Rob Joyce Senior Advisor for Cybersecurity Strategy

NSA TALKSCYBERSECURITY

Information Technology Game Changer

20172010

4G/LTE

2008

2014

1.971 BILLION People Online29% of World Population

19981997

WiFi3G and SMS

2004

Facebook

2006

Twitter

2007

iPhone

2005

1.01 BILLION People Online16% of World Population

2009

BitcoinRise of Cloud

2015

IOT Explosion

4.16 BILLION People Online54% of World Population

Iranian actors hit U.S. casino with destructive cyberattack

Chinese actors compromise OPM databases

Cyberattack against Ukraine electrical grid

Agent.btz found on DoD systems

Stuxnet impacts Iranian nuclear fuel enrichment

Saudi Aramco suffers data destruction attack on 30k machines

380+ Iranian DDoS attacks U.S. financial institutions

China Mandiant report on “APT1” details commercial IP theft and more

Russian Not-Petyaattack on Ukraine propagates globally costing billions

DPRK WannaCry malware knocks out computers in 150 countries in under 24 hours

Russia Cyberattack on Pyeongchang Olympics took official Olympic website offline for 12 hours

2008-2011

2012-2013

2014-2015

2016-presentEscalating Cyber Events

High-End cyber threat activity continues to become MORE SOPHISTICATED

The LEVEL OF EXPERTISE REQUIRED IS DECREASING as sophisticated internet tools become easier to use

TREND IS CLEAR: moving from exploitation, to DISRUPTION

GROWING use of INFORMATION OPERATIONS leveraging cyber intrusions

Today’s Cyber Threats

New Threat Environment

HARD TRUTH: More technology used, more risk growsTechnology Debt is a serious problem

Smartphones and Internet of Things (IOT)Cloud Based Services Big Data

NSA’s Unique Cybersecurity Mission

SIGNALS INTELLIGENCEIntercept and exploit

foreign signals

INFORMATIONASSURANCEDefend National Security Systems

Cybersecurity Evolution at NSA

Communications Securi ty

Computer Securi ty

Information Securi ty

Information Assurance

Cybersecuri ty

COMMUNICATIONS SECURITY

COMPUTER SECURITY

INFORMATION SECURITY

INFORMATION ASSURANCE

CYBERSECURITY

NATION STATE ACTIVITY

RUSSIA

IRAN

DPRK

CHINA

Almost every state has developed cyber capabilities.

A few are behaving much worse than others.

THE NEW NORMAL

FUNDAMENTAL SHIFT IN NATION STATE ACTIVITYGeopolitical events have drastically altered the operating profile of sophisticated nation state adversaries.

their aggressive cyber behavior resembles the show of force we have seen displayed in their military operations

THE NEW NORMAL

FUNDAMENTAL SHIFT IN NATION STATE ACTIVITYGeopolitical events have drastically altered the operating profile of sophisticated nation state adversaries.

remains very sensitive to international political events, which can influence target selection and level of malicious activity

THE NEW NORMAL

FUNDAMENTAL SHIFT IN NATION STATE ACTIVITYGeopolitical events have drastically altered the operating profile of sophisticated nation state adversaries.

remains very sensitive to international political events, which can influence target selection and level of malicious activity

THE NEW NORMAL

FUNDAMENTAL SHIFT IN NATION STATE ACTIVITYGeopolitical events have drastically altered the operating profile of sophisticated nation state adversaries.

has always viewed cyber as an effective tool of state power. Also seeking to evade sanctions and steal hard currency for the regime

Defense is a Team Sport

WEAPONIZATION OF INFORMATION goes beyond typical

cybersecurity

NSA PARTNER with DOD, FBI

and others

LEVERAGE INTELLIGENCE

AND EXPERTISE to address threat

PROTECT AND SECURE INTELLIGENCE

vital networks (including elections)

R e c o n n a i s s a n c e

I n i t i a l E x p l o i t

E s t a b l i s h P e r s i s t e n c e /M a i n t a i n A c c e s s

I n s t a l l To o l s

M o v e L a t e r a l l y

C o l l e c t , E x f i l /E x p l o i t / D e s t r o y

Intrusion Lifecycle

Cyber Defense MattersWE KNOW WHAT WE NEED TO DO

Patch Management

Least Privilege Administration

Multi-factor Authentication

Know Your Network

Daily Backups

White Listing

Enable Logging/ Do Analysis

Harden –(Flash, Java, Microsoft Ole, Macros, Etc.)

Data Encryption

NSA Top 5 Actionable SOC Principles

INSTITUTE WELL-MANAGED& DEFENDABLE PERIMETERS & GATEWAYS

ENSURE VISIBILITY & CONTINUOUS MONITORING OF THE NETWORKTO INCLUDE TRAFFIC & ENDPOINTS

HARDEN NETWORKS, ENDPOINTS, & SERVICES TO BEST PRACTICES

USE COMPREHENSIVE& AUTOMATEDTHREAT INTELLIGENCE SOURCES

CREATE & FOSTER A CULTURE OF CURIOSITY & EMBRACE INNOVATIVE APPROACHES

Modern Reality

Exceptional technology available

Trust is not binary (Good/Bad)

We get smarter over time

Static targets fall

Government relies on commercial devices

Government can’t control the design

Shared risk environment

NEED CONFIDENCE IN COMMERCIAL TECH

PRIVATE SECTOROwns and operates

Visibility into systems and networks

Brings expertise and resources

Asymmetric Advantage

GOVERNMENTUniquely sees some threats

Brings elements of national power when necessary

UNITED WE STAND,

DIVIDED WE FALL

Where Is Cybersecurity Going?

COLLOBRATEwith partners to

effectively counter the adversary

INFORMATIONSHARING

merges analytics and the knowledge behind it

INCORPORATE INNOVATIVE

TECHNOLOGYin cyber defense