Mr. Esam AbulkhiratDeputy General Director NISSA

ـــــــــــــــــــــــــرات. ا دي ابو اخل عصــــــــــــــام امله

ر عـــــــــــــــام ئب مد

الهیئو الوطنیة ألمن وسالمة املعلومات

•Introduction & Overview.

•Why Cybersecurity is Important.

•Kinetics Vs Cyber.

•Challenges & Combating Efforts

•Conclusion.

IntroductionIntroduction::Cybercrime Cybercrime is the fastest growing crime in the world with millions of is the fastest growing crime in the world with millions of people affected every day. The effects of one successful attack on a people affected every day. The effects of one successful attack on a corporation can have farcorporation can have far--reaching implications, including financial reaching implications, including financial losses at the corporate level, to stock losses and money lost for losses at the corporate level, to stock losses and money lost for consumers or stock holders.consumers or stock holders. LawsLaws have been swiftly put into place have been swiftly put into place to halt these types of attacks, but criminals find haven in countries to halt these types of attacks, but criminals find haven in countries with lax cybercrime laws.with lax cybercrime laws.

Crime Space

Security Law

Cyber

The term “cybercrime” is usually referred to as any criminal offense committed against or with the use of a computer or computer network

A set of activities and other measures, technical and non-technical intended to protect data, information and information systems from unauthorized access, use, disclosure, disruption, modification and destruction.

Virtual world of information networks. The global information space. The digital era.

is a term used to describe the legal issues related to use of ICTs, particularly cyberspace

Target

Viruses

DoS

Weapon

IPR

Spam

Accessory

Fraud

Id-Theft

FACTS AND FIGURES: FACTS AND FIGURES:

Almost two thirds of all adult web users globally have fallen victim Almost two thirds of all adult web users globally have fallen victim to some sort of cybercrime, from spam email scams to having their to some sort of cybercrime, from spam email scams to having their credit card details stolen.credit card details stolen. (the (the 2011 2011 Norton Cybercrime Report: The Human Impact studyNorton Cybercrime Report: The Human Impact study))

In In 20102010, China , China had the most cybercrime victims, at had the most cybercrime victims, at 8383% of web % of web users, followed by India and Brazil, at users, followed by India and Brazil, at 7676% each, and then the US, at % each, and then the US, at 7373%.%.

The study, of over The study, of over 77,,000 000 Internet Internet users found users found that that 8080% of people % of people believed the perpetrators would never be brought to justice. Fewer believed the perpetrators would never be brought to justice. Fewer than half ever bother to report the crime to policethan half ever bother to report the crime to police..

FACTS AND FIGURES: FACTS AND FIGURES:

Cybercrime Cybercrime is worth an estimated is worth an estimated 105 105 billion billion dollars and dollars and cybercriminals can earn around cybercriminals can earn around 2323,,000 000 dollars a weekdollars a week. . (rival computer security firm(rival computer security firm McAfee)McAfee)

Several Several computer security consulting firms estimate global computer security consulting firms estimate global financial losses from viruses, worm attacks and other hostile financial losses from viruses, worm attacks and other hostile computercomputer--based attacks to be between $based attacks to be between $13 13 and $and $226 226 billion. billion. ((the Congressional Research Service) the Congressional Research Service)

“One “One botnetbotnet of one million hosts could conservatively of one million hosts could conservatively generate enough traffic to take most Fortune generate enough traffic to take most Fortune 500 500 companies collectively offline”companies collectively offline”,,( Jeffrey Carr writes in his book Inside Cyber Warfare).( Jeffrey Carr writes in his book Inside Cyber Warfare).

FACTS AND FIGURES: FACTS AND FIGURES:

••The growth rate of cyberspace has been enormous, The growth rate of cyberspace has been enormous, roughly doubling every roughly doubling every 100 100 days.days.

••Cybercrime in Africa is growing faster than any Cybercrime in Africa is growing faster than any other continent.other continent.

••Out of the top ten countries in the world with a Out of the top ten countries in the world with a high level of cybercrime prevalence, Africa is host high level of cybercrime prevalence, Africa is host to four of these countries (Nigeria, Cameroon, to four of these countries (Nigeria, Cameroon, Ghana and South Africa).Ghana and South Africa).

