Cloud Computing, Security, and Cyber Intelligence

DerekGabbard VP,Opera/ons Lookingglass derek@lookingglass.com

The US information infrastructureincluding telecommunications and computer networks and systems, and the data that reside on them is critical to virtually every aspect of modern life. Therefore, threats to our IT infrastructure are an important focus of the Intelligence Community. As government, private sector, and personal activities continue to move to networked operations, as our digital systems add ever more capabilities, as wireless systems become even more ubiquitous, and as the design, manufacture, and service of information technology has moved overseas, our vulnerabilities will continue to grow. J. Michael McConnell Director of National Intelligence Testimony to the Senate Armed Services Committee, Feb 08

Seen the Internet Lately?

Overview
The

Rise of Cloud Computing The (Continued) Rise of Internet Threats How Security Will Evolve in the Cloud The Differences with Cyber Intel and IT Security Roles of Cyber Intelligence Network Analysis and Data Sharing Future of Cyber Intelligence

What is Cloud Computing?

Cloud

Computing means Internet (Cloud) based development and use of computer technology It is a style of computing where IT-related capabilities are provided as a service

Users to access technology-enabled services "in the cloud Often with no knowledge of, expertise with, or control over the technology infrastructure that supports them.

Cloud Computing Examples

Application Hardware Infrastructure Platform Services Storage

Why Cloud Computing?

Capital

Expenditure Multitenancy Scalability Reliability Security Performance Location Independence

Cyber Threats No End in Sight

Thousands

of cyber attacks each day on key

utilities[1][2] Well known infrastructure-based disruptions

September 11 Internet Inaccessibility[3] Estonian DDoS Attacks[4] DNS Attacks[5] Georgian Attacks from Russia[6]

General

consensus attacks growing in sophistication and scale

Security Threats + Cloud = ??

New

challenges emerge as services become more distributed

Nobody owns the cloud Everyone relies on the cloud Each individual autonomous system is responsible for securing their section of the cloud Impact of their actions now affects everyone even more than before!

Bottom

line things that impact you and your business dont end at your gateway anymore

Evolving Cloud Security

Connections

used to be just dumb pipes Now, providers push security into the cloud for their customers[7]

Firewall Spam IDS/IPS Data leakage protection Etc.

Cyber Intelligence and IT Security

Cyber

Intelligence is:

Understanding global architectures and associated threats Determining how those threats and vulnerabilities can impact a business, a government, or a military organization Assessing risks, courses of action, and other factors which are dependent on the global network Correlating global events with business risks

Cyber

Intelligence Builds From IT Security:

Administration of rewalls, IDS/IPS, etc. Patching and system hardening SEM or SIM Analysis

ThreatandBusiness Exposure CyberIntelligence

IT Security
Firewalls, IDS, IPS, Patch Management, etc. Fusion of global network and threat data; seeing beyond traditional network borders

The Role of Cyber Intelligence

Military

Operations

Offensive and defensive cyber operations Intelligence, Surveillance, and Reconnaissance of cyberspace

Government

Protection of critical infrastructure Continuity of government planning Trusted Internet Connection and similar initiatives Intelligence Optimization

Private

Sector

Protection of business interests, critical information Partnerships with other government to share data to reduce risks

Network Analysis and Data Sharing

Obviously,

some global data is unavailable to private sector (as well as government) organizations Movement in government and private sectors to share data

FS-ISAC, MS-ISAC creating initiatives Federal agencies organizing signicant data sharing capabilities as directed by the President

The Future of Cyber Intelligence

Constantly

updated, fused, and meaningful global architecture and threat data Shared data between those with similar interests (defense, information operations, etc.) Intelligence services provided by service providers Tools for analyzing and visualizing huge and disparate network data sets in development

References
[1] Richards, Jonathan Thousands of cyber attacks each day on key utilities London Times, 23 Aug 08 ( http://www.timesonline.co.uk/tol/news/uk/crime/article4592677.ece) [2] Brodkin, Jon, Government-sponsored cyberattacks on the rise, McAfee says NetworkWorld, 29 Nov 07 ( http://www.networkworld.com/news/2007/112907-governmentcyberattacks.html) [3] Verton, Dan, Digital Destruction Was Worst Imaginable Computerworld Security, Mar 4, 2002 ( http://www.computerworld.com/managementtopics/management/ recovery/story/0,10801,68762,00.html ) [4] Anderson, Nate, Massive DDoS attacks target Estonia; Russia accused ARS Technica, May 14 2007 ( http://arstechnica.com/news.ars/post/20070514-massive-ddos-attackstarget-estonia-russia-accused.html)

References (Contd)
[5] McMillan, Robert Hackers Slow Internet Root Servers with Attack PC World, Feb 6, 2007 ( http://www.pcworld.com/article/128806/ hackers_slow_internet_root_servers_with_attack.html) [6] Hruska, Joel. Georgia cyberattacks lead to questions about risk to US ARS Technica, 18 August 2008. ( http://arstechnica.com/news.ars/post/20080818-georgiacyberattacks-lead-to-questions-about-risk-to-us.html) [7] Jackson, Joab Ed Amoroso | The big picture of network security Government Computing News, July 7 2008 ( http://www.gcn.com/print/27_16/46577-1.html