How global is the village Internet

(1)

Prof. Dr.

(TU NN)

Norbert Pohlmann

Institute for Internet Security - if(is)

Westphalian University of Applied Sciences

Gelsenkirchen, Germany www.if-is.net

How global is the village Internet?

(2)

Prof . Norb ert P ohlm ann , Ins titute for I ntern et S ecuri ty -if (is), W estpha lian U niv e rsity of A pplie d Science s Ge lsen kirch en, G erm any

Content

The interconnected network Internet

and some conditions

IT Security and IT Risk

The possible future of the Internet

Assessment of the Internet Players

Future Contribution of the Internet Players

Summary

(3)

 Prof . Norb ert P ohlm ann , Ins titute for I ntern et S ecuri ty -if (is), W estpha lian U niv e rsity of A pplie d Science s Ge lsen kirch en, G erm any

3 Content

The interconnected network

Internet and some conditions

IT Security and IT Risk

The possible future of the Internet

Assessment of the Internet Players

Future Contribution of the Internet Players

Summary

(4)

4 The Interconnected Network

 Overview of the Internet

44,000+ Autonomous Systems (AS)

US

= 14,614

Germany = 1,385

China

= 224

…

400,000+ connections between AS

US

= 78,000

Germany = 37,000

China

= 970

…

3 B+ number of IPv4 addresses

US

= 983,261,006

Germany = 111,165,772

China

= 267,010,580

…

(5)

5 The global village Internet

 Changes in the general condition

The Internet is going beyond all borders and cultures!

Problems with criminal prosecution in a lot of countries

Different opinions about what is right and what is wrong

Different legal frameworks

Radical change and development in IT

Mobile devices, Social Networks, Cloud Computing, …

 new Player, new operation systems, new IT concepts, new attacks

Internet of things: SmartGrid, SmartCar, SmartTraffic, SmartHome, …

 e.g. nuclear phase-out provides more risk on the Internet

The kind of values that we have to protect are changing over the time

bits and bytes are changing

from data and information to knowledge into intelligence

Accessible from anywhere (Mobile devices  Cloud Computing, …)

(6)

User

Companies

6 The global village Internet

 Players

Attacker

User

Governments

IT Producer

Companies

(7)

7 Content

The interconnected network Internet

and some conditions

IT Security and IT Risk

The possible future of the Internet

Assessment of the Internet Players

Future Contribution of the Internet Players

Summary

(8)

Prof . Norb ert P ohlm ann , Ins titute for I ntern et S ecur ity -if (is), W estpha lian U niv e rsity of A pplie d Science s Ge lsen kirch en, G erm any

Our IT Security Problems

 Overview

IT security

problems

Time

Today

(9)

 Prof . Norb ert P ohlm ann , Ins titute for I ntern et S ecur ity -if (is), W estpha lian U niv e rsity of A pplie d Science s Ge lsen kirch en, G erm any

9 Our IT Security Problems

 Risk discussion

IT security

problems

Time

Today

Economy

Which risk level

is too high?

(10)

10 Content

The interconnected network Internet

and some conditions

IT Security and IT Risk

The possible future

of the Internet

Assessment of the Internet Players

Future Contribution of the Internet Players

Summary

(11)

11 The future of the village Internet (1/5)

 Successful development

One common

global

and

successful

village Internet

(12)

12 The future of the village Internet (2/5)

 Unsuccessful development

One global but

unsuccessful

village Internet

The users don´t like the Internet because of

the bad security, untrustworthiness,

the lacking reliability, government behavior, …

and so on!

(13)

13 The future of the village Internet (3/5)

 Governments dominated

Different “Government” villages in the Internet

USA, …

European

Commission

BRI(C)S

China

OPEC

Driven by the

Governments

(14)

14 The future of the village Internet (4/5)

 IT Producer Companies dominated (1/2)

Different “company” villages in the Internet

Google

Apple

German

Telekom

Amazon

Facebook

Driven by the

IT Producer

Companies

(15)

15 The future of the village Internet (5/5)

 IT Producer Companies dominated (2/2)

…

MaxUserByte = UserLimit (new)

+ Telekom-Service

+ Managed-Service

MaxSumByte = SumUserLimit

+ Managed-Service

- Internal-Other-Services

Telekom

SumContent = SumUserLimit

(paid by the user)

or

Managed-Service

(paid by the CP)

