2004 05 08 larry clinton corporate information security working group presentation

7/31/2019 2004 05 08 Larry Clinton Corporate Information Security Working Group Presentation

1/18

Larry ClintonDeputy Executive Director,Internet Security [email protected]

703-907-7028


2/18

The Past


3/18

Source: http://cm.bell-labs.com/who/ches/map/gallery/index.html

The Present


4/18

Growth in Incidents Reported to the CERT/CC

1988 1989 1990 19911992

1993 1994 1995 1996 1997 1998 1999 2000 2001 2002

132

110,000

55,100

21,756

9,8593,7342,1342,5732,4122,3401,3347734062526

0

20000

40000

60000

80000

100000

120000


5/18

The Dilemma: Growth in Number of Vulnerabilities Reported to CERT/CC

4,129

2,437

171345 311 262

417

1,090

0

500

1,000

1,500

2,000

2,500

3,000

3,500

4,000

4,500

1995 2002


6/18

Machines Infected per Hour at Peak

0

10,000

20,000

30,000

40,000

50,000

60,000

70,000

80,000

90,000

100,000

Code Red Nimda Goner Slammer


7/18

Computer Virus Costs (inbillions)

0

30

60

90

120

150

'96 '97 '98 '99 '00 '01 '02 '03

Ran e

(Through Oct 7)

$billion


8/18

Human Agents Hackers Disgruntled employees White collar criminals Organized crime Terrorists

Methods of Attack Brute force

Denial of Service Viruses & worms Back door taps &

misappropriation, Information Warfare (IW)

techniques

Exposures Information theft, loss &

corruption Monetary theft & embezzlement

Critical infrastructure failure Hacker adventures, e-graffiti/defacement

Business disruption

Representative Incidents Code Red, Nimda, Sircam CD Universe extortion, e-Toys

Hactivist campaign, Love Bug, Melissa Viruses

The Threats The Risks


9/18

Attack Sophistication v. Intruder Technical Knowledge

High

Low

1980 1985 1990 1995 2000

password guessing

self-replicating code

password cracking

exploiting known vulnerabilities

disabling auditsback doors

hijackingsessions

sweepers

sniffers

packet spoofing

GUI

automated probes/scans

denial of service

www attacks

Tools

Attackers

Intruder Knowledge

AttackSophistication

stealth / advancedscanning techniques

burglaries

ne twork mgmt. diagnostics

DDOSattacks


10/18

Putnam Legislation

Risk Assessment Risk Mitigation

Incident Response Program Tested Continuity plan Updated Patch management program

Putnam has said it wont work.


11/18

Public Policy

Policy Must Address Internet as a new Technology No one owns the Internet

It is Constantly Evolving International Operation makes regulation difficult Mandates will Truncate innovation and the

economy


12/18

Corporate InformationSecurity Working Group

INCENTIVE PRINCIPLES Positive incentives will be more effective

-leverage industy innovation-apply golobaly-respond to tech change-get executive buy-in-deal with industry across sectors


13/18


REGULATION IN CYEBR SPACE MAY BEINNEFFECTIVE & COUNTERPRODUCTIVE

International regulation difficult Constant technology change Politics lead to compromise not maximize Notice and comment insecure Regulation could blunt technology


14/18


INCENTIVE RECOMMENDATIONS

Common Measurement Tools/Seals of Approval/Vendor Certification

Use Insurance Discounts Market Entry Incentives

Safe Harbor/Tort Reform incent best practices Tax incentives


15/18

A Risk Management Approach is Needed

Installing a network security device is not asubstitute for a constant focus andkeeping our defenses up to date Thereis no special technology that can make anenterprise completely secure.

National Plan to Secure Cyberspace, 2/14/03


16/18


17/18

Sponsors


18/18

Larry ClintonDeputy Executive Director,Internet Security [email protected]

703-907-7028

2004 05 08 larry clinton corporate information security working group presentation

Documents