The national program for public safety pronasci
1 / 19

The National Program for Public Safety – PRONASCI - PowerPoint PPT Presentation

  • Uploaded on

The National Program for Public Safety – PRONASCI. Mr . Jim Simon Chief Strategist Worldwide Public Sector Microsoft Corporation [email protected] The Sound Of Death. Order & Chaos.

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation

PowerPoint Slideshow about ' The National Program for Public Safety – PRONASCI' - rimona

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
The national program for public safety pronasci

The National Program for Public Safety – PRONASCI

Mr. Jim Simon Chief Strategist Worldwide Public SectorMicrosoft Corporation

[email protected]

  • The

    • Sound

      • Of

      • Death

Order chaos
Order & Chaos

Nation state attackers differ from criminals and others. Purpose, effectiveness, and repeatability matter for the “rational” nation state.

They wouldn t dare dean rusk chinese intervention in korea
“They wouldn’t dare!” Dean Rusk (Chinese intervention in Korea)

  • See the battlefield; know the battlefield. Know the players--ALL the players.

    • active or passive,

    • offense or defense,

    • motivated by money, ideas, or power.

“What is called “foreknowledge” cannot be elicited from spirits, nor from gods, nor by analogy from with past events, nor from calculations. It must be obtained from men who know the enemy situation.” Sun Tzu

  • Launch no attack without careful and deliberate reconnaissance. Knowledge of the target is necessary for effective attack. Follow technological trends, anticipate and take advantage of change.

Predicting is hard work especially about the future nils bohr
“Predicting is hard work, especially about the future.” Nils Bohr

  • No attack may be launched without an assessment of the balance between risk and reward. Probability of success must be assessed and the risk of unwanted damage understood and special attention paid to the ability and will of a target to counter-attack.

“Yea, they have chosen their own ways, and their souls delighteth in their abominations… When I spake, they did not hear: but they did evil before mine eyes, and chose that in which I delighted not.” Isaiah 66:3-4

  • Unless consciously decided, the origin of the attack must be un-provable. Any attack where the attacker is evident or blamed on another, is a policy decision made at the highest levels.

“Even our intellect does not work rationally. Habit, which is rationally indefensible, is the main force that guides our thoughts and actions.” David Hume

  • Technological change occasionally risk the viability of the most advanced weapons. When this circumstance is foreseen, consider immediate use against the highest-value targets, no matter your attachment to the “weapon of weapons.”

“Making plans is too often the occupation of an extravagant and boastful mind. It thus obtains the reputation of creative genius by demanding of others what it cannot itself supply, by denigrating what it cannot improve, and by proposing what it knows not where to find.” Immanuel Kant

  • Choose the most precise attack that strikes the specific target --and no other. Promiscuous attacks raise unwanted alarm and risks unpredictable collateral damage. Precision strikes can allow cyber weapons to be re-used against less-capable targets, even within the same entity.

Chaos theory tells us that the phenomena of non-linearity means that results are not proportionate to cause.

  • Choose the simplest means that both meets the objective and is appropriate for the specific target’s value. Attack the oldest, least capable systems first; reserve the best weapons for the highest-value targets.

May god defend me from my friends i can defend myself from my enemies voltaire
means that results are not proportionate to cause.May God defend me from my friends; I can defend myself from my enemies.” Voltaire

  • Choose the easiest mode of attack that offers precision. If the window is open, don’t break down the door. Suborn an employee or attack through the supply chain if at all possible.

The information you have is not what you want means that results are not proportionate to cause.The information you want is not what you needThe information you need is not what you can getThe information you can get cost more than you want to pay.

  • Choose the attack that can be effective in the shortest time to forestall or complicate countermeasures. Get in, get out.

Insanity means that results are not proportionate to the belief we can do the same things over and over, but some day the outcome will be different.

  • Preferentially attack the most isolated systems. This ensures we can accurately predict the range and consequence of the attack and accurately control collateral damage.

Adding routes to an already congested network will only slow it down dietrich braess
“Adding means that results are not proportionate to cause.routes to an already congested network will only slow it down.”Dietrich Braess

  • When attacking a complex system that spans entities, attack the weakest link. This is particularly useful against cooperating targets (like alliances) or intra-governmental efforts. Sowing distrust in a system or among allies can multiply the effectiveness of other attacks.

Confusion to our enemies cia toast
“Confusion to our enemies means that results are not proportionate to cause.!” CIA toast

  • Consider choosing attacks that confuse or mislead the defender. Confusion is always helpful and “cry wolf” attacks and feints may lead the target to ignore or be blind to more advanced, more valuable attacks.

A black swan for the turkey is not a black s wan for the butcher n n taleb
“A Black Swan for the turkey is not a Black means that results are not proportionate to cause.Swan for the butcher.” N.N. Taleb

  • The creation and testing of cyber weapons has to be done with care—otherwise an alert defender can predict the attack vector and pre-emptively counter weapons effects.

What can be done now
What Can Be Done means that results are not proportionate to cause.NOW!!!

  • Go to IPv6 now

  • Patch & upgrade—”new” complicates “how”

  • Try not to be the easiest target on your block

    • Be ruthless with unauthorized hardware/software

    • Beware of customization

  • Be able to detect and respond to first instance deviations in your system

“You shall reveal to him your secrets.” means that results are not proportionate to cause. -- He of the Sedge and of the Bee, Menmaatre Son of Re, SetiMerenptah, L-P-H