Three Trends in Cybersecurity

And how to prepare for them

Alexander Deucalion

USCP 615

Assignment 3

BiometricsTrend-Biometric technology will replace passwords

What is Biometrics?

• According to the International Biometric Society, “the terms ‘Biometrics’ and ‘Biometry’ have been used since early in the 20th century to refer to the field of development of statistical and mathematical methods applicable to data analysis problems in the biological sciences”

• A new definition has emerged since the events of 9/11 and the ever increasing rate of security breaches. This new definition focuses on authentication technology: According to the International Standardizations Organization, The International Standardization Organization (ISO)provides the following definitions for

• biometric recognition/ biometrics:"automated recognition of individuals based on their biological and behavioural characteristics“

• Note: The definition of the International Biometric Society is the one applicable to the biological and statistical sciences and not the one used in the Information Security Profession to refer to identification and authentication of individuals in an access to computer systems and its data vein. I just wanted to point out that there are two meanings to the term “ Biometrics:

Biometrics Trend-Biometric technology will replace passwords• Password requirements are too often stringent, unreasonable, and

hence impossible for users to remember

• Can be cracked through Brute Force and Dictionary attacks if passwords are weak(easy to discover). Phishing and other social engineering attacks can recover the password instantly.

• Forgetting passwords inhibits productivity and burdens IT personnel who have to re-authenticate user and reset password

• Passwords are associated with a variety of unsafe behaviors(i.e: sharing passwords, writing them down,etc)

Relevant Industries

• The following entities use Biometric Technology for authentication as part of their mission-critical operations

• Government(National Security and Public Safety)

• Law Enforcement(Crime prevention and investigation)

• Health care( Privacy, Ethics, Quality of care)

• Business(Information security, Intrusion Prevention & Detection, Business Continuity)

• Really anywhere that requires information security( As long as authentication is an issue or concern)

Trend no. 1 Biometrics

• Professional Associations

• Training and Certifications

• Conferences and Seminars

• Career Advancement

Professional Associations And Government Agencies

• IEEE- http://ieee-biometrics.org/

• National Institute of Standards and Technologies(NIST)-http://www.nist.gov/itl/csd/biometrics/index.cfm

• Department of Homeland Security(DHS)

• Biometric Consortium- http://www.biometrics.org/• Renamed the Global Identity Summit in 2014

• Biocertification.com- http://www.biocertification.com

Training and Certifications• IEEE-Certified Biometric Professional(CBP)-discontinued in 2010 but

Biometric Council is still active(see previous slide)

• Biocertification http://biocertification.com/• Certified Biometric Security Technicians

CBST is a highly specialized program designed for technicians and operators supporting biometric systems in the field. A crucial requirement in maintaining optimal performance of biometric systems is to have properly trained and qualified operators.

• Certified Biometric Security Professional CBSP is a foundation level certification program for technology professionals who wish to gain a solid understanding of biometric technologies and its usage in real world applications. This program is a starting point for individuals wanting to gain a deeper knowledge of biometric technologies and applications.

• Certified Biometric Security EngineerCBSE designates knowledgeable technology professionals in the field of biometric security. This program is designed for those who wish to gain a solid understanding of biometric technologies and apply concepts and design principles to improve logical and physical access control in identity management systems

Training and Certifications(cont’d)

. • Certified Biometric Security DeveloperCBSD designates knowledgeable technology professionals in the field of biometric security. This program is designed for those who wish to gain a solid understanding of biometric technologies and apply concepts and COTS tools to improve logical and physical access control in identity management systems.

