History of Cybersecurity
Introduction to Cybersecurity Tools & Cyberattacks
Today’s Cybersecurity Challenge
Threats > ⇾ Alerts > ⇾ Available Analyst < -⇾ Needed Knowledge > ⇾ Available Time <
By 2022, there will be 1.8 millions unfulfilled cybersecurity jobs.
SOC(Security Operation Center) Analyst Tasks
- Review security incidents in SIEM (security information and even management)
- Review the data that comprise the incident (events/flows)
- Pivot the data multiple ways to find outliers (such as unusual domains, IPs, file access)
- Expand your search to capture more data around that incident
- Decide which incident to focus on next
- Identify the name of the malware
- Take these newly found IOCs (indicators of compromise) from the internet and search them back in SIEM
- Find other internal IPs which are potentially infected with the same malware
- Search Threat Feeds, Search Engine, Virus Total and your favorite tools for these outliers/indicators; Find new malware is at play
- Start another investigation around each of these IPs
- Review the payload outlying events for anything interesting (domains, MD5s, etc.)
- Search more websites for IOC information for that malware from the internet
From Ronald Reagan/War Games to where we are Today
- He was a Hollywood actor as well as US-president
- He saw a movie War Games, where a teenager hacker hacked into the Pentagon artificial intelligent computer to play a game of thermonuclear war using a dial-up connection, which was actually played using real missiles due to miss-configuration
Impact of 9/11 on Cybersecurity
- What happens if 9/11 in tech-space? Like hack and destruction of SCADA system used in dams and industrial automation systems etc.
Nice early operations
Clipper Chip: (NSA operation for tapping landline phones using some kind of chip)
↔
Moonlight Maze: (in the 2000s, process to dump passwords of Unix/Linux servers investigated by NSA/DOD affected many US institutions)
↔
Solar Sunrise: (series of attack on DOD computers on FEB 1998, exploited known vulnerability of operating system, attack two teenagers in California, one of whom was an Israeli)
↔
Buckshot Yankee: (series of compromises in year 2008, everything starts with USB inserted in Middle East military base computer, remained on the network for 14 months, Trojan used was agent.BTZ)
↔
Desert Storm: (early 90s, some radars used to alert military forces about airplanes are tampered by feeding fake information of Saddam’s regime)
↔
Bosnia: (Bosnia war, fake news to military field operations etc.)
Cybersecurity Introduction
- Every minute, thousands of tweets are sent, and millions of videos are watched.
- Due to IOT (Internet of Things) and mobile tech, we have a lot to protect.
- We have multiple vendors now, which become complicated to track for security vulnerabilities.
Things to Consider when starting a Cybersecurity Program
How and where to start?
- Security Program: Evaluate, create teams, baseline, identify and model threats, use cases, risk, monitoring, and control.
- Admin Controls: Policies, procedures, standards, user education, incident response, disaster recovery, compliance and physical security.
- Asset Management: Classifications, implementation steps, asset control, and documents.
- Tech Controls: Network infrastructure, endpoints, servers, identity management, vulnerability management, monitoring and logging.
Cybersecurity – A Security Architect’s Perspective
What is Security?
A message is considered secure when it meets the following criteria of CIA triad.
Confidentiality ↔ Authentication ↔ Integrity
Computer Security, NIST (National Institute of Standards and Technology) defined.
“The protection afforded to an automated information system in order to attain the applicable objectives to preserving the integrity, availability, and Confidentiality of information system resources. Includes hardware, software, firmware, information/data, and telecommunications.”
Additional Security Challenges
Security not as simple as it seems
- Easy requirements, tough solution
- Solutions can be attacked themselves
- Security Policy Enforcement structure can complicate solutions
- Protection of enforcement structure can complicate solutions
- Solution itself can be easy but complicated by protection
- Protectors have to be right all the time, attackers just once
- No one likes security until it’s needed, seat belt philosophy.
- Security Architecture require constant effort
- Security is viewed as in the way
What is Critical Thinking?
Beyond Technology: Critical Thinking in Cybersecurity
“The adaption of the processes and values of scientific inquiry to the special circumstances of strategic intelligence.”
- Cybersecurity is a diverse, multi faced field
- Constantly changing environment
- Fast-paced
- Multiple stakeholders
- Adversary presence
- Critical thinking forces you to think and act in situations where there are no clear answers nor specific procedures.
- Part Art, Part Science: This is subjective and impossible to measure.
Critical Thinking: A Model
- Hundreds of tools updating always with different working models, so critical thinking is more important than ever to approach problems in more pragmatic way.
- Interpersonal skills for working with other people and sharing information.
Critical Thinking – 5 Key Skills
- 1) Challenge Assumption
- question your Assumption
Explicitly list all Assumptions ↔ Examine each with key Q’s ↔ Categorize based on evidence ↔ refine and remove ↔ Identify additional data needs
2) Consider alternatives
Brainstorm ↔ The 6 W’s (who/what/when/where/why/how) ↔ Null hypothesis
- 3) Evaluate data
- Know your DATA
- Establish a baseline for what’s normal
- be on the lookout for inconsistent data
- proactive
- 4) Identify key drivers
- Technology
- Regulatory
- Society
- Supply Chain
- Employee
- Threat Actors
- 5) Understand context
Operational environment you’re working in. Put yourself in other’s shoe, reframe the issue.
- Key components
- Factors at play
- Relationships
- similarities/differences
- redefine