8/3/2019 SSES

1/17

Cloud Computing, Security, andCyber Intelligence

Derek GabbardVP, Opera/onsLookingglassderek@lookingglass.com

8/3/2019 SSES

2/17

The US information infrastructureincluding telecommunications and computer networks and systems, and the data that reside on themis critical to virtually every aspect of modern life. Therefore, threats to

our IT infrastructure are an important focus of the IntelligenceCommunity. As government, private sector, and personal activitiescontinue to move to networked operations, as our digital systems add ever more capabilities, as wireless systems become even moreubiquitous, and as the design, manufacture, and service of information technology has moved overseas, our vulnerabilities will continue to grow.

J. Michael McConnellDirector of National IntelligenceTestimony to the Senate ArmedServices Committee, Feb 08

8/3/2019 SSES

3/17

Seen the Internet Lately?

8/3/2019 SSES

4/17

Overview

The Rise of Cloud Computing The (Continued) Rise of Internet Threats

How Security Will Evolve in the Cloud The Differences with Cyber Intel and IT Security Roles of Cyber Intelligence Network Analysis and Data Sharing Future of Cyber Intelligence

8/3/2019 SSES

5/17

What is Cloud Computing?

Cloud Computing means Internet (Cloud)based development and use of computer technology

It is a style of computing where IT-relatedcapabilities are provided as a service Users to access technology-enabled services "in the cloud

Often with no knowledge of, expertise with, or control over the technologyinfrastructure that supports them.

8/3/2019 SSES

6/17

Cloud Computing Examples

Application Hardware Infrastructure Platform Services Storage

8/3/2019 SSES

7/17

Why Cloud Computing?

Capital Expenditure Multitenancy Scalability Reliability Security Performance

Location Independence

8/3/2019 SSES

8/17

Cyber Threats No End in Sight

Thousands of cyber attacks each day on keyutilities [1][2]

Well known infrastructure-based disruptions September 11 Internet Inaccessibility [3]

Estonian DDoS Attacks [4]

DNS Attacks [5]

Georgian Attacks from Russia [6]

General consensus attacks growing insophistication and scale

8/3/2019 SSES

9/17

Security Threats + Cloud = ??

New challenges emerge as services becomemore distributed Nobody owns the cloud

Everyone relies on the cloud Each individual autonomous system is responsible for securing

their section of the cloud Impact of their actions now a f ects everyone even more than

before!

Bottom line things that impact you and your business dont end at your gateway anymore

8/3/2019 SSES

10/17

Evolving Cloud Security

Connections used to be just dumb pipes Now, providers push security into the cloud for

their customers [7] Firewall Spam IDS/IPS Data leakage protection Etc.

8/3/2019 SSES

11/17

Cyber Intelligence and IT Security

Cyber Intelligence is: Understanding global architectures and associated threats Determining how those threats and vulnerabilities can impact a

business, a government, or a military organization Assessing risks, courses of action, and other factors which are

dependent on the global network Correlating global events with business risks

Cyber Intelligence Builds From IT Security:

Administration of rewalls, IDS/IPS, etc. Patching and system hardening SEM or SIM Analysis

8/3/2019 SSES

12/17

8/3/2019 SSES

13/17

The Role of Cyber Intelligence

Military Operations Of ensive and defensive cyber operations Intelligence, Surveillance, and Reconnaissance of cyberspace

Government Protection of critical infrastructure Continuity of government planning Trusted Internet Connection and similar initiatives Intelligence Optimization

Private Sector Protection of business interests, critical information Partnerships with other government to share data to reduce risks

8/3/2019 SSES

14/17

Network Analysis and Data Sharing

Obviously, some global data is unavailable toprivate sector (as well as government)organizations

Movement in government and private sectors toshare data FS-ISAC, MS-ISAC creating initiatives Federal agencies organizing signicant data sharing capabilities as

directed by the President

8/3/2019 SSES

15/17

The Future of Cyber Intelligence

Constantly updated, fused, and meaningful globalarchitecture and threat data

Shared data between those with similar interests(defense, information operations, etc.)

Intelligence services provided by serviceproviders

Tools for analyzing and visualizing huge anddisparate network data sets in development

8/3/2019 SSES

16/17

References

[1] Richards, Jonathan Thousands of cyber attacks each day on key utilities London Times, 23 Aug 08 (http://www.timesonline.co.uk/tol/news/uk/crime/article4592677.ece )

[2] Brodkin, Jon, Government-sponsored cyberattacks on the rise, McAfee

says NetworkWorld, 29 Nov 07 (http://www.networkworld.com/news/2007/112907-government-cyberattacks.html )

[3] Verton, Dan, Digital Destruction Was Worst Imaginable Computerworld Security, Mar 4, 2002 (http://www.computerworld.com/managementtopics/management/

recovery/story/0,10801,68762,00.html )[4] Anderson, Nate, Massive DDoS attacks target Estonia; Russia

accused ARS Technica, May 14 2007 (http://arstechnica.com/news.ars/post/20070514-massive-ddos-attacks-target-estonia-russia-accused.html )

8/3/2019 SSES

17/17

References (Contd)

[5] McMillan, Robert Hackers Slow Internet Root Servers with Attack PC World, Feb 6, 2007 (http://www.pcworld.com/article/128806/hackers_slow_internet_root_servers_with_attack.html )

[6] Hruska, Joel. Georgia cyberattacks lead to questions about risk toUS ARS Technica, 18 August 2008. (http://arstechnica.com/news.ars/post/20080818-georgia-cyberattacks-lead-to-questions-about-risk-to-us.html )

[7] Jackson, Joab Ed Amoroso | The big picture of network security Government Computing News, July 7 2008 (http://www.gcn.com/print/27_16/46577-1.html