Proactive Counterespionage & Business Continuity / Resiliency
- 1. SESSION ID: #RSAC Lydia Kostopoulos, PhD Proactive Counterespionage as a Part of Business Continuity and Resiliency SOP-R06 Intelligence & Cybersecurity Professor / Institute of International and Civil Security (IICS) International Engagement Coordinator / Cyber Security Forum Initiative (CSFI) @LKCYBER
- 3. #RSAC @LKCYBER (Economy) Business Innovation Espionage National Security • Economic Prosperity • National Defense • Geopolitical Interests • Socio-Cultural Values • Competitive Intellectual Property • Business Growth: Financial, Service & Product • Innovation Capacity & Capability • Reputation Management • Criminal • Industrial • Nation-State • Non-state Political Cybersecurity Scope: Focus: Human Factor
- 4. #RSAC @LKCYBER We set up network defenses… Intrusion Detection System Defense in Depth Firewall We set up data defenses… Destruction What about human defenses? Encryption Data in Use At Rest In Motion Classification Internal Use Public Confidential Secret We set up malware defenses… Anti-Virus Spam Filter? Data Leakage Prevention Data Loss Prevention Identity & Access Management Phishing
- 5. #RSAC @LKCYBER Why are human defenses important? Roles in an organization that are instrumental in achieving the desired goals and fulfilling aspirations set forward in the business strategy and vision. * Business Critical Roles can also be viewed as: High Value Targets, Key People Terrain, (Single) Points of Failure, or Nodes of Compromise. Should people in these roles be compromised it would constitute a point of failure with potentially serious to detrimental repercussions for business continuity and operations. Business Critical Roles (BCR)
- 6. #RSAC @LKCYBER - Tangible and intangible - Internal knowledge of organization structure and operations - Trade secrets - Business intentions - Data, networks, servers, people, proprietary ideas, trade secrets, money, internal strategy and intent - Innovative ideas, insight and perspective - Intellectual capacity and capability - Motivation and aspiration Information Access Intellect What form of assets do BCR roles have? What happens when people in Business Critical Roles are Compromised? 2030 205020402020 Internal divides, issues, problems Org structure: official vs reality
- 7. #RSAC @LKCYBER Attacks: Human Factor & Intellectual Property (IP) 91% of cyberattacks begin with spear phishing email – TrendMicro Research IP Intensive Businesses in the US • Support at least 40 million jobs • $5 trillion to US GDP 28% $445 billion – annual cost of cybercrime and economic espionage to the world economy - 2014 CSIS & McAfee report How much does it cost the world? What’s the most common attack vector?
- 9. #RSAC @LKCYBER "Never underestimate the impact of user behavior on a defensive strategy" Admiral Rogers Director of US Cyber Command/NSA
- 11. #RSAC @LKCYBER Proactive Counter-Espionage Roadmap Phase 1: Identification of Business Critical Roles & Espionage Risk Proactive Counter-Espionage Phase 2: Policy Creation Phase 3: Communication Protocol Phase 4: Operationalize Whole of Enterprise Approach
- 12. #RSAC @LKCYBER Categories of Business Interests • Define levels of espionage risk from low (1) to high (5). Collaboration with Business Strategists, Business Intelligence and Security Operations. • Risk levels should be defined as per impact to business interests, incorporate business intelligence and reflect organization’s risk appetite. Proactive Counter-Espionage Roadmap Phase 1: Identification of Business Critical Roles & Espionage Risk Identify Business Critical Roles (BCR) Levels of Espionage Risk • Map business critical roles on top of categories of business interests. Use business strategy as guidance. • Identify people who represent business continuity points of failure in these goals should they be compromised. • Determine areas that are business critical to identified business continuity goals. Reflective of Business strategy, interests, goals, aspirations and continuity plan. • Define BCR roles within categories and risk levels specifically as they pertain to the respective business. • Definitions should clearly indicate criticality of role responsibilities and the value the people in these roles bring to achieving desired business goals, as well as the risk for business continuity should they be compromised. • Prepare tailored risk profiles of business critical roles to be delivered for situational awareness, policy creation and need based use by: - Business Strategists - Human Resources - Business Intelligence - Security Operations - Information Security Enterprise Risk Risk Profile
- 13. #RSAC @LKCYBER Proactive Counter-Espionage Roadmap Phase 2: Policy Creation Human Resources Information Security Policy Creation Business Intelligence Inter-Departmental Collaborative Effort • Establish BCR related policies to preserve, protect and maintain operational security (OPSEC) • Establish policies for reverse open source intelligence (OSI) hunting and information sanitization • Create policy for identity and access management • SIEM policies for life-cycle of employee and role type • Establish defined ‘need to know’ events relating to employee • Internal classification of high espionage risk roles/responsibilities • Establish hiring policies for different roles and risk levels
- 14. #RSAC @LKCYBER Hardening Human Assets (HHA) Be proactive not reactive Cross departmental teamwork Security Culture People: High Espionage Risk OPSEC Awareness Social Engineering Awareness Specialized SIEM Settings (Cross-departmental collaboration) Espionage Threat Awareness Data Protection Awareness Social Media Use Awareness Travel Security Awareness Proactive Counter-Espionage Roadmap Phase 2: Policy Creation - Awareness Human Assets Whole of Enterprise Approach Hardening of Human Assets (HHA) – The process of elevating security awarenessof a human asset in efforts to reduce and eliminate as many risks as possible.
