防守方是否取胜？.pdf

《防守方是否取胜？.pdf》由会员分享，可在线阅读，更多相关《防守方是否取胜？.pdf（56页珍藏版）》请在三个皮匠报告上搜索。

1、#BHUSA BlackHatEventsIs Defense Winning?Is Defense Winning?Jason Healeywith Tarang Jain and Sam DebMeasuring if Cyberspace is Becoming More Defensible and Resilient#BHUSA BlackHatEventsAgenda:Lets Win!(And Measure)Whoami Why“is defense winning?”and what is“winning”anyway Propositions:what winning lo

2、oks for threat,vulnerability,and impact Next steps and conclusions#BHUSA BlackHatEventswhoami Long-time in information security,mostly on policy,intel,responseHelped create worlds first cyber command(1998)Stood up response and threat-intel capability for Goldman Sachs,vice-chair of FS-ISACWhite Hous

3、e policy director,2003-2005,2022-2023.Helped implement first national cyber strategy(2003)and draft the most recent(2023)First came to DEF CON 9.Review Boards for DEF CON and Black Hat Speaker at Black Hat 2013,2014,2016(Best Briefing award),2019,2023(moderated keynote fireside)Teaching and research

4、ing since 2011:Atlantic Council and Columbia University SIPA Jason_Healey#BHUSA BlackHatEventsWait,what does“winning”mean?Wait,what does“winning”mean?#BHUSA BlackHatEventsDefensive Struggles“Contemporary technology cannot provide a secure system in an open environment,which includes uncleared users

5、working at physically unprotected consoles connected to the system by unprotected communications.”“None of the known red team efforts has failed to date.”“Few if any contemporary computer security controls have prevented a red team from easily accessing any information sought.”#BHUSA BlackHatEventsD

6、efensive Struggles“Contemporary technology cannot provide a secure system in an open environment,which includes uncleared users working at physically unprotected consoles connected to the system by unprotected communications.”1970“None of the known red team efforts has failed to date.”1972“Few if an