In Information Systems, made up of a collage of hardware and software, different manufacturers, serial numbers, version numbers, and as you well, all using personal computers, anti virus updates almost every day. Vulnerability updates for microsoft if you are using a pc that are addressing boehner build is they discovered every couple days. They easily vulnerabilities they discovered every couple days and patched up. It is very important you keep your Start Software and hardware up to current configuration c do not have any vulnerabilities. Almost all of those agencies are reporting they are not doing that. Segregation of duties this may not be the most important. This is the fox guarding the hen house. You have secured personnel responsible for security management. Those should be different people than the people who have just general System Administration functions. In general when you get into a very trusted Organization Many times this person could be one and the same. Then you have Contingency Planning or disaster recovery. This deals with if something does happen, and a Natural Disaster or a manmade disaster or an attack, can you get back up if your system crashes . You have redundancy behind it . Is it running in parallel with your current system, a hot backup so it ultimately goes over automatically goes over, or is there some process for you back up your data every day, every week, every month . You store it on site in case you have to restore a system . That all goes into Contingency Planning. Then there is security management. That is what process and procedure you used to assure that all your required features and assurances to make sure your operating in a safe and secure environment are in place. Those other things you are not doing begin to recognize, you start doing. That again, those of the weakness as reported at those 24 agencies other than the Intelligence Community. Now, if you look at, and this is again the gao data, these are computer incidents reported from 2006 through 2011. You can see there has been a 700 increase in that from 5000 incidents up to 45,000 incidents per year. That is just those that have been reported and detected. Many incidents go on that are not detected. When we are talking about Cyber Security and cyber warfare and Cyber Attacks we have incidents that pops up from time to time and hit the news. We all read about them, but in the event there is a true systemic cyber attack it would go after all of our systems, all of our vulnerability iies. Much of we see here is probing in the old civil war days when they sent a scout out to detect where the enemy was. That is happening in the cyberworld. Many of these are just probes to sea, are these militias intrusions been detected . What happens if they are detected . So they found a vulnerability or a back door in the system. Again, let me just try to catch up. That is the u. S. Government excluding the Intelligence Community. Let us presume, and i do not know the number, i do not want to know the number, let us presume those other top 17 agencies in the Intelligence Community are having an equal number of attempted intrusions. Add another 45,000 to these 90,000 incidents per year. That is roughly one attempted intrusion every five minutes. State, lets add local, tribal governments. In that vast pool we call the private sector, private industry the numbers go through the roof, even conservatively. I am leading toward an understanding that Cyber Attacks and intrusions are kind of a continuum. Theyre happening all the time. Going at all the different sectors. Now again, from that gao report, if you look at the types of intrusions being reported, you have in this pie chart here, 31 of the incidents reported are still under investigation. Something happened, something abnormal. We got a warning somebody tried to get in or a Computer System crashes and we try to repeat it and it will not be proved. We have to reload and image of the parent system and get it going again. Something happens and we do not know what. That is still under investigation. 31 of those 45,000, the 90,000, which is really what . 250,000 going on all the time. That is really distressing. We talked earlier previous presentations talk about denial of Service Attacks, where a system or a company or whatever is deluged with requests or overloading the servers. Things shutdown and stop. We show of all the incidents reported none of those were denial of service. That means that systems have a firewall and it has a setting for known a malicious intrusions. The signature of a denial of Service Attack is a lot of very similar messages coming in almost simultaneously. A fire wall with the right people and settings can prevent a basic lowlevel denial of Service Attack. That is what were seeing here. Then we have the attended probes 7 there. These could be lines to see where a line of defenses are, how effective they are. Unauthorized access people with no clearance at all getting into classified systems are people who have that clearance getting classified situations systems to do not have a need to know. Getting that information, either wittingly like theyre trying to get at them and they should not or in some cases unwittingly, it is click on the wrong folder and it pops up saying the do not have permission to go there. I hope nobody is watching, but they are that is why is being reported. And improper usage. Throughout the government and private industry, i will flip back for one second, some of your here in the morning and saw i came in here with a memory stick and asked the i. T. Technician to stick it in and applaud my presentation. Up load my presentation. Did he know what was on that memory stick . Do you know now that all of you at the end of the semester are going to get as because your grades are going to get changed . You actually paid 1,000 to much tuition and will get a refund . I could have done