Bringing Governments, Industry and Academia Closer Together to Assure Global Cyber Security

1. Bringing Governments, Industry and Academia Closer Together to Assure Global Cyber Security Terry L. Janssen, PhD Science and Technology Advisor Network Warfare Center US European Command And Lockheed Martin terry.janssen@eucom.mil & tjanssenva@gmail.com

2. All Statements Made in this Talk are Personal Opinion of the Author and Do Not Necessarily Represent the Views of the U.S. Government including U.S. European Command, or Lockheed Martin Corporation

3. This Workshop • International Cyber Security Governance • Policy, technology, human factors in cyber security • Cyber warfare, intelligence, defense and preparedness • Cyber risk assessment and reduction • Cyber crime and other malicious activity

4. A Cyber Threat Assessment • Gen. Alexander, USCYBERCOM Commander’s quote (see source below): • “The military simply lacks a common operational picture (situation awareness) of its network.. [and] our networks are not secure” • Questions this Raises: • Does an adversary have inside awareness of US DOD networks? • How much critical top secret information has already been stolen? • How many “Bots” have been planted in our Government and Private Networks, that we are not aware of because they have not activated yet? • Do our adversaries have command and control “Bots” hidden in our networks? • What would our response be (Rules of Engagement) if networks attacked • Source: http://defensetech.org/2010/06/03/new-cybercom-chief-speaks/#ixzz0rTYRzXPY

5. The Threat: Perceived or Real? • CCDCOE, George C. Marshall Center, Black Hat, DEFCOM etc & here are forums and resources to get the hard facts • One talk at CCDCOE 2010 • Argument made that N. Korea Could Bring Down the US: • Only needs 500 hackers and $46 million • Needless to say this generated considerable debate and evidence for/against this argument • This talk by “Kim Jon-il (joke) and Charlie Miller titled How to Build a Cyber Army to Attack the US” • Kim Jon-il, N. Korea Supreme Commander: "The liquidation of colonialism is a trend of the times which no force can hold back.“ • Argument: Cyber threat is greatly exaggerated based on the data (probability), e.g. Bruce Schneier, BT, CCDCOE 2010 • Counter-Argument: fact remains that networks are not adequately secured and are being widely exploited as reported continuously by Governments, Industry ISPs, etc, in numerous publications and presentations, etc.

6. Example CCDCOE 2010 Talk • Bryan Krekel & George Bakos of Northrup Grumman talk titled “Chinese Cyber Warfare and Computer Network Exploitation” • They cited 100 page report (I have not seen it) • If you don’t understand your adversary you can not do attribution • Need to know who is doing espionage • They will not go away until you go away • Need better network security and situation awareness • We need the usual deterrence (to Cyber Warfare)

7. My View of US EUCOM • Protection of U.S. Military Networks & Operations • Military Support to NATO • Cyber Security Focused on area of responsibility (AOR) • Cyber Security and Threat Deterrence • International and US Policy Making Support • Science and Technology Enablers • Contribution to and Maintenance of International Law with NATO, and US Policy for Cyber Security and Privacy

8. Need Greater International Dialog • The intent is to foster communication & cooperation between nation states for cyber security and stability (wishful thinking?) • Venues include the • George C. Marshall Center (with GMU CIP?) • Cooperative Cyber Defense CoE (CCDCOE) • International Cyber Center, GMU • Others?

9. Cooperative Cyber Defense CoE

10. United Nations & Cyber Security? UN Plan to Expand Global Broadband Access . “4 June – The United Nations telecommunications agency’s quadrennial development conference wrapped up today with participants adopting a plan of action to promote the global development of information and communication technology (ICT) networks and services.” Source http://www.un.org

11. US Cyber Command • Discussion of these issues in relation to • The recently formed US Cyber Command (CYBERCOM), a sub unified command under the US Strategic Command (STRATCOM) • CYBERCOM together with USEUCOM has the lead role of the US forces • To protect networks and global stability • To be adequately prepared for cyber defense, exploitation and attack, if needed to maintain peace • http://www.af.mil/news/story.asp?id=123205877 • AFCEA CYBERCOM Conference April 2010 • Full Videos of Presentations (See next slide)

12. More Than Most Want to Know About USCYBERCOM Full Videos of Each AFCEA CYBERCOM Presentation

13. Global Cyber Security Imperative • Obvious: A Common Goal of Peaceful Use of Internet by All and Global Stability of Internet • An analogy is the International Space Station • Especially important to have uniform cooperation of governments with international laws & enforcement • Unlikely in our life-times (again my personal opinion) • Involves Embracing Academia & Industry • Important to development of new, innovative technology to make our networks more secure • International Conferences, Meetings, Workshops, like this • Includes product developers and Internet Service Providers

14. Obvious Need to Bring Governments, Academia & Industry Together for Global Cyber Security: Our Imperative!

15. Some References • http://www.af.mil/news/story.asp?id=123205877 • http://www.afcea.org/events/pastevents/ • http://www.ccdcoe.org/conference2010/ • http://www.eucom.mil • http://www.internationalcybercenter.org • http://www.lockheedmartin.com/isgs/capabilities/cybersecurity.html • http://cip.gmu.edu • http://www.defcon.org/ • http://www.blackhat.com

16. Questions &Comments?