Office of Research

homuskratΔίκτυα και Επικοινωνίες

20 Νοε 2013 (πριν από 3 χρόνια και 28 μέρες)

67 εμφανίσεις

1

Jonathan Shapiro

Director

Office of Research

Cybersecurity

Contact

Jonathan Shapiro

Director, Office of Research

Cyber Security Business Development

The University of Texas at Dallas

Direct

972
-
740
-
4339

Office

972
-
883
-
4501

Jon.Shapiro@UTDallas.edu

Personal Web Page

http
://www.utdallas.edu/research/


Social Media

Blog
-

Cybersecurity at the University of
Texas
at
Dallas


LinkedIn Group
-

Cybersecurity at the University of Texas at Dallas


Twitter
-

@CyberUTD


Cybersecurity


Cybersecurity is one of the most serious economic
and national security challenges we face as a
nation.


The Cyber Initiative
at UTD is
a critically important
public
-
private partnerships to develop new
technologies and skills that will lead to secure
computing, communications and control
systems.


University
-
wide
initiative that involves faculty and
students
from
six
different departments and schools
.


UT Dallas' Cyber Security Research and Education Center was designated
as the NSA/DHS Center for Excellence in Education


Eight
areas of research and development have been designated,
encompassing range of technologies, industries and users.


Focus


Performing research
to enhance and strengthen the security of computer systems and
networks


Share our research results by publishing papers in premier journals and top
conferences


Foster interaction between Government, Industry and Academia in the field of
Cybersecurity


Develop and teach a strong cyber security program which includes courses for cyber
-
crime prevention, detection and
analysis


Initiate interdisciplinary programs integrating social sciences and information
sciences


Transfer the technologies
from the university
to commercial development efforts


Cybersecurity Research

The Cyber
Initiative at UT Dallas

Cybersecurity Research Areas


Technical Research


Secure & Available Networks


Secure Cloud Computing


卥捵c楴礠佦⁃On瑲潬oSyst敭e


卯晴S慲攠卥捵c楴i


Secure Silicon


Cross Functional Research


Cyber Security Risk
Management


䕭Erg敮e礠偲数er敤湥獳


䥮f潲浡瑩潮t䅳獵A慮a攠


Business Risk Analysis &
Economic Implications


偵扬楣PP潬楣礠䥭灬楣a瑩潮t


周T敡琠䅮慬A獩猠☠&潤敬楮o


䍲業楮潬i杹


The Cyber
Initiative at UT Dallas

School of
Management




School of Engineering and
Computer
Science



School
of Economic,
Political & Policy
Sciences



Arts
and
Technology





International Center for Decision
and Risk
Analysis


Center for Information Technology
and Management


The Leadership
Center



Cyber
Security Research
Center


Cybersecurity and Emergency
Preparedness
Institute


Electrical, Mechanical and
Computer Science



Criminology


Economics




Gaming and Simulation



5

Why Cybersecurity

6

Rapidly Expanding Market



$55 billion
cumulative Federal spending for cybersecurity between
2010 and 2015 at about 6.2% CAGR


$10.5 billion
Smart Grid Cyber Security


$7,455m
Utility infrastructure security expenditure


$2.3 billion
2012
federal
DOE budget for cyber resources and
development


$6,902.4
million SCADA Security 2010 forecast to grow at 9.6%
through 2016 forecast to $14 billion


$936.48
The Homeland Security Department million for
infrastructure protection and information security


$500 million
for Defense Advanced Research Project Agency
research and development in cybersecurity


$300 million
SFS
funding
over
five years
to fund
up to 1,000
cybersecurity scholarships per
year

Great Career Opportunity


700,000 new information security professionals in the Americas by
2015


Top 10 Best Jobs in America


US News and World Report


Acquisitions were mega
-
deals where public companies were taken private.



Intel, for instance, bought McAfee for
$7.68 billion


HP bought ArcSight for
$1.6 billion.


Symantec bought security divisions of Verisign for
$1.3 billion
.


IDC expects the security tech market to grow at a 14 percent compound
annual growth rate to
$82 billion
in 2012.


