26-07-2012, 03:24 PM
COMBATING THE THREAT OF CYBER TERRORISM
Cyber_terrorism_vulnerabilities.pdf (Size: 818.87 KB / Downloads: 22)
Three Critical Issues
The quality of software must be increased in order to
significantly reduce the number of vulnerabilities that are
exploited by cyber-criminals and cyber-terrorists.
2. The increased value of information weapons and tactics within
the UnRestricted Warfare (URW) environment requires the
development of new data weapons, alerting systems and
tactical strategies in order to protect and defend the United
States against cyber-crime and cyber-terrorism.
3. The current approach for securing information assets can only
be described as reactive application of point fixes. A holistic
approach is necessary to make these systems markedly more
secure.
Presentation Focus
• Given the time restrictions, this presentation will focus only on
one of the these three critical problems.
– The quality of software must be increased in order to significantly
reduce the number of vulnerabilities that are exploited by cybercriminals
and cyber-terrorists.
• It is critical to note that given our analysis, this is not the most
pressing issue in combating cyber-terrorism. The implication of
information systems in an UnRestricted Warfare (URW)
represents the greatest threat.
– The increased value of information weapons and tactics within the
UnRestricted Warfare (URW) environment requires the
development of new data weapons, alerting systems and tactical
strategies in order to protect and defend the United States against
cyber-crime and cyber-terrorism.
IT Response to Vulnerabilities
• It is an onerous task to apply the hundreds of fixes
that come out each year for operating systems,
applications and other programs; but, an efficient
patch management regime has become an
increasingly critical requirement.
Current Methods
• Most security vulnerabilities result from defects that are unintentionally
introduced in the software during design and development.
– A typical IT organization in a multi-national, multi-billion business
applies over 2,500 patches annually.
• Tools to examine software vulnerability in the design and testing stages
have existed for years. Yet the problem continues to plague software
companies.
– Static code validation and verification tools are just now entering
the software industry.
• Developers spend about 80% of development costs on identifying and
correcting defects.
– The National Institute of Standards and Technology
Conclusion
• Unless we address these issues now, we
are headed for a digital disaster!
– The time period from vulnerability identification until the
appearance of exploitation has been reduced to near
zero. We can no longer accept the exposure of
vulnerabilities missed in the development and quality
processes that create opportunities for cyber-terrorist and
cyber criminals to disrupt the information that has
become the lifeblood of our society.
– The solution will have to include regulations, new
technology and education!