Deconstruction and Analysis of modern IT Threats – DeepINTEL Security Intelligence Conference disenchants Complexity of Security Threats
The modern digital world is constantly threatened. Unfortunately, only a few understand what this actually means. Information security is always presented in distorting stereotypes that have nothing to do with reality. No attack is hammered into a keyboard in minutes. The most dangerous threats can not be detected by watching out for guys in hooded shirts or face masks. Nothing in the digital world can be defused with a simple click. The opposite is the case because domestic and foreign policy have global implications for the digital infrastructure of all organizations. The DeepINTEL Security Intelligence Conference, which takes place every year in Vienna, therefore aims to provide a platform where authorities, businesses, researchers and hackers can productively discuss threats’ characteristics and countermeasures within a closed group.
Striking Examples
Economic espionage is often cited as an example of information threats. Attacks on information systems often have the goal of copying data in order to either deal with them or use them otherwise. Espionage exists at all levels. In May 2019 it became publicly known that one can infect smartphones via WhatsApp calls. Answering the call was not necessary. This vulnerability was exploited by a commercial espionage software produced in Israel. No companies were spied on, but civil rights activists in the Middle East. The software could be unleashed on business executives as well. The customers of the Israeli company are not just located in the Middle East. They are also in western states.
The sticking point is finding vulnerabilities to break or bypass the defence. The knowledge of such gaps is rewarded and traded with a lot of money. The analogy with weapons is obvious, even if there are major technological differences. Malicious code is more related to biological weapons. The attacks by the malicious software Petya and Wannacry in the years 2016 and 2017 underline this thesis, as the exploitation of the vulnerability, which both programs used to penetrate, was most likely developed by the US National Security Agency (NSA). Concrete evidence about the actual escape of the vulnerability is missing. The developed theories range from the action of a whistleblower to perpetrators from Russia. There will be no certainty.
For security officers in companies these speculations play no role. The facts show that the digital world is moving directly in geopolitical areas of tension. It is therefore high time to integrate this fact into internal processes.
Geopolitics has long been Part of corporate Decisions
The economy is often perceived as aloof from politics. This is especially true for digital services. When it comes to streaming, internal document filing, e-mail communication, social media platforms or data filing only a few organizations still have their own infrastructure. Cloudy service providers manage external digital goods. The very popular concept of digital sovereignty loses all meaning when management can no longer say where exactly all company data is located and who manages it. You can not protect anything whose whereabouts you do not know. This applies in particular to prototypes such as the Gaia-X infrastructure proposed by the German Ministry of Economic Affairs. It should provide an alternative to data storage and processing outside the borders of Europe. The core of the matter? Geopolitics has become part of everyday life in the economy. Thus, the software as well as the hardware can becoming entangled in commercial wars – or worse.
The examples illustrate conclusively that business leaders must now finally deal with issues that have hitherto occupied foreign policy and the military. IT security has long since recognized this and created the area of security intelligence. There one deals with the strategic view on threats and the abilities of the opponents against which one must defend oneself. The technical details are armoury but secondary. It is about clarifying the identities, capacities and intentions of opposing organizations that can attack your own data and your own infrastructure. Classic information security provides the tools, but analysts need to piece together the puzzle pieces correctly. This is exactly where the annual Viennese DeepINTEL conference comes in – exchange of insights in a closed group.
Exchange at the living Object
If one wants to talk about real incidents and concrete break-ins, it is advisable to do so in a focused manner within the framework of discussions among experts. The exchange of experience is invaluable and will sustainably improve your defence. The DeepINTEL is such a platform. This year’s focus is on attacks on energy suppliers, infrastructure cut-offs (networks, power), analysis of network traffic to protect autonomous systems, global network intelligence (Internet, Domain Name Service), and the detection of hidden communication channels.
The focus is on the relationships between incidents and the use of certain types of attack. For example, one usually learns from conventional reporting which malicious software has struck. But you learn very little about the actual infection routes, which parts of the infrastructure are affected and what was actually the goal. These details can best be discussed in a closed group with focus on strategy. In the digital world in particular, relationships are often difficult to recognize because the Internet is available globally. The clear classification of perpetrators – whether individuals, organizations or states – is very difficult, if not impossible. Also in these considerations, the DeepINTEL wants to give assistance to all its participants.
The necessary data for a strategic consideration of your own information technology is critical for a meaningful analysis. There are many service providers in the market that combine collected data and and complement it with sensor networks. But nobody can replace your knowledge about your own processes and internal organization. Therefore, the DeepINTEL conference will also discuss the collection, assessment and evaluation of the information already available.
Schedule and Booking
The DeepINTEL Conference will take place on November 27, 2019 in Vienna. We will gladly send you the program upon request to deepsec@deepsec.net after review. Tickets are available on the website https://deepintel.net/.
The venue for DeepSec and DeepINTEL Conference is The Imperial Riding School Vienna – A Renaissance Hotel, Ungargasse 60, 1030 Vienna.
The program of the subsequent DeepSec conference is available at https://deepsec.net/schedule.html. The DeepINTEL program will only be made available upon request because the DeepINTEL is a non-public conference.
Tickets for the DeepSec conference as well as for the DeepINTEL event and DeepSec trainings can be ordered at any time at https://deepsec.net/register.html or via e-mail to deepsec@deepsec.net.