Good video on what Biometrics is about

Conferences and Seminars

IEEE Conferences held this year

8th IEEE International Conference on Biometrics: Theory, Applications and Systems (BTAS 2016)Niagara Falls, USASeptember 06 - 09, 2015http://www.ieee-biometrics.org/btas2016

11th IEEE international conference on Automatic Face and Gesture Recognition (FG 2015)Ljubljana, SloveniaMay 4 - May 8, 2015http://www.fg2015.org/

IEEE International Conference on Identity, Security and Behavior Analysis (ISBA 2015)Hong KongMarch 23 - March 25, 2015http://www.isba2015.org/index.php

Conference: 13-15 October 2015

Conferences and Seminars(cont’d)

http://events.afcea.org/GlobalID16/Public/MainHall.aspx?ID=57390&sortMenu=101000

Career Advancement

• Biometric certification has not yet blossomed the way other IT certifications have. CompTIA, SANS, IC2 , Cisco and ISACA all have proprietary certifications. Few biometric certifications exist

• Due to the fact that traditional non-security biometrics (analysis of biological data)is mixed with the new authentication biometric technology, it is hard to know for sure which biometric meaning is used by a university when offering a biometric degree.

• No available information on biometric interviews questions for job applicant was found like can be found for coding interviews and other IT Positions.

• There is little certification availability and even less academia interest in biometrics based on the scarce degree offering in that field.

Career Advancement(cont’d)

Therefore:

Biometrics seems to lack the usual career path that other InformationTechnologies follow. To prepare for employment in the biometric fieldwould necessitate research and networking by contacting biometriccompanies and conduct information interviews with candidateemployers and hopefully they can supply information as to how youcan become qualified for a position in their company. And then followtheir advice.

To start, research these companies listed in this link: http://www.biometricupdate.com/biometric-companies

A Final Hint-dig far and deep

Raytheon Cyber Resources

• Brochures

• SureView® Suite

• Case Studies

• Arizona Financial Crimes Task Force

• Center for Army Analysis (CAA)

• Intelligence Community (IC)

• Law Enforcement

• SureView® Analytics Open Source Center

• The Crime Analysis Centers' Data Sharing Network Initiative Helps the State of New York Reduce Crime

• The Total Economic Impact Of Raytheon Trusted Computer Solutions' High Speed Guard™

• United States Army Analysis and Control Element (ACE) Block II, Distributed Common Ground System – Army (DCGS-A)

• Videos

• Cyber Security Operations Center

• Cyber Ranges

• Cyber Resiliency

• Cyber 60 Video Series:

• Cyber 60 - Internet of Things (IOT)

• Cyber 60 - Insider Threat

• Cyber 60 - Security Operations Center

• Cyber 60 - Cyber Defenders

• Datasheets

• Cyber Range Capability

• Cyber Security Operations Center (CSOC)

• Global Cyber Solutions Center

• High Speed Guard™

• High Speed Guard™ Industrial Control Systems

• Small Format Guard™ Commercial

• SureView® Analytics Security Operations

• SureView Analytics – Law Enforcement

• SureView® Insider Threat

• SureView® Memory Integrity

• SureView® Threat Protection

• Trusted Gateway System™

• Trusted Mail System™

• Trusted Print Delivery™

• Trusted Thin Client®

• eBooks

• Advanced Analytics For Real-Time Incident Response

• It's Time to Think About Behavior Not Just Data

Raytheon Resources

• Third Party Reports

• SANS Institute InfoSec Reading Room Insider Threat Report

• The Total Economic Impact™ of Raytheon|Websense SureView® Analytics

• Infographics

• Internet of Things (IOT)

• White Papers

• Combatting Cyber Risks in the Supply Chain

• Cyber Dwell Time and Lateral Movement

• Detect, Contain and Control Cyberthreats

• Enabling Secure Collaboration Between Sensitive Networks

• ESG's Report "Getting to the Bigger Truth"

• Finding Threats in Linux Memory-The Value of Memory Integrity Verification

• How SureView® Analytics is Proving Critical for Fraud Detection and Prevention

• ICITE and IC DTE Usher in New Era of Secure Collaboration for Intelligence Community

• Investigative Analytics: An End to the Era of Uncertainty

• Meeting the Demands of Government Policies and Regulations

• Negligence is the #1 Cause of Insider Threats

• Privileged Users: Superman or Superthreat? A Privileged User Risk

• Proactive Compliance for Insider Threat Protection

• Securing the Modern Enterprise "Factory:" How to Build an Insider Threat Program