••Estimates say that about Estimates say that about 80 80 percent of PCs in the percent of PCs in the African continent are already infected with viruses African continent are already infected with viruses and other malicious software.and other malicious software.(World Bank Survey)(World Bank Survey)

Platform

Mobile worms on victims’

machines that buy malicious apps and steal

via tap-and-pay NFC Malware that

blocks security updates to

mobile phones

Mobile phone Ransomware

“kits” that allow criminals

without programming skills to extort

payments

Covert and persistent

attacks deep within and

beneath Windows

Rapid development of ways to attack Windows 8 and

HTML5

Large-scale attacks like Stuxnet that attempt to

destroy infrastructure,

rather than make money

Snowshoe spamming of

legitimate products,

spreading out the sources & keeping spam

flowing.

further narrowing of

Zeus-like targeted attacks

using Citadel Trojan, difficult

for security products to

counter

The decline of online

HacktivistsAnonymous, to be replaced by more politically committed or

extremist groups

Malware that renews a

connection even after a botnet

has been taken down, allowing

infections togrow again

services for $.

“Hacking as a Service”:

Anonymous in underground

forums exchange

malware kits & development services for $.

Nation states and armies will

be more frequent sources

and victims of cyberthreats

SMS spam from infected phones.

The Nimitz-class super carriers are a class of 10 nuclear-powered aircraft carriers in service with the US-Navy.

$4.5 billion with operation costs of $22 billion a year

The McDonnell Douglas (now Boeing) F-15 Strike Eagle is an all-weather multirole fighter

$100 million (not including maintenance), 221-US, 69-Saudia and 61-S.Korea

The M1 Abrams tank is a US-third-generation main battle tank (68.4 tons)

M1A2 cost $8.58 million. Total estimated cost of entire M1 tank program to date $40 billion

The Chinese Army (2,285,000 soldiers on active duty) (800,000 on reserve)

The estimated Chinese budget for the Army in 2013 is $114.2 billion.

•The Cary Titan world’s fastest super computer (27 petaflops, 2012).1 petaflop = Thousand Trillion floating point operations per second

•Cost $200 million design and build. Operation cost 6.5 million a year

•High-end password cracking desktop attempt 350 billion PW/Sec

•Custom built desktop PW cracking rig with 25 powerful graphic cards cost $5000.

•MacBook Pro attempt 40 million/hashes/Sec using Nvidia 650M GC

•Properly configured cost $2000 brand new MacBook Pro.

•Jailbreak Smartphone with Back-Track (Free Pen-testing SW); highly mobile hacker platform used by any semi-competent hacker.

•Top of the line Droid (runs Linux) Smartphone cost $600.

Space of conflict largely separate from civilians.

Offensive & Defensive technologies often in rough balance.

Attribution to adversary presumed.

Capabilities of non-state actors relatively small.

Significance of distance large.

National boundaries important.

Clear lines between attacking & spying as security threats.

Effects reasonably predictable.

Usually declared or observed explicitly

There are clear International mechanisms (UN, NATO etc)

Space of conflict is where civilians live and work.

Offensive & Defensive technologies largely OUT of balance.

Attribution hard, slow, uncertain.

Capabilities of non-state actors relatively large.

Significance of distance minimal.

National boundaries irrelevant.

Attacks & spying hard to distinguished; no clear line.

Effects hard to predict or control.

Rarely declared or observed explicitly.

No clear International mechanisms (IG, ICANN, ITU).

Challenges: Challenges:

••lack of understanding, education, training, unclear lack of understanding, education, training, unclear policies of government.policies of government.

••The fact that the vast majority of cyber crime is not The fact that the vast majority of cyber crime is not reported would impact all statistics, as a clear reported would impact all statistics, as a clear picture cannot be given without all the information. picture cannot be given without all the information.

••Explosion of the Internet.Explosion of the Internet.

Efforts: Efforts:

••Creation of National Information Security Authority (NISSA).Creation of National Information Security Authority (NISSA).

••Development of Policies, Legislations & Laws.Development of Policies, Legislations & Laws.

••Building of Computer Security Readiness Team (CERT).Building of Computer Security Readiness Team (CERT).

••Foundation of PKI, CloudFoundation of PKI, Cloud--Sec, MobileSec, Mobile--Sec, NetworkSec, Network--Sec.Sec.

••Cyber security awareness workshops and trainings.Cyber security awareness workshops and trainings.

••International CooperationInternational Cooperation

•Data

•APPLICATIONS

•NETWORK

•HUMAN