ciberespaço, soberania, risco social€¦ · ciberespaço, soberania, risco social: desafios para...
TRANSCRIPT
![Page 1: Ciberespaço, Soberania, Risco Social€¦ · Ciberespaço, Soberania, Risco Social: desafios para Portugal Paulo Esteves-Veríssimo University of Luxembourg, SnT Professor, FNR PEARL](https://reader035.vdocuments.net/reader035/viewer/2022071102/5fdc1caf785d3f127c392f7d/html5/thumbnails/1.jpg)
Ciberespaço, Soberania,
Risco Social: desafios para Portugal
Paulo Esteves-VeríssimoUniversity of Luxembourg, SnT
Professor, FNR PEARL Chair
http://wwwen.uni.lu/snt/people/paulo_esteves_verissimo
10º Simp. Int’l “Estratégia Da Informação Nacional”, Academia Militar,
Amadora, 29 de Abril 2016
![Page 2: Ciberespaço, Soberania, Risco Social€¦ · Ciberespaço, Soberania, Risco Social: desafios para Portugal Paulo Esteves-Veríssimo University of Luxembourg, SnT Professor, FNR PEARL](https://reader035.vdocuments.net/reader035/viewer/2022071102/5fdc1caf785d3f127c392f7d/html5/thumbnails/2.jpg)
Cyberspace today
![Page 3: Ciberespaço, Soberania, Risco Social€¦ · Ciberespaço, Soberania, Risco Social: desafios para Portugal Paulo Esteves-Veríssimo University of Luxembourg, SnT Professor, FNR PEARL](https://reader035.vdocuments.net/reader035/viewer/2022071102/5fdc1caf785d3f127c392f7d/html5/thumbnails/3.jpg)
The world is becoming an immenseinfrastructure
ISP
ISP
CLOUD COMPUTING AND
COMMUNICATIONS
![Page 4: Ciberespaço, Soberania, Risco Social€¦ · Ciberespaço, Soberania, Risco Social: desafios para Portugal Paulo Esteves-Veríssimo University of Luxembourg, SnT Professor, FNR PEARL](https://reader035.vdocuments.net/reader035/viewer/2022071102/5fdc1caf785d3f127c392f7d/html5/thumbnails/4.jpg)
Internet minute
www.intel.com/.../internet-minute-infographic.html
![Page 5: Ciberespaço, Soberania, Risco Social€¦ · Ciberespaço, Soberania, Risco Social: desafios para Portugal Paulo Esteves-Veríssimo University of Luxembourg, SnT Professor, FNR PEARL](https://reader035.vdocuments.net/reader035/viewer/2022071102/5fdc1caf785d3f127c392f7d/html5/thumbnails/5.jpg)
5
![Page 6: Ciberespaço, Soberania, Risco Social€¦ · Ciberespaço, Soberania, Risco Social: desafios para Portugal Paulo Esteves-Veríssimo University of Luxembourg, SnT Professor, FNR PEARL](https://reader035.vdocuments.net/reader035/viewer/2022071102/5fdc1caf785d3f127c392f7d/html5/thumbnails/6.jpg)
Vulnerabilidades em Softwaresempre em alta
(Source: IBM xForce)
Number of Vulnerabilities
20XX
![Page 7: Ciberespaço, Soberania, Risco Social€¦ · Ciberespaço, Soberania, Risco Social: desafios para Portugal Paulo Esteves-Veríssimo University of Luxembourg, SnT Professor, FNR PEARL](https://reader035.vdocuments.net/reader035/viewer/2022071102/5fdc1caf785d3f127c392f7d/html5/thumbnails/7.jpg)
Summarizing: Cyberspace today
• immense, interconnected,interdependent infrastructure
• huge amounts of correlatable data
• huge cheap storage capacity
• steadily increasing softwarevulnerabilities
![Page 8: Ciberespaço, Soberania, Risco Social€¦ · Ciberespaço, Soberania, Risco Social: desafios para Portugal Paulo Esteves-Veríssimo University of Luxembourg, SnT Professor, FNR PEARL](https://reader035.vdocuments.net/reader035/viewer/2022071102/5fdc1caf785d3f127c392f7d/html5/thumbnails/8.jpg)
Threat Landscape (in times of peace)
![Page 9: Ciberespaço, Soberania, Risco Social€¦ · Ciberespaço, Soberania, Risco Social: desafios para Portugal Paulo Esteves-Veríssimo University of Luxembourg, SnT Professor, FNR PEARL](https://reader035.vdocuments.net/reader035/viewer/2022071102/5fdc1caf785d3f127c392f7d/html5/thumbnails/9.jpg)
How are threats themselves evolving?