- 15. #RSAC @LKCYBER Proactive Counter-Espionage Roadmap Phase 3: Communication Protocol
- 16. #RSAC @LKCYBER Proactive Counter-Espionage Roadmap Phase 4: Operationalize TimelinePrioritize DelegateMethodPhase 4 • Determine the best method for implementing the roadmap. • Identify chain of command for operationalizing the roadmap with key stakeholders. • Assess impact of unique organizational culture, operations and resources of the organization in question. • Detail a list of tasks to be done. • Prioritize identified tasks into essential tasks, primary and secondary tasks. • Prioritization decided by those at the top of the chain of command for operationalizing the roadmap. • Agree on a suitable timeline for operationalizing the roadmap. • Delegate people who will be responsible for task completion and oversight. Monitoring Reporting KPI
- 17. #RSAC @LKCYBER “The only thing constant in life is change.” - Ancient Philosopher Heraclitus Be agile and adapt to constantly changing circumstances!
- 18. #RSAC @LKCYBER Our adversaries are relentless in acquiring our data, we should be relentless in protecting it. @LKCYBER
- 19. #RSAC Questions?
- 20. #RSAC @LKCYBERImage reference for images used in this presentation 20 http://apworldhistory2012-2013.weebly.com/uploads/9/9/9/6/9996001/8757598.jpg?696 http://www.firstpointit.com/wp-content/uploads/2014/03/business-icon1.png http://www.iftr.in/attachments/Image/rd1.jpg?1430157298948 https://www.sanjuancollege.edu/Images/HR/people.jpg http://d1du5om4ehlar1.cloudfront.net/wp-content/uploads/2015/02/product.png?529770 http://www.mobot.net/writer/wordpress/wp-content/uploads/2012/08/light-bulb.jpg http://www.strategy4seo.com/wp-content/uploads/2012/11/unique-content.jpg http://www.medical-billing.com/img/revenue-cycle-management.jpg http://bloximages.chicago2.vip.townnews.com/alligator.org/content/tncms/assets/v3/editorial/9/84/98428ba2- d08d-11e2-a775-0019bb2963f4/51b3b501c96e7.image.jpg https://www.ase.org/sites/ase.org/files/styles/featured_blog/public/broken_link.jpg?itok=uNpj5vWL http://prajwaldesai.com/wp-content/uploads/2013/11/firewall_man.png http://www.cloneguard.com/images/firewall-network.png http://www.teach-ict.com/images/stk/network_firewall.jpg http://www.liquidtechnology.net/img/layout/icon-data-destruction.png https://plannetplc.files.wordpress.com/2010/12/tech_55.jpg https://portal.utpa.edu/portal/page/portal/utpa_main/daa_home/hshs_home/pasp_home/imagesfiles/email.png http://svmtinc.us/wp-content/uploads/2013/11/Document-Management.png http://beandesoftware.com/img/DB-DEV-3.png http://true-hire.com/wp-content/themes/truehire/images/credentials_icon.jpg https://www.isheriff.com/img/icon_analysis_db_250.png http://www.iconshock.com/img_jpg/BETA/networking/jpg/256/spam_icon.jpg http://niiconsulting.com/checkmate/wp-content/uploads/2013/01/DLP.png http://www.immunitynetworks.com/images/identity-protection-and-management.jpg http://noticias.automoveis-online.com/wp-content/uploads/2012/07/Sabe-o-que-%C3%A9-Phishing.jpg https://cdn0.iconfinder.com/data/icons/financial-3/500/Financial_phishing-512.png http://www.defense.gov/News-Article-View/Article/616569/rogers-outlines-cyber- challenges-facing-dod-us https://manunicareersblog.files.wordpress.com/2015/04/istock_000013296501small- network-of-people.jpg http://knowledgecafe.care2share.wikispaces.net/file/view/sna2.jpg/30810569/sna2.jpg https://www.manageengine.com/network-monitoring/images/network-mapping.jpg https://www.deksoftware.com/dna/images/window.png http://www.2020spaces.com/wp- content/uploads/2014/05/Depositphotos_2077697_original3.jpg http://www.slidehunter.com http://weinspirefutures.com/wp-content/uploads/vacay.png https://c1.staticflickr.com/3/2385/2073251155_0451f31674.jpg http://precisemgmt.net/wp-content/uploads/2015/07/24x7-monitoring1.jpg http://www.paydiddy.com/gallery/cisco-cdr-reporting-software-is-the-provider- important-pic/Cisco-CDR-reporting-software-is-the-provider-important.jpg http://jerryching.no-ip.org/Software/Photo/Icon/Windows%207%20Blue%20Icons%20& %20Cursors/PNG/Folders/Documents.png http://www.getcybersafe.gc.ca/cnt/rsrcs/nfgrphcs/nfgrphcs-2012-10-11-en.aspx