Upload
others
View
3
Download
0
Embed Size (px)
Citation preview
The Currency of TrustPrivacy, Security and Trust in Digital Government
About David
• Director of Strategic Initiatives,
University of New Brunswick,
Information Technology Services
• CEO, Beauceron Security Inc.
• Technology Analyst, Toronto640 AM
Talk Radio
• BA, ICS (‘05), MBA (‘15), CISM (‘17)
How we perceive the
Internet and
Technology
The way it really is
The Internet was never designed
to be secure
New Brunswick becomes the first province in
Canada to appoint a cabinet minister for the
electronic information highway
in
1994
New Brunswick Premier Frank McKenna, March 1, 1994
"If we want a piece of the action generated by
this technology, we can't be trying to catch the
train after it's left the station,
No one talked about highway
robbers on this brave new electronic
frontier
Warning Signs
• The Maskelyne Hack
• First National Bank of Chicago $70
Heist
• Operational Sundevil breaks up credit
card fraud group
• Operation Moonlight Maze
Down the Rabbit Hole
Mar. Apr. May June July Aug. Sept. Oct. Nov. Dec. Jan. Feb. Mar.
Clinton campaign chair
john Podesta falls victim to
a Gmail Phish
Ottawa Hospital hit
with ransomware
attack
San Francisco transit
payment system
crippled with
ransomware attack
Unknown hacker sets off
all 156 emergency tornado
sirens in Dallas - all at
once
Police Departments in US
hit with ransomware
attacks, lose case files
going back nearly a
decade
Communities of
Wabasca, Red
Earth and Calling
Lake, Alberta,
suffer data breach
affecting
employees,
ratepayers
Carleton University hit
with massive IT
infrastructure
compromise &
ransomware attack
Personal
information of
every single
voter in the
Philippines
breached
2016 2017Apr.
University of Calgary
suffers widespread IT
outage after ransomware
attack
Ukrainian power grid
hacked again
Wikileaks publishes
Vault 7, detailing CIA
hacking techniquesShadow Brokers leak
US NSA’s Equation
Group hacking
techniques and
secrets
Jan. Feb.
Criminals steal $81 million
from Bangladesh’s National
Bank via SWIFT transfers.
They almost got $1 billion.
North Korea hacks
into South Korean
and US secret
nuclear war plan
Rasputin goes on a hacking
spree, hitting 63 universities and
government agencies
There are no global conventions, norms or laws
governing cyberspace
In only 6% of police-reported
cyber crimes in Canada
are suspects ever identified
CYBERCRIME TRENDS IN CANADA 2012-2014
0
2250
4500
6750
9000
11250
2012 2013 2014
Total Violent-related crimes
Total Sex-related crimes
Total Harassment, Threats and Offences against Person and Reputation
Total Fraud, Identity crimes and Extortion
Total Other Crimes
DATA BREACH SUPPLY HAS SIGNIFICANTLY OUTPACED DEMAND
5,880,767,086Data Records Lost or Stolen Since 2013
1.5 Billion PwnedYahoo accounts breaches between 2012-2014
Only disclosed* in Fall 2016
Day Hour Minute Second
4,016,917 167,372 2,790 46
RECORDS BREACHED IN THE LAST:
CASE STUDY: THE UNIVERSITY OF CALGARY▸ This was not a classic ransomware malware
case
▸ All IT services where shut down while they
determined the initial source of the infection and
its method of transmission to 200+ devices
▸ The damage also included their entire faculty
and staff Microsoft Exchange e-mail environment
with recovery over a week-long period to O365
their solution
*Based on publicly available information
CASE STUDY: THE OPM BREACH▸ 21 million US federal government employees,
former employees, retirees effected
▸ Included 5.6 million sets of fingerprints
▸ Gained valid credentials likely through social
engineering
Brian Krebs, respected technology expert and cybersecurity journalist
The analysis paints the picture of a chronic —
almost willful — underestimation by senior
leadership at OPM about the seriousness of
the threat facing the agency, until it was too
late
Squandering public trust
Privacy by Design
Differential Privacy
Differential Security
Questions?