1 / 26

Hackers in the national cyber security

Hackers in the national cyber security. Csaba Krasznay IT Security Consultant Hewlett-Packard Hungary Ltd. News headlines. U.S. response.

annabel
Télécharger la présentation

Hackers in the national cyber security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Hackers in the national cyber security Csaba Krasznay IT Security Consultant Hewlett-Packard Hungary Ltd.

  2. News headlines

  3. U.S. response • „The Department of Homeland Security is looking to recruit white-hat hackers to help defend the US's critical internet infrastructure” – DHS hunts for white-hat hackers, http://www.theregister.co.uk/2009/04/20/dhs_hacker_recruitment_drive/ • The United States Congress this week delved further into the country's cybersecurity preparedness as members introduced two bills designed to protect federal networks and electric power grids from attacks.One bill, dubbed the US Information and Communications Enhancement Act of 2009, would mandate the formation of hacker teams that would actively try to penetrate government networks. – US Congress wants hack teams for self-penetration, http://www.theregister.co.uk/2009/05/01/cybersecurity_bills/ • US President Barack Obama will create a new White House post that's responsible for protecting the country's critical computer networks, a step he said was crucial to confronting one of the biggest national security challenges. – Obama fights cyber threats with new White House post, http://www.theregister.co.uk/2009/05/29/obama_creates_cyber_post/

  4. U.S. Cyberspace Policy Review • The Nation is at a crossroads. The globally-interconnected digital information and communications infrastructure known as “cyberspace”underpins almost every facet of modern society and provides critical support for the U.S. economy, civil infrastructure, public safety, and national security. • The status quo is no longer acceptable. The United States must signal to the world that it is serious about addressing this challenge with strong leadership and vision. • The national dialogue on cybersecurity must begin today. The government, working with industry, should explain this challenge and discuss what the Nation can do to solve problems in a way that the American people can appreciate the need for action. • The United States cannot succeed in securing cyberspace if it works in isolation. The Federal government should enhance its partnership with the private sector.

  5. U.S. Cyberspace Policy Review • The Federal government cannot entirely delegate or abrogate its role in securing the Nation from a cyber incident or accident. The Federal government has the responsibility to protect and defend the country, and all levels of government have the responsibility to ensure the safety and wellbeing of citizens. • Working with the private sector, performance and security objectives must be defined for the next-generation infrastructure. The United States should harness the full benefits of technology to address national economic needs and national security requirements. • The White House must lead the way forward. The Nation’s approach to cybersecurity over the past 15 years has failed to keep pace with the threat. We need to demonstrate abroad and at home that the United States takes cybersecurity-related issues, policies, and activities seriously. • Source: http://www.whitehouse.gov/assets/documents/Cyberspace_Policy_Review_final.pdf

  6. What is about the rest of the world? • We’re in the same situation: • Our critical infrastructures are in the focus of foreign intelligence services, armies, terrorists, (h)acktivits... • The places of war are ground, sea, air, space and cyberspace • All of our critical infrastructures are working on IT systems • These infrastructures are operated by private companies – and protected by private companies • One successful attack against a critical infrastructure can start a chain reaction and can take effect on the nation’s economy • Do we really prepared for cyberspace war?

  7. What’s about the new member states? • Special problems: • Unprepared governments • Changing armed forces (Warsaw Pact -> NATO) • IT systems and networks don’t have long history in governmental and military usage • No money for this kind of unconventional warfare • Compelling power: • Estonian-Russian, Georgian-Russian conflict • NATO Cooperative Cyber Defence (CCD) Centre of Excellence (COE) in Tallinn • U.S steps

  8. Lessons to learn • USA has billions of dollars for hacking – and you? • Officials said China and Russia also have many hackers – and you? • If you (officially) don’t have cyber corps, use your youth movement!

  9. How can we build up our cyber defense? • All of the new member states have some kind of cyber defense (CERTs, CSIRTs, national security agencies, etc.) • Most of the critical infrastructures are protected mainly by private companies • But we have two problems: • Defense is not coordinated nation wide (never forget the holistic view!) • The nations have never suffered a coordinated cyber attack -> no experience

  10. Proposed steps • Establish a small cyber defense headquarter with military, government, market and university experts (like U.S. does) • Coordinate the information security of critical infrastructures (like U.S. does) -> encourage public-private partnership • Cooperate with different hacker groups in the country -> it’s better to test preparness with patriots

  11. Coordination with hackers • The big questions: • Can we trust in hackers? • Where can we find these experts? • How can we gain their trust? • How much money do we need for the cooperation? • How can we cooperate with them? • What can they really do? • How can we control them?

  12. Hacker conferences • Trust is beginning with personal meetings • In some new member countries hacker conferences are organized annually • Officials shall participate in these conferences! • Hacktivity conference has ~300 attendees in every year in Hungary

  13. Hacker attitudes • As far as I know, hacker’s opinion about the national (cyber)security was never asked • In practice these guys are the main workforce source of public and private organizations • I want to know whether they want to participate in national defense or no • Questionnaire was published on Hacktivity’s website and an e-mail was sent out to ~600 subscribers • Cca. 20% answered the questionnaire (187 respondants)!

  14. Questionnaire • 4 questions: • Your homeland needs you, what do you do? • With which motivation of IT security do you agree? • What is your job? • What do you think about the Hungarian Army? • To measure: • The level of patriotism • The place of hackers in cyber warfare • The current place in the market • The honest opinion about military

  15. The level of patriotism • 3 possible answers: • I must help to my homeland • I can help if they pay • Leave me alone! • Presumption: • Most of the respondents love the country and help for free

  16. The level of patriotism

  17. Attack or defense • Cyber defense is the role of official agencies not hackers • The place of hackers is attacking/simulating attacks or counter striking in case of foreign attacks • 3 possible answers: • I attack • I defend • I counter strike • Presumption: • Most of the respondants want to attack

  18. Attack or defense

  19. Current jobs • The country has some professional ethical hackers who can be the core of cyber corps • We have many students who can be professional ethical hackers in the future • And we have so many other pro’s who are working on other fields • 3 possible answers: • I’m a professional ethical hacker • I hack just for fun but work on other field • I’m a student • Presumption: • We have only a few ethical hackers but a strong university background

  20. Current jobs

  21. Opinion about the army • If the army (or other agency) wants to cooperate with hackers, the positive image is a must. • 3 possible answers: • Hungarian Army is an important and appreciated organization • Hungarian Army is not serious but I’m not against the military • I’m pacifist • Presumption: • Most of the respondants are not pacifist but have a negative image about the Hungarian Army

  22. Opinion about the army

  23. Conclusions • The so called „hackers” love their country and ready to protect it • Half of them are ready to attack or counter strike • Hungary has some professional ethical hackers and a huge background on universities • The Hungarian Army should begin to build a positive image in this area if it accepts my theory

  24. Interesting correlations • One half of the professional ethical hackers wants to help for money the other half for free • Most of the pro’s have negative image about the Hungarian Army • For fun hackers have the most positive image about the Army • The patriots are not pacifists • For fun hackers are ready to protect and counter strike • Students are patriots and not pacifists

  25. Closing ideas • If I was the responsible officer: • I’d actively participate on hacker conferences • I’d build the image of army • I’d get the support for a mimic warfare in cyberspace • I’d involve the patriot hackers to this event • I’d be horrified at the result of this event and begin to shout for laws and coordination

  26. Thank you!

More Related