By Tom Madden, Chief Information Security Officer, Centers for Disease Control and Prevention 34 years with the federal government 27 years involved in cyber security (was cyber security when cyber security wasn’t cool) 18 years in the nuclear weapons program Became CDC’s first CISO in 2003 Entered the Senior Executive Service in 2008 Most memorable quote from a JSU Professor in 1983 Proud double alum of Jacksonville State University Participated in the National Critical Infrastructure Intelligence Committee with DNI, CIA, DIA, and FBI among others to determine national threat priorities Two fundamental models of attack after very different data A third model encompasses the conventional hacker who has different motives than the APT model o Rarely coordinated o Generally small in scope o Cannot be ignored Resembles a crime syndicate Targets financial institutions and other movers of money Extreme Stealth Leave very little behind Not well understood Extremely well organized Not after money – after data – any data Appears to be state sponsored Uses K-12 and large university systems as “drops” If not caught in the act (.rar 443) almost impossible to detect (needle in haystack) Education – education – education Teach developers security (cross site scripting and sql injection almost always present) Scan apps in development Harden domain controllers Two factor authentication for all elevated actions The conference approach – use hospitality The birthday approach Common interests Visitor out smoking at the back door Service and repair A word about jobs!!! ADVANCED PERSISTENT THREAT (APT) against U. S. Business, Education and Government IT Installations Tom Madden 770-488-8666 aqt6@cdc.gov