Welcome!

Today’s Agenda• Welcome and Introductions—Bill

Gibbs, Webinar Coordinator• Presentation—Dr. Jon Haass• Questions and Answers• Upcoming Webinars and Webinar Plus

Degree BriefingBill GibbsDirector, Campus OutreachWebinar Coordinator

Dr. Jon Haass

• Associate Professor and Program Director for Bachelor of Science in Cyber Intelligence and Security—Prescott

• Frequent speaker at national conferences• Two bachelor’s degrees from University of Wyoming

(Mathematics, Physics)• Ph.D. in Mathematics from Massachusetts Institute of

Technology (MIT)• Leader or Founder of several software development

companies including Sun Microsystems, OpenTV, and SoftKrypt

Cyber SecurityChallenges and Solutions

Jon C. HaassCyber Intelligence and Security

The Cyber Security Landscape Challenges Faced Solutions and Best Practices Areas of Research Question and Answer

Webinar Overview

Breaches in the news

Source: Informationisbeautiful.net – updated August 2016

Could be any company …

Could be any company …

Is it safe to click?

The_User@Home

Is it safe to click?

Does my SmartTV or DVR have vulnerabilities?

◦ Is it listening?◦ Is it infected with Mirai “Bot”?

The_User@Home

Is that email really from HR?

Malicious email borne attacksEntry into critical networksDevelopment and Key employees

June 23, 2015 – FBI alerts ISACs of Business e-mail Compromise attacks that are increasingly successful, well crafted and malicious fronts for APT (Advanced Persistent Threats)

SpearPhishing@Work

Dear John,

The bank has notified us of suspicious activity on your account. As part of the service provided due to OPM breach, we are notifying you. Please click to process.

Account ManagerTel:202-767-1800US Office of Personnel Management

Ransomware@Hospitals

Dear Mary,

The bank has notified us of suspicious activity on your account. As part of the service provided due to OPM breach, we are notifying you. Please click to process.

Account ManagerTel:202-767-1800US Office of Personnel Management

Ransomware@Hospitals

https://opm.gov/cybersecurity/contact.aspx

July 2016

Cybersecurity threats know no boundaries

Cybersecurity threats know no boundaries

National Security / Intellectual Property / Safety

Critical Infrastructure

FinancialServices

Energy Manufacturing

NuclearWater

Transportation

National Security / Intellectual Property / Safety

Critical Infrastructure

FinancialServices

Energy Manufacturing

NuclearWater

Transportation

Power grid attack in

UkrainePower grid attack in

Ukraine

NSA’s view of the world

Every network can be (is) breached

Anything on a computer can be stolen.

General Keith Alexander (retired) Former NSA, Cyber Command now CEO IronNet

InvisibleHard to “see” bits / bytes / network packets

We need forensic tools

and automation

and vigilance

Challenges in Cyberspace

Volume205 Billion emails per day3.5 Billion Google searches per day

Fiber speeds means

BIG DATA

Adversary hides in traffic

Variety230,000 new malware variants per day – 2015Trojans – 51%

Test againstexisting AV - software

Malware evolving

VulnerabilitiesFlaws in software

Difficult to makeerror free systems

iPhone app90,000 lines code

More Complex Software

AttributionMasquerading SpoofingProxy

Rely on mistakes

Who Done It? - Anonymity

Whack-a-Mole gameStop one, another pops up

DoD wants to bemore pro-active

Cyber Intel.

Army of Adversaries

It’s a $500Bn IndustryGDP of Sweden or Belgium (37)!

On the Dark Net TodayMalware as a ServiceCustomer supportMalware testingMoney laundering

Cyber Crime Pays

JurisdictionInternet is Global

Can we attack back?

Arrest someone?

Fine or Jail someone?

Is it Illegal? And where?

Cyber Help Wanted 348,975!NIST announces CyberSeek

We Need More Skilled People

Stop more than 95%Update your software Keep current anti-malwareDon’t re-use passwords (or use top million!)Know your emailsCaution where you browseSet security above lowRoutine backups!!!

Solutions: Cyber Hygiene

Stop Attacker …Notice unusual trafficDeny easy vulnerabilitiesAuthenticate softwareMonitor suspicious connectsDeny access to key data

Defense in Depth

Everyone MattersMost breaches from some mistake

InsiderSpearPhishMisconfigurationUn Patched Vulnerability

Cyber Security as Team Sport

Risk ManagementNot just an IT issue

What is important?Cost if compromised?Then…What to do about it

Annual Review

Cyber Security Solutions

NIST Cyber “Best Practice”

Service Providers can support

Bright ideas needed!

Students & Faculty Wanted!!

Future Research Outlook

Mining Threat InformationInformation Sharing Organizations (ISAO)Arizona Cyber Threat Response Alliance ACTRA

Actionable IntelligenceRanking SystemIntegration

Add in Machine Learning

Improved Intelligence

What’s on your network?

Creative, Resilient PersonnelAcademic / Industry Collaboration

What is working?What more is needed?Streamline?Re-training in career?Apprentice / Co-op?

Improved Education

BYOD Cyber Security

Security of EFB / PED for crew and passenger

Vulnerabilities in aircraft systems

Internet of Things Security

Security of EFB / PED for crew and passenger

Includes the newAirport of Things

Authentication & protect defaults

What is unseen can hurt!Future trends becoming clearer

Questions and Comments

Jon C. HaassCyber Intelligence and SecurityEmbry-Riddle Aeronautical UniversityJon.Haass@erau.edu

Upcoming Webinars:Jan. 12 Airport Construction Risk Management and SafetyFeb. 9 The Continuing Search for Amelia EarhartMar. 9 Cross-Cultural Project ManagementApr. 13 10 Traits Every Leader Should HaveMay 11 An Introduction to Human Factors in AviationJun. 22 How to Create a Career Enhancement Toolkit

webinars.erau.edu

Join us for a Webinar “Plus” Degree Briefing!Thursday, Dec. 1 (two weeks from today)

2 p.m. Eastern (USA) (same time as today)

Covering:• Bachelor of Science in Cyber Intelligence and

Security (Prescott Campus Residential Program)

• Bachelor of Science in Homeland Security• Master of Science in Cybersecurity Management

and Policy

webinars.erau.edu