‘The Top Two Threat Vectors Are Phishing Attacks and Insider Threats’
-Vice president, Raytheon Homeland Security, Brian Seagrave   

What is your assessment about cyber security challenges in India?

Vice president, Raytheon Homeland Security, Brian Seagrave 
What is happening in India is similar to what is happening in the US. We call this Advanced Persistent Threats (APT) which is very different from teenage hackers and transnational criminal organisations which indulge in hacking for the sake of theft. APT is different from this, its motive is to get in and steal weapon information, government information and plans and then leaving behind malware which can be later used as an affecter in a subsequent attack. Raytheon is one of the top targets in the US. Every day, we fight millions of these APT’s in cyber space which are continuously trying to get through our fire walls and website. ‘Phishing’ is now turning into a highly socially-engineered attack. For example: Attending a conference or a seminar, I meet a lot of people.

There is a high possibility that later, I might get an email from a person who says that he was in the same conference and would like to share his presentation with me. When I open this link, it will install a malware in my system. Who knows what that malware will do? These are attempts to get inside the Raytheon network and get information. This method of attack is already happening in India. Basically, this experience of Raytheon can help any nation. In the US, we are part of DIB (Defence Industrial Base) which is listing of companies, defence and security agencies that are required by law to share cyber attack information, vulnerabilities that we find among each other. This network of sharing has been a significant contributor to prove cyber security because as we find different kinds of vulnerability we share them with other companies such as Boeing, Lockheed and with US government, so that they can apply these fixes as quickly as possible.

What kind of capabilities can you offer to India?

In our experience, the top two threat vectors are: Phishing Attacks and Insider Threats. Insiders can be intentional or unintentional.
They could be radicalised or just make a mistake.For dealing with Insider threats we have a technology called ‘SureView’, which enables the detection of ‘out of policy’ events on any network device. Even if you unplug your computer from the network, it will still monitor what you do. For example, I put a policy that you should not download any software from internet or something on similar lines. If you do this, the software will alert the system administrator and will provide him a recording like a television show of what you did. The other option is to have very few rights to change the machine and having a single gold image. For Phishing we have a technology called ‘RShield’ which we are using for our systems too.

Using virtualisation technology, every e-mail coming to Raytheon network, first goes into this virtual environment with its attachments, hotlinks, hyperlinks, pictures and get executed. This virtual environment is a complete copy of everything which is available on Raytheon network like all versions of windows, various programmes which are running and this is being constantly maintained. We execute these attachments and see what they intend to do. For example, these attachments might be designed to sleep for 10 years having a time warp inside it. For this we have an open window which can show us that this is sending information to some IP address. Therefore, we can analyse this threat and share this information with the Defence Industrial Base. One of the lessons learnt by any nation is to have a sharing network between government and critical infrastructure on cyber attacks. This needs to be safe and secretive in nature.
Comments(0) Share
[View Full Story]
  © 2012 FORCE ARROWHEAD MEDIA PVT. LTD. All Rights Reserved.