• SureView® Insider Threat: Banking and Financial

• The Cost of an Unintentional Insider Threat

• When Secure KVM Isn’t Enough

• Research

• 2015 Global Megatrends in Cybersecurity

• 2014 Millennial Survey

• Adding Value to your HIPAA Compliance Program

• Insider Threat Ponemon Survey Results Infographic

• Ponemon Report on Privileged User Abuse & The Insider Threat

• Study — Why Executives Lack Security Posture Confidence

• SureView® Analytics Law Enforcement

• The Total Economic Impact™ of Raytheon's SureView Insider Threat – Single Company Analysis

• The Unintentional Insider Risk in United States and German Organizations

• What is the Forrester Total Economic Impact™ of Raytheon's SureView Insider Threat?

Network Integration Design

Network Integration Design Trends

As new technologies and end-user devices come to market, businesses and consumers must continue to adjust to this ever-changing environment. There are several new networking trends that continue to effect organizations and consumers. Some of the top trends include

• Bring your own device (BYOD)

• Online collaboration

• Video communication

• Cloud computing (Academy, 2015)

Bring your own device (BYOD)

• The proliferation of lower-priced tablets and their growing capability is accelerating the shift from PCs to tablets. "While there will be some individuals who retain both a personal PC and a tablet, especially those who use either or both for work and play, most will be satisfied with the experience they get from a tablet as their main computing device," said Carolina Milanesi, research vice president at Gartner. "(Gartner.com, 2015)

• Here is the 2012 annual report from Cisco from the Internet Business Solution Group(IBSG). It contains statistics concerning the pervasiveness of mobility trends and how these trends are based on Company approval of employee preferences.

https://www.cisco.com/web/about/ac79/docs/re/IBSG_Horizons_BYOD_KeyInsights.pdf

600 Industry leaders from 18 Industries were surveyed-All respondents

• Were directors or above

• U.S. enterprises with at least 1,000 employees

• Decision-making responsibility for mobile solutions

• Utilizes the Cisco Borderless Network Architecture, a network solution that allows organizations and individuals to connect securely, reliably, and seamlessly to the corporate network in a BYOD environment(Academy, 2015)

• This trend is expected to add to the infrastructure some concerns about security when employees use their personal devices for work environment. Cisco has addressed and resolved those concerns(Academy, 2015)

Online Collaboration

Collaboration may be best thought of as conferencing from different locations. As networks lose their borders and become less and less geographically defined, people will need to work together without necessarily being in the same room, let alone in the same country. Cisco offers Products, Solutions, and Services to enhance collaboration. All of the components of this networking design trend are related as the concept of networks without borders.

Products available:

• Unified Communications-Unifies all your voice, video, data, and mobile applications for collaboration with Cisco Unified Communications solutions.

• Conferencing-In the cloud or on premises, allows colleagues to collaborate anywhere, more securely, with high-quality, integrated voice, video, and content sharing.

• Customer -creates the foundation for strong customer relationships.

• Collaboration Endpoints- Keeps parties connected with endpoints, from IP phones and video conferencing to web, mobile, and desktop clients.

Solutions offered:

• By Industry Finance Government healthcare Manufacturing Retail

• By Line-of-Business Corporate Real Estate Engineering and Development Human Resources Marketing Sales Travel

• By Business Objective: Customer Satisfaction, Productivity, Cost Control, Employee, Engagement, Innovation and growth.

Services maintained:

• Voice & Unified Communications

• Conferencing

• Collaboration Endpoints

• Full Services) Portfolio(Cisco, 2015)

Video Communication

• Video communication is the third component of Network Integration trends. It allows the Collaboration to happen seamlessly

• Video conferencing is finally coming of age. Cisco forecasts that business video conferencing will grow six-fold over the forecast period between 2011 and 2016.

• End users, with ubiquitous connectivity and increasing choice across a growing number of mobile devices and video calling and conferencing clients, are ready to push the limits of what’s possible(Adensamer, 2015)

Cloud Computing

• The cloud is an integral part of the new network design trends: BYOD devices can be used for collaboration through video communication in the cloud.

