An Insider's Look at International Cyber Security Threats and Trends

Video thumbnail (Frame 0) Video thumbnail (Frame 2386) Video thumbnail (Frame 3085) Video thumbnail (Frame 4009) Video thumbnail (Frame 5206) Video thumbnail (Frame 5903) Video thumbnail (Frame 6767) Video thumbnail (Frame 7626) Video thumbnail (Frame 8769) Video thumbnail (Frame 9436) Video thumbnail (Frame 10422) Video thumbnail (Frame 11622) Video thumbnail (Frame 12808) Video thumbnail (Frame 14076) Video thumbnail (Frame 14889) Video thumbnail (Frame 15686) Video thumbnail (Frame 16810) Video thumbnail (Frame 17935) Video thumbnail (Frame 18637) Video thumbnail (Frame 19745) Video thumbnail (Frame 20751) Video thumbnail (Frame 21493) Video thumbnail (Frame 22233) Video thumbnail (Frame 22865) Video thumbnail (Frame 26287) Video thumbnail (Frame 27216) Video thumbnail (Frame 28155) Video thumbnail (Frame 28989) Video thumbnail (Frame 30849) Video thumbnail (Frame 32356) Video thumbnail (Frame 32988) Video thumbnail (Frame 33881) Video thumbnail (Frame 34900) Video thumbnail (Frame 35521) Video thumbnail (Frame 36345) Video thumbnail (Frame 37069) Video thumbnail (Frame 37903) Video thumbnail (Frame 38644) Video thumbnail (Frame 39406) Video thumbnail (Frame 40282) Video thumbnail (Frame 41063) Video thumbnail (Frame 43722) Video thumbnail (Frame 45686) Video thumbnail (Frame 46690) Video thumbnail (Frame 47853)
Video in TIB AV-Portal: An Insider's Look at International Cyber Security Threats and Trends

Formal Metadata

An Insider's Look at International Cyber Security Threats and Trends
Title of Series
CC Attribution 3.0 Unported:
You are free to use, adapt and copy, distribute and transmit the work or content in adapted or unchanged form for any legal purpose as long as the work is attributed to the author in the manner specified by the author or licensor.
Release Date

Content Metadata

Subject Area
Verisign iDefense General Manager, Rick Howard, will provide an inside look into current cyber security trends with regard to Cyber War, Cyber Hacktivism, and Cyber Espionage. In this presentation Rick will discuss the current capabilities, tactics, techniques and procedures used by various cyber security cartels in key regions around the world. Finally, Rick will describe the idea of a Cyber Security Disruptor; new ideas, technologies and policies that will fundamentally make us change how we protect the enterprise. Rick Howard spent the last five years working as the iDefense Intelligence director and is now the general manager of the business. Prior to joining iDefense, Rick led the intelligence-gathering activities at Counterpane Internet Security and ran Counterpane's global network of Security Operations Centers. He served in the US Army for 23 years in various command and staff positions involving information technology and computer security and spent the last 2 years of his career as the US Army's Computer Emergency Response Team Chief (ACERT). He coordinated network defense, network intelligence and network attack operations for the Army's global network and retired as a lieutenant colonel in 2004. Rick holds a Master of Computer Science degree from the Naval Postgraduate School and an engineering degree from the US Military Academy. He also taught computer science at the Academy from 1990 to 1995 . He has published many academic papers on technology and security and has contributed as an executive editor to two books that Verisign iDefense personnel have written: "Cyber Fraud: Tactics, Techniques and Procedures" and "Cyber Security Essentials." Twitter: @raceBannon99
Enterprise architecture Open source Cybernetics Observational study Code Real number Point (geometry) Execution unit Open source Informationstheorie Theory Twitter Sign (mathematics) Data management Personal digital assistant Hacker (term) Military operation Operator (mathematics) Right angle Cybernetics Information security Hacker (term) Information security Game theory
Presentation of a group Right angle
Enterprise architecture Process (computing) Causality Military operation Operator (mathematics) Entire function
Programming paradigm Different (Kate Ryan album) Operator (mathematics) Self-organization Right angle Informationstheorie Form (programming)
Right angle Informationstheorie
Point (geometry) Maize Cybernetics Code Mathematical analysis Right angle
Internet forum Different (Kate Ryan album) Multiplication sign Data conversion Open set Information security Perimeter Number
Category of being Vulnerability (computing) Self-organization Right angle System call Computer programming Perimeter Vulnerability (computing) Number Sound effect
Maize Process (computing) Cybernetics Software Term (mathematics) Code Plastikkarte Bus (computing)
NP-hard NP-hard Internet forum Confidence interval Confidence interval Information security Attribute grammar
Coefficient of determination NP-hard Film editing Cybernetics Term (mathematics) Formal grammar Self-organization Right angle Game theory Computer programming
Computer virus Antivirus software Game controller Email Code Data acquisition Block (periodic table) Multiplication sign Structural equation modeling Bit Physical system
Hacker (term) Right angle Bit Circle Information security Semantics (computer science)
Estimator Personal digital assistant Internetworking Code Chain Materialization (paranormal) Maxima and minima
Cybernetics Code 1 (number) Theory Infinity Theory 2 (number) Revision control Proof theory Vector space Internetworking Routing Proof theory
