Helping the Good Guys Wearing the White Hats: Academic Leaders Security Industry Toolbox

Are you who you say you are?  Stanford University’s School of  Engineering “…course instructors worked with Department of Defense (DOD) and intelligence experts to come up with 20 problems the class could tackle. Among them is an exercise sponsored by the National Security Agency called “detecting catfishing.” Catfishing involves assuming an online persona that conceals a person’s true identity. The challenge for the Hacking 4 Defense teams is developing ‘a technique to score how likely it is that a given online persona is who they claim to be, and how that conclusion was reached’.”  https://defensesystems.com/articles/2016/04/07/dod-silicon-valley-hacking-4-defense.aspx Defense Systems Article, DOD, Silicon Valley team up on ‘lean startup’ approach BY GEORGE LEOPOLD dated APR 07, 2016.

How do you know if the person is who they claim to be?  It is entertaining to watch as a Netflix show it is not entertaining when “you” did not make that withdrawal, create that new business or hack 1.5M accounts.  Re-using old attacks, building new botnets and ransoming businesses it not the next summer blockbuster it’s what’s happening today in cyber security.  Let’s begin our discussion…

Top 12 Predictions from Leading Cyber Security Experts 2016
http://www.ibmbigdatahub.com/presentation/top-12-predictions-2016-leading-cybersecurity-experts
This is a summary of 12 predictions demonstrating the steps industry and businesses are starting to understand must be undertaken to have a much more realistic grasp of the threats in today’s cyber world.  The other predictions are supported by the additional articles in this months update but this prediction shows it is not enough to know the dark web exists but, similar to what we have discussed in other updates, it is all about seeing and understanding the data.
Cyber 11

Beware of Older Cyber Attacks:  Footprinting and Brute Force Attacks are Still in Use by Scott Craig April 2016
http://www-01.ibm.com/common/ssi/cgi-bin/ssialias?subtype=WH&infotype=SA&htmlfid=SEL03093USEN&attachment=SEL03093USEN.PDF
As we continue to hear more about cyber security threats one key issue keeps re-appearing:   the source for the threat is often a previous issue that is being revisited.  The ARPANET in 1969 is what evolved to be the Internet in 1982, accounts for more than three-quarters of the sweep traffic analyzed in a recent study.  Why do we care today about ARPANET from 1969, look at this analysis of Telnet port 23 (born from ARPANET) search results from April 4th, 2016
Telnet Port 23
“A report created on 4 April 2016 from the world’s first search engine for internet-connected devices, Shodan, shows that telnet is still alive and serving (see Figure 2)27 28.  Once an attacker discovers an open telnet port, she or he may have several options:
• See if the banner reveals something about the system and the entity that owns it
• If a authentication isn’t required, gain immediate access to the system
• Try common default accounts such as root/root, system/system, manager/manager, or operator/operator to gain unauthorized access
• Perform brute force attacks to obtain passwords for common user accounts or system (root or Administrator) accounts.”

MIT Technology Review CyberSecurity:  the Age of the Mega Breach by David Talbot January 25, 2016
https://www.technologyreview.com/s/545616/cybersecurity-the-age-of-the-megabreach/
With the average data breach costing app. 4M dollars this article moves to the next level by highlighting mega breaches ranging in cost from $20M to $250M.  The suspected attackers range from a teenager to a regime. Here is the most recent add to the list and you can see the entire list by reading the article using the above link:

Talk

IBM Academic Initiative Security Educator Guide
https://developer.ibm.com/academic/resources/security-educator-guide/
The Academic Initiative Security Educator Guide provides industry resources for faculty to leverage a variety of  resources with current front page news stories and bring them into the classroom to discuss how they would prevent or hinder this or similar attacks.  This discussion is very valuable since as we have already discussed one key attack strategy is to use the old attack or modify it slightly and still use the same security gap to breach the system.   In the cyber security educator guide there are links to industry tools including data protection resources and labs (IBM Guardium), application scanning tools and labs (AppScan), anomaly detection/forensics assets (QRadar) and more for students and faculty to get hands-on access to key security industry resources–exercises,  software and studies as referenced in the below industry ebooks and white paper links from the Security Educator Guide:

Additional industry resources include:

IBM Academic Initiative Security Blog by Heather Ricciuto
https://developer.ibm.com/academic/2016/05/10/ibm-qradar-security-siem-software-now-offered-at-no-charge-to-registered-academic-initiative-members/
One of the key software assets requested by the academic community has been access to the QRadar software since IBM acquired the company.  Previously we had provided some limited access.   The above blog highlights how this resource is now available to the global academic community in the cyber security battle through the IBM Academic Initiative program.   The below paper can be used to drive even more discussion on how cognitive technologies can be used to help better leverage more technologies in the battle against the black hat world that is well funded, well organized and constantly changing.
Outthink threats

Strengthen security with a cognitive approach that understands, reasons and learns

Learn more

IBM Academic Initiative Software Catalogue Addition: SPSS Modeler
https://developer.ibm.com/academic/resources/spss-modeler-download/
In addition to the QRadar software being added to the IBM Academic Initiative Catalogue, another key analytics software resource now in the catalogue is IBM SPSS Modeler.  IBM SPSS Modeler is a data-modeling, predictive analytics tool useful in analyzing data for any number of nuggets or insights.  One key attribute of SPSS Modeler is the predictive nature of the tool makes it an excellent resource for analyzing large quantities of data,  which makes it a good resource for potentially identifying hidden security anomalies that count on leveraging the size and volume of the surround data to hide bad behavior(s).
Explore the power of predictive intelligence

White Paper: Geospatial Analytics with IBM SPSS Modeler
Use time and location-based intelligence to reveal hidden insights about your business, customers or constituents.

