UMBC IT Visionaries
Cyber Space, Cyber Security
posted about 14 years ago
I was able to attend the UMBC IT Visionaries event today which was on the topic of cyber space and cyber security. Peder Jungck was the speaker from CloudShield Technologies, Inc. which is a SAIC company. He did a great job speaking and was very knowledgeable about the topic. Here are some pointers I got from the presentation:
- Cyber Space: You cannot “disconnect” from it. You can try avoid/disengage, but you can’t. Even if you drive down a street in a car there is the possibility that something may be measuring your speed.
- Can’t Control cyber space
- Before when you “powered-down” equipment at night things were they way you left them until you came back. Now operations and processes function 24/7 as well as you don’t need to be at a specified location/site to access this information.
- Who controls exchange rate of “virtual money”? Certain virtual currency can be exchanged for real money (i.e. in online video games). The server that maintains your account information could be hacked without you knowing.
- Have to remember there are different cultural values around the world. One person who hacks into a system may see it as this information that is on the web which in their minds may be seen as public knowledge if they can access it.
- Have to go beyond just blocking attacks and stopping “leakage”.
- No longer systems are in silos; for instance Finance and HR are working out of the same systems.
- Different groups have to learn to work together more. Example: An employee deletes some databases and quits. HR says oh yeah the employee has been absent and has been having problems. IT may not always be privy to that information and it may have been helpful in this case.
- Cyber crime not a physical thing which helps make it hard to identify.
- Predominantly our IT workforce is “classically” trained. Meaning we are taught certain procedures and standards. Adversaries look for other ways/”back doors” to get in. Like not trying to hack your web page since this is one of the places companies probably secure, but how about hacking your DNS provider to point your web site to a different site.
The next UMBC IT Visionaries is scheduled for 2/23/2010.
- Cyber Space: You cannot “disconnect” from it. You can try avoid/disengage, but you can’t. Even if you drive down a street in a car there is the possibility that something may be measuring your speed.
- Can’t Control cyber space
- Before when you “powered-down” equipment at night things were they way you left them until you came back. Now operations and processes function 24/7 as well as you don’t need to be at a specified location/site to access this information.
- Who controls exchange rate of “virtual money”? Certain virtual currency can be exchanged for real money (i.e. in online video games). The server that maintains your account information could be hacked without you knowing.
- Have to remember there are different cultural values around the world. One person who hacks into a system may see it as this information that is on the web which in their minds may be seen as public knowledge if they can access it.
- Have to go beyond just blocking attacks and stopping “leakage”.
- No longer systems are in silos; for instance Finance and HR are working out of the same systems.
- Different groups have to learn to work together more. Example: An employee deletes some databases and quits. HR says oh yeah the employee has been absent and has been having problems. IT may not always be privy to that information and it may have been helpful in this case.
- Cyber crime not a physical thing which helps make it hard to identify.
- Predominantly our IT workforce is “classically” trained. Meaning we are taught certain procedures and standards. Adversaries look for other ways/”back doors” to get in. Like not trying to hack your web page since this is one of the places companies probably secure, but how about hacking your DNS provider to point your web site to a different site.
The next UMBC IT Visionaries is scheduled for 2/23/2010.
