

By Tom Madden, Chief Information Security Officer, Centers for Disease Control and
Prevention







34 years with the federal government
27 years involved in cyber security (was cyber security when
cyber security wasn’t cool)
18 years in the nuclear weapons program
Became CDC’s first CISO in 2003
Entered the Senior Executive Service in 2008
Most memorable quote from a JSU Professor in 1983
Proud double alum of Jacksonville State University

Participated in the National Critical Infrastructure
Intelligence Committee with DNI, CIA, DIA, and FBI among
others to determine national threat priorities


Two fundamental models of attack after very different data
A third model encompasses the conventional hacker who
has different motives than the APT model
o Rarely coordinated
o Generally small in scope
o Cannot be ignored





Resembles a crime syndicate
Targets financial institutions and other movers of money
Extreme Stealth
Leave very little behind
Not well understood





Extremely well organized
Not after money – after data – any data
Appears to be state sponsored
Uses K-12 and large university systems as “drops”
If not caught in the act (.rar 443) almost impossible to
detect (needle in haystack)





Education – education – education
Teach developers security (cross site scripting and sql
injection almost always present)
Scan apps in development
Harden domain controllers
Two factor authentication for all elevated actions





The conference approach – use hospitality
The birthday approach
Common interests
Visitor out smoking at the back door
Service and repair

A word about jobs!!!

ADVANCED PERSISTENT THREAT (APT) against U. S.
Business, Education and Government IT Installations
 Tom Madden
 770-488-8666
 aqt6@cdc.gov