1、#BHUSA BlackHatEventsIs Defense Winning?Is Defense Winning?Jason Healeywith Tarang Jain and Sam DebMeasuring if Cyberspace is Becoming More Defensible and Resilient#BHUSA BlackHatEventsAgenda:Lets Win!(And Measure)Whoami Why“is defense winning?”and what is“winning”anyway Propositions:what winning lo
2、oks for threat,vulnerability,and impact Next steps and conclusions#BHUSA BlackHatEventswhoami Long-time in information security,mostly on policy,intel,responseHelped create worlds first cyber command(1998)Stood up response and threat-intel capability for Goldman Sachs,vice-chair of FS-ISACWhite Hous
3、e policy director,2003-2005,2022-2023.Helped implement first national cyber strategy(2003)and draft the most recent(2023)First came to DEF CON 9.Review Boards for DEF CON and Black Hat Speaker at Black Hat 2013,2014,2016(Best Briefing award),2019,2023(moderated keynote fireside)Teaching and research
4、ing since 2011:Atlantic Council and Columbia University SIPA Jason_Healey#BHUSA BlackHatEventsWait,what does“winning”mean?Wait,what does“winning”mean?#BHUSA BlackHatEventsDefensive Struggles“Contemporary technology cannot provide a secure system in an open environment,which includes uncleared users
5、working at physically unprotected consoles connected to the system by unprotected communications.”“None of the known red team efforts has failed to date.”“Few if any contemporary computer security controls have prevented a red team from easily accessing any information sought.”#BHUSA BlackHatEventsD
6、efensive Struggles“Contemporary technology cannot provide a secure system in an open environment,which includes uncleared users working at physically unprotected consoles connected to the system by unprotected communications.”1970“None of the known red team efforts has failed to date.”1972“Few if an