middleware – Change Resources
  • 42. Diversity – Hot Shuffling software variants at runtime – Variants are functionally equivalent, behaviorally different Redundancy – Multiple replicas on different physical hardware Random Selection and Shuffling of Variants Software Behavior Encryption (SBE) 42
  • 43. How SBE achieve resiliency? 43
  • 44. Input Output Resilient Algorithm Autonomic Management Resilient Server VM App 1 Primary: Version 1 Secondary: Version 2 Smart City Applications VM App 2 Primary: Version 1 Secondary: Version 2 Application Repository App 1 Version 1, 2, .. App n Version 1, 2, .. VM Image Repository VM Type 1 2, .. VM Type n Configuration Engine Diversity Level Redundancy Level Shuffling Rate Resilient Computations/Applications
  • 45. 45 Application Execution Env. 1 VM3 (V6) VM2 (V4) VM1 (V1) Applications/Resources Application Repository VM Images Repository Diversity Level Resilient Cloud Middleware Configuration Engine Redundancy Level Shuffling Rate Observer Analyzer Application Supervisor Application Resilient EditorUser’s Application Application Execution Env. 2 VM3 (V5) VM2 (V7) VM1 (V2) Application Execution Env.n VM3 (V2) VM2 (V4) VM1 (V3) Resilient Cloud Services Architecture
  • 46. Controller Supervisor 1 Physical Node 1 Master 1 Worker 2 [V7] Worker 1 [V4] Worker 3 [V2] Supervisor 3 Physical Node 3 Master 3 Worker 8 [V5] Worker 7 [V3] Worker 9 [V8] Supervisor 2 Physical Node 2 Master 2 Worker 5 [V1] Worker 4 [V9] Worker 6 [V6] Data store for VM images Invoking Virtual Machins Check Pointing Supervisor Selection Worker Selection
  • 47. RCS Experimental Results and Evaluation • Developed an experimental environment • MapReduce Application • Linear Equation Solver Application • Mibench G. Dsouza, G. Rodríguez, Y. B. Al-Nashif, S. Hariri, “Building resilient cloud services using DDDAS and moving target defence”, IJCC 2(2/3): 171-190, 2013
  • 49. AIM SDN Controller OF Switch Resilient Communication Anomaly Behavior Analysis (ABA Network Model Monitoring Service Resilient Computation Wired/WirelessNetwork (Radio,Cellular,WiFi,Internet) OF Switch Command and Control Center Resilient Servers OF Switch
  • 50. Tactical Operation Center MTD Node Transmitter Module Receiver Module Modulation- BPSK Frequency- 1 Ghz Packet size - 30 B Modulation-QPSK Frequency- 2 Ghz Packet size- 20 MTD Node Logical Link Legend Active Stand by Attacked Link 1 Resilience Radio Communications 50
  • 51. WiFi Cellular Cellular WiFi Normal Behavior with no attack Radio Radio Radio Cellular WiFi WiFi Radio Cellular Primary link Secondary link Attacked link Time Normal Behavior with attack T1 T3T2
  • 52. Research Scientific Computing Site Scientific Data Cloud Repository CommunicationsNetworks (Radio,Cellular,Wifi,Internet) Sensors Data Resilient Data Transfer (RDT) Server Software Defined Sensors Communications Remote Sensors High Performance Computing and Large-Scale Storage Site Primary and Secondary Communications Links
  • 54. The system resilience 𝑅 is the ability of the system to continue providing its normal operations as long as the impact of the attacks is bellow the minimum threshold 𝑅. The impact 𝑖 𝑣 𝑡 of a vulnerability 𝑣 is: 𝑖 𝑣 𝑡 = 0, 𝑡 < 𝑇𝑣 𝐼 𝑉, 𝑡 ≥ 𝑇𝑣 Where 𝑇𝑣 is the time required for discovering the vulnerability and exploiting it, and 𝐼𝑣 is the impact of exploiting the vulnerability. Resilience Analysis
  • 55. Probability of Successful Attack Erik Blasch, Youssif Al-Nashif , Salim Hariri, Static versus Dynamic Data Information Fusion analysis using DDDAS for Cyber Trust, ICCS 2014.
  • 56. Resilient Crisis Management 56 Decision Makers Domain Experts Air Force First Medical Responders Police Firemen Actions Sensors Measurements Management Domain Operations Domain • Battle Management • Nuclear Disaster Management • Terrorist/Accident Management • Analytics for Cybersecurity
  • 57. Command and Controls Actions Logger Tool 2 Current StatesRecommended actions Smart City Operations Center (SCOC): Integrated Modeling, Analysis and Simulation Response AnalysisAgent based Simulation Risk Impact Analysis Resilient Water Application Resilient Power Grid Application Resilient Applications and Communications Resilient Communications Resilient Computations Sensors, Devices, Resources Monitoring, Filtering, and Characterization Resource Behavior Abstraction Normal Behavior Characterization Requirements Biosphere 2: A Smart City Test Bed
  • 58. Conclusions We cannot build perfect cyber systems and services Resilient paradigm provides us the methodology to make attacks ineffective, so we can continue to operate normally in spite of attacks, malicious accidents, failures, or disasters Autonomic computing provides a promising paradigm to self manage Cyber operations and services Big Data Analytics and smart data structures will enable us to effectively address the cybersecurity challenges Ultimate goal is the development of Intelligent Cybersecurity Assistant (ICSA) (like Siri for cybersecurity) technologies that can proactively self-protect cyber resources, data and applications 58
  • 61. MapReduce provides – Automatic parallelization & distribution Application 1 – MapReduce (MR) G. Dsouza, G. Rodríguez, Y. B. Al-Nashif, S. Hariri, “Building resilient cloud services using DDDAS and moving target defense”, IJCC 2(2/3): 171-190, 2013
  • 62. MapReduce – Attack Scenarios During validation, SM checks current environment and if okay, contoler starts the application execution cycle Case 1: During validation, SM detects an error in V4 and it selects the first error free output from v5 or v12 Case 2: During validation, SM detects compromised results of V9 and it selects the first error free result from V3 or V7 G. Dsouza, G. Rodríguez, Y. B. Al-Nashif, S. Hariri, “Building resilient cloud services using DDDAS and moving target defence”, IJCC 2(2/3): 171-190, 2013
  • 63. Case 1: Resilience against DoS Attacks Denial of Service attack on Windows VM-6 Response Time (in seconds) Without DoS attack With DoS attack Without RCS 95 615 With RCS 105 105 G. Dsouza, G. Rodríguez, Y. B. Al-Nashif, S. Hariri, “Building resilient cloud services using DDDAS and moving target defence”, IJCC 2(2/3): 171-190, 2013
  • 64. Case 2: Resilience against Insider Attacks Response Time (in seconds) Without Insider attack With Insider attack Without RCS 95 No response With RCS 105 105 % increase in response time with RCS 11% Compromise attack on Linux VM-1 G. Dsouza, G. Rodríguez, Y. B. Al-Nashif, S. Hariri, “Building resilient cloud services using DDDAS and moving target defence”, IJCC 2(2/3): 171-190, 2013