• targetedattacksandadvancedpersistentthreats
• weakening andsubversionofcommsandcomputingservices
• threats toprivacy:blanket datacollection
• sophisticated automatedcyberweapons
• organised crime
![Page 10: Ciberespaço, Soberania, Risco Social€¦ · Ciberespaço, Soberania, Risco Social: desafios para Portugal Paulo Esteves-Veríssimo University of Luxembourg, SnT Professor, FNR PEARL](https://reader035.vdocuments.net/reader035/viewer/2022071102/5fdc1caf785d3f127c392f7d/html5/thumbnails/10.jpg)
(Source: Adapted from Lipson, H. F., Tracking and Tracing Cyber-Attacks: Technical Challenges and Global Policy Issues, Special Report CMS/SEI-2002-SR-009, November 2002. (CERT)
High
Low
1980 1985 1990 1995 2000
password guessingself-replicating code
password crackingexploiting known vulnerabilities
disabling auditsback doors
hijacking sessions
sweeperssniffers
packet spoofing
GUIautomated probes/scans
denial of service
www attacks
Attacks
Attackers“stealth” / advanced scanning techniques
burglaries
network mgmt. diagnostics
DDOS attacks
20xx…
Bot Nets
Embedded malicious
code
Attack sophistication vs. attacker expertise
Chipsubversion
Required Attacker expertise
AvailableAttack sophistication
TARGETED ATTACKS a.k.a.
ADVANCED PERSISTENT
THREATS
![Page 11: Ciberespaço, Soberania, Risco Social€¦ · Ciberespaço, Soberania, Risco Social: desafios para Portugal Paulo Esteves-Veríssimo University of Luxembourg, SnT Professor, FNR PEARL](https://reader035.vdocuments.net/reader035/viewer/2022071102/5fdc1caf785d3f127c392f7d/html5/thumbnails/11.jpg)
Re-identifying de-identified dataOn the reidentifiability of credit card metadata
On the re-identifiability of credit card metadataYves-Alexandre de Montjoye et al., 2015
![Page 12: Ciberespaço, Soberania, Risco Social€¦ · Ciberespaço, Soberania, Risco Social: desafios para Portugal Paulo Esteves-Veríssimo University of Luxembourg, SnT Professor, FNR PEARL](https://reader035.vdocuments.net/reader035/viewer/2022071102/5fdc1caf785d3f127c392f7d/html5/thumbnails/12.jpg)
The power of metadata ...
![Page 13: Ciberespaço, Soberania, Risco Social€¦ · Ciberespaço, Soberania, Risco Social: desafios para Portugal Paulo Esteves-Veríssimo University of Luxembourg, SnT Professor, FNR PEARL](https://reader035.vdocuments.net/reader035/viewer/2022071102/5fdc1caf785d3f127c392f7d/html5/thumbnails/13.jpg)
Recent evolution
• thebalanceamongstvulnerabilities,threatsanddependence mustbekept,lesttheriskmayincrease
• buttherecentevolutionhasbeenopposite ofthat:
– dependence of society on ICTis very high
– increase ofthreatshasbeenignored
– increaseofvulnerabilitieshasnotbeenstopped
• societyis adopting cyber risk behaviours
![Page 14: Ciberespaço, Soberania, Risco Social€¦ · Ciberespaço, Soberania, Risco Social: desafios para Portugal Paulo Esteves-Veríssimo University of Luxembourg, SnT Professor, FNR PEARL](https://reader035.vdocuments.net/reader035/viewer/2022071102/5fdc1caf785d3f127c392f7d/html5/thumbnails/14.jpg)
Summarizing: Threat Landscape
• Powerful adversary actors
• Availabilityofsophisticatedcyberweaponry
• Datacorrelations previously impossible
• Inbig data,meta-datais data
• Elevatedriskinallcybercomponents
![Page 15: Ciberespaço, Soberania, Risco Social€¦ · Ciberespaço, Soberania, Risco Social: desafios para Portugal Paulo Esteves-Veríssimo University of Luxembourg, SnT Professor, FNR PEARL](https://reader035.vdocuments.net/reader035/viewer/2022071102/5fdc1caf785d3f127c392f7d/html5/thumbnails/15.jpg)
Cyber-engagement
• Generalisedtrendtowardblanketdataand“meta-data”collection
• Deliberateweakeningofcommunicationandcomputingsystemsinfrastructures
• Experimentalsabotage and kinetic cyber attacks• Escalationincyberweapondevelopment,passive
andactive
![Page 16: Ciberespaço, Soberania, Risco Social€¦ · Ciberespaço, Soberania, Risco Social: desafios para Portugal Paulo Esteves-Veríssimo University of Luxembourg, SnT Professor, FNR PEARL](https://reader035.vdocuments.net/reader035/viewer/2022071102/5fdc1caf785d3f127c392f7d/html5/thumbnails/16.jpg)
We live a non-declared low-intensity cyber-war, under a cyber-weapons proliferation ambience.Without proper “cyber-Geneva” and “anti-Proliferation” treaties, this can scale-up unexpectedly
![Page 17: Ciberespaço, Soberania, Risco Social€¦ · Ciberespaço, Soberania, Risco Social: desafios para Portugal Paulo Esteves-Veríssimo University of Luxembourg, SnT Professor, FNR PEARL](https://reader035.vdocuments.net/reader035/viewer/2022071102/5fdc1caf785d3f127c392f7d/html5/thumbnails/17.jpg)
