sign in sign up
<<
Home , Battlement, Chemise (wall), Flanking tower, Hoarding (castle), Stockade

Markowsky Research Overview 05/20/21

Research Overview

Dr. George Markowsky Department of Computer Science Missouri University of Science & Technology

1

Research Overview

• Two main areas • CS Theory & Mathematics • Algorithms • Combinatorics • Foundations of Computing • Quantum Computing • Cyber Society Lab – The Impact of Computing on Society • Voting – a series of talks in 2019 and 2020, worked with Missouri County Clerks • Modeling – Covid-19 • Cybersecurity – many topics, each worthy of a talk

2

High-level Cybersecurity 1 Markowsky Research Overview 05/20/21

Cybersecurity A High-Level Perspective Dr. George Markowsky Missouri University of Science & Technology

3

https://www.statista.com/statistics/615450/cybersecurity-spending-in-the-us/ 4

High-level Cybersecurity 2 Markowsky Research Overview 05/20/21

5

The loss is 7.5 times what we spend on cybersecurity!

6

High-level Cybersecurity 3 Markowsky Research Overview 05/20/21

7

8

High-level Cybersecurity 4 Markowsky Research Overview 05/20/21

9

What is Going On Here?

• We spend ever more money for cybersecurity • Our losses continue to mount and grow annually • There is no end in sight • What can we do?

10

High-level Cybersecurity 5 Markowsky Research Overview 05/20/21

Return to First Principles

1. Know Your Enemy a. Who Is Attacking You and Why? 2. Know Yourself a. What are Your Vulnerabilities? b. The Internet of Things 3. Making the Abstract Concrete

11

Know Your Enemy

12

High-level Cybersecurity 6 Markowsky Research Overview 05/20/21

Multi-Level Cyber Struggle

INSIDER THREATS!

The levels are not independent!

13

Watch for Insiders and Trickery

14

High-level Cybersecurity 7 Markowsky Research Overview 05/20/21

15

Cyberwar

• I would argue that we are currently engaged is a rather active cyberwar – I have a talk available on the concept of cyberwar • Do you think that criminal gangs can operate in Russia and China without the government knowing all about them?

16

High-level Cybersecurity 8 Markowsky Research Overview 05/20/21

17

Know Yourself

18

High-level Cybersecurity 9 Markowsky Research Overview 05/20/21

Most Common Causes of Data Breach

• Weak and Stolen Credentials, a.k.a. Passwords • Back Doors, Application Vulnerabilities • Malware • Social Engineering • Too Many Permissions • Insider Threats • Improper Configuration and User Error

19

The Main Problem

• Your own people! • Security is a bother • Security is too abstract • Complacency • Hopelessness • Do you think that the annual "cybersecurity training" at S&T is sufficient? • This is not to say, that there not technological problems – will return to this later

20

High-level Cybersecurity 10 Markowsky Research Overview 05/20/21

Making the Abstract Concrete

21

Cybersecurity is Too Abstract

• Most people do not have a good intuitive grasp of cybersecurity • I believe that it is helpful to offer people physical models, so they better understand the issues • As we know, people respond emotionally to the concept of a "" and believe that offer security • It is actually quite instructive to look at some famous examples of walls and see what the benefits and drawbacks are

22

High-level Cybersecurity 11 Markowsky Research Overview 05/20/21

How Would You Attack This Wall?

https://commons.wikimedia.org/wiki/File:GreatWall_2004_Summer_1A.jpg 23

https://en.wikipedia.org/wiki/Maginot_Line#/media/File:Maginot_Line_ln-en.svg

24

High-level Cybersecurity 12 Markowsky Research Overview 05/20/21

Castles

provide another metaphor for security • Unfortunately, people think that they understand castles, but many people have the most simplistic ideas of castles • Castles were the logical product of hundreds of years experience in defense and incorporated a large number of useful defensive concepts that can be adapted to cybersecurity • I have a number of papers written on the subject of the cybercastle and how one can build better cyberdefenses based on historical ideas of security

25

26

High-level Cybersecurity 13 Markowsky Research Overview 05/20/21

RIVER Inner Wall Outer Wall Town Wall

Outer Ward Inner Start with an Ward overall plan

Moat

Gate Fortified Town Gate

Gate Unfortified Town

27

Clever Use of Topography

Srebrenik Fortress in Srebrenik, Bosnia, inaccessibility of location with only a narrow bridge traversing deep canyon provides excellent protection.

https://commons.wikimedia.org/wiki/File:Let_vrtulnikem11_-_hrad_Srebrenik_(13.-18._stol.)_jeste_lepe.jpg

28

High-level Cybersecurity 14 Markowsky Research Overview 05/20/21

Notice the Inner Walls Are Taller!

Beaumaris with curtain walls between the lower outer and higher inner curtain walls between the higher inner towers.

https://commons.wikimedia.org/wiki/File:Beaumaris_aerial.jpg

29

Defending the Entrance

30

High-level Cybersecurity 15 Markowsky Research Overview 05/20/21

Castle Quiz – How Many of the Following Terms Can You Define?

• arrow loop • • outer ward • • flanking • footbridge • walk • • foundation • pinnacle • batter • garderobe • • great hall • • brattice • • chapel • inner curtain • postern gate • • inner ward • putlog hole • • lists • • covered parapet walk • • truss • crenelation • • • curtain wall • wall walk • drawbridge • outer curtain

See also http://www.castlesontheweb.com/glossary.html

31

Lessons From The Cyber-Castle

• Have a good plan for entire "city" and not just for the castle – secure network topology • Defense must be active • Concentric defenses • Inner defenses should support outer defenses • Plan good foundations • Have removable bridges, pathways • Use guile and deceit where possible • Direct your attackers where you want them to go • Know your attackers

32

High-level Cybersecurity 16 Markowsky Research Overview 05/20/21

Common Sense Defenses

• Lock your doors (gates)! Bar your windows! • How many doors or windows does your cybercastle have? • More importantly, what constitutes a door or a window in a cybercastle? • How can you lock or bar it, if you don't know what it is?

33

High-level Cybersecurity 17