Email Arithmetic mean Code Real number Real number 1 (number) Videoconferencing Theory YouTube Proof theory
Sign (mathematics) Code Order (biology) Exploit (computer security) Self-organization Device driver Public key certificate Window
Point (geometry) Area Slide rule Block (periodic table) Bit Right angle Mereology Public key certificate Theory
Game controller Nuclear space Code Plastikkarte Informationstheorie Machine vision Number Twitter Frequency Computer crime Rootkit Atomic number Hydraulic motor Physical system
Computer virus Execution unit Scheduling (computing) Latent heat Link (knot theory) Public key certificate Physical system 2 (number)
Execution unit Internet forum Planning Denial-of-service attack Public key certificate Punched card
MIDI Business informatics Code Chief information officer Sound effect International Date Line
Membrane keyboard Software Cybernetics Vector space Multiplication sign Weight Maxima and minima Computer programming Physical system 2 (number) Condition number Row (database)
Service (economics) Nuclear space Multiplication sign View (database) Computer program Nuclear space Planning Sound effect Line (geometry) Public key certificate Computer programming Planning Spring (hydrology) Personal digital assistant Backup Information security
Cybernetics Vector space Game theory Cybernetics Information security Theory Physical system
Causality Wave Mathematics Process (computing) Prisoner's dilemma Lemma (mathematics) Cybernetics Information security Theory
Radical (chemistry) Causality Mathematics Momentum Multiplication sign Lemma (mathematics) Cybernetics Information security Symbol table
IBM PC Causality Lemma (mathematics) Reduction of order Hard disk drive MiniDisc Cybernetics Information security
Causality Business informatics Multiplication sign Lemma (mathematics) Floppy disk Cybernetics Information security
Radical (chemistry) Causality Data management Mathematics Multiplication sign Lemma (mathematics) Floppy disk Information security Cybernetics
Integrated development environment Counting Cybernetics Information security Mereology Event horizon
Enterprise architecture Integrated development environment Term (mathematics) Information security Cybernetics Mereology Information security Computing platform
Enterprise architecture Integrated development environment Expert system Information security Cybernetics Event horizon
Antivirus software Enterprise architecture Integrated development environment Cybernetics Firewall (computing) Intrusion detection system Decision theory Computer-generated imagery Information security Cybernetics Information security
Domain name Point (geometry) Enterprise architecture Domain name Dot product Enterprise architecture Service (economics) Combinational logic Cloud computing Bit Line (geometry) Formal language Prime ideal Mathematics Arithmetic mean Integrated development environment Intrusion detection system Energy level Right angle Cybernetics Information security Extension (kinesiology)
Domain name Enterprise architecture Complex (psychology) Cloud computing Line (geometry) Data management Direct numerical simulation Mathematics Data management Integrated development environment Internetworking Energy level Quicksort Extension (kinesiology) Communications protocol Address space Spacetime Physical system
Category of being Enterprise architecture Mathematics Integrated development environment Cybernetics Insertion loss Cybernetics Information security Information security Physical system
Enterprise architecture Cybernetics Vector space Bit Information security Cybernetics
Right angle Informationstheorie
so my name is Rick Howard and I am the I defense general manager I defenses a open source cybersecurity intelligent shop it's a business unit of a bear sign we're going to talk about insiders look at international cyber security threats and trends okay but this is really what
we're talking about open source hacking we're not talking here about hacking code we're really talking about finding information by just kind of perusing around and talking to people finding out what's out there in the open and putting the stories together alright so these are the three things we're going to talk about two case studies operation Aurora and sucked in that story we're not talking about the the the hacks that went involved there but really the impact of those stories and finally we're going to talk about what we thinks coming down the future this something called a cybersecurity disrupter but and these are the three things i want you to get out of this talk when you come out of here first that cyber espionage is a real world threat to the commercial industry now most of the people in this room know that already okay but okay most of the commercial industry didn't really know that until Google went public with their hack back in earlier 2010 the second one is that cyber warfare is not the longer a theory more but the fact now I'm talking about nation-states declaring cyber war on each other what we're talking about here is actually being able to do cyber warfare activities to critical infrastructure all right we'll talk about that and finally we'll say some new technologies ideas policies coming down the pipe that are going to make us change fundamentally change how we protect the enterprise going forward all
