Download
slide1 n.
Skip this Video
Loading SlideShow in 5 Seconds..
Explorations in Cyber International Relations (ECIR) PowerPoint Presentation
Download Presentation
Explorations in Cyber International Relations (ECIR)

Explorations in Cyber International Relations (ECIR)

109 Vues Download Presentation
Télécharger la présentation

Explorations in Cyber International Relations (ECIR)

- - - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

  1. Explorations in Cyber International Relations (ECIR) Simulation Modeling for Cyber Resilience Dr. Michael Siegel Daniel Goldsmith Conference on Cyber International Relations: Emergent Realities of Conflict and Cooperation | October 14, 2010 OSD Minerva Research Project at Harvard & MIT Explorations in Cyber International Relations

  2. Identifying Security Solutions: A Systems View Management Policy Worse Better Costs Benefits Timing Strategy … Governance Awareness IR … Poli Sci Theory IR … Data Technology Output SMEs Databases Text Time Series Derived Data … Authentication Encryption Patching Software Quality …

  3. How did breaches (threats) occur? * How are security and threat processes (resilience) managed? * 67% were aided by significant errors (of the victim) Over 80% of the breaches had patches available for more than 1 year 38% utilized Malware 75% of cases go undiscovered or uncontained for weeks or months 64% resulted from hacking 35% increase in the customization of Malware from 2007 to 2008 * Verizon 2009 Data Breach Report * Verizon 2009 Data Breach Report Mission: Dynamics of Threats and Resilience

  4. Attacking Software Security Patching Results: Simulation Modeling Overview

  5. Infected Attack Vectors Not Compromised 200 Technical 150 Year 100 “Upstream Costs” “Downstream Costs” 50 200 0 20 0 10 20 30 40 50 60 70 80 90 100 170 200 Time (Year) Managerial 17 Year 140 170 14 Year 10 110 140 11 7.5 80 110 2,000 0 10 20 30 40 50 60 70 80 90 100 8 5 Time (Year) 0 10 20 30 40 50 60 70 80 90 100 80 Total Costs 1,500 Time (Year) 0 10 20 30 40 50 60 70 80 90 100 2.5 Time (Year) 1,000 0 0 10 20 30 40 50 60 70 80 90 100 500 Time (Year) Policy 0 0 10 20 30 40 50 60 70 80 90 100 Time (Year) Example of Simulation Model Output Blue is base case; red case is patching with configuration standards; green is current case

  6. Perceptions: Loads and Capacities Management Policy Costs Benefits Timing Strategy … Governance Awareness IR … Perceptions of Security Poli Sci Security Theory IR … Data Technology Output SMEs Databases Text Time Series Derived Data … Authentication Encryption Patching Software Quality …