Professional Documents
Culture Documents
Vision For Future & Emerging Risk Work (EFR Forum) :: June 23 2010 Claire Vishik
Vision For Future & Emerging Risk Work (EFR Forum) :: June 23 2010 Claire Vishik
Vision For Future & Emerging Risk Work (EFR Forum) :: June 23 2010 Claire Vishik
Agenda
Security Environment, new technology security penalty, anticipating emerging risks Looking at the big picture EFR Vision:
Expanding Topics Building Community of Stakeholders Addressing new problems
Next Steps
Innovation Penalty
Technology innovation/security Technology innovations bring new security threats Smart phones, energy management, ubiquitous connectivity New behaviors and new technologies Creating additional vulnerabilities (e.g., social networks) New business models open new vulnerabilities E.g. medical home monitoring, online college classes Unintended consequences Cannot be anticipated in a reliable fashion
44
Web mash-ups
Drive-by downloads Mobile devices Hardware and firmware attacks Virtualization attacks
Cybercrime has been so profitable for organized crime that the mob is using it to fund its other underground exploits. And U.S. law enforcement is reaching around the world to reel it in.2
We see many signs that criminals are mimicking the practices embraced by successful, legitimate businesses to reap revenue and grow their enterprises.3
Tom Gillis, Vice President and General Manager, Cisco Security Products
Traditional
Growing
Emerging
Attack Area
encryption
content inspection
access control
Client Devices
Edge Systems
New security threats accompany the emergence of new technologies; protecting one component is not enough
Users continue to be connected to work and home as they pursue other interests
New security threats accompany the development of new behaviors as society changes
7
99
Environments, processes, and business models are very complex and diverse
CLOUD
Internet
Intranet
11
1
User accesses Charity Web site from a smart phone
Payment Information
Heterogeneous Networks
15
EFR Forum
Multidisciplinary group of experts Tasked with the overall high level advisory role in the program
16
Evaluation of feasibility of studying cutting edge technologies (in addition to advanced environments)
17 1
New topics
1 2 3
Cross cutting issues (not driven by technologies) Broad areas of security technologies and their potential effects Longer term innovation (10 years out) Innovative usages of technologies
4
5
New methodologies
18 1
Model necessary skills and define the community Attract key participants
Develop working models of dissemination and collaboration Develop a value model to encourage participation from community members
19 1
Comprehensive, technical and societal approach to the analysis of the technology innovation Preliminary multi-faceted assessment of longer term technology innovations, e.g. effect of quantum or molecular computing or new types of information transmission
Analysis of unexpected applications of emerging and mature technologies, e.g. a gadget that is a computer a wireless phone, a garage door opener and a TV remote control, among many other applications. Analysis of the data side of matters and its evolution Crystallization of the innovative methodology to outsource it to the expert community as a recognized risk analysis tool Detection of the effects of the technology innovation on the civic fabric of our society (our life, property, liberty, privacy, fair play, due process etc.), and to how we relate to each other
4 5
20 2
NEXT STEPS
21
We have a technology foundation, access to growing computing power, ubiquitous connectivity We have a growing experience of collaboration among diverse technology community
Lessons learned from the earlier generations of technologies can be used to improve vision
22 2
THANK YOU!
23
BACKUP
24
Access to mission critical systems Social networking Online banking and e-commerce Using an ATM in a foreign country Using medical services, accessing health records Updating/synchronising your devices via your computer Accessing premium content in a mobile setting Setting up and updating PCs for enterprise employees
7
8
25 2
Research Challenges
The research subject is very complex
1
Requires skills and input from diverse groups of stakeholders We dont have good models to work together in this fashion yet
Defining operative trust parameters, trust information, and trust tools, from system and device architecture to behaviors and economic incentives is the type of a scientific problem we need to learn to solve Societal and economic components are crucial parts of the game
We need to learn to analyse these elements together with technology
4 5
26 2
What We Need
1 2
New game changing ideas Multidisciplinary innovative approaches Early concern about adoption and deployment Broadly applicable standards
3
4 5 6 7
Economic incentives and business models to support deployment of new technologies Efficient use of diverse expertise of all stakeholders
Focus on hard problems
27 2