that. I did not. [laughter] but you wish i did. Anyway, this is kind of this is common practice. I trust a person i come in here, i could have unwittingly step something on here, maybe something on the memory stick i did not know was on there. I distill this presentation. I took some source material images from the gao report. You should trust that report. You should, but there may be something imbedded in their. In there. Getting into the system is not hard. Improper usage of the system is going into the system we look at this federal systems from the department of energy, department of education, in addition to this with all the hundreds of thousands of government employees, we come to april 1 or april 2, getting to the tax time and they have not had time to do in incometax. In my briefcase i have my cd of turbo tax. I am at my government machine. I say at lunch time i will do my income taxes i left turbo tax on there and put my financial information. It is running on the department of education system. All that privileged and protected information. I take that the cd and go home and i stick it in my other machine and send it off to the irs. It has been on the governments system, unauthorized software, should not have done that but i did added material to it. I do not know what else can with it when i took it off. It is on and on. This is improper usage. Not necessarily malicious intent. Potentially damaging to Information Systems. Then there is malicious code. We all know about that the viruses and the trojan horses. These are detected by the signature. After one of these is recognize the industry jumps on it, comes up with a virus definition. There are many different versions, quarantining, get rid of it, neutralize it. That is after it has been identified some or else. There is a thing we are going to talk about later called a malicious attack. That is a grand brand new virus. A brand new piece of malware nobody has seen before. There is no signature for a period when it goes out there and spreads to thousands of machines, it let it ride through. It starts doing what it should not be doing gri. Those events are very damaging. Everything starts with a zero day event. After that we create signature and understand. In that vast mountain called a data base. Now to threat origins this is not an exhaustive list. Our friends from the fbi were talking earlier about a number of these lets start with the criminal groups. Organized crime, they can have a systemic content. They want to also may be pro the Law Enforcement sensitive systems to get information to understand what threats against them are. Then there are smalltime criminal operations intent on fraud or identity theft. These may be small groups or individuals. Then you look at hackers, those who are just the techno geeks to do it to see if they can, go after systems not protected. Then of course the hackers can be hired by any of these other origins to further their crimes. We have insiders, could be disgruntled employees who want to harm that Information System and disrupt the company or agencys operation. Or the insider could be a spy. Taking that information and passing it to his or her handler and passing it to a foreign intelligence service. Then we have nations and state sponsored threats. I do not want to steal any thunder from dr. Joness presentation on chinese threats tomorrow, but i want to talk about, there were some comment questions earlier about, could, what are the level of our defenses . Could it Cyber Attacks cause a war . All this what are the issues here . Lots of issues. One of them goes back to an old paradigm probably 20 or 30 years ago that was called mutually assured destruction. In the nuclear age, during the cold war. It is very germane to us here. The only remaining type of missile silo is outside of tucson. They turned it into a museum now. You can go into the quarters and look at the missile is still there, they took the engines and out. Bond omb there are Railroad Ties across the top the russians would look down and see that it can not move. All our other silos have been blown up and filled with concrete. We had 50 at one time. The Titan Missile had a range of 9,000 miles and carried a 10 million ton Hydrogen Bomb warhead and clear an area, make a hole in the ground about eight to 900 square miles. We had 50 of those. The russians had a similar size of missiles. Both sides get together and said, this is stupid. Neither of us can afford to do anything. A treaty was formed. We agreed to destroy the miss stiles, poured concrete destroy the missiles, concrete in the silos. Level the playing field. In cyber warfare, the cyberworld, the landscape is naturally tilted. It is not like that. We cannot level the playing field. I will tell you figurative reasons why i will give you three examples. Right now, the people that are not necessarily that friendly with us, who may do less harm in the future, hopefully never, russia is one, a lot of computers, russia is much like we are in terms of understanding of the cyber threat, having a lot of smart people doing offensive development primarily for the purpose of think of how many ways we can be attacked. Also thinking for every measure there is a countermeasure. How do we defend ourselves against potential attacks . We are being proactive and reactive at the same time. Putting a lot of money and effort into our government to create a u. S. Cyber command. The russians have institutionalize this and have buildings and people and very smart individuals designing ways to disrupt and corrupt systems and do bad things, as we are to our potential adversaries. That mutually assured destruction may be still works between russia and the United States. Now lets take a quick look at one of the worst place today in the world north korea. They have got atomic bombs, they are a rogue regime, a lot of people there, a lot of smart people, like there are everywhere in the world. They have definitely got a cyber warfare operation activity going on. In the United States, today, there are about 250 million computer users, and if you look at Service Providers and internet domains, that number doubles to about 500 million, half a billion in the United States. A lot of people doing a lot of things in cyberspace. Do you know how many users, computer users there are in north korea . Any guess . A handful. A handful. The numbers range around 600. 