Read paper

4th International IBM Cloud Academy Conference ICACON 2016
http://www.ibm.com/solutions/education/cloudacademy/us/en/cloud_academy_conference_2016_4.html
For the upcoming ICACON event in Alberta, Canada  if you are planning to attend or can still add it to your plans for this week consider attending the sessions around cyber security.   This two day agenda has a wide range of topics and multiple sessions targeting security.   For your quick reference, here are some of the security focused sessions (If I did not have other commitments this week I would have attended this event):

June 2-3, 2016, University of Alberta
Edmonton, Canada

A Formal Model Toward Scientific Workflow Security in a Cloud Authors: Donghoon Kim and Mladen Vouk

SECross: Securely Cross Cloud Boundary Authors: Xianqing Yu, Young Oh and Mladen Vouk

An Ontology for a HIPAA compliant cloud service Authors: Karuna Joshi, Yelena Yesha and Tim Finin

IBM Blockchain: An Enterprise Deployment of a Distributed Consensus-based Transaction Log Authors: Ben Smith and Konstantinos Christidis

A Secure and Scalable Mobile Governance Framework Based on Government Community Cloud Author: Hisham Alsaghie

Intrusion Detection System Based on Risk Assessment in Cloud Environment Author: Bencharhi Youssef

Hawaii International Conference on System Sciences (HICSS) Request for Papers
http://www.hicss.org/
Since ICACON is this weekend, if it does not fit into your schedule consider submitting a paper for the 50th Hawaii International Conference on System Sciences (HICSS) invites submission of full research papers that emphasize advances in research and development activities in various areas of information, computer, and system sciences.  Several of the mini-tracks link into this cyber-security discussion mobile value services and service analytics plus potentially others once you review the minitrack.

The submission deadline is June 15, 11:59 pm Hawaii time.

All papers must be submitted to a minitrack. Accepted papers will be presented at HICSS-50 to be held at Hilton Waikoloa Village, Hawaii on January 4-7, 2017 and published in the Conference Proceedings.

Opportunities to fast track HICSS papers for journal publications are also available in some areas of research. As of today, there are 16 journal publications that provide fast track opportunities to selected high-quality HICSS-50 papers. They include:

  • AIS Transaction on Human Computer Interaction
  • Communications of the AIS
  • Decision Sciences
  • European Journal of Information Systems
  • Group Decision and Negotiation
  • Heath and Technology by Springer (Special Issue)
  • Information & Organization
  • Information Technology for Development Journal
  • International Journal of Healthcare Information Systems and Informatics
  • International Journal of Information Systems for Crisis Response and Management
  • International Journal of Internet of Things and Cyber-Assurance
  • International Journal of Knowledge Management
  • Journal of Electronic Commerce Research
  • Journal of Information Technology Theory and Application
  • Journal of Management Information Systems
  • MISQ Executive

White House Office of the Press Secretary FACT SHEET: Cybersecurity National Action Plan February 09, 2016
https://www.whitehouse.gov/the-press-office/2016/02/09/fact-sheet-cybersecurity-national-action-plan
This link provides a detailed (as much detail on one can provide on this topic) summary on the steps being taken in the USA around cyber security increasing investments as well as key agreements on a global basis for countries to collaborate on this issue facing all nations.  To demonstrate a quick view of some of the USA and international outreach,  below are two quotes on some of the programs in the plan:

  • “Expand the Scholarship for Service program by establishing aCyberCorps Reserve program, which will offer scholarships for Americans who wish to obtain cybersecurity education and serve their country in the civilian Federal government;
  • Develop a Cybersecurity Core Curriculum that will ensure cybersecurity graduates who wish to join the Federal Government have the requisite knowledge and skills; and,

Strengthen the National Centers for Academic Excellence in Cybersecurity Program to increase the number of participating academic institutions and students, better support those institutions currently participating, increase the number of students studying cybersecurity at those institutions, and enhance student knowledge through program and curriculum evolution.””In 2015, members of the G20 joined with the United States in affirming important norms, including the applicability of international law to cyberspace, the idea that states should not conduct the cyber-enabled theft of intellectual property for commercial gain, and in welcoming the report of a United Nations Group of Governmental Experts, which included a number of additional norms to promote international cooperation, prevent attacks on civilian critical infrastructure, and support computer emergency response teams providing reconstitution and mitigation services. “I encourage everyone to read the complete article.  The level of citizen, business, education, government and international interlock around cyber security is summarized in this easy to read article.  The focus is on how we can work together around these multi-faceted issues affecting individuals, corporations and nation’s security. This summary may also provide a reference point to investigate how current programs might be expanded to take advantage of other initiatives around this critical area, potentially providing support, direction and funding for academic and education programs.  There were great discussions on plans and skills strategies by other countries discussed at the recent EMEA Academic Days hosted by Emlyon School of Business so even more continues to be shared in this global effort.This is a topic of importance to us all and that we can all relate to what it potentially means. The resources, collaboration and partnering around this topic is key for us being able to complete and win this cyber security on-going battle.  When we as individuals, organization or countries are struggling with the dark side of cyber security first we must,  as in the case of any disaster, have a prevention and recovery plan and implement that plan.  Failing to prepare is the definition of preparing to fail and failure is not an option for those on this white hat team…because I know you are who you say you are!

Valinda

Valinda Scarbro Kennedy
Twitter:  @vscarbro
LinkedIn:  Valinda Kennedy

 

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s