Bringing Governments, Industry and Academia Closer Together to
Bringing Governments, Industry and Academia Closer Together to
Assure Global Cyber Security
Terry L. Janssen, PhD
Science and Technology Advisor
Network Warfare Center
US European Command
And Lockheed Martin terry.janssen@eucom.mil
& tjanssenva@gmail.com
All Statements Made in this
Talk are Personal Opinion of the
Author and Do Not Necessarily
Represent the Views of the U.S.
Government including U.S.
European Command, or Lockheed
Martin Corporation
This Workshop
• International Cyber Security Governance
• Policy, technology, human factors in cyber security
• Cyber warfare, intelligence, defense and preparedness
• Cyber risk assessment and reduction
• Cyber crime and other malicious activity
A Cyber Threat Assessment
• Gen. Alexander, USCYBERCOM Commander’s quote (see source below):
– “The military simply lacks a common operational picture (situation
awareness) of its network.. [and] our networks are not secure”
• Questions this Raises:
– Does an adversary have inside awareness of US DOD networks?
– How much critical top secret information has already been stolen?
– How many “Bots” have been planted in our Government and Private
Networks, that we are not aware of because they have not activated yet?
– Do our adversaries have command and control “Bots” hidden in our networks?
– What would our response be (Rules of Engagement) if networks attacked
• Source: http://defensetech.org/2010/06/03/new-cybercom-chiefspeaks/#ixzz0rTYRzXPY
The Threat: Perceived or Real?
• CCDCOE, George C. Marshall Center, Black Hat, DEFCOM etc
& here are forums and resources to get the hard facts
• One talk at CCDCOE 2010
– Argument made that N. Korea Could Bring Down the US:
• Only needs 500 hackers and $46 million
• Needless to say this generated considerable debate and evidence for/against this argument
– This talk by “Kim Jon-il (joke) and Charlie Miller titled How to
Build a Cyber Army to Attack the US”
– Kim Jon-il, N. Korea Supreme Commander: "The liquidation of colonialism is a trend of the times which no force can hold
back.“
– Argument: Cyber threat is greatly exaggerated based on the data (probability), e.g. Bruce Schneier, BT, CCDCOE 2010
– Counter-Argument: fact remains that networks are not
adequately secured and are being widely exploited as reported continuously by Governments, Industry ISPs, etc, in numerous publications and presentations, etc.
Example CCDCOE 2010 Talk
• Bryan Krekel & George Bakos of Northrup
Grumman talk titled “Chinese Cyber Warfare
and Computer Network Exploitation”
– They cited 100 page report (I have not seen it)
– If you don’t understand your adversary you can not do attribution
– Need to know who is doing espionage
• They will not go away until you go away
• Need better network security and situation awareness
• We need the usual deterrence (to Cyber Warfare)
My View of US EUCOM
• Protection of U.S. Military Networks & Operations
• Military Support to NATO
• Cyber Security Focused on area of responsibility
(AOR)
– Cyber Security and Threat Deterrence
– International and US Policy Making Support
– Science and Technology Enablers
• Contribution to and Maintenance of International
Law with NATO, and US Policy for Cyber Security and Privacy
Need Greater International Dialog
• The intent is to foster communication &
cooperation between nation states for cyber security and stability (wishful thinking?)
• Venues include the
• George C. Marshall Center (with GMU CIP?)
• Cooperative Cyber Defense CoE (CCDCOE)
• International Cyber Center, GMU
• Others?
Cooperative Cyber Defense CoE
United Nations & Cyber Security?
UN Plan to Expand Global Broadband Access .
“4 June – The United Nations telecommunications agency’s quadrennial development conference wrapped up today with participants adopting a plan of action to promote the global development of information and communication technology (ICT) networks and services.” Source http://www.un.org
US Cyber Command
• Discussion of these issues in relation to
– The recently formed US Cyber Command
(CYBERCOM), a sub unified command under the US
Strategic Command (STRATCOM)
– CYBERCOM together with USEUCOM has the lead role of the US forces
• To protect networks and global stability
• To be adequately prepared for cyber defense, exploitation and attack, if needed to maintain peace
• http://www.af.mil/news/story.asp?id=123205877
• AFCEA CYBERCOM Conference April 2010
• Full Videos of Presentations (See next slide)
More Than Most Want to
Know About USCYBERCOM
Full Videos of
Each
AFCEA
CYBERCOM
Presentation
Global Cyber Security Imperative
• Obvious: A Common Goal of Peaceful Use of
Internet by All and Global Stability of Internet
– An analogy is the International Space Station
– Especially important to have uniform cooperation of governments with international laws & enforcement
• Unlikely in our life-times (again my personal opinion)
– Involves Embracing Academia & Industry
• Important to development of new, innovative technology to make our networks more secure
• International Conferences, Meetings, Workshops, like this
• Includes product developers and Internet Service Providers
Obvious Need to Bring
Governments,
Academia & Industry
Together for Global
Cyber Security: Our
Imperative!
Some References
• http://www.af.mil/news/story.asp?id=123205877
• http://www.afcea.org/events/pastevents/
• http://www.ccdcoe.org/conference2010/
• http://www.eucom.mil
• http://www.internationalcybercenter.org
• http://www.lockheedmartin.com/isgs/capabilities/cy bersecurity.html
• http://cip.gmu.edu
• http://www.defcon.org/
• http://www.blackhat.com