right before I get into this I know this is a fairly technical audience okay but I also know there's a bunch of government folks in here and some lawyers so I want to get a feel for how technical the crew is so show of hands here how many people have one of these phones on their pocket right now okay how many have to alright how many have three okay okay okay okay they're real geeks are the crowd right over here okay all right how
many have this phone raise your hand okay cup some of the lawyers and a couple of government guys back there all right so I declare that you guys are technical enough to get this presentation all right let's talk with
start with operation Aurora okay the
reason I like to talk about Aurora is because this attack fundamentally changed how we all think about the enterprise it completely changed the entire thought process of the commercial industry okay so it made it there are actually five different things that made this attack unique there's been a bunch of attacks after this that kind of go along with it but this was the first one that changed cause everything to change
and the first one is that Google went public with the information can you imagine any other commercial organization doing that all right that has never ever happened before all right and they went public who they thought it was they said the Chinese government went after them okay that's never happened before in a public forum so that made it kind of scary made the whole operation a little bit different
okay and before Google went public with this most commercial companies thought that they went public with this kind of information their reputation would be damaged in some some form okay when Google went public and said you know as much about 20 companies were hit by this attack defense contractors information technology companies banks chemical companies and then that's what it pretty much smashed the entire paradigm about how you report this kind of thing in
fact Google's reputation went up if you remember everybody thought they were the bee's knees when they went public of that information and they got support not only from the private sector but from the government sector okay so this has never ever happened before it caused us to change how we think about the
business all right the second reason was
the US government support Secretary Clinton came out immediately after Google went public and gave them public support and said we think Google's right and we think China is behind the attacks
okay now the government is known about these kind of attacks were armed for a decade even over a decade at this point they've have really cool code names moonlight maze and tight and rain to talk about cyber espionage attacks that basically the bad guys come in collect all the information and bring them back to some nation-state or further analysis okay in fact other countries besides the
US have outed China before like Chancellor Merkel but never for a specific attack just for the general we know you're doing it we want you to stop kind of a thing okay but the Secretary Clinton on this attack said we think China didn't we want them to stop right
you've actually in two public forums okay said we're coming we think you guys did it and we want some answers forum you in two different times okay she's pretty much picking a fight with him she's actually traveling through Asia what this whole thing was going down all right and she met with her counterpart for China and after a three hour long session they came out and said this quote and I like it anytime to politicians come out and say they had a very an open candid conversation about something that means that conversation was tense that's what I'm thinking okay
number three okay the Google asked the NSA to come in and help them okay think about that all right wait got a couple chuckles over here right yes Google asked the NSA to come in and help now to be clear the NSA came in to help them with security expertise and how to defend the perimeter and best practices and those kind of thing there was no intelligence gathering about that all
right but the program was so successful that NSA the NSA formalized it into something called perfect citizen all right that means that any US company that has trouble trying to secure their perimeters they can call the NSA and they will send Raytheon contractors out to help them figure this out so they do vulnerability assessments and capabilities research all right so that's something that's never ever happened before and something that makes it very unique to this kind of an attack
number four this is the wake-up call for the commercial industry like I said government knew about it for over a decade most commercial organizations didn't really want to talk about it they would always say what do I have to steal okay but after the google thing came out they all realize they have all have intellectual property they need to worry
about and protect and we learned about this new phrase the advanced persistent threat okay everybody know the trivia why we call it the advanced persistent threat the story okay like I said the
government has these really cool code names called moonlight maze and tight and rain and in fact Byzantine Hades came out in the WikiLeaks documents last year sometime these are all code names that mean that referred the same kind of attack process but what happened was the government had no way to communicate this to the commercial sector so they had to have another phrase they could use to do that so some very smart Air Force Major said you know what we're going to start calling it the advanced persistent threat and that's why that term got coin all right so that's why we all at this new buzz phrase for our entire industry I call it cyber espionage okay that's what it is all right is bad guys come into your network stealing your secrets and trying to do something with him later on down the road in fact it's such a big deal that
