Upload
elfreda-bates
View
214
Download
0
Embed Size (px)
Citation preview
In the CrossfireInternational Cooperation
and Computer Crime
Stewart Baker
1815 1816Waterloo Mt. Tambora
1817
6th century BC
Stability and speed
Stability
Speed
A
B
C
What Point B Looks Like
Stability and speed
Stability
Speed
A
B
C
What Point C Looks Like
Summary • Attacks are already
heavy• Adoption of security
measures lags • The many roles of
governments – Regulator– Policeman– Attacker
1. Attacks are already heavy
• 60% reported theft-of-service cyberattacks– Low: Germany, UK (42%)– High: India (83%), Brazil (77%), France (76%)
• 29% reported multiple large-scale denial of service attacks each month, and nearly two-thirds of those reported an impact on operations– High: France (60%), India (50%)
• 89% report infection with viruses or other malware• 70+% report a wide range of other attacks
– E.g., phishing and pharming.
• More sophisticated attacks like DNS poisoning or SQL injection are less common, but still widespread – more than half of respondents report these attacks
2. Adoption of security measures lags behind the threat
• Basic, key security measures are not widely adopted
– Fewer than 60% patched and updated software on a regular schedule
– User name and password the most common form of login/authentication
– more than three-quarters of SCADA/ICS systems are connected to an IP network or the Internet
• nearly half of those admitted that these connections create unresolved security issues
• Security measure adoption rates vary widely by country
Security measure adoption rateMore than two dozen different security measures -- technologies,
policies and procedures
•Security Information and Event Management tools•Network access control measures•Intrusion prevention systems•Database security and access controls•Data leak prevention tools•Intrusion detection systems•Firewalls to public network•Firewalls between systems•Application whitelisting•Role and activity anomaly detection•Standardized desktop•Use threat monitoring service
•Encryption for –• Online transmission to network• Laptop hard drives• Individual emails• Data in databases• Data while in network storage• Tapes, portable media
•Authentication by –• User name and password• Token• Biometrics
•Regular patches and updates•Threat information sharing•Restrict or ban USB sticks
China leads in adopting security measures
3. The many roles of governments
• Regulators– Regulation seen as generally positive
• 74% have implemented new measures as a result of regulation• 58% say regulation has “sharpened policy and improved security”• 28% say it has “diverted resources from improving security to
recording/reporting incidents or other forms of compliance”
– Audit frequency varies widely
• Policemen– Widespread skepticism about governments’ ability to protect
networks
• Attackers, infiltrators and adversaries
Regulator: auditing to enforce compliance varies widely
Policeman: Little faith in laws against cyber-attack
Attacker: 60% believe governments are already attacking their country
Attacker: Many report government-style attacks
•Half report “stealthy infiltration by high-level adversary … like in Ghostnet”
•Half report DDOS attacks by “high-level adversaries” including governments:
Attacker: United States and China are most feared; Russia is third
China the outlier
• Chinese executives report --
– Uniquely close cooperation with officials
– High levels of regulation and auditing
– Very robust confidence in government
– Much higher adoption of security measures
• China is taking concerted steps to bolster its industries’ defenses
• Are the steps effective?
– Chinese companies report low to average levels of attack and damage
– China does appear better protected than other large developing countries, such as India and Brazil