Thomas Gann, Vice President of Government Rela"ons, McAfee
Current cyber-a;acks scenario
Nowadays, we are always connected. The world of instantaneous communica"on and constant connec"vity that we have come to take for granted is limited only by our powers of crea"vity and innova"on – and those seem to have no end. But the reality is that this world of connec"vity also creates risk.
We have all heard much about criminal actors who are highly mo"vated by money, na"onal pride, religion or some other compelling factor. These actors have much to gain and hardly anything to lose: our laws and penal"es, and also our inability to enforce them, make cybercrime extremely a#rac"ve and profitable. There are few real deterrents to cybercrime and there is so much to gain. And the abili"es of most cyber-criminals have increased drama"cally.
As the world’s largest dedicated security technology company serving the consumer, government and enterprise markets, McAfee has a first-hand understanding of the world's toughest security challenges, including the prolifera"on of botnets. Bots are essen"ally networks of computers that have been compromised individually and then linked by criminals. They leverage the power of shared compu"ng power to put ci"zens’ personal data and finances at risk, and threaten vital governmental and private sector ins"tu"ons that are fundamental to all na"ons’ economic and security interests. The focus on botnets of all governments is appropriate because bots are a key distribu"on method for malware and phishing a#acks that have the end goal of stealing financial informa"on, iden""es, and key intellectual property.
The days of bots distribu"ng simply spam – or adver"sing spam – are dwindling, and bots are now used to deliver denial of service a#acks against businesses or governments around the world. This is similar to many of the recent high-profile a#acks from groups such as Anonymous, which leverage massively distributed compu"ng capacity to overwhelm target websites or resources. Bots can also be used to gain intelligence, compromise system
Thomas Gann is Vice President of Government Rela"ons at McAfee. In this capacity, he manages the US and interna"onal advocacy ac"vi"es and partners with the public rela"ons team to help posi"on McAfee as an industry leader in capitals around the world.
Prior to joining McAfee, Gann managed government rela"ons, alliances, product marke"ng, and sales func"ons at Sun Microsystems, Siebel Systems, and Digimarc. He started his career on
Capitol Hill, working as a legisla"ve director and Chief of Staff to Congressman Tom Campbell.
insidious, persistent intruder meant to fly below the radar screen and quietly explore and steal the contents of the targeted network. Because of their stealth, APTs are a par"cular problem, and in the last couple of years we have uncovered numerous APTs that have affected tens of thousands of organisa"ons worldwide.
Today’s botnets are mostly in the hands of crime syndicates that leverage the latest in peer-to-peer technologies to avoid the simple takedowns of the past. Even if you take down the general, or bot herder, any of the nodes can instantaneously step up as a new general, meaning cyber-security professionals have to take down the en"re network.
Everyone knows that the threat is real and growing, and indeed we encounter new threats by the minute. Based on our most recent quarterly threat report, more than 5 million systems were infected with botnets between January and March of 2012.
Collabora!on: the most essen!al requirement
We are oVen asked what can be done to combat botnets, and here is the basic answer: we must ensure that individual machines are not infected in the first place. To do this we need to deliver security faster than our adversaries deliver malware. The security industry, ISPs, and world governments will all have to collaborate in a much more meaningful way to achieve this vision.
The security and IT industries evidently have a central role to play, and while we all have different technologies to address threats, we should focus on integra"ng them, as many IT vendors did for other industries. The companies provide a set of integra"on technologies that enable partners and independent soVware companies to integrate their solu"ons to ul"mately benefit the customer. The security industry should take a similar approach.
The number of IP-enabled devices is expected to grow to 50 billion by 2020, and with this explosion in connected devices comes an explosion in the number of a#ack surfaces. As an industry, we must adapt and respond to this changing threat landscape. We must unify, simplify, and strengthen the way we provide security by u"lising a framework for integra"ng poten"ally disparate technologies – building bridges between security ‘islands’
to close coverage and technology gaps.
At McAfee we call this approach Security Connected, and we are confident that when such integra"on occurs in the security industry, our customers will receive the same kind of benefits as the large retailers have received from other IT vendors integra"on. With cyber-security integra"on, cyber-security companies and their customers will be able to quickly and comprehensively detect and deter botnets.
Indeed, having real-"me visibility of emerging threats and a comprehensive view across the threat landscape is a powerful means of defea"ng botnets, which can mul"ply extremely quickly. One robust technology that enables this real-"me global visibility is called Global Threat Intelligence. With Global Threat Intelligence, millions of sensors scan the internet across the globe and feed back real-"me data on botnets and other threats. This data is
protec"on to customers, as we iden"fy and block the malicious files, IPs and URLs used by the botnets. With even more threat data from more security organisa"ons fed into this network, customers would get even more comprehensive visibility into the quickly changing pa#erns of botnet infesta"ons and could take immediate steps to counter them.
Innova!on in security
In addi"on to having real-"me global visibility into the botnet threat, we need to combat the threat before it even begins. We can do this through taking the mantra of security by design and hardware-assisted security – a concept that is central to McAfee’s and our parent company Intel’s ongoing efforts to develop soVware, hardware, services, and integrated solu"ons designed to improve cyber-security across the compute con"nuum.
Basically, it is not nearly as effec"ve to add security features onto systems aVer they have been developed. Security has to be baked into equipment, systems, and networks at the very start of the design process. This is par"cularly important in defea"ng botnets because the most sophis"cated botnets are a#acking systems below the applica"on level.
Hardware-assisted security can thus deter botnets by not allowing them to gain entry at all.
Finally, I have some policy recommenda"ons. We need to enable private sector companies to combine real-"me threat informa"on with that of other private sector en""es and with the government – just as Global Threat Intelligence does by machine correla"on. Many na"onal governments need new authority to share classified cyber-threat informa"on with approved companies and organisa"ons so they can be#er protect themselves, their customers and their personal informa"on against cyber-a#acks. This is par"cularly important for ISPs, which route all our internet traffic and are thus central to our connected and threat-filled world.
Enabling private sector informa"on sharing on a completely voluntary basis is also an important part of the equa"on, provided it can be done in a way that protects privacy and civil liber"es. Building trust in the global digital infrastructure requires not only strengthening security, but also protec"ng personal informa"on and privacy.
We also believe that posi"ve incen"ves are superior to regula"on, for with over-regula"on we run the risk of crea"ng a compliant cyber-ecosystem – not necessarily a more secure one. Examples of posi"ve incen"ves include li"ga"on and legal reform, tax incen"ves, insurance reforms, and increased funding for compe""ons, scholarships, as well as research and development.
With posi"ve incen"ves and collabora"on for real-"me light-speed informa"on sharing, the public-private ini"a"ves of interna"onal groups, and interna"onal coopera"on, we can defeat botnets and achieve the result we all want: a cyber-secure world.
SECURITY & DEFENCE AGENDA
Where cyber-security is heading
55
Cyber-protec!on of cri!cal
infrastructure
Speakers:
Pauline Neville-Jones, Special Representa"ve to Business on Cyber Security, Cabinet Office, United Kingdom
Helena Lindberg, Director General, Swedish Civil Con"ngencies Agency
Annemarie Zielstra, Director, Centre for Protec"on of the Na"onal Infrastructure, The Netherlands
Moderator:
Giles Merri;, Director of the Security & Defence Agenda