Breakout Session: Advanced Persistent Threats

Moderated by Richard Marshall, Director, Global Cyber Security Management, Department of Homeland Security



I’m going to go back to 1985, I’m picking that to start because I think that was a watershed time frame when we started to see the rise in the internet (the ARPA net) and it was primarily designed for academic use. It’s important to remember that they were communicating with colleagues they trusted. They didn’t need to worry about the “man in the middle” attack. That then moved from the government to private sector, which was a positive move because they could come out with some phenomenal applications. There were a lot of fits and starts.

They were focusing on applications, security wasn’t even a thought. It was focused on reliability and ease of access. The point: Privacy was expected. The internet comes along, no one focuses on privacy at all.

** The technology advancement is incredible.

PERTI: in the late 90’s (nov 89) massive political change – the Berlin wall fell.

–          Political change in 89

–          Economic change from central to capitalism, fall of wall

–          Religious and culture shift inward (people returning to traditions and resistance to modernity)

–          Technology – the backbone of the change, technology has gone from a western invention to global invention

–          Information – the radical movement of info at a very high speed, large volumes, undigested

Marshall:  “It is the height of arrogance to think that the best technology is developed here in the US. Or in the UK . .. it’s developed everywhere.”

The challenge is how to keep this technology safe, because it wasn’t developed to be safe.

Analogy: Roman road systems. Used for the same reasons: commerce, communication etc. As long as it was protected they were safe, but when it wasn’t it was disruptive to society.

A mindset developed in totalitarian states that I need to follow the rules, but I can survive better if I follow the rules as long as it works to my advantage. When not, I’ll make up the rules. They becomes cyber criminals. Clusters exist in Russia, Romania, China. There is substantial incentive. How do we change that environment?

The problem with the new stuff, is its designed to be backwards compatable, ie it can still communicate with the old stuff, and therefore is vulnerable.

Biggest fear: with all the software being backward compatible, we risk incorporating vulnerabilities and threats to a significant degree. The adversaries are like parasites, they want us to survive, but there’s the chance that they miscalculate and “bring it all down”.

Jesse Driscoll: 2001 is an equivalent transition to 1989. It made our government re-think how we were going to protect ourselves. Since 2001, how have things changed? We’ve created a huge system of information that is ripe to be data mined.

Marshall: It’s not unique to a local or political spectrum. The concern from privacy that erupted from WWII era (they were concerned about government overhearing conversations) continues to pervade their society even today. You cannot track phone calls, and phone numbers.

Brett Horvath: 2 questions

–          I’m very interested in anonymous, the “open source community that has distributed network with methods of taking down websites or companies etc.

–          Oracle and Microsoft have spent massive amounts of money creating closed systems, others would argue that open source could be safer

Jesse Driscoll: Can you address Wikileaks? Is it possible to go back to the pre-1984 type of information protection?

Marshall: Why do we need it to be classified? Why do we want to go back to classified information? Wikileaks demonstrates that. 99% of the info was more embarrassing politically, a few lives were threatened, but I question the amount of  effort and energy and resources we spend on protecting information that is of marginal value. Is it necessary to do this?

Movie to look out for: The man who invented lying

Horvath: I spent 6 months studying reputation. Networks work because they exist to gain reputation, the incentive to exist is to gain reputation. Some will say put all the info out there, and see what people have to say about it if you’re really interested in knowing.

Sridhar Jagannathan: I’m curious about advanced persistent threats on individuals. There’s a full spectrum of possibilities by which we can harmed as individuals. We’re more than halfway towards the very harmful side. Increasingly there are threats that can do harm to you and your identity. What are governments doing to regain privacy and anonymity?

Marshall: I think we as individuals need to be able to take control of our privacy. We need to configure it with personal privacy in mind. Technology exists that can maintain the safety.