powerpoint
TRANSCRIPT
Security CITRIS Conference
Dr. Andy Jones MBEBT Security Research Centre
Agenda
The Security Research Centre Vision – why are we here !
Problems facing the industry and BT
Our vision and work programme in the security centre (in a nutshell)
Our Vision: Enabling BT to be the most resilient corporation in the world.
Our Mission: Lead BT’s Corporate Security Research Programme and deliver world class and externally accredited security and business continuity capabilities and services
Security & Continuity Research – Bringing it all together
Look at the past to predict the future
65-90% of all email on any sampled day in 2006 was spam
The largest bot net army is measured at 2.6 million hosts
Web 2.0 exploits and vulnerabilities continue to mass infect the market place
Vista released with 50 million lines of code / 500 man years of effort on security – first patch released 38 days later !
The BT home hub is released closely followed by www.homehubblog.com aimed at hacking the device
Research is conducted by SRC to highlight security problems on the UK broadband infrastructure - < 3 mins to infection
‘Ethical Hackers’ park outside a London substation and via wi-fi map out the entire SCADA and PCS of the national grid in 15mins without leaving their car
A War-drive from London to Cardiff detected more than 1200 Access points – about 20% were unprotected
A shift in criminal activity from virus authoring to ID theft and Phishing
SPIT rejuvenates the telemarketing industry globally
SMiShing on smart phones emerges, so does wire tap virus UBS/Ellies A3
Enterprises begin to view the telecom services as a utility
What's the High Level Vision
BT and the entire industry needs to develop secure and trustable infrastructures from the ground up
The fundamental problems of computer security are not about technology, they're about applying technology. Think user interface, installation, configuration, complexity, update management – that’s where the real R&D challenges are
Our research has numerous work streams all focused on one challenge, to develop and produce:
An agile, trusted and reliable infrastructure that will support and enhance
all aspects of the digital networked economy
What are the real research challenges?
Self Organising, Self Protecting Secure Networks
Clean Pipes bring the security into the cloud
Building trust from un-trusted components
An identity infrastructure for the DNE
Policy management and interoperability based on semantics
Context and content aware security
Enhanced end user device security
‘The future demands incremental security enhancement to all devices and interconnects within the network, the challenge is not small, the challenge is to create the digital immune system’
Bryan Littlefair
‘Empower not infect’
Thank You