apt was unheard of before the Google attacks in 2010 but by the end of 2010 security leadership and big companies are saying apt was their most worried about threat in their company which
brings us to fight maybe actor
attribution isn't as hard as we always have thought it was that is hard to get to figure out who it is and I do not know who did the attacks against Google okay nobody knows that in the public forums okay but maybe it's not impossible to figure this stuff out you got to think that if someone as high as Secretary Clinton is outing China in public forums that she had her confidence was pretty high that she know who did it all right now I'm not saying she did know how to do it and she may have had some other political levers she wanted to pull but I'm just saying confidence should it must have been fairly high for he'll make that come
true it's she pretty much triple dog dared them do something about it all
right so maybe after activation is hard but maybe it's not impossible all right
so the five things that made the Google attacks really a game changer for our industry is that Google went public no commercial organization would like to do that the cut the US government publicly back google in there affirmations the innocent at Google formed a partnership which became a formal program ok and the commercial industry probably woke up and said you know what this advanced persistent threat stuff is real and we need to do something about it and finally maybe after I tribution isn't as hard as we originally thought all right so that's all about cyber espionage and how the commercial industry has really come to terms with this new kind of threat let's move over to
Stuxnet everybody knows about suction
has been the in the news for the last year or so but let's just kind of go through the timeline a little bit all right so this is back in June of 2010 an antivirus company called virus blocker though all right now virus blocker that is a Belarusian antivirus company and that is the best name for an antivirus company ever come on if you're going to maine something something i would call it virus block it up come on that's funny that's what I thought okay so they come out in June 2 2010 and they say there's a new piece of mail code out there called Stuxnet that targets Siemens industrial control systems and these are the SCADA systems that we've been all been talking about for the past decade we've all known in this room that SCADA systems were unsecured all right so finally someone did something in the world world to prove it this is supervisory control and data acquisition systems all right and we time moves
forward a little bit in the sep tember of 2010 the security committee that's you people in here started to say you know what looks like this might have been a nation-state attack okay this wasn't a bunch of hackers in the basement doing this this is somebody that had resources and they were trying to have a they were trying to get something accomplished right in fact they were targeting the Natanz power plant inside Iran all right and the reason is the tance produces enriched uranium and it looked like the people that launched the attacks are trying to decorate their ability to do that and the reason is if you take a look at
semantics semantics did the bulk of the work on this I'm pulling this outfit apart and they really hit the ball out of the park for this so those guys that did that my hat is off to them this is a chart from their dossier on what happened with the with Stuxnet and it's hard to read but let me just tell you what it means they showed that Stuxnet kind of floated around the entire world but the bulk of it ended up inside Iran that pink circle there and that darker red that is Iran sixty percent of Stuxnet infections were inside of that country so maybe it was targeted attack inside of Iran now these two semantic
and partnering with us Institute for science and international security said this is how we think they got the Stuxnet into the the power plant inside of Iran because the power plant was not connected to the Internet now there's been rumors on the internet that the some bad guys are the attackers dropped us beads sticks all around that's how they got floated in that's probably true okay but the attackers targeted the supply chain from the detent power plant they went after four companies inside of Iran that's applied materials into the power plant and waited for it to percolate into the plant and that's what they did first strike for Stuxnet was somewhere june 2009 the case when the first infection started to show up inside them the tams
now the UN likes to watch in the tents because they're very worried that Iran is trying to produce an atomic bomb there so they are watching very carefully how much uranium is produced in that facility okay and their estimate between 2009 and 2010 about a thousand centrifuges were destroyed by the Stuxnet mal code and that was just the
