NSA TALKS CYBERSECURITY - DEF CON CON 26/DEF CON 26... · NSA TALKS CYBERSECURITY. Information...
Transcript of NSA TALKS CYBERSECURITY - DEF CON CON 26/DEF CON 26... · NSA TALKS CYBERSECURITY. Information...
Rob Joyce Senior Advisor for Cybersecurity Strategy
NSA TALKSCYBERSECURITY
Information Technology Game Changer
20172010
4G/LTE
2008
2014
1.971 BILLION People Online29% of World Population
19981997
WiFi3G and SMS
2004
2006
2007
iPhone
2005
1.01 BILLION People Online16% of World Population
2009
BitcoinRise of Cloud
2015
IOT Explosion
4.16 BILLION People Online54% of World Population
Iranian actors hit U.S. casino with destructive cyberattack
Chinese actors compromise OPM databases
Cyberattack against Ukraine electrical grid
Agent.btz found on DoD systems
Stuxnet impacts Iranian nuclear fuel enrichment
Saudi Aramco suffers data destruction attack on 30k machines
380+ Iranian DDoS attacks U.S. financial institutions
China Mandiant report on “APT1” details commercial IP theft and more
Russian Not-Petyaattack on Ukraine propagates globally costing billions
DPRK WannaCry malware knocks out computers in 150 countries in under 24 hours
Russia Cyberattack on Pyeongchang Olympics took official Olympic website offline for 12 hours
2008-2011
2012-2013
2014-2015
2016-presentEscalating Cyber Events
High-End cyber threat activity continues to become MORE SOPHISTICATED
The LEVEL OF EXPERTISE REQUIRED IS DECREASING as sophisticated internet tools become easier to use
TREND IS CLEAR: moving from exploitation, to DISRUPTION
GROWING use of INFORMATION OPERATIONS leveraging cyber intrusions
Today’s Cyber Threats
New Threat Environment
HARD TRUTH: More technology used, more risk growsTechnology Debt is a serious problem
Smartphones and Internet of Things (IOT)Cloud Based Services Big Data
NSA’s Unique Cybersecurity Mission
SIGNALS INTELLIGENCEIntercept and exploit
foreign signals
INFORMATIONASSURANCEDefend National Security Systems
Cybersecurity Evolution at NSA
Communications Securi ty
Computer Securi ty
Information Securi ty
Information Assurance
Cybersecuri ty
COMMUNICATIONS SECURITY
COMPUTER SECURITY
INFORMATION SECURITY
INFORMATION ASSURANCE
CYBERSECURITY
NATION STATE ACTIVITY
RUSSIA
IRAN
DPRK
CHINA
Almost every state has developed cyber capabilities.
A few are behaving much worse than others.
THE NEW NORMAL
FUNDAMENTAL SHIFT IN NATION STATE ACTIVITYGeopolitical events have drastically altered the operating profile of sophisticated nation state adversaries.
their aggressive cyber behavior resembles the show of force we have seen displayed in their military operations
THE NEW NORMAL
FUNDAMENTAL SHIFT IN NATION STATE ACTIVITYGeopolitical events have drastically altered the operating profile of sophisticated nation state adversaries.
remains very sensitive to international political events, which can influence target selection and level of malicious activity
THE NEW NORMAL
FUNDAMENTAL SHIFT IN NATION STATE ACTIVITYGeopolitical events have drastically altered the operating profile of sophisticated nation state adversaries.
remains very sensitive to international political events, which can influence target selection and level of malicious activity
THE NEW NORMAL
FUNDAMENTAL SHIFT IN NATION STATE ACTIVITYGeopolitical events have drastically altered the operating profile of sophisticated nation state adversaries.
has always viewed cyber as an effective tool of state power. Also seeking to evade sanctions and steal hard currency for the regime
Defense is a Team Sport
WEAPONIZATION OF INFORMATION goes beyond typical
cybersecurity
NSA PARTNER with DOD, FBI
and others
LEVERAGE INTELLIGENCE
AND EXPERTISE to address threat
PROTECT AND SECURE INTELLIGENCE
vital networks (including elections)
R e c o n n a i s s a n c e
I n i t i a l E x p l o i t
E s t a b l i s h P e r s i s t e n c e /M a i n t a i n A c c e s s
I n s t a l l To o l s
M o v e L a t e r a l l y
C o l l e c t , E x f i l /E x p l o i t / D e s t r o y
Intrusion Lifecycle
Cyber Defense MattersWE KNOW WHAT WE NEED TO DO
Patch Management
Least Privilege Administration
Multi-factor Authentication
Know Your Network
Daily Backups
White Listing
Enable Logging/ Do Analysis
Harden –(Flash, Java, Microsoft Ole, Macros, Etc.)
Data Encryption
NSA Top 5 Actionable SOC Principles
INSTITUTE WELL-MANAGED& DEFENDABLE PERIMETERS & GATEWAYS
ENSURE VISIBILITY & CONTINUOUS MONITORING OF THE NETWORKTO INCLUDE TRAFFIC & ENDPOINTS
HARDEN NETWORKS, ENDPOINTS, & SERVICES TO BEST PRACTICES
USE COMPREHENSIVE& AUTOMATEDTHREAT INTELLIGENCE SOURCES
CREATE & FOSTER A CULTURE OF CURIOSITY & EMBRACE INNOVATIVE APPROACHES
Modern Reality
Exceptional technology available
Trust is not binary (Good/Bad)
We get smarter over time
Static targets fall
Government relies on commercial devices
Government can’t control the design
Shared risk environment
NEED CONFIDENCE IN COMMERCIAL TECH
PRIVATE SECTOROwns and operates
Visibility into systems and networks
Brings expertise and resources
Asymmetric Advantage
GOVERNMENTUniquely sees some threats
Brings elements of national power when necessary
UNITED WE STAND,
DIVIDED WE FALL
Where Is Cybersecurity Going?
COLLOBRATEwith partners to
effectively counter the adversary
INFORMATIONSHARING
merges analytics and the knowledge behind it
INCORPORATE INNOVATIVE
TECHNOLOGYin cyber defense