Forrester says that security now accounts for 14 percent of the information
technology spending, compared to 8.2 percent in 2007.


Venture Capital takes notice


"It's an area of huge interest to us," said Bill Maris, managing partner for
Google Ventures


Venture investment in the information
-
technology security sector this year
looks set to exceed last year's
$432.3 million


"There is absolutely no question that this sector is going to be at the focal
point in the future in terms of investments and IPO said Robert Francello,
head of equity trading at Apex Capital in San Francisco.




Data Security Analyst vs. Database Analyst.

2 years Experience

Dallas, TX location



28% higher pay


Certifications


International Information Systems Security Certification
Consortium, Inc., (ISC)²


Certified
Information Systems Security
Professional (CISP)


Certified
Information Systems Security Professional (CISSP )


Information
Systems Security Architecture Professional (ISSAP)


Information
Systems Security Management Professional (ISSMP)


Information
Systems Security Engineering Professional (ISSEP)


Certification
and Accreditation Professional (CAP CM)


Systems
Security Certified Practitioner (SSCP
)


SANS
Institute


SANS Cyber Ranges Computer & Network Security
Challenges


SANS Cyber Guardian
Program


DoDD 8570 and GIAC Certification






11

A Declaration of
Cyber
-
War

Stuxnet


Last summer, the world’s top software
-
security experts were
panicked by the discovery of a
Self
-
Directed Stealth
Drone
radically
different from and far more sophisticated than any they’d seen
.


A self
-
replicating computer virus, called a worm, was making its way
through thousands of computers around the world, searching for
small gray plastic boxes called
programmable
-
logic
controllers
(PLC)

tiny
computers about the size of a pack of crayons, which
regulate the machinery in factories, power plants, and construction
and engineering
projects


Stuxnet
is the Hiroshima of cyber
-
war. That is its true significance,
and all the speculation about its target and its source should not
blind us to that larger reality. We have crossed a threshold, and
there is no turning back.



12

What is Stuxnet


Stuxnet is an advanced malware worm that was
discovered in July 2010. It has attacked Siemens
PCS7, S7 PLC, and WinCC systems around the
world.


The management of many industrial sites feel
“safe” because they believe the Industrial
Control Systems (ICS) network are not
connected to the Internet.


Some even believe their system is “air
-
gapped”
from their corporate network.


A part of the genius of Stuxnet is that it
demonstrated how easy it is for an advanced
cyber threat to go from a USB key, an external
hard drive, an infected laptop or an infected
project file to a control system network.


13

14

Buy your test equipment on eBay

Operation Shady
Rat


Unprecedented Cyber
-
espionage
Campaign and Intellectual
-
Property
Bonanza


Infiltrated
the computer systems of
national governments, global
corporations, nonprofits, and other
organizations, with more than 70 victims
in 14 countries.


Lifted
from these highly secure servers,
among other sensitive property: countless
government secrets, e
-
mail archives, legal
contracts, and design schematics.

15

Operation Shady Rat


Malicious
program

a
remote
-
access tool,
or
rat


Operation
targeted a broad range of public
-

and private
-
sector organizations in almost
every country in Southeast Asia

but none
in
China


Government
agencies in the United States,
Taiwan, South Korea, Vietnam, and
Canada
Japan, Switzerland, the United Kingdom,
Indonesia, Denmark, Singapore, Hong Kong,
Germany, and
India


The category most heavily targeted was
defense contractors

13 in all

16

17

Operation Shady Rat

18

Operation Shady Rat

RSA Breach


RSA is the security division of the high
-
tech company
EMC


Its products protect computer networks
at the White House, the Central
Intelligence Agency, the National Security
Agency, the Pentagon, the Department of
Homeland Security, most top defense
contractors, and a majority of Fortune
500 corporations
.

19


That key fob, called a SecurID token, is RSA’s best
-
known product. The strings of numbers on its
screen are generated by a microchip using the
SecurID algorithm and a unique cryptographic
seed
.