beginning in fact if you listen to some of the stuff that samantha has said in the internet of the Institute for science and international security Isis okay they think there are probably two attacks two attacks the being there's one in 2009 that was the initial launch and then in 2010 there was a second version of code inserted infinite ants and nobody's really sure what that second version did but it was definitely an upgrade to the in route to the initial code now this is what I'm
talking about this is where we have moved from cyber warfare going from speculation and theory to proof of concept and I mean to real being a fact out there all right now the reason I'm saying is is now possible to use a cyber vector alone to destroy critical infrastructure we have not seen that in the real world really until the Stuxnet attacks we've had demonstrations of that capability these are the ones everybody trots out the Estonia attacks to Georgia attacks you can even look at the the
department of energy's idaho lab this is back in two thousand seven when they destroyed an industrial-strength generator through some piece of mail code everybody seen that video on youtube you can see it if you wants pretty impressive to watch that thing destroy itself but that was in the lab scary but no one's really done in the real world okay with Stuxnet is now in
the world where do we need to worry about it and the code as you all know is extremely sophisticated now this is one of my pet peeves all right when I when someone like me stands in front of a crowd like this and says something was sophisticated what's the first question you should ask compared to what because if nobody tells you what its sophisticated to then it really doesn't mean anything everything is sophisticated let me tell you why Stuxnet was sophisticated there are
three really big reasons okay there were 40 days inside that code we're not talking about the the code that did this the damage to the centrifuges in the tents we're talking about the code that got them in 40 days and I defense we track how much that kind of stuff costs on the underground and it can go anywhere from cola casa this package anywhere from 4,000 to almost two million dollars just for the zero days ok so somebody built that stuff themselves or paid to have that stuff built or most likely was a combination of the two but they were well financed in order to get this organization malco into the power plant the second they use
new technology that we had never seen before windows server 2008 and windows vista microsoft introduced the new idea of driver signing the idea would be that if i have a third party writing for microsoft i would suck they would sign their code and if it colonel would check it when it ran it had a valid certificate than it wasn't malko okay what these guys did was sign Stuxnet with two different certificates from two legitimate companies okay and that got through the radar alright and if you
want to get the conspiracy theories out here a little bit those two companies realtek and jay micron there within a block of each other inside that I want on the technology corridor okay it blocked from each other now that kind of points to the fact there may have been an insider person trying to grab those two certificates all right we have people on the ground in those areas and we know that there are lots of intelligence acs that like to hang out on that little corridor because there's all kinds of interesting things going on there okay so put that in your conspiracy at all right when microsoft
in verisign noticed that those certificates were bad we revoke them now I just want to point out as in the side look at that verisign logo that is the old bear you look at the bottom right on my slide you see the new verisign logo okay we sold that part of the company to symantec last summer that's their fault okay thank you all right in fact this is
such an interesting new trend we've seen the bad guys on the cybercrime side start to use this technique to steal your credit card information too so it's a new technique that we started to see with Stuxnet right now number three is
the first rootkit we've seen in the real world targeting SCADA systems okay now think about what this thing had to do okay what they were really trying to destroy was the centrifuges inside in the tans now over on the left you see the President of Iran walking through a bunch of cascades those silver things inside those cascades are 164 centrifuges and what they do is they spin around really fast between the frequencies about 807 hurts and 1210 hurts and you put uranium gas inside the centrifuge spin it around really fast the heavy atoms collect to the outside and the technicians pull that out that's enriched uranium okay and you need to RIT enriched uranium to build nuclear power and you need an enriched uranium to build a nuclear bomb in fact ninety percent of the nuclear bomb has to be enriched uranium so this Stuxnet code was looking for these specific centrifuges running at these frequencies in fact if it didn't see it it wouldn't do anything we just stayed dormant okay but if it did find it it would do some damage to it okay in fact it was looking for two specific motors running these centrifuges one built by an Iranian company called Ferraro piatt that's my best guess at that and another finnish company called Vacon if those two motors weren't there Stuxnet didn't do anything it just SAT idle but if it did find it okay it went after the scent reviews itself and what it did was it would spin the centrifuge up to max speed as fast as it can go and let it run there for about an hour okay and then it would drop it down to normal and let it sit for 30 days okay and then it would drop it down to two Hertz and running at a very minimal speed for about 30 minutes and then we pick it back to the normal speed and let it run for 30 days and it would do that over and over and over again Stuxnet was sit in the middle between what the controllers were telling visions all right and then when the controllers hey this isn't working very well it would intercept that message and tell the technicians that everything was a-ok all right the centrifuges okay are very precise equipment and they started to fail immediately when these things started to happen okay so that's wife Stuxnet is sophisticated all right so