600 vs our 250 million. For Service Providers and internet domain names, we have 500 million. In north korea, seven. Talk about a tilt the playing field. They could attack us and do some things that would be devastating, but we could not return the fire. There is nothing there to attack. They have not put their social order on the world wide web. Everything is hard wired, it is manuel, people do not bank, do not communicate, do not control utilities. Many times in new north korea they do not have been utilities to control. Things like that. There is nothing to go back to the plan field is totally tilted. Mutually assured destruction does not apply here. Lets look at a difference dr. Johns will go into a lot of detail. China, many more people, about twice as many computer users as we have. A very literate country, very smart people. When the u. S. Government wants to buy microsoft products, not the u. S. Government and agencies asked bill gates and microsoft, we are going to bite your product. We want your source code, which is the details of how your systems work. Bill gates says, no, nobody gets our source code. It is proprietary. We do not get it in america. China we have people here who want to go on the internet, we are willing to pay license fees and are willing to pay your we want your source code. He says now. And we sit by the way, not only do we want your source code, we want you to make unique modifications to the microsoft systems. He says no, i do not do that. It is all the same. Then he looks to the numbers and bill gates says, i guess i will give you the source code and the modification. You have heard of the great wall of china theres also the great fire wall of china. That country, with all those users, im going a little bit over the top on this, but not far from it, they can basically throw a switch and shut the rest of the world off. We do not have that capability. Is the planned field even . Is a mutually assured destruction . Not in the cyberworld. Not in cyber warfare. Beyond all that good news, we have the phishers. I will talk more about them. The spammers, the terrorists, people conducting industrial espionage, and our Foreign Intelligence Services which are obviously connected to the state sponsored nations but have a different mission, not necessarily there to disrupt and destroy but to collect information to further their national agendas. Some of the threats, we talked about the denial of Service Attacks. In fact, the gao report showed none of those incidents or a tax or denial of service. That is because there are other your only limited by your imagination. Remember the basic paradigm a locke will only keep out an honest man. There are possibilities of denial of Service Attacks even with strong firewalls in place, more sophisticated approaches. The denial of Service Attacks can come from one host or can be much more sophisticated and be distributed. Your computer could be carrying what we call a botnet. You have downloaded something, someone has been able to be in your system and insert some code that will react on command to start sending messages to another system trying to overload. That is called is on the networked. A zombie network. We all watched the zombie movies, a person dies and then they come back to life. Do bad things. That is a zombie network. We talk about the zero day exploit being the most dangerous because we do not know what it is. We would not recognize it if it showed up right in our face. It does what it does. Only after there has been a big issue do we have a signature and characterize it. Then it becomes part of our virus update. We have the worms that are self propagating, destructive malware in the system, a trojan horse, something that you let in but is something that you really do not want, that does something bad to your computer. Then there is spyware. Suffer that gets on your computer and gives People Software that gets on your computer and can monitor your keystrokes, your typing, can look at your registry, can see your passwords, can see what kind of encryption your using, can do a lot of stuff which you do not wanted to do. What it to do. Do. It to productsur amlwarmalware are reactive systems vs. Projected systems. We talked about proactive vs. Reactive we will talk more about that when we get to the solutions for the problem. Some of the threats, again, continuing now, are logic bombs. These are software subroutines inserted into your system that just sit there and wait for something to chew them. Is a ifthen code. A certain event happens, the logic bomb says, go do this. It could say, turn off all your voltage limiters for transmission lines. If the code comes in and that logic bomb sees it, what ever it was programmed to look at, it sends out a command to turn off all your voltage limiters and your Power Distribution lines and transformers go out and power goes out on the electrical grid. This has happened before and can happen again. Crosssite scripting, an unwitting third party is involved in sending out malicious attacks to your computer. Wardriving, mobile sniffing, people or individuals or groups are going around connecting and searching for Unsecured Networks and then getting into that network and launching m alware, making you part of their malicious attack or whenever they decide to go after. Passive wiretapping, looking for encrypted passwords and special query language, sql injection, going to act