View
23.808
Download
1
Category
Preview:
DESCRIPTION
The NSA's appetite for collecting all data has hurt the US tech industry. Trust has been broken on many fronts. Security spending set to explode by a factor of ten to counter the surveillance state.
Citation preview
How the Surveillance State is Changing IT Security Forever
Richard StiennonSeptember 4, 2013
Wednesday, September 4, 13
June 6, 2013. It begins
Wednesday, September 4, 13
Why SIGINT matters
Wednesday, September 4, 13
Scenarios
• Member of Congress contacts with stock brokers
• Volume of calls between acquirer and target
• CEO-CFO interactions
• Journalist-whistleblower interactions
• Petraeus-BroadwellGuardian image
Wednesday, September 4, 13
If only it were just meta data
...the Justice Department has secretly interpreted federal surveillance law to
permit thousands of low-ranking analysts to eavesdrop on phone calls.
Wednesday, September 4, 13
“Collect everything”
Wednesday, September 4, 13
PRISM Rogue’s Gallery
Wednesday, September 4, 13
The Destruction of Trust
• US tech companies will be the victims
• US cloud services already suffering
• Attestations being asked for by EU clients
Wednesday, September 4, 13
The New Threat Hierarchy
• Surveillance State
• Information Warfare
• CyberCrime
• Hactivism
• Vandalism
• Experimentation
Wednesday, September 4, 13
$652 million Project GenieAdditionally, under an extensive effort code-named GENIE, U.S. computer specialists break into foreign networks so
that they can be put under surreptitious U.S. control. Budget documents say the $652 million project has placed "covert implants," sophisticated malware transmitted from
far away, in computers, routers and firewalls on tens of thousands of machines every year, with plans to expand
those numbers into the millions. -Washington Post
Wednesday, September 4, 13
Implications for security vendors
• The state as threat actor
• Researching NSA malware
• Defending against NSA surveillance
Wednesday, September 4, 13
Enterprise is compromised
• If every employee’s email and phone conversations are captured what are breach notification requirements?
• HIPPA?
• GLB?
• SOX?
Wednesday, September 4, 13
Re-vamping enterprise security
• A universal threat must be met with universal security
• Spending on encryption set to double this year
• Protecting keys will lead to massive investment in security
Wednesday, September 4, 13
Ten fold increase in spending
0
175
350
525
700
2003 2013 2023
IT Security Spending in $billions
hacking
cyber crime
cyber espionage
surveillance state $639 Billion
Wednesday, September 4, 13
Recommended