well financed new technology and the first piece of malko we've seen targeting SCADA systems and very specific schedule systems are running inside of the detached power plant in Iran all right so let's go back to the
timeline virus blocker de announces to the world that Stuxnet has been discovered in june of 2010 okay if you
go down just a month now the microsoft and verisign they revoke their certificates from realtek now pay attention to the timeline this is where it gets very interesting ok this is July sixteenth I can't even read that but somewhere in the second link of July
okay the very next day the attackers install the second certificate okay the very next day that implies there's a punch counterpunch going here the attackers were anticipating that someone's going to discover that they were ready to install a new one and did it immediately and if that's not enough to convince you okay on the same day
denial of service attacks were launched at two very prominent SCADA forums on the same day it's as if the attackers we're trying to prevent the community from talking about it alright so think about that that is a battle plan going on here that is a punch counterpunch the attackers were ready for that and they had something in their back pocket to countering all right finally Microsoft
embarrassed on revoked the second certificate and make the mal code not install any new copies so let's fast
forward into September this guy huh mid alipore he's like the CTO or CIO or CSO of Iran and he reported in the public okay that almost 30,000 computers were infected with Stuxnet and the UN watchdogs are reported that at least half the centrifuges in the detached power plant were idle that's half of 9,000 centrifuges ok so if Stuxnet was having its effect all right so fast
forward in the membrane this is where it gets very interesting the the technicians inside the detent power plant they shut the system down for over 10 days presumably to get rid of Stuxnet off the network so we go they turn it back on after a week and hold your hat this is where the conspiracy nuts come out of the woodwork here okay so this is the next step okay in preventing Iran from producing enriched uranium they
assassinated or at least tried to assassinate two scientists in Iran these two scientists were coming to work in the morning okay motorcycles pulled up alongside their car attached bombs to their car and blew them up okay the first guy he's dead okay the second guy in critical condition all right and many surviving he eventually takes over the program later so think about what this means though all right the attackers goal was to stop uranium enrichment going on in the tans they threw cyber vector in there with Stuxnet were able to damage it for a while slow it down when are the Iranians shut down the net and took it off the network they went to the next step and started going out to their personnel okay this is the first time we've seen a cyber record like that associated with that kind of violence okay so we are in a new world ladies and gentlemen okay something kind of scary
so take a look at the battle plan here this is kind of the long-range view of how the attack happened okay you got to admit that there was some planning going on here so there's the campaign planning some time in 2008 probably the first strike in 2009 second strike in the spring of 2010 and that's when right about a thousand centrifuges were first destroyed then comes the next skirmish in the battle the battle for the certificates the good guys find out where at least the victims or the the professional security community said oh we know it's bad let's revoke their certificates bad guys put a new one in we take that one back out so that's kind of a skirmish going on there and the denial service attacks the fourth one that finally is the Natanz coming off line going back online and then the attackers going after the Iranian scientists okay what I'm trying to show here is this was an an adversary who had a battle plan they knew what they wanted to do okay and they had backup plans in case something went wrong and I hope you can see that in that timeline so the
question is how effective were the attacks according to the US and Israel the nuclear program in Iran was delayed until 2015 okay but according to the ISIS there was no effect even with all the damage and all the delays in the tents the Iranians were still produced as much uranium enriched uranium as they were supposed to produce the truth is probably somewhere in the middle we probably won't know for a couple of years all right so what do we get about
