Addressing Cybersecurity Challenges in Fast-Paced Technological Environments

We innovate without looking at security implications We do not forecast the consequences of patching We predicted/forecasted this event but missed the timeline Technologies/vulnerabilities/risks are changing at too fast a pace The pace of analysis, decision-making, and risk modeling cannot keep up We didn t reverse engineer the malware correctly

Based on the graph, it is getting worse, and we don t know if it s slowing down Without action, it will get worse There are many more technologies it can infect We want to know what else the creators of the patch know about the vulnerability We don t have a real-time forecasting model of these attacks We don t know what counter measures are being taken by the private sector (ISPs, telecons) Do not take military action

Things happening faster than we know Visualization like a nuclear reactor Yes, it can bridge to other technologies Talk to people doing the patch We don t have a real-time forecasting model of this situations We don t know what counter-measures are being executed ISPs, telco s, private sector No military action

Not nearly fast enough

Early cyber tsunami warning system Polling academia, industry and others on the net What you are seeing What you should do Need to verify sources Weather report on the Internet Mapping of bad weather Research goals how to present it, how to get the data Presenting the information without causing panic

Use/integrate/report (in real-time) from the telco s situational awareness Integrate SA across telco s Who to go to, understand where the data sources are Industry checks their apps la Apple Develop a framework of responses to indicators Public warning system about the turning off of the phone, disabling data connection

Lash-up a pre-positioned course of actions in an automated system with the ability to forecast actions and predict consequences: This creates a Continuous targeting system Quantify the attack to determine scope of attack Emergency phone bridge Relevant points of contact in telecons, government

Create a portal to exchange situational knowledge Reverse engineering data What the threat does What are the CXC s Where are they located Possible ways to disable the malware

What are the basic things to monitor? Traffic volume, dropped calls Need to monitor over time to increase confidence Increase confidence by predicting the normal state and verifying it What does it do in the absence of anomalies?

Provide more insight into model reasoning Long-term challenge: How to best visualize it and bring attention to the pieces that really matter Display patterns (best understood by humans) Humans can be viewed in two ways: As a Weak link in the cyber security fence i.e. source of the vulnerability Strong defender of a cyberspace asset

Civilians Better indicators of what is happening on your phone Consumer education: User notification Usability (password complexity) What do things mean to the actual user? Group dynamic of the consequences of your action For this example, sending the message will cost you $8,000 Giving information that is important and relevant, not nagging Defense didn t get to this

Creating a highly reliable secure device OS middle layer Lockdown/safety mode on phones Ability to forecast scenarios for decision support on actions Augment cyber defense with a citizen s militia Recruit the population to help The research is to tell them what to do Neighborhood watch of the Internet

Models for the general public Names of current malware Warning through social networks