Some reflections on cyberspace strategy
![Page 18: Ciberespaço, Soberania, Risco Social€¦ · Ciberespaço, Soberania, Risco Social: desafios para Portugal Paulo Esteves-Veríssimo University of Luxembourg, SnT Professor, FNR PEARL](https://reader035.vdocuments.net/reader035/viewer/2022071102/5fdc1caf785d3f127c392f7d/html5/thumbnails/18.jpg)
On the asymmetric nature of cyberspace
• Risk is directly proportional tonation development• CIIcentralisation and interdependence induces
escalation and threat amplification• Cyber attack capability is not directly proportional
tonation development or wealth• Kinetic cyber attacks (e.g.SCADArelated)within
potential reach of otherwise weak actors• Highpotentialdisturbancemomentumof
mobilisedhacktivism
![Page 19: Ciberespaço, Soberania, Risco Social€¦ · Ciberespaço, Soberania, Risco Social: desafios para Portugal Paulo Esteves-Veríssimo University of Luxembourg, SnT Professor, FNR PEARL](https://reader035.vdocuments.net/reader035/viewer/2022071102/5fdc1caf785d3f127c392f7d/html5/thumbnails/19.jpg)
Fundamental principles of a winning strategy for protection of the society
• CybersecurityandCyberdefense, twocomplementaryandsymbioticinstancesofsocietyprotection
• SecurityandPrivacy,twofacesofthesamecoin
![Page 20: Ciberespaço, Soberania, Risco Social€¦ · Ciberespaço, Soberania, Risco Social: desafios para Portugal Paulo Esteves-Veríssimo University of Luxembourg, SnT Professor, FNR PEARL](https://reader035.vdocuments.net/reader035/viewer/2022071102/5fdc1caf785d3f127c392f7d/html5/thumbnails/20.jpg)
Cybersecurity = Cyberdefense: dangerous equation• cybersecurity coversmostlymediateandproactive
concepts,adequatetotimesofpeace• (inclusiveofcivilsociety,prevention,earlywarning,trainingand
awareness,certificationandauditing,etcetc.)
• cyberdefense coversmostlyimmediateandreactiveconcepts,adequatetotimesofdisturbance/damage
• (drasticand/orkineticdefenceand/orcounterattack/offenseactions)
• noreasonforconsideringthatcyberspaceshouldescapedemocraticruleoflawprinciples,or,forthatmatter,generalwarfareprinciples
![Page 21: Ciberespaço, Soberania, Risco Social€¦ · Ciberespaço, Soberania, Risco Social: desafios para Portugal Paulo Esteves-Veríssimo University of Luxembourg, SnT Professor, FNR PEARL](https://reader035.vdocuments.net/reader035/viewer/2022071102/5fdc1caf785d3f127c392f7d/html5/thumbnails/21.jpg)
Security vs. Privacy: wrong equation
• Privacyis securityfromtheperspectiveofanindividualorcollectiveperson,orcollectionthereof.
• Blanketsacrificeofprivacymeansdestroyingvalue (ofhugesetsofindividuals,organisations,orevennation’sbusinesssectors)
• Thesentencesomanytimespronouncedbypoliticiansactuallymeansacontradictioninterms:– “wemustunderminethesecurityoftheindividualsand
organisations ofawholenationtopreservethesecurityofthenation”(!)
![Page 22: Ciberespaço, Soberania, Risco Social€¦ · Ciberespaço, Soberania, Risco Social: desafios para Portugal Paulo Esteves-Veríssimo University of Luxembourg, SnT Professor, FNR PEARL](https://reader035.vdocuments.net/reader035/viewer/2022071102/5fdc1caf785d3f127c392f7d/html5/thumbnails/22.jpg)
Epilogue: key strategic measures for global détente
threats became global,persistent,and perpetrated by powerful,motivated,competent and non-regulated adversaries
it is impossible todopervasive and blanket datacollection withoutdamaging society and democracy asawhole
underminingintegrityand trustworthiness of theinfosocietyandinfrastructurecanbe disastrous
Before it is toolate,we must:setclearmissionsforcybersecurityandcyberdefense
redefineprivacyasaformofsecuritygobacktotargetedsurveillanceunderdemocraticruleoflawregulate the commercial rights foracquisition of private info
regulate international trade in ICT
![Page 23: Ciberespaço, Soberania, Risco Social€¦ · Ciberespaço, Soberania, Risco Social: desafios para Portugal Paulo Esteves-Veríssimo University of Luxembourg, SnT Professor, FNR PEARL](https://reader035.vdocuments.net/reader035/viewer/2022071102/5fdc1caf785d3f127c392f7d/html5/thumbnails/23.jpg)
26
PauloEsteves-VeríssimoUniversity of Luxembourg Faculty of Science,Technology and Communication _
andSnT,theInterdisciplinary CentreforSecurity,Reliability andTrustPEARLChairsponsored bytheLuxembourgNationalResearchFund(FNR)
[email protected] http://wwwen.uni.lu/snt/people/paulo_esteves_verissimo
@SnTCriticalandExtremeSecurityandDependability
Thankyou!_