all this first that the Stuxnet attacks were sophisticated okay new technology well financed and targeting SCADA systems at your dinner party tonight one thing you could say that's interesting is we don't think it's China and we don't think it's Russia and that's kind of refreshing it's usually those guys in the spotlight okay so it's not probably not those guys but the real thing you want to get out of this is that cyber war has moved from theory to fact that is not possible to destroy critical infrastructure with nothing but a cyber vector alone so we are in a new ball game okay dead silence you guys okay out there okay good let's move over to
cybersecurity disruptors all right so
what is a cybersecurity just repres guy Clayton Christensen he wrote this book called the innovators dilemma in 1997 and it's about business disruptors his theory was that there are new things coming down the pipe that fundamentally changes a business and in the what that
thing is there's some new innovation that nobody anticipated okay and what happens is it makes the entire community have to change how they run their business okay and what happens during this process is some businesses that are not ready for the change they fail because they aren't fast enough to pick up the pace so they don't catch the wave and fast enough to make the change all
right so these are new business catalyst and these aren't slight improvements to technology but radical new changes you know how we do it now any math peaks in the world in the audience math geeks come on okay what is that symbol that's a radical come on that's my joke for the day radical and okay for them all right now these new technologies we are really niche when they first come
out okay but over time they build momentum and the best practices that we've had in place whither and die as these new things take their place now
the example that Christensen uses is the reduction of hard drive size from the 1960s to the 1990s the one I'm going to
talk about here is the battle for the five and a quarter inch disc in the 8-inch disc anybody holding up in the room to remember the first IBM PC marketing campaign okay they used a little tramp as their as their ok I've got some old guys in here I know you're old enough to know that okay all right you guys are probably carrying these
phones okay it's older than that that's
right alright so the dominant floppy drive at the time was the 8 inch floppy drive and that was used in many computers at the time these things were high-end and cost a lot of money ok the
does that mean it's not me I swear it's not me alright so when IBM built the first pc they decided to go with the five and a quarter inch floppy
commercial off-the-shelf really cheap okay and what happened is that the manufacturers of the 8 inch floppy didn't really anticipate the demand and these are the four companies that were making floppy drives at the time only one of these guys survive in Metropolis and according to Christensen they only survive through Herculean efforts by the management team to turn their plants around and start producing five and a quarter inch floppies so that's what a
business disruptor is new innovation that comes out that completely changes the business like again not slight improvements but radical changes in innovation to make everybody change all
right so that's what a business disruptor is at high defense we think there are cybersecurity disruptors new ideas policies technology events coming down the pipe they're going to fundamentally make us change how we protect our environments these are
cybersecurity catalyst and respecting five to ten years down the road for these kinds of things again now this is the important part about a cybersecurity disrupter okay these aren't just new ideas or things these are things going to make us change how we do our business so unless they make us change they don't count as a cybersecurity disrupt
alright so I defensive identified obtained of these things and these are then we're going to talk about a couple of them in this pitch all right now
thing you have to remember about cybersecurity disruptors you think of them in terms of a triple ok you going
to worry about what the concept is so the concept would might be the mobile platform ok the impact is what does that
do to your enterprise by instituting something like a mobile platform in your environment and finally the last part of the triple is how is it going to make you change your security posture so that's what a triple is is that really
me oh they're doing boy ok I was going to say I am an expert but dollar by the way ok sorry I know I went too far
enough ok all right so consider this timeline ok at the far end is the event horizon 2020 ten years is about as far as we want to go predicting these kinds of things 2005 is really where our best practices are okay these are the things we all have in place in our environments to protect our enterprises these are
things like firewalls intrusion detection systems and antivirus stuff
okay in the middle here 2010-2011 is where leaders are making decisions about what technology to bring into their enterprise okay this is where we're trying to help out here I thing to
remember is that there are going to be early adopters of these cyber security disruptors okay these are folks that have realized that this technology may not be ready for their environment there's going to be lots of bumps and bruises that you install it but they feel there's a need and they need to have it already so there's going to be early adopters all right not going to