Company’s
security system had identified “an
extremely sophisticated cyber attack in progress,”
an attack that “resulted in certain information
being exported from RSA’s systems,” some of
which was “specifically related to RSA’s SecurID
two
-
factor authentication products

20

RSA Breach


Dmitri Alperovitch, vice president of threat
research at McAfee,

today we see pretty much
any company that has valuable intellectual
property or trade secrets of any kind being
pilfered continually, all day long, every day,
relentlessly
.”


On May 21, the computer systems of America’s
largest military contractor, Lockheed Martin,
detected an
intruder


L
-
3
Communications, which provides
intelligence, surveillance, and reconnaissance
technology to the U.S. government, had also
been attacked


21


Finnish security company F
-
Secure
assumes an
employee of
RSA or its parent firm, EMC uploaded the malware to an
online virus scanning
site


RSA had already revealed that it had been breached after
attackers sent two different targeted phishing e
-
mails to four
workers at its parent company EMC.


The
e
-
mails contained a malicious attachment that was
identified in the subject line as “2011 Recruitment plan.xls
.”


The intruders succeeded in stealing information related to the
company’s SecurID two
-
factor authentication products.

22

Cyber Security and Critical Infrastructure


Networks and control systems are under
repeated cyberattack, often from high
-
level
adversaries like foreign nation
-
states


"Security systems are overmatched by the threat and
very few companies are rising to the challenge posed
by state
-
sponsored or terrorist infiltration and
potential attack," said
Jim Woolsey, former head of
the Central Intelligence Agency (CIA)
. “The real
answer is new technology, active cyber defense, and
distributed generation."

http://www.csmonitor.com/USA/2010/0128/Corporations
-
cyber
-
security
-
under
-
widespread
-
attack
-
survey
-
finds

Critical Infrastructure Sectors

IT Systems Vs Control Systems


SCADA

(
supervisory control and data acquisition
)
generally refers to industrial control systems (ICS):
computer systems that monitor and control
industrial, infrastructure, or facility
-
based processes


Control Systems include SCADA, Program Control
Logic, Motor Controls, Power Electronics, and
Embedded Computing Systems


They are everywhere, in every industry


Mostly ignored by IT Security due to complexity,
proprietary nature, and different management teams


Ripe for exploitation


Intel, Microsoft, and security vendors have not paid
attention


Many are NOT PC’s


Many can be infected, and the devices cannot be
cleaned. Malware embeds itself in semiconductor
devices and memory


The central SCADA
master system
.


Communications
network
.


RTU's
. Remote
Telemetry (or Terminal)
Units
.


Field
instrumentation.

Inherent Vulnerabilities


Two
-
way communications


Distributed connectivity


Customer usage data


Weak authentication and access
control


Lack of adequate training


Lack of standards and
interoperability

26

Critical Infrastructure Problem


Vulnerability Assessments Have
Not Yet Completed


Industry and Government Lack
Guidance for Conducting
Vulnerability Assessments


Analysis of Public Works
Infrastructure (Including
Electricity) Has Not Completed


Assessments to Date Do Not
Consistently Consider
Vulnerabilities to Longer
-
Term
Power Disruptions

27

Summary Critical Infrastructure


Industrial Control Systems
-

SCADA
and PLCs are vulnerable to attack.


We have no clear inventory of the
extent of the risk.


Malware, infected silicon, and the
uses of hacking skills against Critical
Infrastructure are growing.


Weak spares inventory due to Just
-
in
-
Time manufacturing.


Loss of Critical Infrastructure can
cause large residual economic
damage.


28

Von Neumann
Machines


A self
-
replicating machine is an artificial construct that is
theoretically capable of autonomously manufacturing a copy
of itself using raw materials taken from its environment

29

This year marks the 40th anniversary
of Creeper, the world’s first
computer virus. From Creeper to
Stuxnet, the last four decades saw
the number of malware instances
boom from 1,300 in 1990, to 50,000
in 2000, to over 200 million in 2010

Future Issues



Taboo Subject


Supply Chain “purity”


Skill shortages


Ignorance of potential “design risk”
problems


Cyber terrorism and extortion


Polymorphic malware


Defender verse Attacker


Constant growth in complexity and risk


Government to the rescue?

30