Security CITRIS Conference

Dr. Andy Jones MBEBT Security Research Centre

Agenda

The Security Research Centre Vision – why are we here !

Problems facing the industry and BT

Our vision and work programme in the security centre (in a nutshell)

Our Vision: Enabling BT to be the most resilient corporation in the world.

Our Mission: Lead BT’s Corporate Security Research Programme and deliver world class and externally accredited security and business continuity capabilities and services

Security & Continuity Research – Bringing it all together

Look at the past to predict the future

65-90% of all email on any sampled day in 2006 was spam

The largest bot net army is measured at 2.6 million hosts

Web 2.0 exploits and vulnerabilities continue to mass infect the market place

Vista released with 50 million lines of code / 500 man years of effort on security – first patch released 38 days later !

The BT home hub is released closely followed by www.homehubblog.com aimed at hacking the device

Research is conducted by SRC to highlight security problems on the UK broadband infrastructure - < 3 mins to infection

‘Ethical Hackers’ park outside a London substation and via wi-fi map out the entire SCADA and PCS of the national grid in 15mins without leaving their car

A War-drive from London to Cardiff detected more than 1200 Access points – about 20% were unprotected

A shift in criminal activity from virus authoring to ID theft and Phishing

SPIT rejuvenates the telemarketing industry globally

SMiShing on smart phones emerges, so does wire tap virus UBS/Ellies A3

Enterprises begin to view the telecom services as a utility

What's the High Level Vision

BT and the entire industry needs to develop secure and trustable infrastructures from the ground up

The fundamental problems of computer security are not about technology, they're about applying technology. Think user interface, installation, configuration, complexity, update management – that’s where the real R&D challenges are

Our research has numerous work streams all focused on one challenge, to develop and produce:

An agile, trusted and reliable infrastructure that will support and enhance

all aspects of the digital networked economy

What are the real research challenges?

Self Organising, Self Protecting Secure Networks

Clean Pipes bring the security into the cloud

Building trust from un-trusted components

An identity infrastructure for the DNE

Policy management and interoperability based on semantics

Context and content aware security

Enhanced end user device security

‘The future demands incremental security enhancement to all devices and interconnects within the network, the challenge is not small, the challenge is to create the digital immune system’

Bryan Littlefair

‘Empower not infect’

Thank You