Telekom-Service

IP-TV, Music, … Content offered by Telekom

Managed-Service

Paid by “Other Content Provider”

Internal-Other-Services

Traffic produced by organization in the Telekom network

UserLimit

Limited traffic paid by the user

Google, Facebook, Amazon, …

…

New flat rate:

-

16 Mbit/s

-

max. 75 Gbyte

-

than 384 Kbit/s

(16)

16 Content

The interconnected network Internet

and some conditions

IT Security and IT Risk

The possible future of the Internet

Assessment

of the Internet Players

Future Contribution of the Internet Players

Summary

(17)

17 Governments

Targets

Government

1 Government

2 Government

X

Society X

Society 2

Society 1

Responsible to secure

basic needs

Food

Energy

Peace

Freedom

…

Ensure Success / Wealth

Develop legal frameworks

which cover the culture

needs of the society

…

(18)

18 Governments

Politicians

Government

1 Government

2 Government

X

Society X

Society 2

Society 1

Think and act short-termly and

nationally

Solve things rather quickly than in a

sustainable manner

Act too slow for the needed

changes in the Internet

(19)

19 Governments

Vulnerability (1/3)

Government

1 Government

2 Government

X

Society X

Society 2

Society 1

The

Government 1

gets

information about a vulnerability

of an operation system

What should the Government do?

Use it for their own purposes

or

Inform all players

(20)

20 Governments

Vulnerability (2/3)

Government

1 Government

2 Government

X

Society X

Society 2

Society 1

The

Government 1

informs

the IT producer company

to fix the problem!

All societies are secure

The attackers are not successful !

Attacker

(21)

21 Governments

Vulnerability (3/3)

Government

1 Government

2 Government

X

Society X

Society 2

Society 1

The

Government 1

uses the

vulnerability to attack other

countries!

All societies are unsecure

The

Government 1

attacks the

other countries (Government

and companies)

 Cyber Way is reality

If the attacker

also knows the

vulnerability then all countries

will be unsecure

Attacker

(22)

22 Governments

Vulnerability: Summary (4/4)

Why does this make no sense?

Kant’s “Categorical Imperative”

 Ethical problem

Prisoner’s Dilemma

 Economic problem

War strategies

 Policy problem

Act in such a way that such actions

would be appropriate as a universal law.

A

B

A

cooperate

A

defect

B

cooperate

win

ego win

0 B

defect

0 ego win

0

0 Don’t Throw Stones

From a Glass House

(23)

Highly motivated and skilled attackers

Too many vulnerabilities available

The attackers are operating in secrecy

from almost anywhere in the world

They use a lot of computers (Malware, botnets)

with unlimited power

23 Attacker

 Assessment

(24)

The criminal organizations use the vulnerabilities in our

technologies and the non-perfect IT security mechanisms

very effective

A

successful business model

produces a

successful

underground economy

We see an innovation in attack models and the attackers are

getting more professional

24 Attacker

(25)

25 Attacker

 Damage Model

private budget A (

in: salary, …

out: internet, damage, …

)

private budget B (

in: salary, …

out: internet, damage, …

)

private budget C (

in: salary, …

out: internet, damage, …

)

…

business budget X (

in: internet, …

out: damage, …

)

business budget Y (

in: internet, …

out: damage, …

)

business budget Y (

in: internet, …

out: damage, …

)

…

attacker budget (

in: hack, …

out: botnet, malware, …

)

_{Other damages}

Image loss

Loss of reputation

Indirect financial losses

(26)

26 User

 Assessment

Developments and changes in the Internet are faster than ever.

The users always need to adapt knowledge to act in the right way.

The protected values are constantly rising.

Internet users need to know the problems of the Internet or

they harm themselves and others!

Internet competence

Don´t click on every Web-link or attachment of e-mails

Use anti malware solutions, personal firewall, automatic updates, …

…

(27)

27 User Companies

 Assessment

They do not enough for the IT security

Example: Insecure websites in the field

Today most of the malware is distributed by insecure websites

2.5 % of the German measured websites are infected with malware.

(



US ~ 1.01;



Japan ~ 0.51; …)

Reasons for insecure websites

Many websites / webservers are not implemented securely

Patches are not or very late installed

There is no responsibility for own websites!