talk about all 10 because that would take the next five hours we're only talking about three of these things remember going to talk about triples and I'm going to tell you about when we expect to see them and if there are
early any early adopters the first one is the combination of top-level domain extensions and international domains all right so the concept is let's talk about top-level domain extensions first okay up to this point we've had the traditional commnet busy d you in about a year or so you're going to start to see a bunch more okay if you have enough money you can have your own top-level domain it could be a da trick or can be a dot def con or be a dot I don't carry it doesn't matter if you have enough money and they're going to be expensive okay there's going to be these new names out there that we're going to have to contend with and coupled with that is this idea of international domains up to this point that every all the domain names that we've had have been in English okay but Prime 2012-2013 you're going to start seeing domain names in Chinese in Farsi and any kind of other language that who wants to play with this kind of experiment so those two things together is the concept here that is going to make it a cybersecurity disruptor the impact here is this is just one of them probably for this combination is that black this are going to be unmanageable at the enterprise because you're just not going to want to mess with this anymore you're not going to have the wherewithal to deal with it so the change in your environment we're going to start to see companies outsource their blacklist capability to cloud computing folks okay so that's that's what we expect to see all rights probably are going to start to see these services merge inside the enterprise by 2015 and this year and last year i can has authorized this these two things from happening the top level domain extensions and the international means they keep pushing the line back a little bit but expect to see it in 2013 by at the eat by the latest i thing all right
let's talk about where am I out here Oh ipv6 and domain naming the DNS SEC extensions that's what this is all right so that's the concept DNS SEC extends even to any of the Kaminski talks you know that that's coming down the pipe the top level domains are ready for that kind of thing and the introduction of ipv6 the new IP protocol that's going to replace v4 what that means to the enterprise is that IP management has just become very complex ok in the change is your this guy you have in the basement managing your DNS system it's probably going to go away ok they're probably going to want to outsource that stuff to some cloud computing environment also all right so respect to see this kind of thing in 2013 in 2010 ok this is a Gartner chart let me just read I know it's a hard thing to read let me tell you what that means the green line is the size of the Internet the blue line is the size of the ipv4 pool and the v6 I mean the red line is the v6 deployment Gardner predicted there would be two to five years in this is 10 2010 now they predicted we had to five years before we ran out of v4 space that happened last year there are no more be4 addresses okay so for the next couple of years there's going to be sort of a black market this company's sell their before space that they're not using but eventually we're going to run into v6 we're going to have to manage it okay all right next is apt I talked
about the ABT with Google that's the
concept okay the impact is and I think this is what the commercial industry has really figured out okay that their intellectual property is seriously at risk and we need to do something about it and the change for their environment is I think data loss prevention systems are going to start being installed by the number okay through the enterprises we're going to start seeing that around 2013 there's going to be best practices there are early adopters now people are deploying this technology right now but they're they're getting scarred by it because it's very complicated and very expensive but they're learning the lessons for all of us as we start to do this ourselves okay and we talked about Google in 2010 and why that was important alright so that's cyber
security does robbers let me just put all them on the timeline here just so
you guys can see them this is where we think they're going to be in the next 10 years and this is where the early adopters are real quick all right so let
me just recap what a cybersecurity disruptor is new ideas technologies are going to make you fundamentally change your enterprise and I talked about three of them here all right so I'm at the end
let me recap a little bit these are the three things i want you to get out of that the commercial industry should have awoken by now that cyber espionage is a real threat that cyber warfare is real not that nations have declared cyber war on each other that it is possible to destroy physical stuff on the in the world with a cyber vector alone and there are new things coming down the pipe they're going to make you change how you do your business let me just
finish up by that we've written a bunch of books of that defense please buy them I have to put my daughter through college all right and if you want any more detailed information about some of the stuff I talked about here that white paper down on the bottom right I will gladly give it to you just email me or come see me afterwards and I will gladly get you a copy so that's it thank you very much and we're done here you