• Document access is made available in the cloud through document sharing (i.e. Google Drive).

• Video conferencing is made available through Google Hangout, Skype, and Adobe Connect, to name a few.

• Other “as a service” providers like Amazon Web Services(AWS), Microsoft Azure, Google Compute Engine, and Rackspace offer different services and can support different features. One should check comparison reviews like those found in SearchCloudComputing.com (Posey, 2015)

Energy-Efficient Green Computing in the Cloud

Greenpeace Praises and Blasts datacenters

• Greenpeace publishes their annual “Clicking Clean Report”

• 2015 Findings gave scores to all the major datacenters

• “Clean scores” went to Google and Apple

• Amazon and Microsoft are lagging in transparencies though claiming 100% commitment.

• Data center operators committed to renewable energy

goals will need to redouble their efforts to work together

to push policymakers for changes that allow them to

procure renewable energy, overcoming the resistance of

monopoly utilities. (Greenpeace, 2015)

(Greenpeace, 2015)

Google self-appraisal case study• Google report reflects Greenpeace appraisal

• Google study demonstrates how energy in datacenters are used

• Their report prescribes how energy savings can be implemented to reduce carbon costs

• Report focuses on energy usage in gmail servers in the cloud vs local servers• Energy is consumed by the user’s machine when checking their email

• By the network processing the request

• By the server retrieving the email back to the user

• Small organizations are more energy disadvantaged than larger organizations

• Cooling of the servers also consumes electricity

• Cloud mail servers are more redundant and reliable and thus more efficient( server/user ratio)

• Conclusion• Organizations have the benefit of scale

• But there are more employees in small businesses than large ones• 18% workers in business with less than 20 employees

• 50% workers in businesses with less than 500 employees

• Cloud brings energy-efficiency to any size organization

• This is the goal of Greenpeace

• (Google, 2015)

Bar Chart showing carbon costs of businesses by size

(Google 2015)

References

Academy, C. (2015). Evolving Network Architectures (1.3) > Cisco Networking Academy Connecting Networks Companion Guide: Hierarchical Network Design. Ciscopress.com. Retrieved 9 October 2015, from http://www.ciscopress.com/articles/article.asp?p=2202410&seqNum=7

Adensamer, R. (2015). Transition to Cloud Video Conferencing - Radisys. Radisys.com. Retrieved 10 October 2015, from http://www.radisys.com/2013/transition-to-cloud-video-conferencing/

BiometricUpdate,. (2012). Biometric Companies. Retrieved 9 October 2015, from http://www.biometricupdate.com/biometric-companies

Biometricsociety.org,. (2015). The International Biometric Society » Definition of Biometrics. Retrieved 9 October 2015, from http://www.biometricsociety.org/about/definition-of-biometrics/

Cisco,. (2015). Cisco Bring Your Own Device. Retrieved 10 October 2015, from http://www.cisco.com/c/en/us/td/docs/solutions/Enterprise/Borderless_Networks/Unified_Access/byodwp.html

Gartner.com,. (2015). Gartner Says Worldwide PC, Tablet and Mobile Phone Combined Shipments to Reach 2.4 Billion Units in 2013. Retrieved 9 October 2015, from http://www.gartner.com/newsroom/id/2408515

Greenpeace,. (2015). Retrieved 11 October 2015, from http://www.greenpeace.org/usa/wp-content/uploads/legacy/Global/usa/planet3/PDFs/2015ClickingClean.pdf

Google,. (2015). Retrieved 11 October 2015, from https://static.googleusercontent.com/media/www.google.com/en//green/pdfs/google-green-computing.pdf

Iso.org,. (2015). ISO - ISO Standards - ISO/IEC JTC 1/SC 37 - Biometrics. Retrieved 9 October 2015, from http://www.iso.org/iso/iso_catalogue/catalogue_tc/catalogue_tc_browse.htm?commid=313770

Posey, B. (2015). Compare the market-leading public cloud providers. SearchCloudComputing. Retrieved 10 October 2015, from http://searchcloudcomputing.techtarget.com/feature/Compare-the-market-leading-public-cloud-providers