Cybersecurity Threats, the IoT and Preparing for the Zombie Apocalypse
ISC WEST 2017
Cybersecurity is a huge concern today, particularly as more and more devices are connected to networks in the ever-growing Internet of Things (IoT) trend. So it’s no surprise that the audience for yesterday’s keynote presentation by Philip Celestini, section chief of the FBI’s Cyber Division, filled virtually every available space in room 701.
It didn’t hurt that Celestini himself was an engaging presence on the stage as he walked those in attendance through current cyber threats and trends, response, the FBI’s strategies and outlook and the “really scary stuff,” which he referred to as the “zombie apocalypse.”
His first order of business was to define “cyber” from the FBI’s standpoint. It’s not an entity in and of itself, but rather a vector of everything the Bureau has dealt with since its inception: foreign entities, criminal elements, terrorism and more.
“Cyber is just another way by which malicious or bad people try to do bad things,” Celestini said.
Current threats come from five main areas, the most serious of which is the “big four” nation states (Russia, China, Iran and North Korea), followed by multinational criminal syndicates, insider threat (both intentional and unintentional), hacktivists and terrorists, who he said currently lack the ability or capability to hack.
The cyber challenges stem largely from these groups’ incessant efforts to subvert the latest cybersecurity measures. Many would-be attackers have become proficient at crafting phishing emails that will be more successful, as well as hijacking previously-trusted websites to hit users with malware, which Celestini said is becoming more and more sophisticated all the time.
While incredibly beneficial, the IoT has vastly expanded the attack vector, providing attackers with more potential entry points. They are aided in their efforts by the fact that many networked devices lack strong cybersecurity. Bottom line, Celestini said: we have to make it harder for them.
From the response standpoint, the bad news is that the average time between someone establishing network access and detection is around 99 days. That’s a marked improvement on the previous 247 days, but it’s still far too long, Celestini said, noting that many hackers need three days at most to gain system administrator privileges – with some able to accomplish this in mere hours. With this in mind, the key to stronger cybersecurity, Celestini said, is to employ efforts and technologies that are less reactive and more predictive.
“The message has to be that we’re not going to sit back passively and allow this to happen anymore,” he said.
The FBI has four goals for accomplishing this: develop a wider pipeline of talent to cover the larger and expanding attack surface; shrink the world, both internally and externally; impose real costs – most notably jail time – on hackers and other attackers; and help the Bureau’s state and local partners get better at dealing with cybercrimes. As for that “zombie apocalypse,” with 50 billion internet-connected devices predicted to be in use by 2020, the IoT will continue to present the greatest threat to cybersecurity. Devices that are rushed to market at the lowest price point present the most significant risk, as cybersecurity
Is often an afterthought – if it’s a thought at all.
Encryption is another challenge where the FBI is seeking a balance between personal privacy and the greater good, Celestini said. As an example, Celestini cited the FBI’s success rate in accessing devices for which it had a lawful order to search. Of the more than 2,800 devices it received between October and December 2016, there were more than 1,200 the FBI wasn’t able to access because of data encryption. The cost of encryption, he said, is that cases are dismissed and “bad people get away with bad things.”
“Are we OK with having devices that authorities can’t get into if the owner won’t cooperate?” he asked, adding that the FBI’s role is not to answer that question but to provide information about the challenge encryption presents with regard to what the Bureau is charged to do.