(28)

28 IT Producer Companies

 Assessment

Reliability of IT products and IT services

We need much more responsibility / reliability by the companies which

offer IT products and IT services.

At the moment the big IT companies like Apple, Google, Facebook and

Microsoft show us what we need.

The market is producer driven.

But they don´t take the necessary responsibility

for their products and services.

Business model: “Paying with personal information”

Playing Monopoly

(29)

29 How global is the village Internet

 Cyber War

The probability of a successful cyber war is very high

The US and Israel fight against Iran (Stuxnet).

China and the US fight against the rest of the world and against each

other.

No soldiers have to die; you can organize and make the cyber war

from the office.

But who is our friend and who is our enemy in the global village

Internet?

How important is the origin of IT technology?

Most important software companies come from the US

A lot of important hardware companies come from Asia

Some important industry technologies comes from Germany

…

(30)

 Ethic of new Technologies

3D printer

Producing guns at home

Google Glass

Promotes privacy problems in the real world

Drone

Like a computer game

…

(31)

 Prof . Norb ert P ohlm ann , Ins titute for I ntern et S ecur ity -if (is), W estpha lian U niv e rsity of A pplie d Science s Ge lsen kirch en, G erm any

Traffic System

 Our society has learned to organize the mobility

31

(32)

32 Content

The interconnected network Internet

and some conditions

IT Security and IT Risk

The possible future of the Internet

Assessment of the Internet Players

Future Contribution

of the Internet Players

(33)

33 Future Contribution

Attacker

None !

All other players have to destroy the business model of the attacker!

Only ethical hacking under open rules!

(34)

34 Future Contribution

Governments (1/2)

We really need responsible governments and politicians !

(Not a strong lobbying!)

We want one common global Internet

But we have 190+ different Governments worldwide

We have to find out which part of the governments´ responsibility

is global and which part is local

How can the Governments help

to create a common Internet culture?

Local responsibility of the governments

should be:

All military stuff

Needed legal frameworks

…

Government

3 Government

1 Government

2 Government

X

Internet

(35)

35 Future Contribution

 Governments (2/2)

Global responsibility of the governments should be:

Promotion of international security infrastructures for identification,

authentication, e-mail-Security and so on

reach international enforcement,

teach the users the appropriated Internet competence

share security relevant information with all other players so that we can

realize collaboration between the defenders

and so on.

Government

3 Government

1 Government

2 Government

X

Internet

(36)

36 Future Contribution

User Companies

More IT security for the 5 % important data of the company

More IT security awareness for the employees

(37)

37 Future Contribution

IT Producer Companies

IT Producer Companies

More secure and trustworthy technology

Secure Software Development (Bug-free Software)

Secure Engineering (e.g. right integration of SSL, …)

Have to make the windows much shorter between the discovery of

vulnerability and the integration of appropriated updates!

More reliability for the technologies and services

Appropriate Business Models (Data protection, privacy)

IT Security Producer Companies

IT security solutions which protect us much more sufficiently

…

(38)

38 Future Contribution

User

The user have to take the necessary responsibility

Build up an Internet competence

Use the needed IT security solutions

Be responsible for the future!

(39)

39 How global is the village Internet?

 Common culture development

Laws follow culture. So it is important to develop a common culture!

An old sociological paradox (David Loy):

We as users together have to organize a common force!

consumer association (Evaluation of products and services, …)

If the users like to have a global village Internet,

then the users should create such a society

Society

but

society

also creates people

Society

Our

economic

and

political systems

are not neutral!

People

create

society

(40)

Content

The interconnected network Internet

and some conditions

IT Security and IT Risk

The possible future of the Internet

Assessment of the Internet Players

Future Contribution of the Internet Players

(41)

41 How global is the village Internet?

 Summary

Every player in the Internet has his own target!

We as human beings have to take the responsibility for our common future

The responsibility as a player in the Internet as

An User

An Attacker

A Government employee

A Company employee

Let us create together a common secure and trustworthy

global village Internet !

(42)

Prof. Dr.

(TU NN)

Norbert Pohlmann

Institute for Internet Security - if(is)

Westphalian University of Applied Sciences

Gelsenkirchen, Germany www.if-is.net

Thank you for your attention!

Questions?

How global is the village Internet?